![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to nvdcve_0.xsd CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libxml2 / test / schemas|
Return to nvdcve_0.xsd CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libxml2 / test / schemas |
1.1 misho 1: <?xml version="1.0"?>
2: <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
3: targetNamespace="http://nvd.nist.gov/feeds/cve/1.2"
4: xmlns:cve="http://nvd.nist.gov/feeds/cve/1.2"
5: elementFormDefault="qualified" attributeFormDefault="unqualified"
6: version="1.2">
7: <xs:annotation>
8: <xs:documentation>This schema defines the structure of the National
9: Vulnerability Database XML feed files version: 1.2. The elements and
10: attribute in this document are described by xs:annotation tags. This
11: file is kept at http://nvd.nist.gov/schema/nvdcve.xsd. The NVD XML
12: feeds are available at http://nvd.nist.gov/download.cfm.
13:
14: Release Notes:
15:
16: Version 1.2:
17: * CVSS version 2 scores and vectors have been added. Please see
18: http://nvd.nist.gov/cvss.cfm?vectorinfo and
19: http://www.first.org/cvss/cvss-guide.html for more information on
20: how to interpret this data. </xs:documentation>
21: </xs:annotation>
22: <xs:element name="nvd">
23: <xs:annotation>
24: <xs:documentation>The root element of the NVD CVE feed. Multiple "entry" child elements describe specific NVD CVE entries.</xs:documentation>
25: </xs:annotation>
26: <xs:complexType>
27: <xs:sequence>
28: <xs:element ref="cve:entry" minOccurs="0" maxOccurs="unbounded"/>
29: </xs:sequence>
30: <xs:attribute name="nvd_xml_version" type="xs:NMTOKEN" use="required">
31: <xs:annotation>
32: <xs:documentation>The schema version number supported by the feed.</xs:documentation>
33: </xs:annotation>
34: </xs:attribute>
35: <xs:attribute name="pub_date" type="cve:dateType" use="required">
36: <xs:annotation>
37: <xs:documentation>The date the feed was generated.</xs:documentation>
38: </xs:annotation>
39: </xs:attribute>
40: </xs:complexType>
41: </xs:element>
42:
43: <xs:element name="entry" type="cve:entryType">
44: <xs:annotation>
45: <xs:documentation>A CVE entry.</xs:documentation>
46: </xs:annotation>
47: </xs:element>
48:
49: <!-- ******************************************************************* -->
50: <!-- * Complex Types * -->
51: <!-- ******************************************************************* -->
52: <xs:complexType name="entryType">
53: <xs:annotation>
54: <xs:documentation> Documents one CVE entry. The child elements should always
55: appear in the sequence defined below. These elements are compatible with
56: entry elements from the CVE XML feeds.</xs:documentation>
57: </xs:annotation>
58: <xs:sequence>
59: <xs:element name="desc">
60: <xs:annotation>
61: <xs:documentation>Description wrapper tag, parent to any
62: documented descriptions of this CVE entry. While the "desc"
63: tag will always be present, there may be no "descript" child
64: tags. Only one "descript" tag will exist for each
65: description source (i.e. CVE, NVD, ...). </xs:documentation>
66: </xs:annotation>
67: <xs:complexType>
68: <xs:sequence>
69: <xs:element name="descript" type="cve:descriptType" minOccurs="0" maxOccurs="2">
70: <xs:annotation>
71: <xs:documentation>A description of a CVE entry
72: from the source indicated by the "source"
73: attribute.</xs:documentation>
74: </xs:annotation>
75: </xs:element>
76: </xs:sequence>
77: </xs:complexType>
78: </xs:element>
79: <xs:element name="impacts" minOccurs="0">
80: <xs:annotation>
81: <xs:documentation> Impact wrapper tag (may or may not be
82: present). Only one "impact" tag will exist for each impact
83: explanation source. </xs:documentation>
84: </xs:annotation>
85: <xs:complexType>
86: <xs:sequence>
87: <xs:element name="impact" type="cve:impactType">
88: <xs:annotation>
89: <xs:documentation> Contains a specific impact
90: explanation of this CVE entry from source
91: indicated by the "source" attribute.
