Jump to content
  • NetScaler WAF Signatures Update v141


    NetScaler WAF Signatures Update v141

     

    NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with varying CVSS scores. 

    CVE-2024-9264: Apache Grafana is a multi-platform open-source analytics and visualization solution widely used for creating charts, graphs, and alerts based on data. A critical vulnerability, identified as CVE-2024-9264, affects Grafana versions 11.0.x, 11.1.x, and 11.2.x. It allows command injection and local file inclusion (LFI) via the experimental SQL Expressions feature. Exploiting this vulnerability enables attackers with viewer permissions or higher to execute arbitrary code or access sensitive files on the server, significantly impacting the system's confidentiality, integrity, and availability.

     Signatures included in v141:

    Signature rule

    CVE ID

    Description

    998388

    CVE-2024-9634

    WEB-WORDPRESS WordPress Plugin GiveWP Prior To 3.16.4 - Deserialization of Untrusted Data Vulnerability (CVE-2024-9634)

    998389

    CVE-2024-9634

    WEB-WORDPRESS WordPress Plugin GiveWP Prior To 3.16.4 - Deserialization of Untrusted Data Vulnerability Via Ajax (CVE-2024-9634)

    998390

    CVE-2024-9264

    WEB-MISC Apache Grafana 11.x - Command Injection And Local File Inclusion Vulnerability via SQL Expressions (CVE-2024-9264)

    998391

    CVE-2024-5488

    WEB-WORDPRESS WordPress Plugin SEOPress Prior To 7.9 - Authorization Bypass Vulnerability Via rest_route (CVE-2024-5488)

    998392

    CVE-2024-5488

    WEB-WORDPRESS WordPress Plugin SEOPress Prior To 7.9 - Authorization Bypass Vulnerability (CVE-2024-5488)

    998393 

    CVE-2024-47949

    WEB-MISC JetBrains TeamCity Prior to 2024.07.3 - Path Traversal Vulnerability (CVE-2024-47949)

    998394

    CVE-2024-47011

    WEB-MISC Ivanti Avalanche Prior to 6.4.5 - Path Traversal Vulnerability (CVE-2024-47011)

    998395

    CVE-2024-47010

    WEB-MISC Ivanti Avalanche Prior to 6.4.5 - Authentication Bypass Vulnerability (CVE-2024-47010)

    998396 

    CVE-2024-47009

    WEB-MISC Ivanti Avalanche Prior to 6.4.5 - Authentication Bypass Vulnerability (CVE-2024-47009)

    998397

    CVE-2024-43363

    WEB-MISC Cacti Prior to 1.2.28 - Code Injection Vulnerability Via path_stderrlog (CVE-2024-43363)

    998398

    CVE-2024-43363

    WEB-MISC Cacti Prior to 1.2.28 - Code Injection Vulnerability Via path_cactilog (CVE-2024-43363)

    998399

    CVE-2024-41874

    WEB-MISC Adobe ColdFusion Multiple Versions - Remote Code Execution Vulnerability (CVE-2024-41874)

    998400

    CVE-2024-27956

    WEB-WORDPRESS ValvePress Automatic Plugin Prior to 3.92.1 - Unauthenticated SQL Injection Vulnerability (CVE-2024-27956)

    998401 

    CVE-2024-27954

    WEB-WORDPRESS ValvePress Automatic Plugin Prior to 3.92.1 - Unauth Path Traversal and SSRF Vulnerabilities (CVE-2024-27954)

     

    NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1.

    NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.

     

    If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 141 or later and then follow these steps.

    1. Search your signatures for <number>
    2. Select the results with ID 
    3. Choose “Enable Rules” and click OK

     

    NetScaler WAF Best Practices

    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.

     

    Handling false positives

    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.

     

    Modifications to NetScaler Web App Firewall Policy:

    add policy patset exception_list

    # (Example: bind policy patset exception_list “/exception_url”) 

    Prepend the existing WAF policy with:

    HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT

    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^

    NOTE: Any endpoint covered by the exception_list may expose those assets to risks 

    Additional Information

    NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.

    Learn more about NetScaler Web app Firewall. Read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.

    Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF. 





     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...