Pulse vWAF Updates

A new policy (baseline version 201911051452) for Pulse vWAF is now available. In this baseline update, we have refined an existing rule to reduce false positives in the Remote File Inclusion handler.

A new policy (baseline version 201809110525) for Pulse vWAF is now available. In this baseline update, we have updated and extended an existing rule for PHP remote file inclusion. This rule was originally intended to validate both headers and parameters of HTTP traffic, but in some circumstances, it might trap permitted HTTP headers. Change log: Modified: Change original rule to apply only to validate HTTP traffic Added: Create a new rule to check HTTP headers for PHP remote file inclusion attacks. This rule protects against PHP remote file inclusion and allows well-formed URLs. You can download this baseline update direct to Pulse vWAF in the usual way via the portal, or else install this update manually if your Pulse vWAF is isolated from external network connection.  

A new policy (baseline version 201805080540) for the Virtual Web Application Firewall

The latest Q1/18 release of Pulse Secure vWAF (version 4.9, build 43225) is available for download by registered customers. The focus of this release is to implement an updated user interface and branding following the acquisition by Pulse Secure.

I have created this new space to hold baseline updates for the Pulse Virtual Web Application Firewall.   If you have Pulse vWAF installed, then the software will be able to download regular baseline updates automatically. However, some customers prefer to download manually and hold a local copy of the baseline updates: so this space is used to upload occasional baseline updates for offline access.  

A new policy (baseline version 201709220727) for the Virtual Web Application Firewall is now available. Change log: Added: Remote command execution via java.lang.ProcessBuilder There is a zip archive attached to this message which contains this policy. The archive needs to be extracted before it can be uploaded to the WAF (either via web UI or REST API). The download in the product is available with a short delay.

A new policy (baseline version 201706081942) for the Virtual Web Application Firewall is now available. Change log: Changed: bash injection CVE-2014-6271 and CVE-2014-7169 - Reason: Refine "protection against bash injection" rule to also match if there is no whitespace. Changed: access UNIX system paths - Reason: Also match on header values Changed: execution of shell commands and script interpreters - Reason: Also match on header values Changed: drop statement - Reason: Also match on header values Changed: remote file inclusion - Reason: Also match on header values There is a zip archive attached to this message which contains this policy. The archive needs to be extracted before it can be uploaded to the WAF (either via web UI or REST API). The download in the product is available with a short delay.

A new policy (baseline version 201705040916) for the Virtual Web Application Firewall is now available. Change log: Added: PHP code injection The download in the product is available with a short delay.

A new policy (baseline version 201611100932) for the Virtual Web Application Firewall is now available. Change log: Changed: replace statement - Reason: Tag this rule as MySQL extension Changed: remote file inclusion - Reason: optimize rule Changed: XSS via CSS expression - Reason: optimize pattern The download in the product is available with a short delay.

A new policy (baseline version 201608180911) for the Virtual Web Application Firewall is now available. Change log: Changed: XSS via STYLE tag - Reason: normalize rule Changed: HTML tag with href attribute - Reason: enhance rule Changed: XSS via LINK tag - Reason: normalize rule Changed: HTML tag with rel attribute - Reason: enhance rule Changed: XSS via OBJECT tag - Reason: normalize rule Changed: Detects <A HREF Link injection tricks - Reason: normalize rule Changed: Catch IFRAME injections - Reason: normalize rule Changed: XSS via BODY tag - Reason: fix rule Changed: XSS via TABLE tag - Reason: normalize rule Changed: XSS via DIV tag - Reason: normalize rule Changed: XSS via META tag - Reason: normalize rule The download in the product is available with a short delay.

A new policy (baseline version 201607280841) for the Virtual Web Application Firewall is now available. Change log: Added: HTTP Proxy Header attack The download in the product is available with a short delay.