HOME

TheInfoList



Click Here for Items Related To - Common Platform Enumeration
OR:
Common Platform Enumeration on:   [Wikipedia]   [Google]   [Amazon]

Common Platform Enumeration (CPE) is a structured
naming scheme In computing, naming schemes are often used for objects connected into computer networks. Naming schemes in computing Server naming is a common tradition. It makes it more convenient to refer to a machine by name than by its IP address. The C ...
for information technology systems, software, and packages. Based upon the generic syntax for
Uniform Resource Identifier A Uniform Resource Identifier (URI) is a unique sequence of characters that identifies a logical or physical resource used by web technologies. URIs may be used to identify anything, including real-world objects, such as people and places, conc ...
s (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. The CPE Product Dictionary provides an agreed upon list of official CPE names. The dictionary is provided in XML format and is available to the general public. The CPE Dictionary is hosted and maintained at
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sc ...
, may be used by nongovernmental organizations on a voluntary basis, and is not subject to copyright in the United States. CPE identifiers are commonly used to search for
Common Vulnerabilities and Exposures The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, mainta ...
(CVEs) that affect the identified product.


Scheme Format

The CPE follows this format, maintained by NIST: cpe::::::::::::


cpe_version

The version of the CPE definition. The latest CPE definition version is 2.3.


part

May have 1 of 3 values: # a for Applications # h for Hardware # o for Operating Systems It is sometimes referred to as type.


vendor

Values for this attribute SHOULD describe or identify the person or organization that manufactured or created the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAY be defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute.


product

The name of the system/package/component. product and vendor are sometimes identical. It can not contain spaces, slashes, or most special characters. Also may not contain underscores and the hyphen/minus sign.


version

The version of the system/package/component.


update

This is used for update or
service pack In computing, a service pack comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a ...
information. Sometimes referred to as "point releases" or minor versions. The technical difference between version and update will be different for certain vendors and products. Common examples include beta, update4, SP1, and ga (for General Availability), but it is most often left blank.


edition

A further granularity describing the build of the system/package/component, beyond version.


language

A valid language tag as defined by
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
RFCbr>4646
entitled "Tags for Identifying Languages". Examples include: en-us for US English, and zh-tw for
Taiwanese Mandarin Taiwanese Mandarin, ''Guoyu'' ( zh, s=, t=國語, p=Guóyǔ, l=National Language, first=t) or ''Huayu'' ( zh, s=, t=華語, p=Huáyǔ, first=t, l=Mandarin Language, labels=no) refers to Mandarin Chinese spoken in Taiwan. A large majority of the ...
.


Examples

Here, * is used as a
wildcard character In software, a wildcard character is a kind of placeholder represented by a single character, such as an asterisk (), which can be interpreted as a number of literal characters or an empty string. It is often used in file searches so the full n ...
: cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:-:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*


References

{{reflist


External links


CPE Specification

Official CPE Dictionary
Naming conventions