https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202549#M59755 <P>Sorry but, If I understood:</P><P>&nbsp;</P><P>This CVEs were active for a while but Palo Alto erase it from its signatures because with updating the host application made it-self non exploitable by this methods?</P><P>&nbsp;</P><P>Thanks and regards.</P> Tue, 27 Feb 2018 15:14:20 GMT Manuben88 2018-02-27T15:14:20Z https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202475#M59735 <P>Hello friends,</P><P>&nbsp;</P><P>I have some signatures with fortigate names and I neet to know the equivalence in Palo Alto, by the CVE Palo Alto dont indentify it, could anyone help me?</P><P>&nbsp;</P><P>web_app3: Narcissus.Image.Configuration.Remote.Command.Execution<BR />CVE-2015-1579 CVE-2014-9734<BR /><BR />applications3: Ektron.XSLT.Transform.Remote.Code.Execution<BR />CVE-2012-5357<BR /><BR />applications3: OpenVAS.Web.Scanner</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thankss<BR /><BR /><BR /></P> Tue, 27 Feb 2018 10:49:28 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202475#M59735 Manuben88 2018-02-27T10:49:28Z https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202483#M59736 <P>Are these CVE still active in the wild?</P> <P>&nbsp;</P> <P>If CVE's are no longer active in the wild, or have long been patched, they are removed from the PANW threat vault to make way for more current signatures</P> Tue, 27 Feb 2018 11:09:47 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202483#M59736 reaper 2018-02-27T11:09:47Z https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202538#M59748 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/83416">@Manuben88</a>,</P><P>All of these CVEs you've identified, as&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;made note to, have been addressed by software updates for a while. If you are still running software that this actually covers I would HIGHLY recommend that you update them to something current.&nbsp;</P><P>Ektron has been packed for literally years, the first two threats that you mention are only on select themes and only two of the affected themes are under active developement with patched versions.&nbsp;</P><P>I would say that this is mostly a 'non-issue' for the most part. You shouldn't actually&nbsp;<EM>need</EM> these signatures anymore.</P> Tue, 27 Feb 2018 14:17:12 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202538#M59748 BPry 2018-02-27T14:17:12Z https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202549#M59755 <P>Sorry but, If I understood:</P><P>&nbsp;</P><P>This CVEs were active for a while but Palo Alto erase it from its signatures because with updating the host application made it-self non exploitable by this methods?</P><P>&nbsp;</P><P>Thanks and regards.</P> Tue, 27 Feb 2018 15:14:20 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202549#M59755 Manuben88 2018-02-27T15:14:20Z https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202552#M59757 <P>In short: yes</P> <P>&nbsp;</P> <P>The longer version is: To ensure we are able to scan traffic quickly it is efficient to kjeep the threat database small in size: To be able to provide the best possible coverage we investigate which signatures are active 'in the wild', which ones are dangerous and which ones are still relevant</P> <P>&nbsp;</P> <P>If a vulnerability is widely patched, it is safe to assume the threat level becomes lower, and if the signature is not picked up in the wild much any more, that means the signature has become obsolete and it is safe to dselete from the repository,, thus ensuring only the important signatures are used to scan your traffic</P> Tue, 27 Feb 2018 15:41:11 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-signatures/m-p/202552#M59757 reaper 2018-02-27T15:41:11Z