KINGSABRI · August 19, 2016 23:05
diff --git a/cve-parser.rb b/cve-parser.rb
 #!/usr/bin/env ruby
 #
 #
 require 'nokogiri'

 # Validate an XML document against a Schema.
 doc = Nokogiri::XML(File.read "cve-small.xml")


 items = doc.search("item")
 item = items[1]
 attributes = item.attributes
 attr_type = attributes["type"].value
 attr_name = attributes["name"].value
 attr_seq = attributes["seq"].value
diff --git a/cve-small.xml b/cve-small.xml
 <?xml version="1.0"?>
 <cve xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://cve.mitre.org/cve/downloads/1.0"
     xsi:noNamespaceSchemaLocation="https://cve.mitre.org/schema/cve/cve_1.0.xsd">
  <item type="CAN" name="CVE-1999-0001" seq="1999-0001">
    <status>Candidate</status>
    <phase date="20051217">Modified</phase>
    <desc>ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.</desc>
    <refs>
      <ref source="CERT">CA-98-13-tcp-denial-of-service</ref>
      <ref source="BUGTRAQ">19981223 Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service</ref>
      <ref source="CONFIRM" url="http://www.openbsd.org/errata23.html#tcpfix">http://www.openbsd.org/errata23.html#tcpfix</ref>
      <ref source="OSVDB" url="http://www.osvdb.org/5707">5707</ref>
    </refs>
    <votes>
      <modify count="1">Frech</modify>
      <noop count="2">Northcutt, Wall</noop>
      <reviewing count="1">Christey</reviewing>
    </votes>
    <comments>
      <comment voter="Christey">A Bugtraq posting indicates that the bug has to do with
        &quot;short packets with certain options set,&quot; so the description
        should be modified accordingly.
        
        But is this the same as CVE-1999-0052?  That one is related
        to nestea (CVE-1999-0257) and probably the one described in
        BUGTRAQ:19981023 nestea v2 against freebsd 3.0-Release
        The patch for nestea is in ip_input.c around line 750.
        The patches for CVE-1999-0001 are in lines 388&amp;446.  So, 
        CVE-1999-0001 is different from CVE-1999-0257 and CVE-1999-0052.
        The FreeBSD patch for CVE-1999-0052 is in line 750.
        So, CVE-1999-0257 and CVE-1999-0052 may be the same, though
        CVE-1999-0052 should be RECAST since this bug affects Linux
        and other OSes besides FreeBSD.</comment>
      <comment voter="Frech">XF:teardrop(338)
        This assignment was based solely on references to the CERT advisory.</comment>
      <comment voter="Christey">The description for BID:190, which links to CVE-1999-0052 (a
        FreeBSD advisory), notes that the patches provided by FreeBSD in
        CERT:CA-1998-13 suggest a connection between CVE-1999-0001 and
        CVE-1999-0052.  CERT:CA-1998-13 is too vague to be sure without
        further analysis.</comment>
    </comments>
  </item>
  
  <item type="CVE" name="CVE-1999-0002" seq="1999-0002">
    <status>Entry</status>
    <desc>Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.</desc>
    <refs>
      <ref source="SGI" url="ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I">19981006-01-I</ref>
      <ref source="CERT">CA-98.12.mountd</ref>
      <ref source="CIAC" url="http://www.ciac.org/ciac/bulletins/j-006.shtml">J-006</ref>
      <ref source="BID" url="http://www.securityfocus.com/bid/121">121</ref>
      <ref source="XF">linux-mountd-bo</ref>
    </refs>
  </item>
  <item type="CVE" name="CVE-1999-0003" seq="1999-0003">
    <status>Entry</status>
    <desc>Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).</desc>
    <refs>
      <ref source="NAI">NAI-29</ref>
      <ref source="CERT">CA-98.11.tooltalk</ref>
      <ref source="SGI" url="ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A">19981101-01-A</ref>
      <ref source="SGI" url="ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX">19981101-01-PX</ref>
      <ref source="XF">aix-ttdbserver</ref>
      <ref source="XF">tooltalk</ref>
      <ref source="BID" url="http://www.securityfocus.com/bid/122">122</ref>
    </refs>
  </item>
 </cve>
	#!/usr/bin/env ruby
	#
	#
	require 'nokogiri'

