Signature update for February 2021

New signatures rules are generated for the vulnerabilities identified in the week 2021-02-17. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 58 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999328 CVE-2021-3317 WEB-MISC KLog Server 2.4.1 and Prior - OS Command Injection Vulnerability (CVE-2021-3317)
999329 CVE-2021-3110 WEB-MISC PrestaShop Prior to 1.7.7.1 - SQL Injection Vulnerability Via id_products (CVE-2021-3110)
999330 CVE-2021-3110 WEB-MISC PrestaShop Prior to 1.7.7.1 - SQL Injection Vulnerability Via /module/productcomments/CommentGrade (CVE-2021-3110)
999331 CVE-2021-25646 WEB-MISC Apache Druid Prior to 0.20.1 - Remote Code Execution Vulnerability (CVE-2021-25646)
999332 CVE-2020-36171 WEB-WORDPRESS Elementor Page Builder Plugin Prior to 3.0.14 - XSS Vulnerability (CVE-2020-36171)
999333 CVE-2020-35765 WEB-MISC Zoho ManageEngine Applications Manager Prior to Build 15000 - SQL Injection Vulnerability (CVE-2020-35765)
999334 CVE-2020-35589 WEB-WORDPRESS Limit Login Attempts Reloaded Prior to 2.15.2 - Reflected Cross-Site Scripting Vulnerability (CVE-2020-35589)
999335 CVE-2020-26282 WEB-MISC BrowserUp Proxy Prior to 2.1.2 - Template Injection Leading To RCE Vulnerability Via mostRecentEntry (CVE-2020-26282)
999336 CVE-2020-26282 WEB-MISC BrowserUp Proxy Prior to 2.1.2 - Template Injection Leading To RCE Vulnerability Via entries (CVE-2020-26282)
999337 CVE-2020-14815 WEB-MISC Oracle Business Intelligence Enterprise Edition - Reflected Cross-Site Scripting Vulnerability (CVE-2020-14815)
999338   WEB-WORDPRESS Contact Form 7 Database Addon Prior to 1.2.5.4 - SQLi Vulnerability Via Delete Bulk Action
Signature update for February 2021