In Signatures Alert Articles
In Web App Firewall
In Citrix ADC 12.1
In Citrix ADC
In All products
Product documentation
In Signatures Alert Articles
In Web App Firewall
In Citrix ADC 12.1
In Citrix ADC
In All products
Citrix ADC
13.0 12.1 12.0 11.1 10.5
View PDF

Signature update for February 2020

September 21, 2020
Contributed by: 
S S

New signatures rules are generated for the vulnerabilities identified in the week 2020-02-27. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 43 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999696 CVE-2019-15983 WEB-MISC Cisco Data Center Network Manager Prior To 11.3(1) - XML External Entity Vulnerability (CVE-2019-15983) Via CablePlans
999697 CVE-2019-20197 WEB-MISC Nagios XI 5.6.9 - Authenticated Arbitrary Command Execution Vulnerability (CVE-2019-20197)
999698 CVE-2020-8417 WEB-WORDPRESS Code Snippets Plugin Prior to 2.14.0 - CSRF Vulnerability (CVE-2020-8417)
999699   WEB-WORDPRESS WPCentral Plugin Prior to Version 1.4.8 - Privilege Escalation Vulnerability
999700 CVE-2020-8596 WEB-WORDPRESS Participants Database Plugin Prior To 1.9.5.6 - Authenticated SQL Injection Vulnerability (CVE-2020-8596)
999701 CVE-2020-8426 WEB-WORDPRESS Elementor Page Builder Plugin Prior To 2.8.5 - Authenticated Reflected XSS Vulnerability (CVE-2020-8426)
999702 CVE-2019-19509 WEB-MISC RConfig 3.9.3 - Remote Code Execution Vulnerability Via ajaxArchiveFiles.php (CVE-2019-19509)
999703 CVE-2019-8449 WEB-MISC Atlassian Jira Server Before 8.4.0 - Information Disclosure Vulnerability (CVE-2019-8449)
999704 CVE-2019-9194 WEB-MISC elFinder Prior To 2.1.48 - PHP Connector Command Injection Vulnerability (CVE-2019-9194)
999705 CVE-2019-15985 WEB-MISC Cisco Data Center Network Manager Prior To 11.3(1) - SQL Injection Vulnerability (CVE-2019-15985) Via getVmHostData
999706 CVE-2020-8549 WEB-WORDPRESS Strong Testimonials Plugin Prior To 2.40.1 - Stored Cross Site Scripting Vulnerability (CVE-2020-8549)

Signature update for February 2020

September 21, 2020
Contributed by: 
S S
September 21, 2020
Contributed by: 
S S

In this article