Removes OSVDB references from scripts. Closes #1534

Code specific to OSVDB in vulns.lua is retained for historical reasons

nselib/data/http-fingerprints.lua

@@ -6951,7 +6951,7 @@ table.insert(fingerprints, {
     matches = {
       {
         match = '200',
-        output = 'Possible DD-WRT router Information Disclosure (OSVDB 70230)'
+        output = 'Possible DD-WRT router Information Disclosure (BID 45598)'
       }
     }
   });

nselib/vulns.lua

@@ -454,7 +454,7 @@ local POPULAR_IDS_LINKS = {
             return string_format("%s%s", link, id)
           end,
   BID = function(id)
-          local link = 'http://www.securityfocus.com/bid/'
+          local link = 'https://www.securityfocus.com/bid/'
           return string_format("%s%s", link, id)
         end,
 }

scripts/distcc-cve2004-2687.nse

@@ -33,10 +33,9 @@ present in modern implementation due to poor configuration of the service.
 -- |     uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup)
 -- |
 -- |     References:
--- |       http://distcc.googlecode.com/svn/trunk/doc/web/security.html
--- |       http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687
--- |       http://http://www.osvdb.org/13378
--- |_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
+-- |       https://distcc.github.io/security.html
+-- |       https://nvd.nist.gov/vuln/detail/CVE-2004-2687
+-- |_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
 --
 -- @args cmd the command to run at the remote server
 --
@@ -66,9 +65,8 @@ Allows executing of arbitrary commands on systems running distccd 3.1 and
 earlier. The vulnerability is the consequence of weak service configuration.
 ]],
     references = {
-      'http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687',
-      'http://http://www.osvdb.org/13378',
-      'http://distcc.googlecode.com/svn/trunk/doc/web/security.html',
+      'https://nvd.nist.gov/vuln/detail/CVE-2004-2687',
+      'https://distcc.github.io/security.html',
     },
     dates = { disclosure = {year = '2002', month = '02', day = '01'}, },
     exploit_results = {},

scripts/ftp-libopie.nse

@@ -18,7 +18,7 @@ Be advised that, if launched against a vulnerable host, this script will crash t
 -- |   VULNERABLE:
 -- |   OPIE off-by-one stack overflow
 -- |     State: LIKELY VULNERABLE
--- |     IDs:  CVE:CVE-2010-1938  OSVDB:64949
+-- |     IDs:  CVE:CVE-2010-1938  BID:40403
 -- |     Risk factor: High  CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
 -- |     Description:
 -- |       An off-by-one error in OPIE library 2.4.1-test1 and earlier, allows remote
@@ -26,10 +26,10 @@ Be advised that, if launched against a vulnerable host, this script will crash t
 -- |       via a long username.
 -- |     Disclosure date: 2010-05-27
 -- |     References:
--- |       http://osvdb.org/64949
 -- |       http://site.pi3.com.pl/adv/libopie-adv.txt
 -- |       http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
--- |_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
+-- |       https://www.securityfocus.com/bid/40403
+-- |_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
 --
 
 
@@ -43,7 +43,7 @@ portrule = shortport.port_or_service(21, "ftp")
 action = function(host, port)
   local opie_vuln = {
     title = "OPIE off-by-one stack overflow",
-    IDS = {CVE = 'CVE-2010-1938', OSVDB = '64949'},
+    IDS = {CVE = 'CVE-2010-1938', BID = '40403'},
     risk_factor = "High",
     scores = {
       CVSSv2 = "9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)",

scripts/ftp-proftpd-backdoor.nse

@@ -7,8 +7,8 @@ local stdnse = require "stdnse"
 -- vim: set filetype=lua :
 
 description = [[
-Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID
-69562. This script attempts to exploit the backdoor using the innocuous
+Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID
+45150. This script attempts to exploit the backdoor using the innocuous
 <code>id</code> command by default, but that can be changed with the
 <code>ftp-proftpd-backdoor.cmd</code> script argument.
 ]]

scripts/ftp-vsftpd-backdoor.nse

@@ -34,7 +34,7 @@ References:
 -- |   VULNERABLE:
 -- |   vsFTPd version 2.3.4 backdoor
 -- |     State: VULNERABLE (Exploitable)
--- |     IDs:  CVE:CVE-2011-2523  OSVDB:73573
+-- |     IDs:  CVE:CVE-2011-2523  BID:48539
 -- |     Description:
 -- |       vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.
 -- |     Disclosure date: 2011-07-03
@@ -43,8 +43,8 @@ References:
 -- |       Shell command: id
 -- |       Results: uid=0(root) gid=0(root) groups=0(root)
 -- |     References:
--- |       http://osvdb.org/73573
--- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
+-- |       https://www.securityfocus.com/bid/48539
+-- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
 -- |       http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
 -- |_      https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb
 --
@@ -137,7 +137,7 @@ action = function(host, port)
 
