3 files changed, 7 insertions, 7 deletions

diff --git a/app/controllers/glsa_controller.rb b/app/controllers/glsa_controller.rb
index b7a98fa..775b7cd 100644
--- a/app/controllers/glsa_controller.rb
+++ b/app/controllers/glsa_controller.rb
@@ -264,7 +264,7 @@ class GlsaController < ApplicationController
 
         # Special handling: Add CVE URL automatically
         if reference[:title].strip =~ /^CVE-\d{4}-\d{4}/ and reference[:url].strip == ''
-          reference[:url] = "http://nvd.nist.gov/nvd.cfm?cvename=#{reference[:title].strip}"
+          reference[:url] = "https://nvd.nist.gov/vuln/detail/#{reference[:title].strip}"
         end
 
         begin
diff --git a/app/models/cve.rb b/app/models/cve.rb
index d285d22..665eac1 100644
--- a/app/models/cve.rb
+++ b/app/models/cve.rb
@@ -25,9 +25,9 @@ class Cve < ActiveRecord::Base
   # Returns the URL for this CVE at NVD (<tt>:nvd</tt>, default) or MITRE (<tt>:mitre</tt>)
   def url(site = :nvd)
     if site == :nvd
-      "http://nvd.nist.gov/nvd.cfm?cvename=%s" % self.cve_id
+      "https://nvd.nist.gov/vuln/detail/%s" % self.cve_id
     elsif site == :mitre
-      "http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % self.cve_id
+      "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % self.cve_id
     else
       raise ArgumentError, 'Invalid site'
     end
diff --git a/test/unit/cve_test.rb b/test/unit/cve_test.rb
index 93c3787..c874e9b 100644
--- a/test/unit/cve_test.rb
+++ b/test/unit/cve_test.rb
@@ -4,15 +4,15 @@ class CveTest < ActiveSupport::TestCase
   test "URL generation" do
     cve = cves(:cve_one)
     
-    assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url)
-    assert_equal('http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776', cve.url(:nvd))
-    assert_equal('http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre))
+    assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url)
+    assert_equal('https://nvd.nist.gov/vuln/detail/CVE-2004-1776', cve.url(:nvd))
+    assert_equal('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776', cve.url(:mitre))
     assert_raise(ArgumentError) { cve.url(:invalid_site) }
   end
   
   test "to_s" do
     assert_equal(
-      "CVE-2004-1776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1776):\n  Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n  device configuration data via the cable-docsis read-write community string\n  used by the Data Over Cable Service Interface Specification (DOCSIS)\n  standard.",
+      "CVE-2004-1776 (https://nvd.nist.gov/vuln/detail/CVE-2004-1776):\n  Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify\n  device configuration data via the cable-docsis read-write community string\n  used by the Data Over Cable Service Interface Specification (DOCSIS)\n  standard.",
       cves(:cve_one).to_s
     )
   end