Vulnerabilities > CVE-2008-3663 - Cryptographic Issues vulnerability in Squirrelmail 1.4.15
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0010.NASL description An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic discovered a cross-site scripting (XSS) flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially crafted HTML mail or attachment that could cause a user last seen 2020-06-01 modified 2020-06-02 plugin id 35353 published 2009-01-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35353 title CentOS 3 / 4 / 5 : squirrelmail (CESA-2009:0010) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0010 and # CentOS Errata and Security Advisory 2009:0010 respectively. # include("compat.inc"); if (description) { script_id(35353); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-2379", "CVE-2008-3663"); script_bugtraq_id(31321); script_xref(name:"RHSA", value:"2009:0010"); script_name(english:"CentOS 3 / 4 / 5 : squirrelmail (CESA-2009:0010)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic discovered a cross-site scripting (XSS) flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially crafted HTML mail or attachment that could cause a user's Web browser to execute a malicious script in the context of the SquirrelMail session when that email or attachment was opened by the user. (CVE-2008-2379) It was discovered that SquirrelMail allowed cookies over insecure connections (ie did not restrict cookies to HTTPS connections). An attacker who controlled the communication channel between a user and the SquirrelMail server, or who was able to sniff the user's network communication, could use this flaw to obtain the user's session cookie, if a user made an HTTP request to the server. (CVE-2008-3663) Note: After applying this update, all session cookies set for SquirrelMail sessions started over HTTPS connections will have the 'secure' flag set. That is, browsers will only send such cookies over an HTTPS connection. If needed, you can revert to the previous behavior by setting the configuration option '$only_secure_cookies' to 'false' in SquirrelMail's /etc/squirrelmail/config.php configuration file. Users of squirrelmail should upgrade to this updated package, which contains backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2009-February/015597.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?99f369e7" ); # https://lists.centos.org/pipermail/centos-announce/2009-February/015599.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cba97249" ); # https://lists.centos.org/pipermail/centos-announce/2009-January/015540.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?022d4f81" ); # https://lists.centos.org/pipermail/centos-announce/2009-January/015541.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?516756cb" ); # https://lists.centos.org/pipermail/centos-announce/2009-January/015546.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?445886da" ); # https://lists.centos.org/pipermail/centos-announce/2009-January/015547.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e77f9f9" ); # https://lists.centos.org/pipermail/centos-announce/2009-January/015554.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?44314620" ); # https://lists.centos.org/pipermail/centos-announce/2009-January/015555.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1a862959" ); script_set_attribute( attribute:"solution", value:"Update the affected squirrelmail package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(79, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:squirrelmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2009/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"squirrelmail-1.4.8-8.el3.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"squirrelmail-1.4.8-9.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"squirrelmail-1.4.8-8.el3.centos.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"squirrelmail-1.4.8-5.el4.centos.2")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"squirrelmail-1.4.8-5.c4.3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"squirrelmail-1.4.8-5.el4.centos.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"squirrelmail-1.4.8-5.el5.centos.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squirrelmail"); }NASL family SuSE Local Security Checks NASL id SUSE_SQUIRRELMAIL-5978.NASL description This update of squirrelmail corrects a problem introduced by a patch for CVE-2008-3663 that caused cookies to be static. (CVE-2009-0030) last seen 2020-06-01 modified 2020-06-02 plugin id 35598 published 2009-02-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35598 title openSUSE 10 Security Update : squirrelmail (squirrelmail-5978) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A0AFB4B989A111DDA65B00163E000016.NASL description Hanno Boeck reports : When configuring a web application to use only ssl (e.g. by forwarding all http-requests to https), a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Otherwise the cookie will be transferred through HTTP if the victim last seen 2020-06-01 modified 2020-06-02 plugin id 34271 published 2008-09-24 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34271 title FreeBSD : squirrelmail -- Session hijacking vulnerability (a0afb4b9-89a1-11dd-a65b-00163e000016) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0010.NASL description An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic discovered a cross-site scripting (XSS) flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially crafted HTML mail or attachment that could cause a user last seen 2020-06-01 modified 2020-06-02 plugin id 35357 published 2009-01-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35357 title RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:0010) NASL family Fedora Local Security Checks NASL id FEDORA_2009-5471.NASL description - Fri May 22 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 - Tue May 19 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-2 - fix undefined variable aSpamIds (#501260) - Tue May 12 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-1 - update to 1.4.18 (fixes CVE-2009-1581) - Thu Dec 4 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.17-1 - update to 1.4.17 (fixes CVE-2008-2379) - Wed