[Bro] Bug Report - Software Framework - Flash Player Version Parsing
Philip Romero
promero at cenic.org
Tue Jul 11 11:25:13 PDT 2017
All,
I was looking into updating my vulnerability alert configuration and
noticed that the software framework may be incorrectly parsing the
software version for Adobe Flash Player. Please see the below example.
The full string details show the correct version (26.0.0.137), but the
parsed versions that I believe the vulnerability scripts read for major
and minor versions looks to be grabbing the "20" from that portion of
the syntax in the full string.
This email is information in case anyone actively updates the software
framework. I'll see if I can try to work it a bit on my local
development system as time permits. Thanks.
Example Log:
1499796686.729596 137.164.83.xxx - HTTP::BROWSER Flash%
20 - - - Player/26 Flash%20Player/26.0.0.137
CFNetwork/811.5.4 Darwin/16.6.0 (x86_64)
--
Philip Romero, CISSP, CISA
Sr. Information Security Analyst
CENIC
promero at cenic.org
Phone: (714) 220-3430
Mobile: (562) 237-9290
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170711/9a21d955/attachment-0001.html
More information about the Bro
mailing list