Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway)
Not impacted (all platforms)
Why do we need to add this?
What Customers Should Do
Citrix has released configurations that are designed to mitigate the risk of exploit of CVE-2021-44228. Citrix ADC Standard, Advanced or Premium edition customers may use responder policies for protection as shown below. Please bind the responder policy to the appropriate bind point (vserver or global).
Citrix Products affected from log4j zero-day vulnerability (CVE-2021-44248)?
in XenMobile 10.x
Posted
Curious, if Citrix ADC is not affected:
Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway)
Not impacted (all platforms)
Why do we need to add this?
What Customers Should Do
Citrix has released configurations that are designed to mitigate the risk of exploit of CVE-2021-44228. Citrix ADC Standard, Advanced or Premium edition customers may use responder policies for protection as shown below. Please bind the responder policy to the appropriate bind point (vserver or global).
add policy patset patset_cve_2021_44228 bind policy patset patset_cve_2021_44228 ldap bind policy patset patset_cve_2021_44228 http bind policy patset patset_cve_2021_44228 https bind policy patset patset_cve_2021_44228 ldaps bind policy patset patset_cve_2021_44228 rmi bind policy patset patset_cve_2021_44228 dns add responder policy mitigate_exploit_cve_2021_44228 q^HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(URLENCODED).DECODE_USING_TEXT_MODE.AFTER_STR("${").BEFORE_STR("}").CONTAINS("${") || HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(URLENCODED).DECODE_USING_TEXT_MODE.SET_TEXT_MODE(IGNORECASE).STRIP_CHARS("${: }/+").AFTER_STR("jndi").CONTAINS_ANY("patset_cve_2021_44228") || HTTP.REQ.BODY(8192).SET_TEXT_MODE(URLENCODED).DECODE_USING_TEXT_MODE.AFTER_STR("${").BEFORE_STR("}").CONTAINS("${") || HTTP.REQ.BODY(8192).SET_TEXT_MODE(URLENCODED).DECODE_USING_TEXT_MODE. SET_TEXT_MODE(IGNORECASE).STRIP_CHARS("${: }/+").AFTER_STR("jndi").CONTAINS_ANY("patset_cve_2021_44228")^ DROP