Discussion:
Cve_id field is being truncated when exporting results to MySQL
SPAOTVA
2006-12-01 14:48:48 UTC
Permalink
Classification: UNCLASSIFIED

Hi,
I am running a CoLinux (Gentoo) session on my XP box with. Nessus for
Linux is running in Gentoo and I am using Nessus WX as my client.
I have the description, solution and cve_id fields set to text in MySQL.
When I export the results from a scan into MySQL through Nessus WX the
cve_id field get's truncated. The description and solution fields export
without a problem.
If I look at the raw data of the scan the cve_id information is
complete.
Has anyone run into this problem?

Thanks
Mike
George A. Theall
2006-12-03 19:52:05 UTC
Permalink
Post by SPAOTVA
I have the description, solution and cve_id fields set to text in MySQL.
When I export the results from a scan into MySQL through Nessus WX the
cve_id field get's truncated. The description and solution fields export
without a problem.
If I look at the raw data of the scan the cve_id information is complete.
Look at the type used for cve_id in the MySQL table. The schema
available here :

http://nessuswx.nessus.org/sql_tables.html

allows a maximum of only 32 characters, in other words, 2 CVEs. That's
definitely too small given the plugins that exist today. I'm not sure
what an upper bound should be, though, but 255 should avoid problems
with most plugins.

George
--
***@tenablesecurity.com
Loading...