NetScaler WAF Signatures Update v140
NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with varying CVSS scores.
CVE-2024-8353: GiveWP by impress.org is a widely-used WordPress plugin for managing online donations and fundraising campaigns. This plugin is susceptible to a deserialization of untrusted data vulnerability, affecting versions prior to 3.16.2. Unauthenticated attackers can exploit this flaw via Ajax, potentially leading to arbitrary code execution on the server.
CVE-2024-9465 : Palo Alto Networks' Expedition, a popular tool for migrating and managing firewall configurations, is vulnerable to an unauthenticated SQL Injection vulnerability in versions prior to 1.2.96. This flaw allows unauthenticated attackers to inject malicious SQL queries, potentially giving them access to sensitive data within the database.
Signatures included in v140:
Signature rule |
CVE ID |
Description |
998402 |
CVE-2024-9465 |
WEB-MISC Palo Alto Expedition Prior to 1.2.96 - Unauthenticated SQL Injection Vulnerability (CVE-2024-9465) |
998403 |
CVE-2024-9464 |
WEB-MISC Palo Alto Expedition Prior to 1.2.96 - OS Command Injection Vulnerability Via start_date (CVE-2024-9464) |
998404 |
CVE-2024-9464 |
WEB-MISC Palo Alto Expedition Prior to 1.2.96 - OS Command Injection Vulnerability Via start_time (CVE-2024-9464) |
998405 |
CVE-2024-8353 |
WEB-MISC WordPress Plugin GiveWP Prior To 3.16.2 - Deserialization of Untrusted Data Vulnerability (CVE-2024-8353) |
998406 |
CVE-2024-8353 |
WEB-MISC WordPress Plugin GiveWP Prior To 3.16.2 - Deserialization of Untrusted Data Vulnerability Via Ajax (CVE-2024-8353) |
998407 |
CVE-2024-7781 |
WEB-WORDPRESS Artbees Jupiter X Core Plugin Prior to 4.7.8 - Authentication Bypass Vulnerability Via Facebook (CVE-2024-7781) |
998408 |
CVE-2024-7781 |
WEB-WORDPRESS Artbees Jupiter X Core Plugin Prior to 4.7.8 - Authentication Bypass Vulnerability Via Google (CVE-2024-7781) |
998409 |
CVE-2024-7772 |
WEB-WORDPRESS Artbees Jupiter X Core Plugin Prior to 4.6.6 - Arbitrary File Upload Vulnerability (CVE-2024-7772) |
998410 |
CVE-2024-5932 |
WEB-MISC WordPress Plugin GiveWP Prior To 3.14.2 - Deserialization of Untrusted Data Vulnerability (CVE-2024-5932) |
998411 |
CVE-2024-5932 |
WEB-MISC WordPress Plugin GiveWP Prior To 3.14.2 - Deserialization of Untrusted Data Vulnerability Via Ajax (CVE-2024-5932) |
998412 |
CVE-2024-5910 |
WEB-MISC Palo Alto Expedition Prior to 1.2.92 - Missing Authentication for Critical Function Vulnerability (CVE-2024-5910) |
998413 |
CVE-2024-5019 |
WEB-MISC WhatsUp Gold Prior To 2023.1.3 - Unauthenticated File Disclosure Vulnerability (CVE-2024-5019) |
998414 |
CVE-2024-5018 |
WEB-MISC WhatsUp Gold Prior To 2023.1.3 - Unauthenticated File Disclosure Vulnerability (CVE-2024-5018) |
998415 |
CVE-2024-5017 |
WEB-MISC WhatsUp Gold Prior To 2023.1.3 - Path Traversal Vulnerability (CVE-2024-5017) |
998416 |
CVE-2024-47374 |
WEB-MISC WordPress Plugin LiteSpeed Cache Prior To 6.5.1 - Stored XSS Vulnerability (CVE-2024-47374) |
998417 |
CVE-2024-38653 |
WEB-MISC Ivanti Avalanche Up to 6.3.1 - SmartDeviceServer XXE Vulnerability (CVE-2024-38653) |
NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.
If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 140 or later and then follow these steps.
- Search your signatures for <number>
- Select the results with ID
- Choose “Enable Rules” and click OK
NetScaler WAF Best Practices
NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.
Handling false positives
If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.
Modifications to NetScaler Web App Firewall Policy:
add policy patset exception_list
# (Example: bind policy patset exception_list “/exception_url”)
Prepend the existing WAF policy with:
HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT
# (Example : set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^
NOTE: Any endpoint covered by the exception_list may expose those assets to risks
Additional Information
NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.
Learn more about NetScaler Web app Firewall. Read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.
Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now