Page tree
Skip to end of metadata
Go to start of metadata

Date: 2019/04/11

This security update pack will upgrade patterns used in ICX security policies as well as built-in ones.

Install procedure

  1. Open the administration interface and connect the Management appliance,
  2. In the "Policies" panel, "Security", select "Security Updates",
  3. Use the "Upload" button to upload the security update. The update will be directly installed and set as default.

Warning: The "Default policy" and "Default policy (Strict)" will be automatically updated. All other ICX policies have to be updated manually.

It is possible to switch from a DSU version to another with the "Set as Default" button.

Policy update procedure

We recommend to "Save as" the ICX policy first before applying this update.

  1. Select "ICX Configurations" then open the ICX policy to update,
  2. Click on "Update". If the update is already applied, the update action will be disabled.
  3. Click on "Save" to validate changes
  4. Repeat this operation for all ICX policies to upgrade
  5. Apply changes using the "Apply" button

For more detail about the release note or the installation procedure, we invite you to see the documentation (https://documentation.denyall.com/).

Change log

  • HTML Injection improvement on SSI injection
  • Command Injection improvement on path expansion
  • Remote file include improvement on URL matching

Pattern embedded in this update

  • Path transversal on URI - Strict 00379
  • Path transversal on URI 00378
  • Cross site scripting - Strict 00366
  • Xpath injection - Strict 00349
  • Remote file include 00346
  • Remote command 00372
  • Path transversal on Parameter - Strict 00376
  • Html Injection Strict 00367
  • Sql injection 00374
  • Buffer overflow 00358
  • Xpath injection 00350
  • Ldap injection - Strict 00336
  • Buffer overflow - Strict 00357
  • Html Injection Medium 00368
  • Parser evasion 00373
  • Ldap injection 00337
  • Php uri - strict 00345
  • Mail injection - strict 00381
  • Cross site scripting 00365
  • Remote command - Strict 00369
  • Php uri 00344
  • Mail injection 00380
  • Path transversal on Parameters 00377
  • Sql injection - Strict 00375

  • No labels