92: </xs:documentation>
93: </xs:annotation>
94: </xs:element>
95: </xs:sequence>
96: </xs:complexType>
97: </xs:element>
98: <xs:element name="sols" type="cve:solsType" minOccurs="0">
99: <xs:annotation>
100: <xs:documentation> Solution wrapper tag (may or may not be
101: present). Only one "sol" tag will exist for each solution
102: explanation source. </xs:documentation>
103: </xs:annotation>
104: </xs:element>
105: <xs:element name="loss_types" type="cve:lossTypeType" minOccurs="0">
106: <xs:annotation>
107: <xs:documentation> Loss type tag (may or may not be present).
108: Contains one loss type child for each loss type of this CVE
109: entry. Potential loss types are: "avail" => availability
110: "conf" => confidentiality "int" => integrity "sec_prot" =>
111: security protection </xs:documentation>
112: </xs:annotation>
113: </xs:element>
114: <xs:element name="vuln_types" type="cve:vulnType" minOccurs="0">
115: <xs:annotation>
116: <xs:documentation> Vulnerability type tag (may or may not be
117: present). Contains one vulnerability type child for each
118: vulnerability type of this CVE entry. Potential
119: vulnerability types are: "access" => Access validation error
120: "input" => Input validation error "design" => Design error
121: "exception" => Exceptional condition error "env" =>
122: Environmental error "config" => Configuration error "race"
123: => Race condition error "other" => other </xs:documentation>
124: </xs:annotation>
125: </xs:element>
126: <xs:element name="range" type="cve:rangeType" minOccurs="0">
127: <xs:annotation>
128: <xs:documentation> Vulnerability range tag (may or may not be
129: present). Contains one vulnerability range child for each
130: vulnerability range of this CVE entry. Potential
131: vulnerability ranges are: "local" => Locally exploitable
132: "local_network" => Local network exploitable "network" =>
133: Network exploitable "user_init" => User accesses attacker
134: </xs:documentation>
135: </xs:annotation>
136: </xs:element>
137: <xs:element name="refs">
138: <xs:annotation>
139: <xs:documentation> Reference wrapper tag (always present).
140: External references to this CVE entry are contained within
141: this tag. </xs:documentation>
142: </xs:annotation>
143: <xs:complexType>
144: <xs:sequence>
145: <xs:element name="ref" type="cve:refType" minOccurs="0" maxOccurs="unbounded">
146: <xs:annotation>
147: <xs:documentation> Individual reference to this CVE
148: entry. Text is the name of this vulnerability at
149: this particular reference. Attributes: "source"
150: (required) => Name of reference source "url"
151: (required) => hyperlink to reference "sig" =>
152: indicates this reference includes a tool
153: signature "adv" => indicates this reference is a
154: Security Advisory "patch" => indicates this
155: reference includes a patch for this
156: vulnerability </xs:documentation>
157: </xs:annotation>
158: </xs:element>
159: </xs:sequence>
160: </xs:complexType>
161: </xs:element>
162: <xs:element name="vuln_soft" type="cve:vulnSoftType" minOccurs="0">
163: <xs:annotation>
164: <xs:documentation> Vulnerable software wrapper tag (may or may
165: not be present). Software affected by this CVE entry are
166: listed within this tag. </xs:documentation>
167: </xs:annotation>
168: </xs:element>
169: </xs:sequence>
170: <xs:attribute name="type" use="required">
171: <xs:annotation>
172: <xs:documentation>CVE or CAN</xs:documentation>
173: </xs:annotation>
174: <xs:simpleType>
175: <xs:restriction base="xs:NMTOKEN">
176: <xs:enumeration value="CAN"/>
177: <xs:enumeration value="CVE"/>
178: </xs:restriction>
179: </xs:simpleType>
180: </xs:attribute>
181: <xs:attribute name="name" use="required">
182: <xs:annotation>
183: <xs:documentation>the full CVE name</xs:documentation>
