AnsweredAssumed Answered

MS15-034 As active despite Netscaler fix?

Question asked by Aleksander Pawlak on Feb 20, 2017
Latest reply on Apr 10, 2017 by Aleksander Pawlak
Hey
I have 2 servers coming up with

MS15-034  vulnerability even though a Netscaler URL rewrite is in place, which strips range header from the request.

https://www.citrix.com/content/dam/citrix/en_us/citrix-developer/documents/Netscaler/irules/mitigate-microsoft-vulnerability-for-backend.pdf

Is Qualys VM scanner able to check for this condition or the only way of seeing Sev5 would be to either patch the systems or override the severity for the hosts?

Outcomes