Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Apache Struts Vulnerabilities

From: Yap Ji Wen <jwyap1016 () gmail com>
Date: Mon, 5 Aug 2013 10:59:58 +0800
Hi Waldo Kitty,

Thank you for the response!
Yes I did a grep on all Struts related signatures, including those without
CVE references, but I could not find any coverage for
CVE-2013-2135 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2135>
CVE-2013-2134 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2134>

Hence wanted to double confirm if there really is no coverage for them yet.

Regards


On Sun, Aug 4, 2013 at 5:53 PM, waldo kitty <wkitty42 () windstream net> wrote:


On 8/4/2013 03:10, Yap Ji Wen wrote:

I understand VRT already has 2251 covered, Though I would like further

find out

f the rest of the CVEs as above are also covered? If so, could anyone

kindly

point me to the specific sigs?


have you tried grep? the following will show you all the rules in your
rules
sets with CVE-2013-* references...

   grep -i -E "reference:\W*cve,2013-....;" /path/to/your/*rules*/*.rules


that can be refined to list only the CVEs like so...

   grep -hio -E "reference:\W*cve,2013-....;" /path/to/your/*rules*/*.rules


for the sake of clarity, the vulnerabilities you speak of may be detected
but
simply do not have the CVE reference in them... it could be that the rule
was
written before the CVE was announced and it simply has not been revisited
and
updated to reflect the CVE reference...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.


------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: