Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Amit_Singh4
Participant

IPS Protection signatures with same name having diff. CVE number

My question is related with IPS Protection signatures. I can see same protection name with number of times having different CVE number. As i understand that these protection release on the basis of respective windows version but If i select only latest release of signatures in Detect/Prevent , does it cover rest of release too of same protection name.  Please find attached file for reference.

Example:-

Latest Release - CVE - 2018-8296 - If i select only this protection signatures to track the logs in detect/prevent...

Question is  - does it cover remaining " CVE-2018-8242, CVE-2018-8242.........................................................................CVE-2017-0158" ?

2 Replies
ED
Advisor

No, it does not cover the rest of same protection name. Internet Explorer is one of the most vulnerable products out there and a slight change in the attack will require a new CVE for that attack. For the naming of the attack it would not make any sense to give it a new name each time it was a slight change in the attack concerning Internet Explorer memory corruption. As you also mentioned not every CVE for that same name affects the same vulnerable systems. 

Amit_Singh4
Participant

Thank you Enis for information. This is helpful.

0 Kudos
Reply