Signatures Alert Articles

Signature update version 28

September 21, 2020

Contributed by:

New signatures rules are generated for the vulnerabilities identified in version 28. You can download and configure these signature rules to protect your appliance from security vulnerable attacks. The signature update includes the signature ID, signature version, and list of CVEs addressed.

Signature version

Signature version 28 applicable to NetScaler VPX 11.1, NetScaler 12.0, and Citrix ADC 12.1 and Citrix ADM 13.0 platforms.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999898	CVE-2018-12895	WEB-MISC WordPress before 4.9.7-Directory Traversal Vulnerability.
999899	CVE-2019-9618	WEB-MISC-GraceMedia Media Player WordPress plug-in 1.0 Arbitrary Local File Inclusion Vulnerability
999900	CVE-2018-20714	WEB-MISC WordPress plug-in WooCommerce before 3.4.6 - File Deletion Vulnerability.
999901	CVE-2018-11868	WEB-MISC FlowPaper FlexPaper before 2.3.7 can Allow Remote Code Execution-Reset of Config Files.
999902	CVE-2018-11868	WEB-MISC FlowPaper FlexPaper before 2.3.7 can Allow Remote Code Execution.
999903	CVE-2019-9184	WEB-MISC-Joomla! J2Store Plugin 3.x Before 3.3.7 Allows SQL Injection.
999904	CVE-2019-9168	WEB-MISC WordPress plug-in WooCommerce before 3.5.5-XSS via Photoswipe caption.
999905		WEB-MISC WordPress plug-in Abandoned Cart before 5.1.3 for WooCommerce-Stored Cross-Site Scripting.
999906	CVE-2019-8942	WEB-MISC WordPress before 4.9.9 and 5.x before 5.0.1-remote code execution.
999907	CVE-2019-8942	WEB-MISC WordPress before 4.9.9 and 5.x before 5.0.1-remote code execution.
999908	CVE-2019-8942	WEB-MISC WordPress before 4.9.9 and 5.x before 5.0.1-remote code execution
999909	CVE-2017-16562	WEB-MISC-Deluxe Theme UserPro WordPress Plugin Security Bypass Vulnerability Via up_auto_log=true Parameter
999910	CVE-2018-20782	WEB-MISC WordPress Plugin GloBee before 1.1.2 for WooCommerce-IPN Messages Spoofing
999911	CVE-2019-6340	Drupal-Arbitrary Remote Code Execution in Drupal Core 8 RESTFul WebServices

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 28

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

Signature update version 28

Signature version

Common Vulnerability Entry (CVE) insight

Signature update version 28

In this article