ADC

Signature update version 37

New signatures rules are generated for the vulnerabilities identified in version 37. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999806 CVE-2019-3394 WEB-MISC Atlassian Confluence or Data Center - Local File Disclosure Vulnerability (CVE-2019-3394)
999807 CVE-2019-13569 WEB-WORDPRESS Icegram Email Subscribers & Newsletters Plugin Prior to 4.1.8 - SQLi Via Esfpx_lists Param (CVE-2019-13569)
999808 CVE-2019-13569 WEB-WORDPRESS Icegram Email Subscribers & Newsletters Plugin Prior to 4.1.8 - SQLi Via Order Param (CVE-2019-13569)
999809 CVE-2019-2768 WEB-MISC Oracle BI Publisher - Predictable Session Token Vulnerability (CVE-2019-2768)
999810 CVE-2019-1003001 WEB-MISC Jenkins Pipeline Groovy Plugin Up To 2.61 - Sandbox Bypass Vulnerability Via Job Update (CVE-2019-1003001)
999811 CVE-2019-13575 WEB-WORDPRESS WPEverest Everest Forms Plugin Prior to 1.5.0 - SQL Injection (CVE-2019-13575)
999812 CVE-2019-15896 WEB-WORDPRESS LifterLMS Plugin Up To 3.34.5 - Security Bypass Vulnerability (CVE-2019-15896)
999813 CVE-2019-3396 WEB-MISC Atlassian Confluence or Data Center - Remote Code Execution Vulnerability (CVE-2019-3396)
999814 CVE-2019-5475 WEB-MISC Sonatype Nexus Repository Manager Prior to 2.14.14 - Remote Code Execution Via Createrepo Path (CVE-2019-5475)
999815 CVE-2019-5475 WEB-MISC Sonatype Nexus Repository Manager Prior to 2.14.14 - Remote Code Execution Via Mergerepo Path (CVE-2019-5475)
999816 CVE-2019-15104 WEB-MISC Zoho ManageEngine OpManager Version Prior to 12.4 - SQL Injection Vulnerability (CVE-2019-15104)
Signature update version 37