   local vsftp_vuln = {
     title = "vsFTPd version 2.3.4 backdoor",
-    IDS = {CVE = 'CVE-2011-2523', OSVDB = '73573'},
+    IDS = {CVE = 'CVE-2011-2523', BID = '48539'},
     description = [[
 vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.]],
     references = {

scripts/ftp-vuln-cve2010-4221.nse

@@ -14,7 +14,7 @@ the context of the proftpd process (CVE-2010-4221). Authentication is not
 required to exploit this vulnerability.
 
 Reference:
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
 * http://www.exploit-db.com/exploits/15449/
 * http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac
 ]]
@@ -30,7 +30,7 @@ Reference:
 -- |   VULNERABLE:
 -- |   ProFTPD server TELNET IAC stack overflow
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2010-4221  BID:44562  OSVDB:68985
+-- |     IDs:  CVE:CVE-2010-4221  BID:44562
 -- |     Risk factor: High  CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
 -- |     Description:
 -- |       ProFTPD server (version 1.3.2rc3 through 1.3.3b) is vulnerable to
@@ -39,11 +39,10 @@ Reference:
 -- |       execute arbitrary code.
 -- |     Disclosure date: 2010-11-02
 -- |     References:
--- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
--- |       http://osvdb.org/68985
+-- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
 -- |       http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac
 -- |       http://bugs.proftpd.org/show_bug.cgi?id=3521
--- |_      http://www.securityfocus.com/bid/44562
+-- |_      https://www.securityfocus.com/bid/44562
 --
 
 author = "Djalal Harouni"
@@ -169,7 +168,7 @@ action = function(host, port)
     port = port,
     vuln = {
       title = 'ProFTPD server TELNET IAC stack overflow',
-      IDS = {CVE = 'CVE-2010-4221', OSVDB = '68985', BID = '44562'},
+      IDS = {CVE = 'CVE-2010-4221', BID = '44562'},
       risk_factor = "High",
       scores = {
         CVSSv2 = "10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)",

scripts/http-axis2-dir-traversal.nse

@@ -10,7 +10,7 @@ local table = require "table"
 description = [[
 Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by
 sending a specially crafted request to the parameter <code>xsd</code>
-(OSVDB-59001). By default it will try to retrieve the configuration file of the
+(BID 40343). By default it will try to retrieve the configuration file of the
 Axis2 service <code>'/conf/axis2.xml'</code> using the path
 <code>'/axis2/services/'</code> to return the username and password of the
 admin account.
@@ -26,8 +26,8 @@ To check the version of an Apache Axis2 installation go to:
 http://domain/axis2/services/Version/getVersion
 
 Reference:
-* http://osvdb.org/show/osvdb/59001
-* http://www.exploit-db.com/exploits/12721/
+* https://www.securityfocus.com/bid/40343
+* https://www.exploit-db.com/exploits/12721/
 ]]
 
 ---
@@ -162,7 +162,7 @@ action = function(host, port)
       return
     end
 
-    output[#output+1] = "\nApache Axis2 Directory Traversal (OSVDB-59001)"
+    output[#output+1] = "\nApache Axis2 Directory Traversal (BID 40343)"
 
     --Retrieve file or only show credentials if downloading the configuration file
     if rfile ~= DEFAULT_FILE then

scripts/http-iis-short-name-brute.nse

@@ -11,7 +11,7 @@ Notes:
 
 References:
 * Research paper: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
-* IIS Shortname Scanner PoC: http://code.google.com/p/iis-shortname-scanner-poc/
+* IIS Shortname Scanner PoC: https://github.com/irsdl/IIS-ShortName-Scanner
 ]]
 
 ---
@@ -42,7 +42,7 @@ References:
 -- |
 -- |     References:
 -- |       http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
--- |_      http://code.google.com/p/iis-shortname-scanner-poc/
+-- |_      https://github.com/irsdl/IIS-ShortName-Scanner
 ---
 
 author = {"Jesper Kueckelhahn", "Paulino Calderon"}
@@ -156,8 +156,8 @@ cause a denial of service condition.
     ]],
     references = {
       'http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf',
-      'http://code.google.com/p/iis-shortname-scanner-poc/',
-      'http://www.osvdb.org/83771'
+      'https://github.com/irsdl/IIS-ShortName-Scanner',
+      'https://www.securityfocus.com/archive/1/523424'
     }
   }
   local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)

scripts/http-vuln-cve2009-3960.nse

@@ -15,7 +15,7 @@ ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0
 
 For more information see:
 * http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf
-* http://www.osvdb.org/62292
+* https://www.securityfocus.com/bid/38197
 * Metasploit module: auxiliary/scanner/http/adobe_xml_inject
 ]]
 
@@ -131,7 +131,7 @@ Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and
 ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0]],
     references = {
       'http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf',
-      'http://www.osvdb.org/62292'
+      'https://www.securityfocus.com/bid/38197'
     },
     dates = {
       disclosure = {year = '2010', month = '02', day = '15'},

scripts/http-vuln-cve2010-2861.nse

@@ -30,7 +30,7 @@ the password hash.
 -- |   VULNERABLE:
 -- |   Adobe ColdFusion enter.cfm Traversal password.properties Information Disclosure
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2010-2861  OSVDB:67047
+-- |     IDs:  CVE:CVE-2010-2861  BID:42342
 -- |     Description:
 -- |       Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion
 -- |       9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter
@@ -44,10 +44,10 @@ the password hash.
 -- |
 -- |     References:
 -- |       http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking
--- |       http://www.nessus.org/plugins/index.php?view=single&id=48340
--- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861
--- |       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861
--- |_      http://osvdb.org/67047
+-- |       https://www.tenable.com/plugins/nessus/48340
+-- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2861
+-- |       https://nvd.nist.gov/vuln/detail/CVE-2010-2861
+-- |_      https://www.securityfocus.com/bid/42342
 --
 --
 -- This script relies on the service being identified as HTTP or HTTPS. If the
@@ -66,16 +66,16 @@ action = function(host, port)
   local vuln = {
     title = 'Adobe ColdFusion Directory Traversal Vulnerability',
     state = vulns.STATE.NOT_VULN, -- default
-    IDS = {CVE = 'CVE-2010-2861', OSVDB = '67047'},
+    IDS = {CVE = 'CVE-2010-2861', BID = '42342'},
     description = [[
 Multiple directory traversal vulnerabilities in the administrator console
 in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the
 locale parameter]],
     references = {
       'http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking',
-      'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861',
-      'http://osvdb.org/67047',
-      'http://www.nessus.org/plugins/index.php?view=single&id=48340',
+      'https://nvd.nist.gov/vuln/detail/CVE-2010-2861',
+      'https://www.securityfocus.com/bid/42342',
+      'https://www.tenable.com/plugins/nessus/48340',
     },
     dates = {
       disclosure = {year = '2010', month = '08', day = '10'},

scripts/http-vuln-cve2011-3192.nse

@@ -8,9 +8,9 @@ Detects a denial of service vulnerability in the way the Apache web server
 handles requests for multiple overlapping/simple ranges of a page.
 
 References:
-* http://seclists.org/fulldisclosure/2011/Aug/175
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
-* http://nessus.org/plugins/index.php?view=single&id=55976
+* https://seclists.org/fulldisclosure/2011/Aug/175
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
+* https://www.tenable.com/plugins/nessus/55976
 ]]
 
 ---
@@ -26,16 +26,16 @@ References:
 -- |   VULNERABLE:
 -- |   Apache byterange filter DoS
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2011-3192  OSVDB:74721
+-- |     IDs:  CVE:CVE-2011-3192  BID:49303
 -- |     Description:
 -- |       The Apache web server is vulnerable to a denial of service attack when numerous
 -- |       overlapping byte ranges are requested.
 -- |     Disclosure date: 2011-08-19
 -- |     References:
--- |       http://seclists.org/fulldisclosure/2011/Aug/175
--- |       http://nessus.org/plugins/index.php?view=single&id=55976
--- |       http://osvdb.org/74721
--- |_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
+-- |       https://seclists.org/fulldisclosure/2011/Aug/175
+-- |       https://www.tenable.com/plugins/nessus/55976
+-- |       https://www.securityfocus.com/bid/49303
+-- |_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
 --
 -- @args http-vuln-cve2011-3192.hostname  Define the host name to be used in the HEAD request sent to the server
 -- @args http-vuln-cve2011-3192.path  Define the request path
@@ -62,14 +62,14 @@ action = function(host, port)
   local vuln = {
     title = 'Apache byterange filter DoS',
     state = vulns.STATE.NOT_VULN, -- default
-    IDS = {CVE = 'CVE-2011-3192', OSVDB = '74721'},
+    IDS = {CVE = 'CVE-2011-3192', BID = '49303'},
     description = [[
 The Apache web server is vulnerable to a denial of service attack when numerous
 overlapping byte ranges are requested.]],
     references = {
-      'http://seclists.org/fulldisclosure/2011/Aug/175',
-      'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192',
-      'http://nessus.org/plugins/index.php?view=single&id=55976',
+      'https://seclists.org/fulldisclosure/2011/Aug/175',
+      'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192',
+      'https://www.tenable.com/plugins/nessus/55976',
     },
     dates = {
       disclosure = {year = '2011', month = '08', day = '19'},

