From 0c849a770f40b1077f0d1838514e33f9b2a2bed1 Mon Sep 17 00:00:00 2001 From: Wessel Date: Mon, 2 Dec 2024 17:54:40 +0100 Subject: [PATCH 1/4] Updated casefile DIVD-2024-00039 --- _cases/2024/DIVD-2024-00039.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/_cases/2024/DIVD-2024-00039.md b/_cases/2024/DIVD-2024-00039.md index 28d26649..90a958cd 100644 --- a/_cases/2024/DIVD-2024-00039.md +++ b/_cases/2024/DIVD-2024-00039.md @@ -29,14 +29,20 @@ timeline: event: "DIVD finds fingerprint, preparing to scan." - start: 2024-09-29 end: - event: "Case opened, first version of this casefile" + event: "Case opened, first version of this casefile." - start: 2024-09-29 end: event: "DIVD starts scanning the internet for vulnerable instances." - start: 2024-10-01 end: - event: "DIVD starts notifying network owners with a vulnerable instance in their network" - + event: "DIVD starts notifying network owners with a vulnerable instance in their network." +- start: 2024-10-30 + end: + event: "DIVD start notifying network owners with a vulnerable instance in their network for the second time." +- start: 2024-12-02 + end: + event: "Last scan and closing case." +ips: 45 --- ## Summary @@ -56,4 +62,4 @@ DIVD is currently working to identify parties that are running a version of Apac * {% cve CVE-2024-38856 %} * [National Vulnerability Database for CVE-2024-38856](https://nvd.nist.gov/vuln/detail/CVE-2024-38856) -* [Indepth information on CVE-2024-23692](https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz) +* [Indepth information on CVE-2024-38856](https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz) From b55f94247141bc6d843675723226ef76125269e6 Mon Sep 17 00:00:00 2001 From: Wessel Date: Mon, 2 Dec 2024 17:57:01 +0100 Subject: [PATCH 2/4] Updated casefile DIVD-2024-00039 --- _cases/2024/DIVD-2024-00039.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00039.md b/_cases/2024/DIVD-2024-00039.md index 90a958cd..cf7d9550 100644 --- a/_cases/2024/DIVD-2024-00039.md +++ b/_cases/2024/DIVD-2024-00039.md @@ -18,7 +18,7 @@ versions: recommendation: "Update to Apache OFBiz version 18.12.15 or higher if available" workaround: "None" patch_status: Patch available -status : Open +status : Closed start: 2024-09-29 timeline: - start: 2024-09-29 From 424668e696e6300433556ce55ae7edf37e4b0165 Mon Sep 17 00:00:00 2001 From: Wessel Date: Mon, 2 Dec 2024 18:02:45 +0100 Subject: [PATCH 3/4] fixed build error on Updated casefile DIVD-2024-00039 --- _cases/2024/DIVD-2024-00039.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_cases/2024/DIVD-2024-00039.md b/_cases/2024/DIVD-2024-00039.md index cf7d9550..6bbb6ad8 100644 --- a/_cases/2024/DIVD-2024-00039.md +++ b/_cases/2024/DIVD-2024-00039.md @@ -20,6 +20,7 @@ workaround: "None" patch_status: Patch available status : Closed start: 2024-09-29 +end: 2024-12-2 timeline: - start: 2024-09-29 end: From 0de072074ee2a6ca8d55336b4043f4b6f5fe11c4 Mon Sep 17 00:00:00 2001 From: WesselDIVD <126914416+WesselDIVD@users.noreply.github.com> Date: Mon, 2 Dec 2024 20:18:33 +0100 Subject: [PATCH 4/4] Update _cases/2024/DIVD-2024-00039.md Co-authored-by: Stan Plasmeijer <111912052+JstRelax@users.noreply.github.com> --- _cases/2024/DIVD-2024-00039.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00039.md b/_cases/2024/DIVD-2024-00039.md index 6bbb6ad8..cdf0f78b 100644 --- a/_cases/2024/DIVD-2024-00039.md +++ b/_cases/2024/DIVD-2024-00039.md @@ -20,7 +20,7 @@ workaround: "None" patch_status: Patch available status : Closed start: 2024-09-29 -end: 2024-12-2 +end: 2024-12-02 timeline: - start: 2024-09-29 end: