Forum Discussion
CirrostratusF5 doesn't signatures for cve
f5 doesn't have signatures for below : CVE-2023-42627
CVE-2024-26272
CVE-2023-33945
could you help me to create custom signatures?
5 Replies
VishnuGatlaCumulonimbus
THE_BLUEi need the signture itself ex: regex or if there is any keyword for the mentioned cve
- Jonathancert
Cirrus
How did you determine these CVE is required for your F5 software version? Did you upload a Qkview to confirm security vulnerabilities?
- THE_BLUE
it's not for f5 software , it's related to liferay application and i am securing application running liferay
- zamroni777
MVP
i see that liferay uses tomcat and MariaDB, MySQL, Oracle or PostgreSQL database.
https://learn.liferay.com/web/guest/w/dxp/self-hosted-installation-and-upgrades/installing-liferay/configuring-a-databaseand the cves are about xss, xsrf and sql injection attacks.
the signatures for that kinds of attack are usually already inlcuded in ASM policies by selecting Server Technologies items.ensure that you have installed latest asm signatures
and the Server Technologies settings match the components used by your liferay servers.
