Censys Release Notes for July 15, 2024 | Censys Community

The following enhancements and improvements are now available to Censys ASM and Search customers.

Censys ASM

Added an account_id field to web entities. This field surfaces the Cloud Connector account ID that the web entity is associated with.
- Added a search shortcut, an inventory column, and a field on web entity detail pages to show this data.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:

Vulnerability in Exim MTA could allow malicious email attachments past filters (CVE-2024-39929)
- The following queries can be leveraged to identify Censys-visible public-facing Exim instances running potentially vulnerable versions affected by this CVE.
  - Censys Search query for potentially vulnerable exposures: services.software: (product="exim" and version: to 4.97.1])
  - Censys ASM query for potentially vulnerable exposures: host.services.software: (product="exim" and version: to 4.97.1]) or web_entity.instances.software: (product="exim" and version: to 4.97.1])
  - Censys ASM risk name query: risks.name="Vulnerable Exim Server rCVE-2024-39929]"

New Fingerprints

Type	Name	Category and Severity (for risks)	Description	Censys Search Query	Censys ASM Query
risk	Entrust Issued Certificate	Misconfiguration - Low	This service is using a certificate issued by Entrust that will no longer be trusted by Google Chrome starting on October 31, 2024.	n/a	risks.name="Entrust Issued Certificate"
risk	Vulnerable Exim Server vCVE-2024-39929]	Rapid Response (CVE) - High	This Exim mail server is running version 4.97.1 or earlier, which is affected by CVE-2024-39929, a header parsing bug that could potentially allow malicious actors to bypass file extension blocking security measures and potentially send harmful files directly to users' inboxes.	n/a	risks.name="Vulnerable Exim Server vCVE-2024-39929]"

Be the first to reply!