CVE-2014-3518 is not detected

[silvag]

I executed the victims jar against jboss-jmx-remoting.jar expecting to detect CVE-2014-3518. However, nothing was shown. My local DB is being updated at the time of execution but not sure the right information is available to detect this vulnerability.

[abn]

@silvag at the moment the entry for CVE-2014-3518 is only available within https://github.com/victims/victims-cve-db automation for adding entries for the EVD is not yet present and this entry has not yet been manually added to the EVD fingerprint database. This is why the client cannot detect the vulnerable artifact.

[silvag]

Hi Arun Babu,
Thanks for the quick response. That explains it. I thought I might be missing something when I found it in the cve-db.
Could I manually add it to the fingerprint database?
Thanks,
Gonzalo Silva Cruz

Arun Babu Neelicattu [email protected] wrote:

@silvag at the moment the entry for CVE-2014-3518 is only available within https://github.com/victims/victims-cve-db automation for adding entries for the EVD is not yet present and this entry has not yet been added to the EVD fingerprint database. This is why the client cannot detect the vulnerable artifact.

—
Reply to this email directly or view it on GitHub.

[abn]

@silvag contributions are always welcome. You can do that via https://victi.ms/submit/java/ (you'll need to be logged in). We will try get related fingerprints added soon.

I am leaving this bug open till the entry is added. No action required for the client.