Citrix ADC

Signature update version 34

December 16, 2021

Contributed by:

New signatures rules are generated for the vulnerabilities identified in version 34. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999843		WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - Setting Arbitrary File For Read
999844		WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - Arbitrary File Read
999845		WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - File Removal Via File Replacement
999846		WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - File Removal
999847		WEB-WORDPRESS WordPress plug-in Shortlinks Prior To 2.1.10 - CSV Injection Vulnerability
999848		WEB-WORDPRESS WordPress plug-in Shortlinks Prior To 2.1.10 - Unauthenticated Stored cross-site scripting Vulnerability
999849		WEB-WORDPRESS WordPress plug-in FV Flowplayer Video Player Prior To 7.3.13.727 - Unauthenticated Stored cross-site scripting Vulnerability
999850		WEB-WORDPRESS WordPress plug-in Easy Digital Downloads Prior To 2.9.16 - Unauthenticated Stored cross-site scripting Vulnerability
999851		WEB-WORDPRESS WordPress plug-in Crelly Slider Prior to version 1.3.5 - Arbitrary File Upload Vulnerability
999853	CVE-2019-2615	WEB-MISC Oracle WebLogic Server Information Disclosure Vulnerability
999854	CVE-2019-11872	WordPress plug-in Hustle Prior To 6.0.8.1 - CSV Injection Vulnerability
999855	CVE-2019-11231	WEB-MISC GetSimple CMS Version 3.3.15 and Prior - Arbitrary File Upload Vulnerability
999856	CVE-2019-11231	WEB-MISC GetSimple CMS Version 3.3.15 and Prior - API Key Information Disclosure
999857		WEB-WORDPRESS WordPress plug-in WP Database Backup Prior To 5.2 - Command Injection Vulnerability
999858		WEB-WORDPRESS WordPress plug-in Slick Popup Up To 1.7.1 - Privilege Escalation Vulnerability
999859	CVE-2019-12099	WEB-MISC PHP Fusion CMS Remote Code Execution Vulnerability in Version 9.03.00 and Prior

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 34

December 16, 2021

Contributed by:

December 16, 2021

Contributed by:

Signature update version 34

Signature version

Common Vulnerability Entry (CVE) insight

In this article