[Bro] Bug Report - Software Framework - Flash Player Version Parsing
Seth Hall
seth at corelight.com
Wed Jul 12 23:23:59 PDT 2017
Oh, that's annoying. I fixed the issue in git master. Thanks for the report!
https://github.com/bro/bro/commit/71c9945f266096e1e375461758ade515e9336692
.Seth
On Tue, Jul 11, 2017 at 2:25 PM, Philip Romero <promero at cenic.org> wrote:
> All,
>
> I was looking into updating my vulnerability alert configuration and noticed
> that the software framework may be incorrectly parsing the software version
> for Adobe Flash Player. Please see the below example. The full string
> details show the correct version (26.0.0.137), but the parsed versions that
> I believe the vulnerability scripts read for major and minor versions looks
> to be grabbing the "20" from that portion of the syntax in the full string.
>
> This email is information in case anyone actively updates the software
> framework. I'll see if I can try to work it a bit on my local development
> system as time permits. Thanks.
>
> Example Log:
> 1499796686.729596 137.164.83.xxx - HTTP::BROWSER Flash% 20
> - - - Player/26 Flash%20Player/26.0.0.137 CFNetwork/811.5.4
> Darwin/16.6.0 (x86_64)
>
> --
> Philip Romero, CISSP, CISA
> Sr. Information Security Analyst
> CENIC
> promero at cenic.org
> Phone: (714) 220-3430
> Mobile: (562) 237-9290
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
More information about the Bro
mailing list