cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Java version detection and blocking old version

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Sly_Cooper
L4 Transporter
‎05-13-2014 10:07 PM
‎05-13-2014 10:07 PM

Java version detection and blocking old version

Hi,

With more and more vulnerabilities in Java, I would like to know if there is any way in PAN firewall to identify and blocked non latest Java traffic? The goal is to identify machines and inform owners to update their Java version. If not then block the Java traffic from that host.

Thanks in advance.

Tags (2)
0 Likes
Reply
HULK
L7 Applicator
‎05-13-2014 11:01 PM
‎05-13-2014 11:01 PM

Hello Sly_Cooper,


You can create a regex to match specific java versions ( latest) to allow through the PAN firewall. For all other versions, other than the latest one, set the action as "block". So, all the request will be logged into the PAN firewall.


Reference doc: Creating Custom Threat Signatures



NOTE: The Java spec is written so that JAR files may look like ZIP files in PAN.



Thanks

Reply
Sly_Cooper
L4 Transporter
‎05-22-2014 09:14 AM
‎05-22-2014 09:14 AM

Hi HULK,

Do you have any example for Java version matching? How requests from java apps will be seen on PAN firewalls?

Thanks in advance.

0 Likes
Reply
HULK
L7 Applicator
‎05-22-2014 09:32 AM
‎05-22-2014 09:32 AM

Hello Sly_Cooper,

You can take a packet capture on a test machine or PAN firewall from a host, where JAVA update is running. After taking the pcap file, you have to analyze the header to get the request information i.e "java version".

Thanks

Reply
torm
L4 Transporter
‎09-30-2014 01:41 AM
‎09-30-2014 01:41 AM

Sly_Cooper : Have you been able to make vulnerability signatures (regex) for this? I'm looking to do the same thing, and if you have something to share, it would be great!

0 Likes
Reply
Sly_Cooper
L4 Transporter
‎11-11-2014 08:44 AM
‎11-11-2014 08:44 AM

torm - Sorry I did not try it.

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks