Citrix ADC

Signature update version 35

December 8, 2020

Contributed by:

S S

New signatures rules are generated for the vulnerabilities identified in version 35. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 35 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, and Citrix ADC 13.0 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999834	CVE-2019-13024	WEB-MISC Centreon Version 19.04 and Prior - Command Injection Vulnerability
999835	CVE-2019-5420	WEB-MISC Rails Development Mode - Secret Token Disclosure Vulnerability
999836	CVE-2019-5418	WEB-MISC Rails Action View - File Content Disclosure Vulnerability
999837	CVE-2018-12426, CVE-2019-11185	WEB-WORDPRESS WP Live Chat Support Pro plug-in Prior to 8.0.26 - Arbitrary File Upload
999838	CVE-2019-10270	WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.40 - Arbitrary Password Reset
999839	CVE-2019-12826	WEB-WORDPRESS WordPress plug-in Widget Logic Prior To 5.10.2 - CSRF Vulnerability
999840		WEB-WORDPRESS WordPress plug-in All-In-One Event Calendar Prior To 2.5.39 - cross-site scripting Vulnerability
999841	CVE-2019-11565	WEB-WORDPRESS WordPress plug-in Print My Blog Prior To 1.6.7 - Unauthenticated SSRF Vulnerability
999842		WEB-WORDPRESS WordPress plug-in Ultimate Member Prior to Version 2.0.46 - Multiple `cross-site scripting</LogString`

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 35

December 8, 2020

Contributed by:

S S

December 8, 2020

Contributed by:

S S

Signature update version 35

Signature version

Common Vulnerability Entry (CVE) insight

In this article