[Bro] Bug Report - Software Framework - Flash Player Version Parsing

Philip Romero promero at cenic.org
Tue Jul 11 11:25:13 PDT 2017


I was looking into updating my vulnerability alert configuration and 
noticed that the software framework may be incorrectly parsing the 
software version for Adobe Flash Player. Please see the below example. 
The full string details show the correct version (, but the 
parsed versions that I believe the vulnerability scripts read for major 
and minor versions looks to be grabbing the "20" from that portion of 
the syntax in the full string.

This email is information in case anyone actively updates the software 
framework. I'll see if I can try to work it a bit on my local 
development system as time permits. Thanks.

Example Log:
1499796686.729596 137.164.83.xxx    -    HTTP::BROWSER    Flash%    
20    - -    -    Player/26    Flash%20Player/ 
CFNetwork/811.5.4 Darwin/16.6.0 (x86_64)

Philip Romero, CISSP, CISA
Sr. Information Security Analyst
promero at cenic.org
Phone: (714) 220-3430
Mobile: (562) 237-9290

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170711/9a21d955/attachment-0001.html 

More information about the Bro mailing list