ADC

Signature update version 91

New signatures rules are generated for the vulnerabilities identified in the week 2022-08-23. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 91 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998909 CVE-2022-38129 WEB-MISC Keysight SMS Prior to 2.4.1 - Path Traversal Vulnerability Allows RCE (CVE-2022-38129)
998910 CVE-2022-37042, CVE-2022-27925 WEB-MISC Zimbra Collaboration Suite - MailboxImportServlet Multiple Vulnerabilities (CVE-2022-37042, CVE-2022-27925)
998911 CVE-2022-36446 WEB-MISC Webmin Multiple Versions - HTML Injection and Remote Code Execution Vulnerabilities (CVE-2022-36446)
998912 CVE-2022-35405 WEB-MISC Zoho ManageEngine Password Manager Pro Prior to 12101 - Java Deserialization Vulnerability (CVE-2022-35405)
998913 CVE-2022-34872 WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via vhidden (CVE-2022-34872)
998914 CVE-2022-34872 WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via rpn_function (CVE-2022-34872)
998915 CVE-2022-34872 WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via unit_name (CVE-2022-34872)
998916 CVE-2022-34872 WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via warn (CVE-2022-34872)
998917 CVE-2022-34872 WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via crit (CVE-2022-34872)
998918 CVE-2022-34872 WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via def_type (CVE-2022-34872)
998919 CVE-2022-31813 WEB-MISC Apache HTTP Server Up to 2.4.53 - mod_proxy X-Forwarded-* Headers Removal Vulnerability (CVE-2022-31813)
998920 CVE-2022-31125 WEB-MISC Roxy-wi Prior To 6.1.1.0 - Authentication Bypass Vulnerability Via alert_consumer (CVE-2022-31125)
998921 CVE-2022-31101 WEB-MISC Prestashop Blockwishlist Prior to 2.1.1 - SQL Injection Vulnerability (CVE-2022-31101)
998922 CVE-2022-26137 WEB-MISC Atlassian Products Multiple Versions - Cross-Origin Resource Sharing Bypass Vulnerability (CVE-2022-26137)
998923 CVE-2022-24299 WEB-MISC pfSense CE Prior to 2.6.0 - Remote Code Execution Vulnerability Via vpn_openvpn_client.php (CVE-2022-24299)
998924 CVE-2022-24299 WEB-MISC pfSense CE Prior to 2.6.0 - Remote Code Execution Vulnerability Via vpn_openvpn_server.php (CVE-2022-24299)
998925 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQL Injection Vulnerability Via get-achievements and user_id (CVE-2022-0817)
998926 CVE-2021-36749 WEB-MISC Apache Druid - Arbitrary Local File Disclosure Vulnerability (CVE-2021-36749)
998927 CVE-2021-26919 WEB-MISC Apache Druid Prior to 0.20.2 - Untrusted Deserialization Vulnerability via autoDeserialize=true (CVE-2021-26919)
998928 CVE-2021-26919 WEB-MISC Apache Druid Prior to 0.20.2 - Untrusted Deserialization Vulnerability via detectCustomCollations=true (CVE-2021-26919)
Signature update version 91