Jump to content
Welcome to our new Citrix community!
  • NetScaler WAF Signatures Update v122


    Guest
    • Validation Status: Validated
      Has Video?: No

    NetScaler WAF Signatures Update v122

     

    NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with variable CVSS.

    CVE-2023-50968: This vulnerability is an arbitrary file properties reading flaw in Apache Software Foundation Apache OFBiz. When a user operates an URI call without authorizations, the same URI can be operated to realize a server-side request forgery (SSRF) attack also without authorizations. The vulnerability has been fixed in version 18.12.11, and users are recommended to upgrade to this version.

    CVE-2023-51467: This vulnerability is an authentication bypass flaw in Apache OFBiz. A threat actor sends an HTTP request to exploit a flaw in the checkLogin function. When null or invalid username and password parameters are supplied and the requirePasswordChange parameter is set to Y in the URI, the checkLogin function fails to validate the credentials, leading to authentication bypass. The vulnerability has been patched in Apache OFBiz product version 18.12.11 or above.

    It is important to protect against these vulnerabilities as they can lead to unauthorized access to the system, compromising confidential information and disrupting vital services. The exploit might also create opportunities for supply chain attacks. Therefore, it is recommended that users upgrade to the latest version of Apache OFBiz (version 18.12.11 or above) to mitigate these vulnerabilities.

     

     Signatures included in v122:

    Rule

    CVE ID

    Description

    998554

    CVE-2023-51467

    WEB-MISC Apache Ofbiz Multiple Versions - Server-Side Request Forgery Vulnerability (CVE-2023-51467)

    998555

    CVE-2023-50968

    WEB-MISC Apache Ofbiz Multiple Versions - Server-Side Request Forgery Vulnerability (CVE-2023-50968)

    998557

    CVE-2023-48777

    WEB-WORDPRESS Elementor Plugin Prior to 3.18.1 - File Upload/Remote Code Execution Vulnerability Via ID (CVE-2023-48777)

    998560

    CVE-2023-49105

    WEB-MISC ownCloud Prior to 10.13.1 - Access Control Bypass Vulnerability (CVE-2023-4105)

    999415

    CVE-2020-9446

    WEB-MISC Apache OFBiz 17.12.03 - XML-RPC Unsafe Deserialization Vulnerability (CVE-2020-9446)

    999416

    CVE-2020-9446

    WEB-MISC Apache OFBiz 17.12.03 - XML-RPC Cross-Site Scripting Vulnerability (CVE-2020-9446)

     

    NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.

     

    If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 122 or later and then follow these steps.

    1. Search your signatures for <number>
    2. Select the results with ID 
    3. Choose “Enable Rules” and click OK

     

    NetScaler WAF Best Practices

    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.

     

    Handling false positives

    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.

     

    Modifications to NetScaler Web App Firewall Policy:

    add policy patset exception_list

    # (Example: bind policy patset exception_list “/exception_url”) 

    Prepend the existing WAF policy with:

    HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT

    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^

    NOTE: Any endpoint covered by the exception_list may expose those assets to risks 

    Additional Information

    NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.

    Learn more about NetScaler Web app Firewall, read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.

    Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF. 

     

     

     

     

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...