You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While interacting with the TAXII 2.1 API at https://attack-taxii.mitre.org, I observed that the x-taxii-date-added-first and x-taxii-date-added-last headers in the HTTP response contain timestamps that do not conform to the RFC 3339 format, as required by the TAXII 2.1 specification.
Steps to Reproduce:
Execute the following curl command:
curl -i -X GET "https://attack-taxii.mitre.org/api/v21/collections/x-mitre-collection--$CollectionID/objects?limit=1" -H "Accept: application/taxii+json;version=2.1"
Observe the x-taxii-date-added-first and x-taxii-date-added-last headers in the HTTP response:
x-taxii-date-added-first: Thu Feb 20 2020 22:10:20 GMT+0000 (Coordinated Universal Time)
x-taxii-date-added-last: Thu Feb 20 2020 22:10:20 GMT+0000 (Coordinated Universal Time)
Expected Behavior:
According to the TAXII 2.1 specification, timestamps must adhere to the RFC 3339 format, which is YYYY-MM-DDTHH:MM:SS.ssssssZ. For example:
The headers contain timestamps in a non-RFC 3339 format:
x-taxii-date-added-first: Thu Feb 20 2020 22:10:20 GMT+0000 (Coordinated Universal Time)
x-taxii-date-added-last: Thu Feb 20 2020 22:10:20 GMT+0000 (Coordinated Universal Time)
Impact:
Non-compliance with the RFC 3339 timestamp format may lead to interoperability issues with clients expecting standardized timestamp formats, potentially causing parsing errors or misinterpretations of the data.
Suggested Fix:
Modify the server to ensure that all timestamp headers conform to the RFC 3339 format with microsecond precision, as mandated by the TAXII 2.1 specification.
Description:
While interacting with the TAXII 2.1 API at
https://attack-taxii.mitre.org, I observed that thex-taxii-date-added-firstandx-taxii-date-added-lastheaders in the HTTP response contain timestamps that do not conform to the RFC 3339 format, as required by the TAXII 2.1 specification.Steps to Reproduce:
curlcommand:x-taxii-date-added-firstandx-taxii-date-added-lastheaders in the HTTP response:Expected Behavior:
According to the TAXII 2.1 specification, timestamps must adhere to the RFC 3339 format, which is
YYYY-MM-DDTHH:MM:SS.ssssssZ. For example:Actual Behavior:
The headers contain timestamps in a non-RFC 3339 format:
Impact:
Non-compliance with the RFC 3339 timestamp format may lead to interoperability issues with clients expecting standardized timestamp formats, potentially causing parsing errors or misinterpretations of the data.
Suggested Fix:
Modify the server to ensure that all timestamp headers conform to the RFC 3339 format with microsecond precision, as mandated by the TAXII 2.1 specification.
References:
Additional Information:
Validation of the current timestamp format using an RFC 3339 validator returns
False:This indicates that the current timestamp format does not comply with RFC 3339 standards.
The text was updated successfully, but these errors were encountered: