NimbostratusI was wondering if there is a way to check if certain CVEs are covered by an ASM attack signature?
For example for shellshock when you click on the attack signature in the F5 ASM you can see the CVE numbers. so the information is in the database but can this be easily searched somehow?
so is there a way to search for a CVE number and get the related F5 ASM attack signatures somehow?
AltostratusThe only way I know is to search for the string, i.e. Shellshock results in 3 Signatures
MVP
NimbostratusThe only way I know is to search for the string, i.e. Shellshock results in 3 Signatures
MVP
Employeethere is rfe but it has not yet been implemented.
ID430144 - Attack signatures should be searchable by Reference (CVE)
EmployeeAs noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to:
K45558510: Filtering the Attack Signature List by the referenced CVE
You can leave feedback about the article on the article page itself.
Noctilucentthere is rfe but it has not yet been implemented.
ID430144 - Attack signatures should be searchable by Reference (CVE)
EmployeeAs noted in comments below beginning in BIG-IP 13.1.0, you can filter the Attack Signature List in the Configuration utility by the CVE listed in the attack signature references. AskF5 has published a brief how-to:
K45558510: Filtering the Attack Signature List by the referenced CVE
You can leave feedback about the article on the article page itself.
EmployeeNot yet. The CVE is not part of the attack signature name or attack signature ID, so we can't do an advanced filter/search on it.
MVPthanks for all the feedback, will add my vote to RFE ID430144 - Attack signatures should be searchable by Reference (CVE).
NimbostratusI Agree with the point, i too was looking for the same function. It is very difficult to identify which signature to enable to mitigate specific vulnerability with CVE code. There is no way to conform if the CVE that we are trying to mitigate has a valid signature in ASM or not, and also if it has whether we have used it or not.
Relating between CVE and ASM signature is a very much required function and F5 should take the inactivate to involve this feature at the earliest.
MVPbe sure to let support and your local F5 sales know, as nitass points out: RFE ID430144
AltostratusThis feature has been added to v13.1. Security ›› Options : Application Security : Attack Signatures : Attack Signature List, Show Filter Details
AltostratusThere is no CVE number in the signature release notes.
After v13, I can search from the GUI, but I need to import it into the device.
I would like you to include the CVE number in the release notes.