184: </xs:annotation>
185: <xs:simpleType>
186: <xs:restriction base="xs:ID">
187: <xs:pattern value="(CAN|CVE)\-\d\d\d\d\-\d\d\d\d"/>
188: </xs:restriction>
189: </xs:simpleType>
190: </xs:attribute>
191: <xs:attribute name="seq" use="required">
192: <xs:annotation>
193: <xs:documentation>the sequence number from CVE name</xs:documentation>
194: </xs:annotation>
195: <xs:simpleType>
196: <xs:restriction base="xs:NMTOKEN">
197: <xs:pattern value="\d\d\d\d\-\d\d\d\d"/>
198: </xs:restriction>
199: </xs:simpleType>
200: </xs:attribute>
201: <xs:attribute name="nvd_name" type="xs:string">
202: <xs:annotation>
203: <xs:documentation>the NVD name (if it exists)</xs:documentation>
204: </xs:annotation>
205: </xs:attribute>
206: <xs:attribute name="discovered" type="cve:dateType">
207: <xs:annotation>
208: <xs:documentation>the date this entry was discovered</xs:documentation>
209: </xs:annotation>
210: </xs:attribute>
211: <xs:attribute name="published" type="cve:dateType" use="required">
212: <xs:annotation>
213: <xs:documentation>the date this entry was published</xs:documentation>
214: </xs:annotation>
215: </xs:attribute>
216: <xs:attribute name="modified" type="cve:dateType">
217: <xs:annotation>
218: <xs:documentation>the date this entry was last modified</xs:documentation>
219: </xs:annotation>
220: </xs:attribute>
221: <xs:attribute name="severity">
222: <xs:annotation>
223: <xs:documentation>the entry's severity as determined by the NVD analysts: High, Medium, or Low</xs:documentation>
224: </xs:annotation>
225: <xs:simpleType>
226: <xs:restriction base="xs:NMTOKEN">
227: <xs:enumeration value="High"/>
228: <xs:enumeration value="Medium"/>
229: <xs:enumeration value="Low"/>
230: </xs:restriction>
231: </xs:simpleType>
232: </xs:attribute>
233: <xs:attribute name="reject" type="cve:trueOnlyAttribute">
234: <xs:annotation>
235: <xs:documentation>indicates that this CVE entry has been rejected by CVE or NVD</xs:documentation>
236: </xs:annotation>
237: </xs:attribute>
238: <xs:attribute name="CVSS_version" type="xs:string">
239: <xs:annotation>
240: <xs:documentation>the CVSS Version Indicator</xs:documentation>
241: </xs:annotation>
242: </xs:attribute>
243: <xs:attribute name="CVSS_score" type="cve:zeroToTen">
244: <xs:annotation>
245: <xs:documentation>Same as the CVSS_base_score to provide backwards compatability with the previous CVE XML feed format. This field is deprecated an may be removed at a future date.</xs:documentation>
246: </xs:annotation>
247: </xs:attribute>
248: <xs:attribute name="CVSS_base_score" type="cve:zeroToTen">
249: <xs:annotation>
250: <xs:documentation>CVSS version 2 Base Score</xs:documentation>
251: </xs:annotation>
252: </xs:attribute>
253: <xs:attribute name="CVSS_impact_subscore" type="cve:zeroToTen">
254: <xs:annotation>
255: <xs:documentation>CVSS version 2 Impact Score</xs:documentation>
256: </xs:annotation>
257: </xs:attribute>
258: <xs:attribute name="CVSS_exploit_subscore" type="cve:zeroToTen">
259: <xs:annotation>
260: <xs:documentation>CVSS version 2 Exploit Score</xs:documentation>
261: </xs:annotation>
262: </xs:attribute>
263: <xs:attribute name="CVSS_vector" type="cve:CVSSVector">
264: <xs:annotation>
265: <xs:documentation>the CVSS version 2 Vector string</xs:documentation>
266: </xs:annotation>
267: </xs:attribute>
268: </xs:complexType>
269:
270: <xs:complexType name="descriptType">
271: <xs:simpleContent>
272: <xs:extension base="xs:string">
273: <xs:attribute name="source" type="cve:descriptSourceType" use="required">
274: <xs:annotation>
275: <xs:documentation>The source of the CVE description.</xs:documentation>
276: </xs:annotation>
277: </xs:attribute>
278: </xs:extension>
279: </xs:simpleContent>
280: </xs:complexType>
281:
282: <xs:complexType name="impactType">
