logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git

cve.org-disaster.html (5445B)


  1. <!DOCTYPE html>
  2. <html xmlns="http://www.w3.org/1999/xhtml" xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en" lang="en">
  3. <head>
  4. <meta charset="utf-8"/><link rel="stylesheet" type="text/css" href="/css/index.css?serial=2023040701"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="vcs-git" href="https://gitlab.com/lanodan/blog.git" title="gitlab"/><link rel="icon" type="text/css" href="/images/favicon.png?serial=2020111201"/><meta property="og:image" content="/images/avatar.png?serial=2020111201"/>
  5. <meta property="og:type" content="article"/>
  6. <meta property="og:title" content="The new CVE.org website is a security disaster so I made my own"/>
  7. <title>The new CVE.org website is a security disaster so I made my own - lanodan's cyber-home</title>
  8. </head>
  9. <body>
  10. <header>Sorry, I do not value($$$) your privacy. :^) — <a href="/privacy%20policy">Privacy Policy</a></header>
  11. <nav><details open="">
  12. <summary>Links</summary>
  13. <ul>
  14. <li><a href="/home">Home</a></li>
  15. <li><a href="/about">About</a></li>
  16. <li><a href="/projects/">Software Projects</a></li>
  17. <li><a href="/animelist">Anime List</a></li>
  18. <li><a href="/mangalist">Manga List</a></li>
  19. <li><a href="/bookmarks">Bookmarks</a></li>
  20. <li><a href="/coding%20style">coding style</a></li>
  21. <li><a href="/decreases%20of%20usability">Decreases of usability</a></li>
  22. <li><a href="/software%20basic%20needs">Software basic requirements</a></li>
  23. <li><a href="/recaptcha">Google ReCaptcha</a></li>
  24. <li><a href="/git/">/git/</a></li>
  25. <li><a href="/kopimi/">/kopimi/</a>: libre data</li>
  26. <li><a href="/librism">Désintox’ / FOSS activism</a></li>
  27. <li><a href="/notes/">/notes/</a></li>
  28. <li><a href="/standards">standards</a>: opinions on them</li>
  29. </ul>
  30. <ul>
  31. <li><a rel="alternate" type="application/atom+xml" href="https://hacktivis.me/feed.atom">Atom feed</a></li>
  32. <li><a href="gemini://hacktivis.me/">gemini-space</a></li>
  33. <li><a href="https://lanodan.eu/home">Resume</a></li>
  34. </ul>
  35. </details></nav>
  36. <article>
  37. <div xml:lang="en">
  38. <a href="/articles/cve.org-disaster"><h1>The new CVE.org website is a security disaster so I made my own</h1></a>
  39. <p>
  40. <code>cve.mitre.org</code>, the <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE</a> database website I was using instead of NIST's website to avoid a bit of JavaScript started showing <q>NOTICE: CVE website transitioning to new “CVE.ORG” web address. Process to begin in late September 2021 and last one year. (<a href="http://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG">details</a>)</q> some time ago and I actually tried cve.org few times only to be welcomed by an apprently blank page, fine sure, not deployed yet I guessed. I couldn't be more wrong, I got a more curious look at it today and I noticed it requires JavaScript and by JavaScript I mean an epic disaster.<br/>
  41. I mean, just look at <a href="https://github.com/CVEProject/cve-website/pulls?q=is%3Apr+security">the security-related Pull Requests on it's github repo</a>.
  42. </p>
  43. <p>
  44. And even if there wasn't security issues in their new website, requiring Automatic &amp; Unverified Remote Code to be executed on people's machine for getting security information? What is wrong with you? Do I need to make you assign a <abbr title="Common Vulnerability Scoring System">CVSS</abbr> on this thing?
  45. </p>
  46. <p>
  47. As I'd rather not sit idly while this shit seems to be coming, I made <a href="https://hacktivis.me/git/cve-client/">cve-client</a>, a simple script in almost dependency-less perl. It takes a CVE-ID, fetches the JSON for it from their API (haven't found a documentation for it btw) and renders it to plain-text but also Gemtext, the format used by the <a href="https://gemini.circumlunar.space/">Gemini protocol</a>, this way I could make it available for others without having to use my code and they very likely aren't going to receive malware in the process.<br/>
  48. I made the gemini interface available at <a href="gemini://hacktivis.me/cgi-bin/cve">gemini://hacktivis.me/cgi-bin/cve</a>, feel free to make copies<br/>
  49. I will maybe make an HTTP version of this at some point so it doesn't only runs on my own disaster-looking gemini-server (stunnel + shell script), which I still have much more confidence in than most of the web.
  50. </p>
  51. </div>
  52. <p>
  53. <a href="https://queer.hacktivis.me/objects/cc3a9571-23ae-4c0a-9067-bd2c49133271" rel="replies external">Fediverse post for comments</a>, published on 2021-10-02T21:26:57Z, last updated on 2021-10-02T21:26:57Z
  54. </p>
  55. </article>
  56. <footer>
  57. <a href="http://endsoftpatents.org/innovating-without-patents"><img loading="lazy" src="/images/patent_free.png?serial=2020111201" alt="Patent Free"/></a>
  58. <a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img loading="lazy" alt="CC-BY-SA" src="/images/cc-by-sa.png?serial=2020111201"/></a>
  59. <a href="/anybrowser"><img loading="lazy" src="/images/anybrowser.png?serial=2020111201" alt="Anybrowser campaign"/></a>
  60. <a href="http://tstzmgqansvqfzr3qrkehszmlhjqbpqp7pwncrzr72ohyygrnbuu26qd.onion/">.onion</a>
  61. <a href="/privacy%20policy">Privacy Policy</a>(2019-11-27)
  62. This webthing agrees that <a href="https://simpleweb.iscute.ovh/">simple web is cute</a>~ ♥
  63. </footer>
  64. </body>
  65. </html>