Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#19099 closed defect (fixed)

Snort IE vulnerability

Reported by: Ed Hager Owned by: Ed Hager
Priority: major Milestone: 1.13.1
Component: Core Version:
Keywords: Cc:
Blocked By: Blocking:


Snort users are reporting that Dojo contains an Internet Explorer vulnerability: CVE-2017-11895

Here are the Snort rules for search for that vulnerability.

alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"BROWSER-IE Microsoft Edge Array type confusion attempt"; flow:to_client,established; file_data; content:"[{}]|3B|"; fast_pattern:only; content:"toString"; content:"function"; within:20; content:"slice"; within:150; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-11895; reference:url,; classtype:attempted-user; sid:45142; rev:2;)

Those rules are looking for the pattern [{}]; which can be found here:

Change History (3)

comment:2 Changed 4 years ago by Ed Hager

Resolution: fixed
Status: assignedclosed

comment:3 Changed 4 years ago by dylan

Milestone: 1.13.1

Backported in 1.13 back to 1.7.

Note: See TracTickets for help on using tickets.