Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Detection of outdated components

Harald Nandke Jun 20, 2018 06:15PM UTC

Dear all,
How can I know if a specific component is outdated and will be detected or not by BurpSuite? In specific I had a complaint from a customer, we did not detect that primefaces 5.x is vulnerable (CVE-2017-1000486).In burp-log I can see primefaces 5.x was in an server response. Does Retire.js help here?
Best regards and thanks in advance.

Paul Johnston Jun 21, 2018 10:21AM UTC Support Center agent

Hi Harald,

Thanks for your message. This is not something that core Burp does; the Scanner focuses on detecting novel application flaws such as SQL injection. Many security firms use a separate scanning tool for this purpose, such as Nessus. There are also a couple of extensions: Retire.JS that you mention and Software Vulnerability Scanner.

Please let us know if you need any further assistance.

Biran Aug 13, 2018 11:01AM UTC
For vulnerable components assessment, OWASP dependency check is an opensource scanner which might be helpful in this case.

Post Your public answer

Your name
Your email address