Signature update for August 2019

September 16, 2019

Contributed by: S

New signatures rules are generated for the vulnerabilities identified in the week 2019-08-28. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 34 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, and Citrix ADC 13.0 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999843		WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to Version 2.0.46 - Setting Arbitrary File For Read
999844		WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to Version 2.0.46 - Arbitrary File Read
999845		WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to Version 2.0.46 - File Removal Via File Replacement
999846		WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to Version 2.0.46 - File Removal
999847		WEB-WORDPRESS WordPress Plugin Shortlinks Prior To 2.1.10 - CSV Injection Vulnerability
999848		WEB-WORDPRESS WordPress Plugin Shortlinks Prior To 2.1.10 - Unauthenticated Stored XSS Vulnerability
999849		WEB-WORDPRESS WordPress Plugin FV Flowplayer Video Player Prior To 7.3.13.727 - Unauthenticated Stored XSS Vulnerability
999850		WEB-WORDPRESS WordPress Plugin Easy Digital Downloads Prior To 2.9.16 - Unauthenticated Stored XSS Vulnerability
999851		WEB-WORDPRESS WordPress Plugin Crelly Slider Prior to version 1.3.5 - Arbitrary File Upload Vulnerability
999853	CVE-2019-2615	WEB-MISC Oracle WebLogic Server Information Disclosure Vulnerability
999854	CVE-2019-11872	WordPress Plugin Hustle Prior To 6.0.8.1 - CSV Injection Vulnerability
999855	CVE-2019-11231	WEB-MISC GetSimple CMS Version 3.3.15 and Prior - Arbitrary File Upload Vulnerability
999856	CVE-2019-11231	WEB-MISC GetSimple CMS Version 3.3.15 and Prior - API Key Information Disclosure
999857		WEB-WORDPRESS WordPress Plugin WP Database Backup Prior To 5.2 - Command Injection Vulnerability
999858		WEB-WORDPRESS WordPress Plugin Slick Popup Up To 1.7.1 - Privilege Escalation Vulnerability
999859	CVE-2019-12099	WEB-MISC PHP Fusion CMS Remote Code Execution Vulnerability in Version 9.03.00 and Prior

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update for August 2019

September 16, 2019

Contributed by: S

Signature update for August 2019

Signature version

Common Vulnerability Entry (CVE) insight

Signature update for August 2019

In this article