I was wondering if there is a way to check if certain CVEs are covered by an ASM attack signature? For example for shellshock when you click on the attack signature in the F5 ASM you can see the CVE numbers. so the information is in the database but can this be easily searched somehow? so is there a way to search for a CVE number and get the related F5 ASM attack signatures somehow?

As noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to: K45558510: Filtering the Attack Signature List by the referenced CVE You can leave feedback about the article on the article page itself.

The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures

yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).

relation between CVE numbers and F5 ASM attack signatures

Torti
Altostratus
Feb 20, 2015
The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures
- boneyard
  MVP
  Feb 20, 2015
  yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).
Torti_93733
Nimbostratus
Feb 20, 2015
The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures
- boneyard
  MVP
  Feb 20, 2015
  yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).
nitass
Employee
Feb 20, 2015
there is rfe but it has not yet been implemented.

ID430144 - Attack signatures should be searchable by Reference (CVE)
- Aaron_Booker
  Employee
  Jan 31, 2019
  As noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to:
  
  K45558510: Filtering the Attack Signature List by the referenced CVE
  
  You can leave feedback about the article on the article page itself.
nitass_89166
Noctilucent
Feb 20, 2015
there is rfe but it has not yet been implemented.

ID430144 - Attack signatures should be searchable by Reference (CVE)
- Aaron_Booker
  Employee
  Jan 31, 2019
  As noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to:
  
  K45558510: Filtering the Attack Signature List by the referenced CVE
  
  You can leave feedback about the article on the article page itself.
Erik_Novak
Employee
Feb 20, 2015
Not yet. The CVE is not part of the attack signature name or attack signature ID, so we can't do an advanced filter/search on it.
boneyard
MVP
Feb 20, 2015
thanks for all the feedback, will add my vote to RFE ID430144 - Attack signatures should be searchable by Reference (CVE).
manjunath_sing1
Nimbostratus
Nov 27, 2016
I Agree with the point, i too was looking for the same function. It is very difficult to identify which signature to enable to mitigate specific vulnerability with CVE code. There is no way to conform if the CVE that we are trying to mitigate has a valid signature in ASM or not, and also if it has whether we have used it or not.

Relating between CVE and ASM signature is a very much required function and F5 should take the inactivate to involve this feature at the earliest.
boneyard
MVP
Nov 28, 2016
be sure to let support and your local F5 sales know, as nitass points out: RFE ID430144
gsharri
Altostratus
Jul 18, 2018
This feature has been added to v13.1. Security ›› Options : Application Security : Attack Signatures : Attack Signature List, Show Filter Details
Jack_w
Altostratus
Sep 11, 2018
There is no CVE number in the signature release notes.

After v13, I can search from the GUI, but I need to import it into the device.

I would like you to include the CVE number in the release notes.