Signature update version 33

New signatures rules are generated for the vulnerabilities identified in version 33. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 32 applicable to NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, and Citrix ADC 13.0 platforms.

Note

Enabling Post body and Response body signature rules may affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Rule CVE Description Vulnerability Reference
999860   WordPress Plugin Yuzo Related Posts XSS Vulnerability https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
999861 CVE-2019-12099   cve,2019-12099
999862   WordPress Plugin Database Backup <= 5.2 - Remote Code Execution https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin
999863   WordPress Plugin Slick Popup - Privilege Escalation https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin
999864 CVE-2019-10866 WordPress Plugin Form Maker 1.13.3 - SQL Injection cve,2019-10866
999865   WordPress Plugin Give – Stored XSS for Donors https://blog.sucuri.net/2019/05/wordpress-plugin-give-stored-xss-for-donors.html
999866   WordPress plug-in My Calendar <= 3.1.9 - Unauthenticated XSS Vulnerability https://wpvulndb.com/vulnerabilities/9267
999867   WordPress Plugin Slimstat <= 4.8 - Unauthenticated Stored XSS https://blog.sucuri.net/2019/05/slimstat-stored-xss-from-visitors.html
999868 CVE-2019-2618 WebLogic Arbitrary Upload Vulnerability cve,2019-2618
999869 CVE-2019-11871 WEB-WORDPRESS WordPress Plugin Custom Field Suite Prior To 2.5.15 - Cross-Site Scripting Vulnerability cve,2019-11871
999870   WEB-WORDPRESS WordPress Live Chat Support Plugin Persistent XSS Vulnerability prior 8.0.27 via wplc_custom_js parameter https://blog.sucuri.net/2019/05/persistent-cross-site-scripting-in-wp-live-chat-support-plugin.html
999871   WEB-WORDPRESS WordPress Plugin W3 Total Cache Prior To 0.9.7.4 - PHAR Remote Code Execution Vulnerability https://wpvulndb.com/vulnerabilities/9270
999872   WEB-WORDPRESS WordPress Plugin W3 Total Cache Prior To 0.9.7.4 - PHAR Remote Code Execution Vulnerability https://wpvulndb.com/vulnerabilities/9269
999873 CVE-2019-0604 WEB-MISC Microsoft Windows Sharepoint Server - Remote Code Execution Vulnerability cve,2019-0604
999874   WEB-WORDPRESS Yuzo Related Posts Unauthenticated Stored XSS Vulnerability in 5.12.91 https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild