Imperva Security Response for CVE-2014-6271 (AKA "Shellshock")
|09/30/2014||Added availability dates for ADC content|
- Organizations can mitigate this vulnerability by using Imperva SecureSphere WAF (See Protecting Applications below for details).
- SecureSphere is not impacted by this vulnerability.
- Best practices dictate that the SecureSphere management port should not be exposed externally.
1) Protecting Applications:
Imperva customers can use SecureSphere WAF to protect vulnerable applications as follows:
- Imperva’s Application Defense Center (ADC) has produced signatures that can mitigate this vulnerability for affected applications. Details of the signature are available from Imperva Support. On 9/29/2014, the ADC released additional signatures to Imperva Support.
- ADC content with built-in signatures will be available 10/05/2014.
2) Affected Imperva Products:
The following versions or products are not vulnerable:
- SecureSphere 9.0, 9.5, 10.0, 10.5, ThreatRadar Service
SecureSphere is not affected by this vulnerability. The SecureSphere platform does use GNU bash. However, this vulnerability relies upon SSH access, and any SSH access to SecureSphere requires privileged access. Therefore, this privilege escalation vulnerability will not grant any additional privileges to such users, as they would already have “root” level access.
Also, the SecureSphere management server does not use the application components (known as “mod_cgi” and “mod_cgid”), that would be required to exploit this vulnerability on SecureSphere management servers.
Finally, note that best practices dictate that the SecureSphere management port should not be exposed outside the organization.
No fix needed. However, Imperva will update the affected components in an upcoming patch release.
National vulnerability Database Listing: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271