283: <xs:simpleContent>
284: <xs:extension base="xs:string">
285: <xs:attribute name="source" type="cve:impactSourceType" use="required">
286: </xs:attribute>
287: </xs:extension>
288: </xs:simpleContent>
289: </xs:complexType>
290:
291: <xs:complexType name="vulnType">
292: <xs:sequence>
293: <xs:element name="access" minOccurs="0"/>
294: <xs:element name="input" minOccurs="0">
295: <xs:annotation>
296: <xs:documentation> Input validation error tag with
297: one attribute for each input validation error
298: type. Potential input validation error types
299: are: "bound" => Boundary condition error
300: "buffer" => Buffer overflow </xs:documentation>
301: </xs:annotation>
302: <xs:complexType>
303: <xs:attribute name="bound" type="cve:trueOnlyAttribute"/>
304: <xs:attribute name="buffer" type="cve:trueOnlyAttribute"
305: />
306: </xs:complexType>
307: </xs:element>
308: <xs:element name="design" minOccurs="0"/>
309: <xs:element name="exception" minOccurs="0"/>
310: <xs:element name="env" minOccurs="0"/>
311: <xs:element name="config" minOccurs="0"/>
312: <xs:element name="race" minOccurs="0"/>
313: <xs:element name="other" minOccurs="0"/>
314: </xs:sequence>
315: </xs:complexType>
316:
317: <xs:complexType name="solsType">
318: <xs:sequence>
319: <xs:element name="sol">
320: <xs:annotation>
321: <xs:documentation> Contains a specific solution
322: explanation of this CVE entry from source
323: indicated by the "source" attribute.
324: </xs:documentation>
325: </xs:annotation>
326: <xs:complexType mixed="true">
327: <xs:simpleContent>
328: <xs:extension base="xs:string">
329: <xs:attribute name="source" type="cve:solsSourceType" use="required">
330: </xs:attribute>
331: </xs:extension>
332: </xs:simpleContent>
333: </xs:complexType>
334: </xs:element>
335: </xs:sequence>
336: </xs:complexType>
337:
338: <xs:complexType name="lossTypeType">
339: <xs:sequence>
340: <xs:element name="avail" minOccurs="0"/>
341: <xs:element name="conf" minOccurs="0"/>
342: <xs:element name="int" minOccurs="0"/>
343: <xs:element name="sec_prot" minOccurs="0">
344: <xs:annotation>
345: <xs:documentation> Security Protection tag with one
346: attribute for each security protection type.
347: Potential security protection types are: "admin"
348: => gain administrative access "user" => gain
349: user access "other" => other </xs:documentation>
350: </xs:annotation>
351: <xs:complexType>
352: <xs:attribute name="admin" type="cve:trueOnlyAttribute"/>
353: <xs:attribute name="user" type="cve:trueOnlyAttribute"/>
354: <xs:attribute name="other" type="cve:trueOnlyAttribute"
355: />
356: </xs:complexType>
357: </xs:element>
358: </xs:sequence>
359: </xs:complexType>
360:
361: <xs:complexType name="rangeType">
362: <xs:sequence>
363: <xs:element name="local" minOccurs="0"/>
364: <xs:element name="local_network" minOccurs="0"/>
365: <xs:element name="network" minOccurs="0"/>
366: <xs:element name="user_init" minOccurs="0"/>
367: </xs:sequence>
368: </xs:complexType>
369:
370: <xs:complexType name="refType">
371: <xs:simpleContent>
372: <xs:extension base="xs:string">
373: <xs:attribute name="source" type="xs:string" use="required"/>
374: <xs:attribute name="url" type="cve:urlType" use="required"/>
375: <xs:attribute name="sig" type="cve:trueOnlyAttribute"/>
376: <xs:attribute name="adv" type="cve:trueOnlyAttribute"/>
377: <xs:attribute name="patch" type="cve:trueOnlyAttribute"/>
378: </xs:extension>
379: </xs:simpleContent>
380: </xs:complexType>
381:
382: <xs:complexType name="vulnSoftType">
383: <xs:sequence>
384: <xs:element name="prod" maxOccurs="unbounded">
385: <xs:annotation>
386: <xs:documentation> Product wrapper tag. Versions of
387: this product that are affected by this
388: vulnerability are listed within this tag.
