nvd.nist.gov error
3,112 views
Skip to first unread message
Nikita Bublikov
Jul 10, 2020, 11:21:42 AM7/10/20
to Dependency Check
Hello!
I am trying to run a bash script from the Docker section, at this link https://github.com/jeremylong/DependencyCheck
But he gives an error [ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
How can I fix this?
I am trying to run a bash script from the Docker section, at this link https://github.com/jeremylong/DependencyCheck
But he gives an error [ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
How can I fix this?
Shawn Black
Jul 10, 2020, 11:30:09 AM7/10/20
to Dependency Check
Are you limiting the amount of RAM allocated to the Docker container?
I've had some issues where memory utilization ran high and as a result had issues with downloading updates.
Might help. Good luck!
Nikita Bublikov
Jul 10, 2020, 11:37:53 AM7/10/20
to Dependency Check
full text
latest: Pulling from owasp/dependency-check
latest: Pulling from owasp/dependency-check
Digest: sha256:ca73b12ee7ed5db24e007229ed8d9fd145f236b686612aa260b873487ba9c375
Status: Image is up to date for owasp/dependency-check:latest
[INFO] Checking for updates
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:347)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded(NvdCveUpdater.java:385)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:936)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:737)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:667)
at org.owasp.dependencycheck.App.runScan(App.java:254)
at org.owasp.dependencycheck.App.run(App.java:186)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'
at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:131)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:340)
... 8 common frames omitted
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138)
at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:126)
... 9 common frames omitted
Caused by: java.net.UnknownHostException: nvd.nist.gov
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:220)
at java.base/java.net.Socket.connect(Socket.java:591)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:265)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178)
... 11 common frames omitted
[INFO] Skipping RetireJS update since last update was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
[ERROR] No documents exist
mark
Jul 10, 2020, 12:50:23 PM7/10/20
to dependen...@googlegroups.com
On 2020-07-10 17:37, 'Nikita Bublikov' via Dependency Check wrote:
> Caused by: java.net.UnknownHostException: nvd.nist.gov
so it seems your environment cannot find the IP address for nvd.nist.gov
so there is no way to connect, check your networking setup, it seems DNS
is broken.
-M
> Caused by: java.net.UnknownHostException: nvd.nist.gov
so it seems your environment cannot find the IP address for nvd.nist.gov
so there is no way to connect, check your networking setup, it seems DNS
is broken.
-M
Message has been deleted
Nikita Bublikov
Jul 13, 2020, 4:49:33 AM7/13/20
to Dependency Check
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 64.233.163.138
Name: google.com
Address: 64.233.163.101
Name: google.com
Address: 64.233.163.100
Name: google.com
Address: 64.233.163.139
Name: google.com
Address: 64.233.163.113
Name: google.com
Address: 64.233.163.102
Name: google.com
Address: 2a00:1450:4010:c06::66
Name: google.com
Address: 2a00:1450:4010:c06::64
user@ubuntu:~$ dig google.com
; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42813
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;; ANSWER SECTION:
;; Query time: 12 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jul 13 01:48:16 PDT 2020
;; MSG SIZE rcvd: 135
C. Comet
Jul 13, 2020, 4:29:26 PM7/13/20
to Nikita Bublikov, Dependency Check
Validate name to IP resolution of nvd.nist.gov. Knowing your DNS server is pingable does not mean that you do not have an incorrect IP cached, or a hosts file entry that is incorrect.
dig nvd.nist.gov
--------
Comet
On Mon, Jul 13, 2020 at 1:49 AM 'Nikita Bublikov' via Dependency Check <dependen...@googlegroups.com> wrote:
Everything seems to be fine with DNS
user@ubuntu:~$ dig google.com
Nikita Bublikov
Jul 14, 2020, 2:52:47 AM7/14/20
to C. Comet, Dependency Check
Thank you all! It was misconfiguration in resolv.conf in ubuntu 18.04
Nikita Bublikov
Λ Γ Γ I V Λ L
Security Assurance Analyst
Telegram: @Bublikov
Lakhtinskiy Prospekt 131 A
Saint-Petersburg
197229 Russia
The content of this email and any attachments is confidential and for the addressee only.
Reply all
Reply to author
Forward
0 new messages