Forum Discussion

boneyard_11131's avatar
boneyard_11131
Icon for Nimbostratus rankNimbostratus
Feb 20, 2015

relation between CVE numbers and F5 ASM attack signatures

I was wondering if there is a way to check if certain CVEs are covered by an ASM attack signature?

 

For example for shellshock when you click on the attack signature in the F5 ASM you can see the CVE numbers. so the information is in the database but can this be easily searched somehow?

 

so is there a way to search for a CVE number and get the related F5 ASM attack signatures somehow?

 

  • There is no CVE number in the signature release notes.

     

    After v13, I can search from the GUI, but I need to import it into the device.

     

    I would like you to include the CVE number in the release notes.

     

  • This feature has been added to v13.1. Security ›› Options : Application Security : Attack Signatures : Attack Signature List, Show Filter Details

     

  • be sure to let support and your local F5 sales know, as nitass points out: RFE ID430144

     

  • I Agree with the point, i too was looking for the same function. It is very difficult to identify which signature to enable to mitigate specific vulnerability with CVE code. There is no way to conform if the CVE that we are trying to mitigate has a valid signature in ASM or not, and also if it has whether we have used it or not.

     

    Relating between CVE and ASM signature is a very much required function and F5 should take the inactivate to involve this feature at the earliest.

     

  • thanks for all the feedback, will add my vote to RFE ID430144 - Attack signatures should be searchable by Reference (CVE).

     

  • Not yet. The CVE is not part of the attack signature name or attack signature ID, so we can't do an advanced filter/search on it.

     

  • there is rfe but it has not yet been implemented.

     

    ID430144 - Attack signatures should be searchable by Reference (CVE)

     

  • there is rfe but it has not yet been implemented.

     

    ID430144 - Attack signatures should be searchable by Reference (CVE)

     

  • The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures

     

    • yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).
  • The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).