scripts/http-vuln-cve2011-3368.nse

@@ -28,7 +28,7 @@ References:
 -- |   VULNERABLE:
 -- |   Apache mod_proxy Reverse Proxy Security Bypass
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2011-3368  OSVDB:76079
+-- |     IDs:  CVE:CVE-2011-3368  BID:49957
 -- |     Description:
 -- |       An exposure was reported affecting the use of Apache HTTP Server in
 -- |       reverse proxy mode. The exposure could inadvertently expose internal
@@ -37,8 +37,8 @@ References:
 -- |     Extra information:
 -- |       Proxy allows requests to external websites
 -- |     References:
--- |       http://osvdb.org/76079
--- |_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
+-- |       https://www.securityfocus.com/bid/49957
+-- |_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
 --
 -- @args http-vuln-cve2011-3368.prefix sets the path prefix (directory) to check for the vulnerability.
 --
@@ -55,12 +55,12 @@ action = function(host, port)
 
   local vuln = {
     title = 'Apache mod_proxy Reverse Proxy Security Bypass',
-    IDS = { CVE='CVE-2011-3368', OSVDB='76079'},
+    IDS = { CVE='CVE-2011-3368', BID='49957'},
     description = [[
 An exposure was reported affecting the use of Apache HTTP Server in
 reverse proxy mode. The exposure could inadvertently expose internal
 servers to remote users who send carefully crafted requests.]],
-    references = { 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' },
+    references = { 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' },
     dates = {
       disclosure = { year='2011', month='10', day='05'}
     },

scripts/http-vuln-cve2013-6786.nse

@@ -54,7 +54,7 @@ can be injected into the resulting 404 page. This includes linking to an
 untrusted website and XSS injection.]],
     IDS = {
       CVE = "CVE-2013-6786",
-      OSVDB = "99694",
+      BID = "63721",
     },
     references = {
       'https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf',

scripts/ipmi-cipher-zero.nse

@@ -35,8 +35,7 @@ description = [[
 -- |
 -- |     References:
 -- |       http://fish2.com/ipmi/cipherzero.html
--- |       http://osvdb.org/show/osvdb/93039
--- |_      http://osvdb.org/show/osvdb/93040
+-- |_      https://www.us-cert.gov/ncas/alerts/TA13-207A
 --
 
 author = "Claudiu Perta <claudiu.perta@gmail.com>"
@@ -63,8 +62,7 @@ functionality
     ]],
     references = {
       'http://fish2.com/ipmi/cipherzero.html',
-      'http://osvdb.org/show/osvdb/93040',
-      'http://osvdb.org/show/osvdb/93039',
+      'https://www.us-cert.gov/ncas/alerts/TA13-207A',
     }
   }
 

scripts/smtp-vuln-cve2011-1720.nse

@@ -27,7 +27,7 @@ Reference:
 -- |   VULNERABLE:
 -- |   Postfix SMTP server Cyrus SASL Memory Corruption
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2011-1720  OSVDB:72259
+-- |     IDs:  CVE:CVE-2011-1720  BID:47778
 -- |     Description:
 -- |       The Postfix SMTP server is vulnerable to a memory corruption vulnerability
 -- |       when the Cyrus SASL library is used with authentication mechanisms other
@@ -39,8 +39,8 @@ Reference:
 -- |       Available AUTH MECHANISMS:  CRAM-MD5 DIGEST-MD5 NTLM PLAIN LOGIN
 -- |     References:
 -- |       http://www.postfix.org/CVE-2011-1720.html
--- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
--- |_      http://osvdb.org/72259
+-- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
+-- |_      https://www.securityfocus.com/bid/47778
 
