Common Platform Enumeration
Common Platform Enumeration (CPE) is a structured
The CPE Product Dictionary provides an agreed upon list of official CPE names. The dictionary is provided in
CPE identifiers are commonly used to search for Common Vulnerabilities and Exposures (CVEs) that affect the identified product.
Scheme format
CPE 2.3 follows this format, maintained by NIST:[2]
cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>
cpe_version
The version of the CPE definition. The latest CPE definition version is 2.3.
part
May have 1 of 3 values:
a
for Applicationsh
for Hardwareo
for Operating Systems
It is sometimes referred to as type
.
vendor
Values for this attribute SHOULD describe or identify the person or organization that manufactured or created the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAY be defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute. [1]
product
The name of the system/package/component. product
and vendor
are sometimes identical. It can not contain spaces, slashes, or most special characters. An underscore should be used in place of whitespace characters.
version
The version of the system/package/component.
update
This is used for update or service pack information. Sometimes referred to as "point releases" or minor versions. The technical difference between version
and update
will be different for certain vendors and products. Common examples include beta
, update4
, SP1
, and ga
(for General Availability), but it is most often left blank.
edition
A further granularity describing the build of the system/package/component, beyond version
.
language
A valid language tag as defined by
en-us
for US English, and zh-tw
for Taiwanese MandarinExamples
Here, *
is used as a wildcard character:
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*
References
- ^ a b c "NVD - CPE Dictionary". nvd.nist.gov. Retrieved 2017-02-15. This article incorporates text from this source, which is in the public domain.
- ^ "Archived copy" (PDF). Archived from the original (PDF) on 2021-04-21. Retrieved 2021-04-22.
{{cite web}}
: CS1 maint: archived copy as title (link)