Signature update version 33

New signatures rules are generated for the vulnerabilities identified in version 33. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 33 applicable to NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, and Citrix ADC 13.0 platforms.

Note

Enabling Post body and Response body signature rules may affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Rule CVE Description Vulnerability Reference
999860   WordPress plug-in Yuzo Related Posts cross-site scripting Vulnerability https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
999861 CVE-2019-12099   cve,2019-12099
999862   WordPress plug-in Database Backup <= 5.2 - Remote Code Execution https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plug-in
999863   WordPress plug-in Slick Popup - Privilege Escalation https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plug-in
999864 CVE-2019-10866 WordPress plug-in Form Maker 1.13.3 - SQL Injection cve,2019-10866
999865   WordPress plug-in Give – Stored cross-site scripting for Donors https://blog.sucuri.net/2019/05/wordpress-plug-in-give-stored-xss-for-donors.html
999866   WordPress plug-in My Calendar <= 3.1.9 - Unauthenticated cross-site scripting Vulnerability https://wpvulndb.com/vulnerabilities/9267
999867   WordPress plug-in Slimstat <= 4.8 - Unauthenticated Stored cross-site scripting https://blog.sucuri.net/2019/05/slimstat-stored-xss-from-visitors.html
999868 CVE-2019-2618 WebLogic Arbitrary Upload Vulnerability cve,2019-2618
999869 CVE-2019-11871 WEB-WORDPRESS WordPress plug-in Custom Field Suite Prior To 2.5.15 - Cross-Site Scripting Vulnerability cve,2019-11871
999870   WEB-WORDPRESS WordPress Live Chat Support plug-in Persistent cross-site scripting Vulnerability prior 8.0.27 via wplc_custom_js parameter https://blog.sucuri.net/2019/05/persistent-cross-site-scripting-in-wp-live-chat-support-plug-in.html
999871   WEB-WORDPRESS WordPress plug-in W3 Total Cache Prior To 0.9.7.4 - PHAR Remote Code Execution Vulnerability https://wpvulndb.com/vulnerabilities/9270
999872   WEB-WORDPRESS WordPress plug-in W3 Total Cache Prior To 0.9.7.4 - PHAR Remote Code Execution Vulnerability https://wpvulndb.com/vulnerabilities/9269
999873 CVE-2019-0604 WEB-MISC Microsoft Windows Sharepoint Server - Remote Code Execution Vulnerability cve,2019-0604
999874   WEB-WORDPRESS Yuzo Related Posts Unauthenticated Stored cross-site scripting Vulnerability in 5.12.91 https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
Signature update version 33