Barracuda Vulnerability Manager Vulnerability Type Reference

Download PDF

This document lists the major vulnerability types that the Barracuda Vulnerability Manager finds, along with the remediation offered by the Barracuda Web Application Firewall.

One of Vulnerability Manager’s key features is its integration with the Web Application Firewall, allowing administrators to fix vulnerabilities in a single click. The remediations listed below can be implemented automatically by importing the Vulnerability Manager report into your Web Application Firewall. For more information on this process, see the Solution Brief, “Web Application Vulnerabilities: from Detection to Remediation.”

Vulnerability Type Web Application Firewall Remediation
Apache Vulnerability Database N/A: WAF provides automatic protection
Barracuda Realtime IP Reputation Check Must be fixed by administrator
Barracuda Web Categorization Service Check Must be fixed by administrator
Clickjacking Clickjacking Protection
Cross-Frame Scripting (XFS) URL Parameter Protection (Generic)
Cross-Site Request Forgery (CSRF) CSRF Protection
Cross-Site Scripting (XSS) URL Parameter Protection (Generic)
Default Passwords Must be fixed by administrator
Different Login Failure Message Brute Force Protection
Directory Indexing Data Theft Protection
Directory Traversal URL Normalization
Drupal Vulnerability Database Platform Template
Email Address, IP Address, Credit Card or SSN Leakage Data Theft Protection
Exposed Server Error Data Theft Protection
Flash Cross-Domain Policy Must be fixed in Flash applet
Forceful Browsing Must be fixed in application code
Form password sent in query string Instant SSL Service (manual only)
Form password sent unencrypted Instant SSL Service (manual only)
Frontpage server extensions URL Deny Rule
GHOST Parameter Protection (Max Value Length)
Heartbleed N/A: WAF provides automatic protection
HTML Injection URL Parameter Protection (Generic)
HTTP Header Injection N/A: WAF provides automatic protection
HTTP Methods Enabled URL Protection
IIS Vulnerability Database N/A: WAF provides automatic protection
Insecure Login Page Instant SSL Service (manual only)
Insecure Object Reference Instant SSL Service (manual only)
Insufficient Session Expiration Must be fixed in application code
Joomla Vulnerability Database Platform Template
Lack of Account Lockout Brute Force Protection
Local File Inclusion (LFI) URL Normalization
Malicious File Upload Virus Scanning
Nginx Vulnerability Database N/A: WAF provides automatic protection
Open TCP/UDP Port N/A: WAF provides automatic protection
OS Command Injection URL Parameter Protection (Generic)
Outdated Version of Web Server N/A: WAF provides automatic protection
Password Field Auto-Complete Enabled Must be fixed in HTML code
Remote File Inclusion (RFI) URL Parameter Protection (Generic)
Sensitive File URL Deny Rule
Server-Side Include (SSI) Injection Must be fixed in application code
Server-Side Source Code Disclosure Data Theft Protection
Session Cookie not HTTP-Only Must be fixed in application code
Session Cookie not Secure Cookie Security
Shellshock OS Command Injection Rule Set
SQL Injection (SQLI) URL Parameter Protection (Generic)
SSL Certificate Invalid or Weak Must be fixed with CA
SSL Certificate Key Weak Must be fixed with CA
Unvalidated Redirect URL Parameter Protection (Generic)
Wordpress Vulnerability Database Platform Template

About Barracuda Networks, Inc.

Barracuda provides cloud-connected security and storage solutions that simplify IT. These powerful, easy-to-use, and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud, and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering highvalue, subscription-based IT solutions that provide end-to-end network and data security. For additional information, please visit barracuda.com.

Barracuda Networks and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the United States. All other names are the property of their respective owners.