Signature update for April 2020

New signatures rules are generated for the vulnerabilities identified in the week 2020-04-27. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 44 is applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999683 CVE-2020-9043 WEB-WORDPRESS wpCentral Plugin Prior To 1.5.1 - Connection Key Disclosure Vulnerability (CVE-2020-9043)
999684   WEB-WORDPRESS Duplicate-Post Plugin Version 3.2.3 and Prior - Persistent Cross-site Scripting
999685   WEB-WORDPRESS Duplicate-Post Plugin Version 3.2.3 and Prior - Persistent Cross-site Scripting
999686 CVE-2020-0618 WEB-MISC Microsoft SQL Server Reporting Services - Remote Code Execution Vulnerability (CVE-2020-0618)
999687 CVE-2019-16278 WEB-MISC Nostromo Nhttpd Prior to 1.3.7 - Strcutl Function Allows Unauthenticated Remote Code Execution (CVE-2019-16278)
999688 CVE-2019-1937 WEB-MISC Cisco UCS Director 6.6.0.0 to 6.6.1.0 and 6.7.0.0 to 6.7.1.0 - Authentication Bypass Vulnerability (CVE-2019-1937)
999689   WEB-WORDPRESS Duplicate-Post Plugin Version 3.2.3 and Prior - Persistent Cross-site Scripting
999690 CVE-2020-9006 WEB-WORDPRESS Popup Builder Plugin Prior to 3.0 - SQL Injection Via PHP Deserialization Vulnerability (CVE-2020-9006)
999691   WEB-WORDPRESS Duplicate-Post Plugin Version 3.2.3 and Prior - Persistent Cross-site Scripting
999692   WEB-MISC prevent request smuggling via content-length and transfer-encoding header
999693   WEB-WORDPRESS ThemeGrill Demo Importer Plugin Prior To 1.6.3 - Authentication Bypass And Database Wipe Vulnerability
999694 CVE-2019-17237 WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode Plugin Prior to 3.4.1 - CSRF Vulnerability Via Message (CVE-2019-17237)
999695 CVE-2019-17237 WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode Plugin Prior to 3.4.1 - CSRF Vulnerability Via Subject (CVE-2019-17237)