https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43967#M32280 <HTML><HEAD></HEAD><BODY><P>To get this content release 349 to successfully protect against these threats, what threat categories do we need to enable and apply policy (Virus / Spyware / Vulneability)? Because we just recently implemented the PA's and we dont' know the impact of turning all these categories to block right now. Thanks. </P></BODY></HTML> Fri, 11 Jan 2013 21:28:13 GMT asher1ad 2013-01-11T21:28:13Z https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43964#M32277 <HTML><HEAD></HEAD><BODY><P>Hello all,</P><P></P><P>Just wondering if anyone might be able to tell me whether this vulnerability, CVE-2013-0422, is being addressed? And, if so, when could we expect to see a patch for this? Thank you!</P><P><A class="active_link" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422&amp;utm_source=dlvr.it&amp;utm_medium=twitter"><SPAN style="color: #0066cc; text-decoration: underline;">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422&amp;utm_source=dlvr.it&amp;utm_medium=tw</SPAN></A></P><P><A href="http://msisac.cisecurity.org/advisories/2013/2013-006.cfm">http://msisac.cisecurity.org/advisories/2013/2013-006.cfm</A></P></BODY></HTML> Fri, 11 Jan 2013 15:17:18 GMT https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43964#M32277 u13987 2013-01-11T15:17:18Z https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43965#M32278 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Content release version 349 has been released today to cover this <SPAN style="font-size: 12.0pt; font-family: 'Times New Roman','serif';">New Vulnerability </SPAN>.</P><P></P><P>Thank you</P><P>Numan</P></BODY></HTML> Fri, 11 Jan 2013 18:53:57 GMT https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43965#M32278 mbutt 2013-01-11T18:53:57Z https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43966#M32279 <HTML><HEAD></HEAD><BODY><P>Thank you for the prompt reply! </P></BODY></HTML> Fri, 11 Jan 2013 18:57:41 GMT https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43966#M32279 u13987 2013-01-11T18:57:41Z https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43967#M32280 <HTML><HEAD></HEAD><BODY><P>To get this content release 349 to successfully protect against these threats, what threat categories do we need to enable and apply policy (Virus / Spyware / Vulneability)? Because we just recently implemented the PA's and we dont' know the impact of turning all these categories to block right now. Thanks. </P></BODY></HTML> Fri, 11 Jan 2013 21:28:13 GMT https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43967#M32280 asher1ad 2013-01-11T21:28:13Z https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43968#M32281 <HTML><HEAD></HEAD><BODY><P>They are all by the category "critical". So if you at least set "critical" to default action: block (instead of default) you should be safe.</P><P></P><P>Generally speaking using this profile is recommended:</P><P></P><P>critical: block</P><P>high: block</P><P>medium: block</P><P>low: default</P><P>informational: default</P><P></P><P>Default means the default action that PA has set for this vuln.</P><P></P><P>For example:</P><P></P><P>critical 35273 Oracle Java Runtime Environment Remote Code Execution Vulnerability CVE-2013-0422&nbsp; reset-client 3.1.0 </P><P></P><P>means that if detected the default action is "reset-client" (which includes a logentry aswell).</P><P></P><P>While:</P><P></P><P>critical 35276 Adobe Reader JPEG File Parsing Memory Corruption Vulnerability CVE-2013-0603 APSB13-02 alert 3.1.0</P><P></P><P>means that the default action is to only produce a logentry.</P><P></P><P>But if you set the default action for critical to block then both above will block (drop) the session if detected.</P><P></P><P>Also the 349 update only updates vuln signatures (the IPS stuff).</P></BODY></HTML> Fri, 11 Jan 2013 22:07:18 GMT https://live.paloaltonetworks.com/t5/general-topics/new-java-vulnerability-cve-2013-0422-released-1-11-13/m-p/43968#M32281 mikand 2013-01-11T22:07:18Z