Java version detection and blocking old version

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Java version detection and blocking old version

L4 Transporter

Hi,

With more and more vulnerabilities in Java, I would like to know if there is any way in PAN firewall to identify and blocked non latest Java traffic? The goal is to identify machines and inform owners to update their Java version. If not then block the Java traffic from that host.

Thanks in advance.

5 REPLIES 5

L7 Applicator

Hello Sly_Cooper,


You can create a regex to match specific java versions ( latest) to allow through the PAN firewall. For all other versions, other than the latest one, set the action as "block". So, all the request will be logged into the PAN firewall.


Reference doc: Creating Custom Threat Signatures



NOTE: The Java spec is written so that JAR files may look like ZIP files in PAN.



Thanks

Hi HULK,

Do you have any example for Java version matching? How requests from java apps will be seen on PAN firewalls?

Thanks in advance.

Hello Sly_Cooper,

You can take a packet capture on a test machine or PAN firewall from a host, where JAVA update is running. After taking the pcap file, you have to analyze the header to get the request information i.e "java version".

Thanks

Sly_Cooper : Have you been able to make vulnerability signatures (regex) for this? I'm looking to do the same thing, and if you have something to share, it would be great!

torm - Sorry I did not try it.

  • 4055 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!