Java version detection and blocking old version

Reply
Highlighted
L4 Transporter

Java version detection and blocking old version

Hi,

With more and more vulnerabilities in Java, I would like to know if there is any way in PAN firewall to identify and blocked non latest Java traffic? The goal is to identify machines and inform owners to update their Java version. If not then block the Java traffic from that host.

Thanks in advance.

Tags (2)
Highlighted
L7 Applicator

Re: Java version detection and blocking old version

Hello Sly_Cooper,


You can create a regex to match specific java versions ( latest) to allow through the PAN firewall. For all other versions, other than the latest one, set the action as "block". So, all the request will be logged into the PAN firewall.


Reference doc: Creating Custom Threat Signatures



NOTE: The Java spec is written so that JAR files may look like ZIP files in PAN.



Thanks

Highlighted
L4 Transporter

Re: Java version detection and blocking old version

Hi HULK,

Do you have any example for Java version matching? How requests from java apps will be seen on PAN firewalls?

Thanks in advance.

Highlighted
L7 Applicator

Re: Java version detection and blocking old version

Hello Sly_Cooper,

You can take a packet capture on a test machine or PAN firewall from a host, where JAVA update is running. After taking the pcap file, you have to analyze the header to get the request information i.e "java version".

Thanks

Highlighted
L4 Transporter

Re: Java version detection and blocking old version

Sly_Cooper : Have you been able to make vulnerability signatures (regex) for this? I'm looking to do the same thing, and if you have something to share, it would be great!

Highlighted
L4 Transporter

Re: Java version detection and blocking old version

torm - Sorry I did not try it.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!