Jump to content
Welcome to our new Citrix community!
  • 1

WAF Signature CVE-2021-44228


Benjamin Toelle

Question

6 answers to this question

Recommended Posts

  • 1

Kinda but not really, your best bet is converting these rules to WAF. (CTRL+F 2021-44228). To note these rules are specific to different protocols (ports) whereas the unique payloads (ldap,ldaps,rmi,dns etc) is probably more what you're interested in.

 

NS 13 supports Snortv3 format for import formats.

https://rules.emergingthreatspro.com/open/suricata-5.0/rules/emerging-exploit.rules 

https://docs.citrix.com/en-us/citrix-adc/13/application-firewall/signatures/snort-rule-integration.html

 

Last update 19 Nov 2021

https://docs.citrix.com/en-us/citrix-adc/13/application-firewall/signature-alerts/document-history.html

 

Useful if you're trying to use HTTP_ANY or methods documented but not accessible in the GUI.

https://docs.citrix.com/en-us/citrix-adc/downloads/xml1.txt

 

Good luck all.

  • Like 1
Link to comment
  • 0

Hi NetScaler Team,

 

Directly downloading the signature file (not using the GUI update option), I see that there are the CVE-2021-44228 signatures.

The link is the following, and that file is imported as a new signature:

https://s3.amazonaws.com/NSAppFwSignatures/sigs/sig-r13.1b0v72s8.xml

 

A separate query, the signatures that are downloaded from snort (for example snort3-community-rules.tar.gz), do not contain the signatures for CVE-2021-44228, so I have to pay the subscription to download the updated signatures? or how it works there.
Thanks you

00.JPG

01.JPG

02.JPG

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...