The following enhancements and improvements are now available to Censys ASM and Search customers.
Censys ASM
- You can now use Saved Query Automation with our Microsoft Teams, Slack, and Webex integrations to receive actionable alerts about changes to your attack surface.
- This update builds upon the support for email alert delivery with Saved Query Automation released in early July.
- Learn more about Saved Query Automation in this short lesson in the Censys Academy.
- Saved Query Automation for Microsoft Teams, Slack, and Webex are available to Censys ASM Enterprise customers. Saved Query Automation for email is available to all ASM customers.
- Use our new ServiceNow Vulnerability Response (VR) integration to incorporate Censys data into your existing risk prioritization workflow and send Censys-discovered assets and risks to ServiceNow VR.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:
- Vulnerability in GeoServer GeoTools mapping toolkit enables RCE (CVE 2024-36401)
- The following queries can be leveraged to identify all Censys-visible, public-facing GeoServer instances. Note that this does not pinpoint all vulnerable versions, just instances that display their version.
- Censys Search query: services.software: (vendor: “GeoServer” and product: “GeoServer”)
- Censys ASM query: host.services.software: (vendor: “GeoServer” and product: “GeoServer” ) or (web_entity.instances.software.vendor: “GeoServer” and web_entity.instances.software.product: “GeoServer”)
- Censys ASM Risk query: risks.name=”Vulnerable GeoServer aCVE-2024-36401]”
- The following queries can be leveraged to identify all Censys-visible, public-facing GeoServer instances. Note that this does not pinpoint all vulnerable versions, just instances that display their version.
- Vulnerability in Apache HTTP Server (CVE-2024-40725 and CVE-2024-40898)
- The following queries can be leveraged to identify all Censys-visible, public-facing Apache HTTP Server instances that may potentially be vulnerable to either CVE-2024-40725 or CVE-2024-40898. The ASM Risk query only covers CVE-2024-40725.
- Censys Search query: services.software: (vendor: “Apache” and product: “HTTPD” and version: a2.4.0 to 2.4.61])
- Censys ASM query: host.services.software: (vendor: “Apache” and product: “HTTPD” and version: a2.4.0 to 2.4.61]) or web_entity.instances.software: (vendor: “Apache” and product: “HTTPD” and version: r2.4.0 to 2.4.61])
- Censys ASM Risk query: risks.name=”Vulnerable Apache HTTP Server 1CVE-2024-40725]”
- The following queries can be leveraged to identify all Censys-visible, public-facing Apache HTTP Server instances that may potentially be vulnerable to either CVE-2024-40725 or CVE-2024-40898. The ASM Risk query only covers CVE-2024-40725.
- Unauthenticated XXE Vulnerability in Adobe Commerce could lead to site compromise and sensitive data exposure (CVE CVE-2024-34102)
- The following queries can be leveraged to identify all Censys-visible, public-facing Adobe Commerce/Magento instances. Note that this identifies the software product associated with this advisory but does not pinpoint vulnerable instances. Further version confirmation will be necessary upon discovery.
