Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

relation between CVE numbers and F5 ASM attack signatures

I was wondering if there is a way to check if certain CVEs are covered by an ASM attack signature?

For example for shellshock when you click on the attack signature in the F5 ASM you can see the CVE numbers. so the information is in the database but can this be easily searched somehow?

so is there a way to search for a CVE number and get the related F5 ASM attack signatures somehow?

0
Rate this Question
Comments on this Question
Comment made 27-Nov-2016 by manjunath singh 2

I Agree with the point, i too was looking for the same function. It is very difficult to identify which signature to enable to mitigate specific vulnerability with CVE code. There is no way to conform if the CVE that we are trying to mitigate has a valid signature in ASM or not, and also if it has whether we have used it or not.

Relating between CVE and ASM signature is a very much required function and F5 should take the inactivate to involve this feature at the earliest.

0
Comment made 28-Nov-2016 by boneyard 5578

be sure to let support and your local F5 sales know, as nitass points out: RFE ID430144

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

there is rfe but it has not yet been implemented.

ID430144 - Attack signatures should be searchable by Reference (CVE)

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The only way I know is to search for the string, i.e. Shellshock results in 3 Signatures

0
Comments on this Answer
Comment made 20-Feb-2015 by boneyard 5578
yeah but that is just the attack signature name you are looking at then. i would like to search for the CVE number(s).
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Not yet. The CVE# is not part of the attack signature name or attack signature ID, so we can't do an advanced filter/search on it.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

thanks for all the feedback, will add my vote to RFE ID430144 - Attack signatures should be searchable by Reference (CVE).

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

This feature has been added to v13.1. Security ›› Options : Application Security : Attack Signatures : Attack Signature List, Show Filter Details

0
Comments on this Answer
Comment made 19-Jul-2018 by boneyard 5578

yes indeed, not in the actual policy show filter details, but in the options it is there.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There is no CVE number in the signature release notes.

After v13, I can search from the GUI, but I need to import it into the device.

I would like you to include the CVE number in the release notes.

0