ADC

Signature update version 34

New signatures rules are generated for the vulnerabilities identified in version 34. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect NetScaler CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999843   WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - Setting Arbitrary File For Read
999844 WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - Arbitrary File Read
999845 WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - File Removal Via File Replacement
999846 WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - File Removal
999847 WEB-WORDPRESS WordPress plug-in Shortlinks Prior To 2.1.10 - CSV Injection Vulnerability
999848 WEB-WORDPRESS WordPress plug-in Shortlinks Prior To 2.1.10 - Unauthenticated Stored cross-site scripting Vulnerability
999849 WEB-WORDPRESS WordPress plug-in FV Flowplayer Video Player Prior To 7.3.13.727 - Unauthenticated Stored cross-site scripting Vulnerability
999850 WEB-WORDPRESS WordPress plug-in Easy Digital Downloads Prior To 2.9.16 - Unauthenticated Stored cross-site scripting Vulnerability
999851 WEB-WORDPRESS WordPress plug-in Crelly Slider Prior to version 1.3.5 - Arbitrary File Upload Vulnerability
999853 CVE-2019-2615 WEB-MISC Oracle WebLogic Server Information Disclosure Vulnerability
999854 CVE-2019-11872 WordPress plug-in Hustle Prior To 6.0.8.1 - CSV Injection Vulnerability
999855 CVE-2019-11231 WEB-MISC GetSimple CMS Version 3.3.15 and Prior - Arbitrary File Upload Vulnerability
999856 CVE-2019-11231 WEB-MISC GetSimple CMS Version 3.3.15 and Prior - API Key Information Disclosure
999857 WEB-WORDPRESS WordPress plug-in WP Database Backup Prior To 5.2 - Command Injection Vulnerability
999858 WEB-WORDPRESS WordPress plug-in Slick Popup Up To 1.7.1 - Privilege Escalation Vulnerability
999859 CVE-2019-12099 WEB-MISC PHP Fusion CMS Remote Code Execution Vulnerability in Version 9.03.00 and Prior
Signature update version 34