In diesem Dokument werden die wichtigsten Typen von Schwachstellen aufgeführt, die der Barracuda Vulnerability Manager findet sowie die von der Barracuda Web Application Firewall angebotene Lösung.

One of Vulnerability Manager’s key features is its integration with the Web Application Firewall, allowing administrators to fix vulnerabilities in a single click. The remediations listed below can be implemented automatically by importing the Vulnerability Manager report into your Web Application Firewall. For more information on this process, see the Solution Brief, “Web Application Vulnerabilities: from Detection to Remediation.”

Vulnerability Type	Web Application Firewall Remediation
Apache Vulnerability Database	N/A: WAF provides automatic protection
Barracuda Realtime IP Reputation Check	Must be fixed by administrator
Barracuda Web Categorization Service Check	Must be fixed by administrator
Clickjacking	Clickjacking Protection
Cross-Frame Scripting (XFS)	URL Parameter Protection (Generic)
Cross-Site Request Forgery (CSRF)	CSRF Protection
Cross-Site Scripting (XSS)	URL Parameter Protection (Generic)
Default Passwords	Must be fixed by administrator
Different Login Failure Message	Brute Force Protection
Directory Indexing	Data Theft Protection
Directory Traversal	URL Normalization
Drupal Vulnerability Database	Platform Template
Email Address, IP Address, Credit Card or SSN Leakage	Data Theft Protection
Exposed Server Error	Data Theft Protection
Flash Cross-Domain Policy	Must be fixed in Flash applet
Forceful Browsing	Must be fixed in application code
Form password sent in query string	Instant SSL Service (manual only)
Form password sent unencrypted	Instant SSL Service (manual only)
Frontpage server extensions	URL Deny Rule
GHOST	Parameter Protection (Max Value Length)
Heartbleed	N/A: WAF provides automatic protection
HTML Injection	URL Parameter Protection (Generic)
HTTP Header Injection	N/A: WAF provides automatic protection
HTTP Methods Enabled	URL Protection
IIS Vulnerability Database	N/A: WAF provides automatic protection
Insecure Login Page	Instant SSL Service (manual only)
Insecure Object Reference	Instant SSL Service (manual only)
Insufficient Session Expiration	Must be fixed in application code
Joomla Vulnerability Database	Platform Template
Lack of Account Lockout	Brute Force Protection
Local File Inclusion (LFI)	URL Normalization
Malicious File Upload	Virus Scanning
Nginx Vulnerability Database	N/A: WAF provides automatic protection
Open TCP/UDP Port	N/A: WAF provides automatic protection
OS Command Injection	URL Parameter Protection (Generic)
Outdated Version of Web Server	N/A: WAF provides automatic protection
Password Field Auto-Complete Enabled	Must be fixed in HTML code
Remote File Inclusion (RFI)	URL Parameter Protection (Generic)
Sensitive File	URL Deny Rule
Server-Side Include (SSI) Injection	Must be fixed in application code
Server-Side Source Code Disclosure	Data Theft Protection
Session Cookie not HTTP-Only	Must be fixed in application code
Session Cookie not Secure	Cookie Security
Shellshock	OS Command Injection Rule Set
SQL Injection (SQLI)	URL Parameter Protection (Generic)
SSL Certificate Invalid or Weak	Must be fixed with CA
SSL Certificate Key Weak	Must be fixed with CA
Unvalidated Redirect	URL Parameter Protection (Generic)
Wordpress Vulnerability Database	Platform Template

Barracuda provides cloud-connected security and storage solutions that simplify IT. These powerful, easy-to-use, and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud, and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering highvalue, subscription-based IT solutions that provide end-to-end network and data security. For additional information, please visit barracuda.com.

Barracuda Networks and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the United States. All other names are the property of their respective owners.