389: Attributes: "name" => Product name "vendor" =>
390: Vendor of this product </xs:documentation>
391: </xs:annotation>
392: <xs:complexType>
393: <xs:sequence>
394: <xs:element name="vers" maxOccurs="unbounded">
395: <xs:annotation>
396: <xs:documentation> Represents a version
397: of this product that is affected by
398: this vulnerability. Attributes:
399: "num" => This version number "prev"
400: => Indicates that versions previous
401: to this version number are also
402: affected by this vulnerability
403: "edition" => Indicates the edition
404: associated with the version number
405: </xs:documentation>
406: </xs:annotation>
407: <xs:complexType>
408: <xs:attribute name="num"
409: type="xs:string" use="required"/>
410: <xs:attribute name="prev"
411: type="cve:trueOnlyAttribute"/>
412: <xs:attribute name="edition"
413: type="xs:string"/>
414: </xs:complexType>
415: </xs:element>
416: </xs:sequence>
417: <xs:attribute name="name" type="xs:string"
418: use="required"/>
419: <xs:attribute name="vendor" type="xs:string"
420: use="required"/>
421: </xs:complexType>
422: </xs:element>
423: </xs:sequence>
424: </xs:complexType>
425:
426: <!-- ******************************************************************* -->
427: <!-- * Simple Types * -->
428: <!-- ******************************************************************* -->
429: <xs:simpleType name="descriptSourceType">
430: <xs:restriction base="xs:NMTOKEN">
431: <xs:enumeration value="cve"/>
432: <xs:enumeration value="nvd"/>
433: </xs:restriction>
434: </xs:simpleType>
435:
436: <xs:simpleType name="impactSourceType">
437: <xs:restriction base="xs:NMTOKEN">
438: <xs:enumeration value="nvd"/>
439: </xs:restriction>
440: </xs:simpleType>
441:
442: <xs:simpleType name="solsSourceType">
443: <xs:restriction base="xs:NMTOKEN">
444: <xs:enumeration value="nvd"/>
445: </xs:restriction>
446: </xs:simpleType>
447:
448: <xs:simpleType name="dateType">
449: <xs:annotation>
450: <xs:documentation> Defines date format for NVD. Dates follow the mask "yyyy-mm-dd"
451: </xs:documentation>
452: </xs:annotation>
453: <xs:restriction base="xs:string">
454: <xs:pattern
455: value="(19|20)\d\d-((01|03|05|07|08|10|12)-(0[1-9]|[1-2]\d|3[01])|(04|06|09|11)-(0[1-9]|[1-2]\d|30)|02-(0[1-9]|1\d|2\d))"
456: />
457: </xs:restriction>
458: </xs:simpleType>
459: <xs:simpleType name="urlType">
460: <xs:annotation>
461: <xs:documentation> Restricts urls in NVD beyond the xs:anyURI restrictions.
462: </xs:documentation>
463: </xs:annotation>
464: <xs:restriction base="xs:anyURI">
465: <xs:whiteSpace value="collapse"/>
466: <xs:pattern value="(news|(ht|f)tp(s)?)://.+"/>
467: </xs:restriction>
468: </xs:simpleType>
469: <xs:simpleType name="trueOnlyAttribute">
470: <xs:annotation>
471: <xs:documentation> simpleType used for attributes that are only present when they are
472: true. Such attributes appear only in the form attribute_name="1".
473: </xs:documentation>
474: </xs:annotation>
475: <xs:restriction base="xs:NMTOKEN">
476: <xs:enumeration value="1"/>
477: </xs:restriction>
478: </xs:simpleType>
479: <xs:simpleType name="zeroToTen">
480: <xs:annotation>
481: <xs:documentation> simpleType used when scoring on a scale of 0-10, inclusive
482: </xs:documentation>
483: </xs:annotation>
484: <xs:restriction base="xs:decimal">
485: <xs:minInclusive value="0" fixed="true"/>
486: <xs:maxInclusive value="10" fixed="true"/>
487: </xs:restriction>
488: </xs:simpleType>
489: <xs:simpleType name="CVSSVector">
490: <xs:annotation>
491: <xs:documentation>simpleType to describe the CVSS Base Vector </xs:documentation>
492: </xs:annotation>
493: <xs:restriction base="xs:string">
494: <xs:pattern
495: value="\(AV:[LAN]/AC:[HML]/Au:[NSM]/C:[NPC]/I:[NPC]/A:[NPC]\)"/>
496: </xs:restriction>
497: </xs:simpleType>
498: </xs:schema>