Oct 1 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.16-1 - update to 1.4.16 - resolves: #464185: CVE-2008-3663 Squirrelmail session hijacking Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38908 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38908 title Fedora 9 : squirrelmail-1.4.19-1.fc9 (2009-5471) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0010.NASL description From Red Hat Security Advisory 2009:0010 : An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic discovered a cross-site scripting (XSS) flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially crafted HTML mail or attachment that could cause a user last seen 2020-06-01 modified 2020-06-02 plugin id 67786 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67786 title Oracle Linux 3 / 4 / 5 : squirrelmail (ELSA-2009-0010) NASL family CGI abuses NASL id SQUIRRELMAIL_INSECURE_HTTPS_COOKIE.NASL description The version of SquirrelMail installed on the remote host does not set the last seen 2020-06-01 modified 2020-06-02 plugin id 35661 published 2009-02-12 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35661 title SquirrelMail HTTPS Session Cookie Secure Flag Weakness NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-001.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm last seen 2020-06-01 modified 2020-06-02 plugin id 35684 published 2009-02-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35684 title Mac OS X Multiple Vulnerabilities (Security Update 2009-001) NASL family Fedora Local Security Checks NASL id FEDORA_2009-4870.NASL description - Tue May 12 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-1 - update to 1.4.18 (fixes CVE-2009-1581) - Thu Dec 4 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.17-1 - update to 1.4.17 (fixes CVE-2008-2379) - Wed Oct 1 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.16-1 - update to 1.4.16 - resolves: #464185: CVE-2008-3663 Squirrelmail session hijacking Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38748 published 2009-05-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38748 title Fedora 9 : squirrelmail-1.4.18-1.fc9 (2009-4870) NASL family Fedora Local Security Checks NASL id FEDORA_2008-8559.NASL description rebase to 1.4.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34479 published 2008-10-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34479 title Fedora 9 : squirrelmail-1.4.16-1.fc9 (2008-8559) NASL family SuSE Local Security Checks NASL id SUSE_SQUIRRELMAIL-5778.NASL description Squirrelmail was updated to use the secure flag for its cookies. Otherwise it was possible to hijack a SSL-protected session via leaked cookies. (CVE-2008-3663) last seen 2020-06-01 modified 2020-06-02 plugin id 34814 published 2008-11-18 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34814 title openSUSE 10 Security Update : squirrelmail (squirrelmail-5778) NASL family SuSE Local Security Checks NASL id SUSE_SQUIRRELMAIL-5792.NASL description Squirrelmail was updated to use the secure flag for its cookies. Otherwise it was possible to hijack a SSL-protected session via leaked cookies. (CVE-2008-3663) The previous update for the problem above contained a typo which broke squirrelmail. last seen 2020-06-01 modified 2020-06-02 plugin id 34848 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34848 title openSUSE 10 Security Update : squirrelmail (squirrelmail-5792) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9071.NASL description update to 1.4.16 fixes CVE-2008-3663 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34493 published 2008-10-27 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34493 title Fedora 8 : squirrelmail-1.4.16-1.fc8 (2008-9071) NASL family Scientific Linux Local Security Checks NASL id SL_20090112_SQUIRRELMAIL_ON_SL3_X.NASL description Ivan Markovic discovered a cross-site scripting (XSS) flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially crafted HTML mail or attachment that could cause a user last seen 2020-06-01 modified 2020-06-02 plugin id 60519 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60519 title Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64
Oval
| accepted | 2013-04-29T04:06:36.641-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10548 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 31321 CVE ID:CVE-2008-3663 CNCVE ID:CNCVE-20083663 SquirrelMail是一款基于PHP的WEB邮件服务程序。 SquirrelMail不安全处理COOKIE数据,远程攻击者可以利用漏洞获得敏感信息,窃取COOKIE验证敏感条文,进行会话劫持攻击。 当配置WEB应用程序只使用SSL时(如转向所有HTTP请求到HTTPS),用户可以不能通过嗅探来进行截获。 要因此变的更安全,需要设置会话COOKIE标有安全标记,否则如果目标用户浏览器在同一域上只进行单个HTTP请求,COOKIE会通过HTTP传送。 Squirrelmail没有设置此标记,可导致通过HTTP传送的COOKIE被嗅探到。 SquirrelMail 1.4.15 根据报告Squirrelmail 1.5 test版本已经修正此漏洞: <a href=http://www.squirrelmail.org/ target=_blank>http://www.squirrelmail.org/</a> id SSV:4093 last seen 2017-11-19 modified 2008-09-25 published 2008-09-25 reporter Root title SquirrelMail不安全COOKE泄漏漏洞 bulletinFamily exploit description BUGTRAQ ID: 33354 CVE(CAN) ID: CVE-2009-0030 SquirrelMail是一款PHP编写的WEBMAIL程序。 Red Hat为CVE-2008-3663所提供的修复导致SquirrelMail对所有的会话都设置了相同的SQMSESSID Cookie值,这允许通过认证的远程用户通过使用标准的webmail.php接口访问其他用户的文件夹列表和配置数据。 SquirrelMail 1.4.8 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0057-01)以及相应补丁: RHSA-2009:0057-01:Important: squirrelmail security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0057.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0057.html</a> id SSV:4796 last seen 2017-11-19 modified 2009-02-19 published 2009-02-19 reporter Root title SquirrelMail软件包会话处理绕过认证漏洞
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-01-12 |
| organization | Red Hat |
| statement | This issue has been fixed in the affected Red Hat Enterprise Linux versions via: https://rhn.redhat.com/errata/RHSA-2009-0010.html |
References
- http://int21.de/cve/CVE-2008-3663-squirrelmail.html
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/33937
- http://securityreason.com/securityalert/4304
- http://support.apple.com/kb/HT3438
- http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html
- http://www.securityfocus.com/archive/1/496601/100/0/threaded
- http://www.securityfocus.com/bid/31321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45700
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548