12

I've been playing with nikto and I see some vulnerabilities listed in the scan for my dev server. For example, I see osvdb-XXXX, with a short description after it. I am googling this string, osvdb-XXXX and I am getting very little useful information back. Even when I go straight to osvdb.org I am absolutely perplexed that a browseable database does not exist here.

Some of the short descriptions next to the vulnerabilities detected by the scan are helpful, while others are cryptic. How can I research what vulnerability is being found by nikto?

Edit

I took the liberty of emailing the address I found on the osvdb blog site. They responded simply with The database is currently not available. So I'll amend my question to say is there anywhere other than the osvdb site where I can find information about what nikto is telling me?

Further response from open security foundation

There is a blog post coming with more detail, but do not plan to see it return. @osvdb on Twitter for announcements.

smilebomb
  • 301
  • 2
  • 9
  • 1
    @jefffabiny well, you stumbled onto a great question. Please post the response from OSVDB as an answer to your question, as it appears to be the definitive answer. As for `nikto`, it's a really old tool. You might simply have to live with google searches for whatever you find. – schroeder Mar 30 '16 at 04:21
  • 2
    Check http://vuldb.com for more details about vulnerabilities. – Marc Ruef Mar 30 '16 at 06:22
  • @MarcRuef I'm putting the OSVDB number into the search field on vuldb.com, but it is returning nothing. Returns nothing for any number I try. – smilebomb Mar 30 '16 at 13:46
  • Interestingly, the [last post I can find](https://twitter.com/OSVDB/status/704572483429531648) (other than "see our other posts") from them about it on Twitter implies that they were trying to bring it back as of 2016-02-29. – Moshe Katz Apr 06 '16 at 01:43
  • I saw currently OSVDB moving to new server and for this stopped showing informations about vulnerabilities. If u interesting I have this db and I can send it to u. – Rashad Aliyev Apr 14 '16 at 10:59

4 Answers4

8

As of today (April 5th, 2016) The project was shut down due to lack of contribution, and there is no plan for it to return.

As of today, a decision has been made to shut down the Open Sourced Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form.

Xander
  • 35,525
  • 27
  • 113
  • 141
smilebomb
  • 301
  • 2
  • 9
2

This (CVE Reference Map for Source OSVDB) can be useful:

This reference map lists the various references for OSVDB and provides the associated CVE entries or candidates. It uses data from CVE version 20061101 and candidates that were active as of 2016-11-25.

http://cve.mitre.org/data/refs/refmap/source-OSVDB.html

noraj
  • 121
  • 3
0

The commercial product, VulnDB, from Risk-Based Security (RBS) has replaced OSVDB. The founders and staff of OSVDB are now RBS.

atdre
  • 18,885
  • 6
  • 58
  • 107
0

Latest available in internet backup is integrated in Vulners database:

https://vulners.com/search?query=type:osvdb

isox
  • 101
  • 1