Re: Apache Struts Vulnerabilities

[waldo kitty <wkitty42 () windstream net>]

On 8/4/2013 03:10, Yap Ji Wen wrote:
> I understand VRT already has 2251 covered, Though I would like further find out
> f the rest of the CVEs as above are also covered? If so, could anyone kindly
> point me to the specific sigs?

have you tried grep? the following will show you all the rules in your rules 
sets with CVE-2013-* references...

   grep -i -E "reference:\W*cve,2013-....;" /path/to/your/*rules*/*.rules


that can be refined to list only the CVEs like so...

   grep -hio -E "reference:\W*cve,2013-....;" /path/to/your/*rules*/*.rules


for the sake of clarity, the vulnerabilities you speak of may be detected but 
simply do not have the CVE reference in them... it could be that the rule was 
written before the CVE was announced and it simply has not been revisited and 
updated to reflect the CVE reference...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!