Forum Discussion
relation between CVE numbers and F5 ASM attack signatures
I was wondering if there is a way to check if certain CVEs are covered by an ASM attack signature?
For example for shellshock when you click on the attack signature in the F5 ASM you can see the CVE numbers. so the information is in the database but can this be easily searched somehow?
so is there a way to search for a CVE number and get the related F5 ASM attack signatures somehow?
- Jack_wAltostratus
There is no CVE number in the signature release notes.
After v13, I can search from the GUI, but I need to import it into the device.
I would like you to include the CVE number in the release notes.
- gsharriAltostratus
This feature has been added to v13.1. Security ›› Options : Application Security : Attack Signatures : Attack Signature List, Show Filter Details
be sure to let support and your local F5 sales know, as nitass points out: RFE ID430144
- manjunath_sing1Nimbostratus
I Agree with the point, i too was looking for the same function. It is very difficult to identify which signature to enable to mitigate specific vulnerability with CVE code. There is no way to conform if the CVE that we are trying to mitigate has a valid signature in ASM or not, and also if it has whether we have used it or not.
Relating between CVE and ASM signature is a very much required function and F5 should take the inactivate to involve this feature at the earliest.
thanks for all the feedback, will add my vote to RFE ID430144 - Attack signatures should be searchable by Reference (CVE).
- Erik_NovakEmployee
Not yet. The CVE is not part of the attack signature name or attack signature ID, so we can't do an advanced filter/search on it.
- nitassEmployee
there is rfe but it has not yet been implemented.
ID430144 - Attack signatures should be searchable by Reference (CVE)
- Aaron_BookerEmployee
As noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to:
K45558510: Filtering the Attack Signature List by the referenced CVE
You can leave feedback about the article on the article page itself.
- nitass_89166Noctilucent
there is rfe but it has not yet been implemented.
ID430144 - Attack signatures should be searchable by Reference (CVE)
- Aaron_BookerEmployee
As noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to:
K45558510: Filtering the Attack Signature List by the referenced CVE
You can leave feedback about the article on the article page itself.
- TortiAltostratus
The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures
- yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).
- Torti_93733Nimbostratus
The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures
- yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com