Jump to content
Welcome to our new Citrix community!
  • NetScaler Web App Firewall - New WAF signatures available

    NetScaler Cyber Threat Intelligence
    • Validation Status: Validated
      Has Video?: No

    NetScaler Web App Firewall -  New WAF signatures available


    NetScaler has integrated 43 new signatures into its Web App Firewall to help customers mitigate moderate and high CVSS vulnerabilities.


    The most notable CVEs in WAF Signatures version 110 are:








    Adobe ColdFusion - Deserialization of Untrusted Data Vulnerability




    Adobe ColdFusion - Access Control Bypass Vulnerability



    Contec SolarView Compact < 7.21 - OS Command Injection Vulnerability



    Microsoft SharePoint Remote Code Execution Vulnerability



    Adobe ColdFusion is a popular server-side scripting language that has recently been found to have a critical vulnerability. This vulnerability, tracked as CVE-2023-29300, allows remote attackers to execute arbitrary code. The vulnerability affects multiple versions of ColdFusion, including 2018, 2021, and 2023.


    Contec SolarView Series is affected by an unauthenticated and remote command injection vulnerability tracked as CVE-2022-29303. This poses a significant threat to organizations relying on these ICS devices. The impact of this vulnerability extends far beyond the initially reported subset of affected systems. Less than one-third of the internet-facing SolarView installations have applied the necessary patches, exposing many systems to exploitation.


    Microsoft SharePoint Server is affected by CVE-2023-33157 which is a remote code execution vulnerability1. The vulnerability has a base score of 8.8.. Microsoft has released a security update for SharePoint Server 2019 to address this vulnerability.

    Mitigating vulnerabilities

    If you are using any of the affected products, make sure you download WAF Signatures version 110 and apply it to your NetScaler Web App Firewall deployments as an additional layer of protection for your applications.  Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: software versions 11.1 and 12.0 are end of life and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.


    NetScaler WAF Best Practices

    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. Netscaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.

    Handling false positives

    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.


    Modifications to NetScaler Web App Firewall Policy:

    add policy patset exception_list

    # (Example: bind policy patset exception_list “/exception_url”) 

    Prepend the existing WAF policy with:


    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^

    NOTE: Any endpoint covered by the exception_list may expose those assets to risks from CVE-2023-34362.

    Additional Information

    Netscaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of Netscaler Web App Firewall.


    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...