daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/apimanagement/azure-apim-tls-config-weak....

57 lines
2.1 KiB
YAML
Raw Permalink Blame History

id: azure-apim-tls-config-weak
info:
name: Azure API Management Weak TLS Configured
author: princechaddha
severity: medium
description: |
Ensure that your Azure API Management API gateways are not configured to use weak and deprecated TLS protocols such as TLS 1.0 and TLS 1.1. Using outdated TLS versions can expose your APIs to exploits targeting flaws in these older protocols. Ensure API gateways use the latest supported TLS version.
impact: |
Using weak or deprecated TLS protocols can lead to security breaches, as these versions contain known vulnerabilities that are targets for exploits.
remediation: |
Update the Azure API Management gateway configurations to disable TLS 1.0 and TLS 1.1, ensuring only the latest TLS protocols are used. Refer to the Azure documentation on updating API gateway configurations.
reference:
- https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-configure-protocols
tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config
flow: |
code(1);
for (let GatewayData of iterate(template.gatewayList)) {
GatewayData = JSON.parse(GatewayData);
set("name", GatewayData.name);
set("resourceGroup", GatewayData.resourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az apim list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'
extractors:
- type: json
name: gatewayList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az apim show --name "$name" --resource-group "$resourceGroup" --output json --query 'customProperties'
matchers:
- type: word
words:
- 'Ssl30": "True"'
- 'Tls10": "True"'
- 'Tls11": "True"'
extractors:
- type: dsl
dsl:
- 'name + " in resource group " + resourceGroup + " is configured with weak TLS protocols"'
# digest: 4a0a0047304502204ce8881feed7aa37b2eb7f4599103d58c2bf74b69b59111a48c403695a37a64a022100b630fecbc17691ea5d8598c3116ea83100e3a7fbfe26f43926a83e1a7b573ed3:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink