Jump to content
Welcome to our new Citrix community!
  • NetScaler WAF Signatures Update v120


    NetScaler Cyber Threat Intelligence
    • Validation Status: Validated
      Has Video?: No

    NetScaler WAF Signatures Update v120

     

    NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with variable CVSS.

    The most critical is a security vulnerability, identified as CVE-2023-50164, which has been discovered in Apache Struts, a popular, open-source framework for building Java web applications. The vulnerability affects the file upload functionality of versions prior to Apache Struts 2.5.33 and Struts 6.3.0.2. The problem stems from how the framework handles the HTTP parameters related to file uploading.

    An unauthenticated, remote attacker can manipulate file upload parameters to perform unauthorized path traversal. This could allow the attacker to upload malicious files on the server and potentially execute arbitrary code remotely.

    Please follow the guidelines as recommended by the vendor in their Security Bulletin

     

     Signatures included in v120:

    Rule

    CVE ID

    Description

    998559

    CVE-2023-50164

    WEB-STRUTS Apache Struts Prior to 6.3.0.2 - Path Traversal Vulnerability (CVE-2023-50164)

    998560

    CVE-2023-49105

    WEB-MISC ownCloud Prior to 10.13.1 - Access Control Bypass Vulnerability (CVE-2023-4105)

    998561

    CVE-2023-49103

    WEB-MISC ownCloud Multiple Versions - Information Disclosure Vulnerability (CVE-2023-49103)

    998562

    CVE-2023-47246

    WEB-MISC SysAid Server On-Premise Prior to 23.3.36 - Path Traversal Vulnerability (CVE-2023-47246)

    998563

    CVE-2023-46509

    WEB-MISC Contec SolarView Compact 6.0 and Prior - OS Command Injection Vulnerability (CVE-2023-46509)

    998564

    CVE-2023-44450

    WEB-MISC NETGEAR ProSAFE Network Management System Prior to 1.7.0.31 - SQL Injection Vulnerability (CVE-2023-44450)

    998565

    CVE-2023-44449

    WEB-MISC NETGEAR ProSAFE Network Management System Prior to 1.7.0.31 - SQL Injection Vulnerability (CVE-2023-44449)

    998566

    CVE-2023-44351, CVE-2023-44353

    WEB-MISC Adobe ColdFusion - Deserialization of Untrusted Data Vulnerability (CVE-2023-44351, CVE-2023-44353)

    998567

    CVE-2023-43177

    WEB-MISC CrushFTP Prior to 10.5.1 - Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177)

    998568

    CVE-2023-40062

    WEB-MISC SolarWinds Orion Prior to 2023.4.0 - Improper Input Validation Vulnerability Via TestAction (CVE-2023-40062)

    998569

    CVE-2023-40062

    WEB-MISC SolarWinds Orion Prior to 2023.4.0 - Improper Input Validation Vulnerability Via /api/WriteToFile/ (CVE-2023-40062)

    998570

    CVE-2023-40055

    WEB-MISC SolarWinds NCM Prior to 2023.4.1 - Directory Traversal Vulnerability Via SaveResultsToFile (CVE-2023-40055)

    998571

    CVE-2023-40054

    WEB-MISC SolarWinds NCM Prior to 2023.4.1 - Directory Traversal Vulnerability Via txtConfigTemplate (CVE-2023-40054)

    998572

    CVE-2023-40054

    WEB-MISC SolarWinds NCM Prior to 2023.4.1 - Directory Traversal Vulnerability Via txtPath (CVE-2023-40054)

    998573

    CVE-2023-39912

    Zoho ADManager Plus Prior to 7203 - Directory traversal Vulnerability (CVE-2023-39912)

    998574

    CVE-2023-35150

    WEB-MISC XWiki Multiple Versions - Arbitrary Code Injection Vulnerability (CVE-2023-35150)

    998575

    CVE-2023-32707

    WEB-MISC Splunk Enterprise - Escalation of Privileges Vulnerability (CVE-2023-32707)

    998576

    CVE-2023-30943

    WEB-MISC Moodle Prior to 4.1.3 - TinyMCE Loaders Stored Cross-Site Scripting Vulnerability Via loader (CVE-2023-30943)

    998577

    CVE-2023-30943

    WEB-MISC Moodle Prior to 4.1.3 - TinyMCE Loaders Stored Cross-Site Scripting Vulnerability Via lang (CVE-2023-30943)

    998578

    CVE-2023-2943

    WEB-MISC OpenEMR Prior to 7.0.1 - HTML Code Injection Vulnerability (CVE-2023-2943)

     

    NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.

     

    If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 120 or later and then follow these steps.

    1. Search your signatures for <number>
    2. Select the results with ID 
    3. Choose “Enable Rules” and click OK

     

    NetScaler WAF Best Practices

    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.

     

    Handling false positives

    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.

     

    Modifications to NetScaler Web App Firewall Policy:

    add policy patset exception_list

    # (Example: bind policy patset exception_list “/exception_url”) 

    Prepend the existing WAF policy with:

    HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT

    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^

    NOTE: Any endpoint covered by the exception_list may expose those assets to risks 

    Additional Information

    NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.

    Learn more about NetScaler Web app Firewall, read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.

    Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF. 

     

     

     

     

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...