NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with variable CVSS.
CVE-2024-36401: GeoServer is an open-source server by the GeoServer community that allows users to share and edit geospatial data, supporting industry-standard OGC protocols like WFS, WMS, and WCS. Identified as CVE-2024-36401 with a CVSS of 9.8, this vulnerability allows remote code execution (RCE) by unauthenticated users through specially crafted input in GeoServer versions prior to 2.23.6, 2.24.4, and 2.25.212. Exploiting this vulnerability enables attackers to execute arbitrary code on the server, significantly compromising the confidentiality, integrity, and availability of the system.
Signatures included in v135:
Signature rule
CVE ID
Description
998455
CVE-2024-38094, CVE-2024-38024,
CVE-2024-38023
WEB-MISC Microsoft SharePoint Server 2016 and 2019 - Remote Code Execution Vulnerability (CVE-2024-38094, 38024 and 38023)
998456
CVE-2024-36401
WEB-MISC GeoServer Multiple Versions - Unauthenticated Remote Code Execution Vulnerability Via TestWfsPost (CVE-2024-36401)
998457
CVE-2024-36401
WEB-MISC GeoServer Multiple Versions - Unauthenticated Remote Code Execution Vulnerability Via HTTP Params (CVE-2024-36401)
998458
CVE-2024-36401
WEB-MISC GeoServer Multiple Versions - Unauthenticated Remote Code Execution Vulnerability (CVE-2024-36401)
998459
CVE-2024-3246
WEB-MISC WordPress Plugin LiteSpeed Cache Prior To 6.3.0 - Cross-Site Request Forgery Vulnerability (CVE-2024-3246)
998460
CVE-2024-30043
WEB-MISC Microsoft SharePoint Server 2016 and 2019 - XXE Injection Vulnerability Via upload.aspx (CVE-2024-30043)
998461
CVE-2024-30043
WEB-MISC Microsoft SharePoint Server 2016 and 2019 - XXE Injection Vulnerability (CVE-2024-30043)
998462
CVE-2023-46816
WEB-MISC SugarCRM Prior to 12.0.4 and 13.0.2 - Server Side Template Injection Vulnerability (CVE-2023-46816)
998463
CVE-2023-3162
WEB-WORDPRESS Stripe Payment Plugin for WooCommerce Prior to 3.7.8 - Authentication Bypass Vulnerability (CVE-2023-3162)
NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.
If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 135 or later and then follow these steps.
Search your signatures for <number> Select the results with ID Choose “Enable Rules” and click OK
NetScaler WAF Best Practices
NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.
Handling false positives
If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.
Modifications to NetScaler Web App Firewall Policy:
add policy patset exception_list
# (Example: bind policy patset exception_list “/exception_url”)
Prepend the existing WAF policy with:
HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT
# (Example : set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^
NOTE: Any endpoint covered by the exception_list may expose those assets to risks
Additional Information
NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.
Learn more about NetScaler Web app Firewall, read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.
Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF.
- Read more...
- 0 comments
- 343 views