ADC

Signature update version 48

New signatures rules are generated for the vulnerabilities identified in the week 2020-07-01. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 48 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999563   WEB-WORDPRESS Page Builder PageLayer plug-in Prior to 1.1.2 - cross-site scripting Vulnerability Via pagelayer_cf_to_email
999564   WEB-WORDPRESS Page Builder PageLayer plug-in Prior to 1.1.2 - cross-site scripting Vulnerability Via pagelayer-phone
999565   WEB-WORDPRESS Page Builder PageLayer plug-in Prior to 1.1.2 - cross-site scripting Vulnerability Via pagelayer-address
999566 CVE-2020-1961 WEB-MISC Apache Syncope - Server-Side Template Injection Vulnerability (CVE-2020-1961)
999567 CVE-2019-18935 WEB-MISC Progress Telerik UI For ASP.NET AJAX - RadAsyncUpload .NET Deserialization Vulnerability (CVE-2019-18935)
999568 CVE-2020-9463 WEB-MISC Centreon 19.10 - OS Command Injection Vulnerability (CVE-2020-9463)
999569   WEB-WORDPRESS Support Review plug-in Prior to 3.7.6 - Unauthenticated Stored Cross Site Scripting Vulnerability
999570   WEB-WORDPRESS Page Builder PageLayer plug-in Prior to 1.1.2 - Improper Access Control Vuln Via pagelayer_save_template
999571   WEB-WORDPRESS Page Builder PageLayer plug-in Prior to 1.1.2 - Improper Access Control Vuln Via pagelayer_update_site_title
999572   WEB-WORDPRESS Page Builder PageLayer plug-in Prior to 1.1.2 - Improper Access Control Vuln Via pagelayer_save_content
999573   WEB-WORDPRESS Drag And Drop Upload For Contact Form 7 Prior To 1.3.3.3 - Arbitrary File Extension Upload Vulnerability
999574 CVE-2020-9314 WEB-MISC Oracle iPlanet Web Server 7.0.x - Image Injection Vulnerability (CVE-2020-9314)
999575 CVE-2020-9484 WEB-MISC Apache Tomcat Multiple Versions - Deserialization of Untrusted Data (CVE-2020-9484)
999576 CVE-2020-13252 WEB-MISC Centreon Prior to 19.04.15 - Remote Code Execution Vulnerability (CVE-2020-13252)
999577 CVE-2020-11453 WEB-MISC Microstrategy Web - CSRF Vulnerability Via SOAP (CVE-2020-11453)
999578 CVE-2020-11453 WEB-MISC Microstrategy Web - CSRF Vulnerability (CVE-2020-11453)
999579 CVE-2020-7237 WEB-MISC Cacti Prior to 1.2.8 - Remote Code Execution Vulnerability (CVE-2020-7237)
Signature update version 48