	# Validate an XML document against a Schema.
	doc = Nokogiri::XML(File.read "cve-small.xml")


	items = doc.search("item")
	item = items[1]
	attributes = item.attributes
	attr_type = attributes["type"].value
	attr_name = attributes["name"].value
	attr_seq = attributes["seq"].value
	<?xml version="1.0"?>
	<cve xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://cve.mitre.org/cve/downloads/1.0"
	xsi:noNamespaceSchemaLocation="https://cve.mitre.org/schema/cve/cve_1.0.xsd">
	<item type="CAN" name="CVE-1999-0001" seq="1999-0001">
	<status>Candidate</status>
	<phase date="20051217">Modified</phase>
	<desc>ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.</desc>
	<refs>
	<ref source="CERT">CA-98-13-tcp-denial-of-service</ref>
	<ref source="BUGTRAQ">19981223 Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service</ref>
	<ref source="CONFIRM" url="http://www.openbsd.org/errata23.html#tcpfix">http://www.openbsd.org/errata23.html#tcpfix</ref>
	<ref source="OSVDB" url="http://www.osvdb.org/5707">5707</ref>
	</refs>
	<votes>
	<modify count="1">Frech</modify>
	<noop count="2">Northcutt, Wall</noop>
	<reviewing count="1">Christey</reviewing>
	</votes>
	<comments>
	<comment voter="Christey">A Bugtraq posting indicates that the bug has to do with
	"short packets with certain options set," so the description
	should be modified accordingly.

	But is this the same as CVE-1999-0052? That one is related
	to nestea (CVE-1999-0257) and probably the one described in
	BUGTRAQ:19981023 nestea v2 against freebsd 3.0-Release
	The patch for nestea is in ip_input.c around line 750.
	The patches for CVE-1999-0001 are in lines 388&446. So,
	CVE-1999-0001 is different from CVE-1999-0257 and CVE-1999-0052.
	The FreeBSD patch for CVE-1999-0052 is in line 750.
	So, CVE-1999-0257 and CVE-1999-0052 may be the same, though
	CVE-1999-0052 should be RECAST since this bug affects Linux
	and other OSes besides FreeBSD.</comment>
	<comment voter="Frech">XF:teardrop(338)
	This assignment was based solely on references to the CERT advisory.</comment>
	<comment voter="Christey">The description for BID:190, which links to CVE-1999-0052 (a
	FreeBSD advisory), notes that the patches provided by FreeBSD in
	CERT:CA-1998-13 suggest a connection between CVE-1999-0001 and
	CVE-1999-0052. CERT:CA-1998-13 is too vague to be sure without
	further analysis.</comment>
	</comments>
	</item>

	<item type="CVE" name="CVE-1999-0002" seq="1999-0002">
	<status>Entry</status>
	<desc>Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.</desc>
	<refs>
	<ref source="SGI" url="ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I">19981006-01-I</ref>
	<ref source="CERT">CA-98.12.mountd</ref>
	<ref source="CIAC" url="http://www.ciac.org/ciac/bulletins/j-006.shtml">J-006</ref>
	<ref source="BID" url="http://www.securityfocus.com/bid/121">121</ref>
	<ref source="XF">linux-mountd-bo</ref>
	</refs>
	</item>
	<item type="CVE" name="CVE-1999-0003" seq="1999-0003">
	<status>Entry</status>
	<desc>Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).</desc>
	<refs>
	<ref source="NAI">NAI-29</ref>
	<ref source="CERT">CA-98.11.tooltalk</ref>
	<ref source="SGI" url="ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A">19981101-01-A</ref>
	<ref source="SGI" url="ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX">19981101-01-PX</ref>
	<ref source="XF">aix-ttdbserver</ref>
	<ref source="XF">tooltalk</ref>
	<ref source="BID" url="http://www.securityfocus.com/bid/122">122</ref>
	</refs>
	</item>
	</cve>