Signature update for October 2020

New signatures rules are generated for the vulnerabilities identified in the week 2020-10-29. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 52 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU. Also, vulnerable versions are mentioned in some of the signature rule log string. You must enable it accordingly.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999500 CVE-2018-14667 WEB-MISC RichFaces Framework 3.X Through 3.3.4 - EL Injection Via UserResource (CVE-2018-14667)
999501 CVE-2018-12533 WEB-MISC RichFaces Framework 3.1.0 Through 3.3.4 - EL Injection Via Paint2DResource (CVE-2018-12533)
999502 CVE-2015-0279, CVE-2018-12532 WEB-MISC RichFaces Framework 4.X Through 4.5.17 - EL Injection Via MediaOutputResource (CVE-2015-0279,CVE-2018-12532)
999503 CVE-2013-2165 WEB-MISC RichFaces v4 Prior to 4.3.3 - Java Object Deserialization Vulnerability (CVE-2013-2165)
999504 CVE-2013-2165 WEB-MISC RichFaces v3 Prior to 3.3.4 - Java Object Deserialization Vulnerability (CVE-2013-2165)
Signature update for October 2020