Citrix ADC

Signature update version 37

December 16, 2021

Contributed by:

S S

New signatures rules are generated for the vulnerabilities identified in version 37. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999806	CVE-2019-3394	WEB-MISC Atlassian Confluence or Data Center - Local File Disclosure Vulnerability (CVE-2019-3394)
999807	CVE-2019-13569	WEB-WORDPRESS Icegram Email Subscribers & Newsletters plug-in Prior to 4.1.8 - SQLi Via Esfpx_lists Param (CVE-2019-13569)
999808	CVE-2019-13569	WEB-WORDPRESS Icegram Email Subscribers & Newsletters plug-in Prior to 4.1.8 - SQLi Via Order Param (CVE-2019-13569)
999809	CVE-2019-2768	WEB-MISC Oracle BI Publisher - Predictable Session Token Vulnerability (CVE-2019-2768)
999810	CVE-2019-1003001	WEB-MISC Jenkins Pipeline Groovy plug-in Up To 2.61 - Sandbox Bypass Vulnerability Via Job Update (CVE-2019-1003001)
999811	CVE-2019-13575	WEB-WORDPRESS WPEverest Everest Forms plug-in Prior to 1.5.0 - SQL Injection (CVE-2019-13575)
999812	CVE-2019-15896	WEB-WORDPRESS LifterLMS plug-in Up To 3.34.5 - Security Bypass Vulnerability (CVE-2019-15896)
999813	CVE-2019-3396	WEB-MISC Atlassian Confluence or Data Center - Remote Code Execution Vulnerability (CVE-2019-3396)
999814	CVE-2019-5475	WEB-MISC Sonatype Nexus Repository Manager Prior to 2.14.14 - Remote Code Execution Via Createrepo Path (CVE-2019-5475)
999815	CVE-2019-5475	WEB-MISC Sonatype Nexus Repository Manager Prior to 2.14.14 - Remote Code Execution Via Mergerepo Path (CVE-2019-5475)
999816	CVE-2019-15104	WEB-MISC Zoho ManageEngine OpManager Version Prior to 12.4 - SQL Injection Vulnerability (CVE-2019-15104)

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 37

December 16, 2021

Contributed by:

S S

December 16, 2021

Contributed by:

S S

Signature update version 37

Signature version

Common Vulnerability Entry (CVE) insight

In this article