Signature update for October 2020
New signatures rules are generated for the vulnerabilities identified in the week 2020-10-29. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Enabling Post body and Response body signature rules might affect Citrix ADC CPU. Also, vulnerable versions are mentioned in some of the signature rule log string. You must enable it accordingly.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
|Signature rule||CVE ID||Description|
|999500||CVE-2018-14667||WEB-MISC RichFaces Framework 3.X Through 3.3.4 - EL Injection Via UserResource (CVE-2018-14667)|
|999501||CVE-2018-12533||WEB-MISC RichFaces Framework 3.1.0 Through 3.3.4 - EL Injection Via Paint2DResource (CVE-2018-12533)|
|999502||CVE-2015-0279, CVE-2018-12532||WEB-MISC RichFaces Framework 4.X Through 4.5.17 - EL Injection Via MediaOutputResource (CVE-2015-0279,CVE-2018-12532)|
|999503||CVE-2013-2165||WEB-MISC RichFaces v4 Prior to 4.3.3 - Java Object Deserialization Vulnerability (CVE-2013-2165)|
|999504||CVE-2013-2165||WEB-MISC RichFaces v3 Prior to 3.3.4 - Java Object Deserialization Vulnerability (CVE-2013-2165)|