Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#19099 closed defect (fixed)

Snort IE vulnerability

Reported by: Ed Hager Owned by: Ed Hager
Priority: major Milestone: 1.13.1
Component: Core Version:
Keywords: Cc:
Blocked By: Blocking:

Description

Snort users are reporting that Dojo contains an Internet Explorer vulnerability: CVE-2017-11895

Here are the Snort rules for search for that vulnerability.

alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"BROWSER-IE Microsoft Edge Array type confusion attempt"; flow:to_client,established; file_data; content:"[{}]|3B|"; fast_pattern:only; content:"toString"; content:"function"; within:20; content:"slice"; within:150; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-11895; reference:url,portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11895; classtype:attempted-user; sid:45142; rev:2;)

Those rules are looking for the pattern [{}]; which can be found here: https://github.com/dojo/dojo/blob/master/_base/xhr.js#L342

Change History (3)

comment:2 Changed 14 months ago by Ed Hager

Resolution: fixed
Status: assignedclosed

comment:3 Changed 14 months ago by dylan

Milestone: 1.13.1

Backported in 1.13 back to 1.7.

Note: See TracTickets for help on using tickets.