Signature update for June 2020

New signatures rules are generated for the vulnerabilities identified in the week 2020-06-03. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 46 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999643   WEB-WORDPRESS 10Web Map Builder for Google Maps Plugin Prior to 10.0.64 - Unauthenticated XSS Vulnerability Via gmwd_setup Page
999644   WEB-WORDPRESS 10Web Map Builder for Google Maps Plugin 10.0.64 and Prior - XSS Vulnerability Via options_gmwd Page
999645 CVE-2020-5187 WEB-MISC DNN Up To 9.4.4 - Path Traversal Vulnerability Via URL (CVE-2020-5187)
999646 CVE-2020-5187 WEB-MISC DNN Up To 9.4.4 - Path Traversal Vulnerability Via Local (CVE-2020-5187)
999647 CVE-2020-9335 WEB-WORDPRESS Photo Gallery Plugin Prior to 1.5.46 - XSS Vulnerability Via image_alt_text_ Field (CVE-2020-9335)
999648 CVE-2020-9335 WEB-WORDPRESS Photo Gallery Plugin Prior to 1.5.46 - XSS Vulnerability Via Name Field (CVE-2020-9335)
999649 CVE-2020-9335 WEB-WORDPRESS Photo Gallery Plugin Prior to 1.5.46 - XSS Vulnerability Via Description Fields (CVE-2020-9335)
999650 CVE-2020-10189 WEB-MISC Zoho ManageEngine Desktop Central Prior to 10.0.479 - Unauthenticated Remote Code Execution Vuln (CVE-2020-10189)
999651 CVE-2020-10189 WEB-MISC Zoho ManageEngine Desktop Central Prior to 10.0.479 - Unauthenticated Arbitrary File Upload Vuln (CVE-2020-10189)
999652   WEB-WORDPRESS Flexible Checkout Fields for WooCommerce Plugin Prior to 2.3.2 - Unauthenticated Settings Modification Vuln
999653 CVE-2020-0688 WEB-MISC Microsoft Exchange Server - Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)
999654 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via ip_src Parameter (CVE-2020-8947, CVE-2019-20224)
999655 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via dst_port Parameter (CVE-2020-8947, CVE-2019-20224)
999656 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via src_port Parameter (CVE-2020-8947, CVE-2019-20224)
999657 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via ip_dst Parameter (CVE-2020-8947, CVE-2019-20224)
999658 CVE-2020-5186 WEB-MISC DNN Up To 9.5.0 - Cross Site Scripting Vulnerability Via Journal XML Upload (CVE-2020-5186)
999659   WEB-WORDPRESS WP Sitemap Page Plugin 1.6.2 and Prior - XSS Vulnerability Via wsp_exclude_pages
999660 CVE-2020-5188 WEB-MISC DNN Up To 9.5.0 - Insecure Permissions Vulnerability Via UploadFromUrl (CVE-2020-5188)
999661 CVE-2020-5188 WEB-MISC DNN Up To 9.5.0 - Insecure Permissions Vulnerability Via UploadFromLocal (CVE-2020-5188)
999662 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via API Theme (CVE-2020-7799)
999663 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via API Email Template (CVE-2020-7799)
999664 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via GUI Theme (CVE-2020-7799)
999665 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via GUI Email Template (CVE-2020-7799)

Signature update for June 2020