Re: Apache Struts Vulnerabilities

[Yap Ji Wen <jwyap1016 () gmail com>]

Hi Joel,

Thank you for the response and confirmation.
Very much appreciated.

Rgds,
Jiwen


On Mon, Aug 5, 2013 at 10:20 PM, Joel Esler <jesler () sourcefire com> wrote:

> We are working on coverage on these now.
>
>
> On Sun, Aug 4, 2013 at 10:59 PM, Yap Ji Wen <jwyap1016 () gmail com> wrote:
>
> > Hi Waldo Kitty,
> >
> > Thank you for the response!
> > Yes I did a grep on all Struts related signatures, including those
> > without CVE references, but I could not find any coverage for
> > CVE-2013-2135<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2135>
> >
> > CVE-2013-2134<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2134>
> >
> > Hence wanted to double confirm if there really is no coverage for them
> > yet.
> >
> > Regards
> >
> >
> > On Sun, Aug 4, 2013 at 5:53 PM, waldo kitty <wkitty42 () windstream net>wrote:
> >
> > > On 8/4/2013 03:10, Yap Ji Wen wrote:
> > > > I understand VRT already has 2251 covered, Though I would like further
> > > find out
> > > > f the rest of the CVEs as above are also covered? If so, could anyone
> > > kindly
> > > > point me to the specific sigs?
> > >
> > > have you tried grep? the following will show you all the rules in your
> > > rules
> > > sets with CVE-2013-* references...
> > >
> > >    grep -i -E "reference:\W*cve,2013-....;" /path/to/your/*rules*/*.rules
> > >
> > >
> > > that can be refined to list only the CVEs like so...
> > >
> > >    grep -hio -E "reference:\W*cve,2013-....;"
> > > /path/to/your/*rules*/*.rules
> > >
> > >
> > > for the sake of clarity, the vulnerabilities you speak of may be
> > > detected but
> > > simply do not have the CVE reference in them... it could be that the
> > > rule was
> > > written before the CVE was announced and it simply has not been
> > > revisited and
> > > updated to reflect the CVE reference...
> > >
> > > --
> > > NOTE: No off-list assistance is given without prior approval.
> > >        Please keep mailing list traffic on the list unless
> > >        private contact is specifically requested and granted.
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Get your SQL database under version control now!
> > > Version control is standard for application code, but databases havent
> > > caught up. So what steps can you take to put your SQL databases under
> > > version control? Why should you start doing it? Read more to find out.
> > >
> > > http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> > > _______________________________________________
> > > Snort-sigs mailing list
> > > Snort-sigs () lists sourceforge net
> > > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > > http://www.snort.org
> > >
> > >
> > > Please visit http://blog.snort.org for the latest news about Snort!
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Get your SQL database under version control now!
> > Version control is standard for application code, but databases havent
> > caught up. So what steps can you take to put your SQL databases under
> > version control? Why should you start doing it? Read more to find out.
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > http://www.snort.org
> >
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!