Signature update for April 2020

New signatures rules are generated for the vulnerabilities identified in the week 2020-04-27. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 44 is applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999670   WEB-WORDPRESS ThemeGrill Demo Importer plug-in Prior To 1.6.3 - Authentication Bypass And Database Wipe Vulnerability
999671   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent cross-site scripting
999672 CVE-2020-0618 WEB-MISC Microsoft SQL Server Reporting Services - Remote Code Execution Vulnerability (CVE-2020-0618)
999673 CVE-2019-16278 WEB-MISC Nostromo Nhttpd Prior to 1.3.7 - Strcutl Function Allows Unauthenticated Remote Code Execution (CVE-2019-16278)
999674   WEB-MISC prevent request smuggling via content-length and transfer-encoding header
999675   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent cross-site scripting
999676   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent cross-site scripting
999677 CVE-2019-1937 WEB-MISC Cisco UCS Director 6.6.0.0 to 6.6.1.0 and 6.7.0.0 to 6.7.1.0 - Authentication Bypass Vulnerability (CVE-2019-1937)
999678 CVE-2019-17237 WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Prior to 3.4.1 - CSRF Vulnerability Via Message (CVE-2019-17237)
999679 CVE-2019-17237 WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Prior to 3.4.1 - CSRF Vulnerability Via Subject (CVE-2019-17237)
999680 CVE-2020-9006 WEB-WORDPRESS Popup Builder plug-in Prior to 3.0 - SQL Injection Via PHP Deserialization Vulnerability (CVE-2020-9006)
999681   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent cross-site scripting
999682 CVE-2020-9043 WEB-WORDPRESS wpCentral plug-in Prior To 1.5.1 - Connection Key Disclosure Vulnerability (CVE-2020-9043)