Skip to main content
Versa Networks

Configure Vulnerability Rules

  1. Last updated
  2. Save as PDF

To configure vulnerability rules, upload a file containing vulnerability rules from the local system:

  1. Go to Configure > Security Service Edge > Real-Time Protection > Profiles.
  2. Select the Secure Web Gateway tab, and then select the Vulnerabilities tab.


    Vulnerability_Rule_tab.png
     
  3. Select Upload File. The Upload File popup window displays.

    Upload_file_popup.png
     
  4. Enter a file name in the File Name field, or click Browse to search for a file.
  5. Click Upload.

Below is an example of the contents of a vulnerability rule file: 

alert tcp $HOME_NET any -> $EXTERNAL_NET 110 (msg:"cURL and libcurl MD5 Digest Buffer Overflow"; flow:to_server; content:"CAPA"; flowbits:set, fb_50000064; reference:tsl,TSL20130207-03; reference:cve,CVE-2013-0249; reference:osvdb,89988; reference:secunia,SA52103; sid:50000064; )
alert tcp $EXTERNAL_NET 110 -> $HOME_NET any (msg:"cURL and libcurl MD5 Digest Buffer Overflow"; flow:from_server; flowbits: isset, fb_50000064; content:"+OK"; content:"SASL"; content:"DIGEST-MD5"; flowbits:set, fb_50000065;   reference:tsl,TSL20130207-03; reference:cve,CVE-2013-0249; reference:osvdb,89988; reference:secunia,SA52103; sid:50000065; metadata: flowbit_src: fb_50000064;)
alert tcp $HOME_NET any -> $EXTERNAL_NET 110 (msg:"cURL and libcurl MD5 Digest Buffer Overflow"; flow:to_server; flowbits: isset, fb_50000065; content:"AUTH DIGEST-MD5"; offset:0; depth:15;flowbits:set, fb_50000066;  reference:tsl,TSL20130207-03; reference:cve,CVE-2013-0249; reference:osvdb,89988; reference:secunia,SA52103; sid:50000066; metadata: flowbit_src: fb_50000065;)
alert tcp $EXTERNAL_NET 110 -> $HOME_NET any (msg:"cURL and libcurl MD5 Digest Buffer Overflow"; flow:from_server; flowbits:isset, fb_50000066; pcre:"/\+\s*/s"; base64_decode:relative;base64_data; pcre:"/algorithm\s*?=\s*?md5-sess/s"; pcre:"/nonce\s*?=/s"; pcre:"/realm\s*?=\s*?(\"|\')/s"; isdataat:124,relative; content:!"|22|"; distance:0; within:124; reference:tsl,TSL20130207-03; reference:cve,CVE-2013-0249; reference:osvdb,89988; reference:secunia,SA52103; sid:1000000372; metadata: flowbit_src: fb_50000066;)

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
    Product
    Concerto
  2. Tags
    This page has no tags.