 author = "Djalal Harouni"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
@@ -261,7 +261,7 @@ action = function(host, port)
     smtp.get_domain(host),
     vuln = {
       title = 'Postfix SMTP server Cyrus SASL Memory Corruption',
-      IDS = {CVE = 'CVE-2011-1720', OSVDB = '72259'},
+      IDS = {CVE = 'CVE-2011-1720', BID = '47778'},
       description = [[
 The Postfix SMTP server is vulnerable to a memory corruption vulnerability
 when the Cyrus SASL library is used with authentication mechanisms other

scripts/smtp-vuln-cve2011-1764.nse

@@ -16,7 +16,7 @@ and execute arbitrary code with the privileges of the Exim daemon.
 Reference:
 * http://bugs.exim.org/show_bug.cgi?id=1106
 * http://thread.gmane.org/gmane.mail.exim.devel/4946
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1764
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1764
 * http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
 ]]
 
@@ -31,7 +31,7 @@ Reference:
 -- |   VULNERABLE:
 -- |   Exim DKIM format string
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2011-1764  OSVDB:72156
+-- |     IDs:  CVE:CVE-2011-1764  BID:47736
 -- |     Risk factor: High  CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
 -- |     Description:
 -- |       Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified
@@ -40,8 +40,8 @@ Reference:
 -- |       arbitrary code with the privileges of the Exim daemon.
 -- |     Disclosure date: 2011-04-29
 -- |     References:
--- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764
--- |       http://osvdb.org/72156
+-- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764
+-- |       https://www.securityfocus.com/bid/47736
 -- |_      http://bugs.exim.org/show_bug.cgi?id=1106
 --
 -- @args smtp-vuln-cve2011-1764.mailfrom Define the source email address to
@@ -206,7 +206,7 @@ action = function(host, port)
     mailto = stdnse.get_script_args('smtp-vuln-cve2011-1764.mailto'),
     vuln = {
       title = 'Exim DKIM format string',
-      IDS = {CVE = 'CVE-2011-1764', OSVDB = '72156'},
+      IDS = {CVE = 'CVE-2011-1764', BID = '47736'},
       risk_factor = "High",
       scores = {
         CVSSv2 = "7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)",

scripts/ssl-dh-params.nse

@@ -31,7 +31,7 @@ Opportunistic STARTTLS sessions are established on services that support them.
 -- |   VULNERABLE:
 -- |   Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam)
 -- |     State: VULNERABLE
--- |     IDs:  OSVDB:122331  CVE:CVE-2015-4000
+-- |     IDs:  BID:74733  CVE:CVE-2015-4000
 -- |       The Transport Layer Security (TLS) protocol contains a flaw that is triggered
 -- |       when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher.
 -- |       This may allow a man-in-the-middle attacker to downgrade the security of a TLS
@@ -50,7 +50,7 @@ Opportunistic STARTTLS sessions are established on services that support them.
 -- |     References:
 -- |       https://weakdh.org
 -- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
--- |       http://osvdb.org/122331
+-- |       https://www.securityfocus.com/bid/74733
 -- |
 -- |   Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength
 -- |     State: VULNERABLE
@@ -837,7 +837,7 @@ the encrypted stream.]],
     state = vulns.STATE.NOT_VULN,
     IDS = {
       CVE = 'CVE-2015-4000',
-      OSVDB = '122331'
+      BID = '74733'
     },
     SCORES = {
       CVSSv2 = '4.3'

scripts/ssl-poodle.nse

@@ -34,7 +34,7 @@ your TLS ciphersuites.
 -- |   VULNERABLE:
 -- |   SSL POODLE information leak
 -- |     State: VULNERABLE
--- |     IDs:  CVE:CVE-2014-3566  OSVDB:113251
+-- |     IDs:  CVE:CVE-2014-3566  BID:70574
 -- |           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
 -- |           other products, uses nondeterministic CBC padding, which makes it easier
 -- |           for man-in-the-middle attackers to obtain cleartext data via a
@@ -44,8 +44,8 @@ your TLS ciphersuites.
 -- |       TLS_RSA_WITH_3DES_EDE_CBC_SHA
 -- |     References:
 -- |       https://www.imperialviolet.org/2014/10/14/poodle.html
--- |       http://osvdb.org/113251
--- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+-- |       https://www.securityfocus.com/bid/70574
+-- |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
 -- |_      https://www.openssl.org/~bodo/ssl-poodle.pdf
 --
 
@@ -321,7 +321,7 @@ action = function(host, port)
     state = vulns.STATE.NOT_VULN,
     IDS = {
       CVE = 'CVE-2014-3566',
-      OSVDB = '113251'
+      BID = '70574'
     },
     SCORES = {
       CVSSv2 = '4.3'