Bro Digest, Vol 92, Issue 4

Add this to local.bro. Works awesome! Courtesy of Vlad.
I wish I new it was as easy as this. :slight_smile:

@load frameworks/software/vulnerable
global java_1_6_vuln: Software::VulnerableVersionRange =
global java_1_7_vuln: Software::VulnerableVersionRange =
[$min=[$major=1,$minor=7], $max=[$major=1,$minor=7,$minor2=0,$minor3=22]];
redef Software::vulnerable_versions += {
["Java"] = set(java_1_6_vuln, java_1_7_vuln)

See also:

What this does is define two ranges of vulnerable Java versions. The first
is anything prior to (including 1.5, 1.4, etc.). The second is
anything between and

Of course, if you only care about, you can just define that as
the min/max.

Does that help? Or was that not the functionality you were looking for?