In diesem Dokument werden die wichtigsten Typen von Schwachstellen aufgeführt, die der Barracuda Vulnerability Manager findet sowie die von der Barracuda Web Application Firewall angebotene Lösung.
One of Vulnerability Manager’s key features is its integration with the Web Application Firewall, allowing administrators to fix vulnerabilities in a single click. The remediations listed below can be implemented automatically by importing the Vulnerability Manager report into your Web Application Firewall. For more information on this process, see the Solution Brief, “Web Application Vulnerabilities: from Detection to Remediation.”
Vulnerability Type | Web Application Firewall Remediation |
---|---|
Apache Vulnerability Database | N/A: WAF provides automatic protection |
Barracuda Realtime IP Reputation Check | Must be fixed by administrator |
Barracuda Web Categorization Service Check | Must be fixed by administrator |
Clickjacking | Clickjacking Protection |
Cross-Frame Scripting (XFS) | URL Parameter Protection (Generic) |
Cross-Site Request Forgery (CSRF) | CSRF Protection |
Cross-Site Scripting (XSS) | URL Parameter Protection (Generic) |
Default Passwords | Must be fixed by administrator |
Different Login Failure Message | Brute Force Protection |
Directory Indexing | Data Theft Protection |
Directory Traversal | URL Normalization |
Drupal Vulnerability Database | Platform Template |
Email Address, IP Address, Credit Card or SSN Leakage | Data Theft Protection |
Exposed Server Error | Data Theft Protection |
Flash Cross-Domain Policy | Must be fixed in Flash applet |
Forceful Browsing | Must be fixed in application code |
Form password sent in query string | Instant SSL Service (manual only) |
Form password sent unencrypted | Instant SSL Service (manual only) |
Frontpage server extensions | URL Deny Rule |
GHOST | Parameter Protection (Max Value Length) |
Heartbleed | N/A: WAF provides automatic protection |
HTML Injection | URL Parameter Protection (Generic) |
HTTP Header Injection | N/A: WAF provides automatic protection |
HTTP Methods Enabled | URL Protection |
IIS Vulnerability Database | N/A: WAF provides automatic protection |
Insecure Login Page | Instant SSL Service (manual only) |
Insecure Object Reference | Instant SSL Service (manual only) |
Insufficient Session Expiration | Must be fixed in application code |
Joomla Vulnerability Database | Platform Template |
Lack of Account Lockout | Brute Force Protection |
Local File Inclusion (LFI) | URL Normalization |
Malicious File Upload | Virus Scanning |
Nginx Vulnerability Database | N/A: WAF provides automatic protection |
Open TCP/UDP Port | N/A: WAF provides automatic protection |
OS Command Injection | URL Parameter Protection (Generic) |
Outdated Version of Web Server | N/A: WAF provides automatic protection |
Password Field Auto-Complete Enabled | Must be fixed in HTML code |
Remote File Inclusion (RFI) | URL Parameter Protection (Generic) |
Sensitive File | URL Deny Rule |
Server-Side Include (SSI) Injection | Must be fixed in application code |
Server-Side Source Code Disclosure | Data Theft Protection |
Session Cookie not HTTP-Only | Must be fixed in application code |
Session Cookie not Secure | Cookie Security |
Shellshock | OS Command Injection Rule Set |
SQL Injection (SQLI) | URL Parameter Protection (Generic) |
SSL Certificate Invalid or Weak | Must be fixed with CA |
SSL Certificate Key Weak | Must be fixed with CA |
Unvalidated Redirect | URL Parameter Protection (Generic) |
Wordpress Vulnerability Database | Platform Template |
About Barracuda Networks, Inc.
Barracuda provides cloud-connected security and storage solutions that simplify IT. These powerful, easy-to-use, and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud, and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering highvalue, subscription-based IT solutions that provide end-to-end network and data security. For additional information, please visit barracuda.com.
Barracuda Networks and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the United States. All other names are the property of their respective owners.