Signature update for December 2019
New signatures rules are generated for the vulnerabilities identified in the week 2019-12-19. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
| Signature rule | CVE ID | Description |
|---|---|---|
| 999760 | WEB-MISC FusionPBX Versions Prior to 4.4.7 and 4.5.5 - Remote Code Execution Vulnerability Via /app/exec/exec.php | |
| 999761 | CVE-2019-12747 | WEB-MISC Typo3 Prior to 8.7.27 and 9.5.8 - Deserialization of Untrusted Data (CVE-2019-12747) |
| 999762 | CVE-2019-13608 | WEB-MISC Citrix StoreFront Server - XML External Entity Injection Vulnerability (CVE-2019-13608) |
| 999763 | WEB-WORDPRESS WordPress Prior To 5.2.4 - Unauthenticated View Of Private or Draft Posts/Pages Vulnerability Via FORM | |
| 999764 | WEB-WORDPRESS WordPress Prior To 5.2.4 - Unauthenticated View Of Private or Draft Posts/Pages Vulnerability Via URL | |
| 999765 | CVE-2019-15954 | WEB-MISC Total.js CMS 12.0.0 - Widget JavaScript Code Injection Vulnerability Via JSON (CVE-2019-15954) |
| 999766 | CVE-2019-15954 | WEB-MISC Total.js CMS 12.0.0 - Widget JavaScript Code Injection Vulnerability Via FORM (CVE-2019-15954) |
| 999767 | WEB-WORDPRESS SyntaxHighlighter Evolved plug-in Prior To 5.3.1 - Stored Cross-Site Scripting Vulnerability Via Comment | |
| 999768 | WEB-WORDPRESS SyntaxHighlighter Evolved plug-in Prior To 5.3.1 - Stored Cross-Site Scripting Vulnerability Via POST | |
| 999769 | WEB-WORDPRESS SyntaxHighlighter Evolved plug-in Prior To 5.3.1 - Stored Cross-Site Scripting Vulnerability Via JSON | |
| 999770 | CVE-2019-16120 | WEB-WORDPRESS Event Tickets plug-in Before 4.10.7.2 - CSV Injection Vulnerability (CVE-2019-16120) |
| 999771 | CVE-2019-15029 | WEB-MISC FusionPBX Prior to 4.4.8 - Remote Code Execution Vulnerability (CVE-2019-15029) |
| 999772 | WEB-WORDPRESS Sassy Social Share plug-in Prior To 3.3.4 - Unauthenticated Cross-Site Scripting Vulnerability | |
| 999773 | WEB-WORDPRESS Email Subscribers & Newsletters plug-in Version 4.3.1 and Prior - Unauthenticated Blind SQLi Vulnerability | |
| 999774 | CVE-2019-3398 | WEB-MISC Atlassian Confluence or Data Center - downloadallattachments Path Traversal Vulnerability (CVE-2019-3398) |
| 999775 | CVE-2019-15952 | WEB-MISC Total.js CMS 12.0.0 - Page Template Path Traversal Vulnerability (CVE-2019-15952) |
| 999776 | CVE-2019-17236 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Up To 3.4.0 - Stored cross-site scripting (CVE-2019-17236) |
| 999777 | CVE-2019-10475 | WEB-MISC Jenkins Build-Metrics plug-in 1.3 - Reflected cross-site scripting Vulnerability (CVE-2019-10475) |
| 999778 | CVE-2019-17132 | WEB-MISC vBulletin Prior to 5.5.4 Patch Level 2 - UpdateAvatar API Endpoint Remote Code Execution Vulnerability (CVE-2019-17132) |
| 999779 | CVE-2019-14994 | WEB-MISC Atlassian Jira Service Desk - Path Traversal Vulnerability (CVE-2019-14994) |
| 999780 | CVE-2019-19367 | WEB-MISC FusionPBX 4.4.1 and Prior - Cross-Site Scripting Vulnerability (CVE-2019-19367) |
| 999781 | CVE-2019-18668 | WEB-WORDPRESS Currency Switcher plug-in Before 2.11.2 - Currency Setting Bypass Vulnerability Via POST (CVE-2019-18668) |
| 999782 | CVE-2019-18668 | WEB-WORDPRESS Currency Switcher plug-in Before 2.11.2 - Currency Setting Bypass Vulnerability Via GET (CVE-2019-18668) |
| 999783 | CVE-2019-16663 | WEB-MISC rConfig 3.9.2 and Prior - Remote Code Execution Vulnerability via Search.crud.php (CVE-2019-16663) |
| 999784 | WEB-MISC Apache Solr Up to 8.3.0 - Unauthenticated Remote Code Execution Via VelocityResponseWriter Custom Template | |
| 999785 | CVE-2019-17235 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Up To 3.4.0 - Information Disclosure Via Csv (CVE-2019-17235) |
| 999786 | CVE-2019-17235 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Up To 3.4.0 - Information Disclosure Via Bcc (CVE-2019-17235) |
| 999787 | CVE-2019-12276 | WEB-MISC GrandNode 4.40 - LetsEncryptController Path Traversal Vulnerability (CVE-2019-12276) |
| 999788 | WEB-WORDPRESS Email Subscribers & Newsletters plug-in Prior to Version 4.2.3 - Unauthenticated Information Disclosure | |
| 999789 | CVE-2019-4013 | WEB-MISC IBM BigFix Platform 9.5 - Authenticated Arbitrary File Upload With Root Privileges (CVE-2019-4013) |
| 999790 | CVE-2019-11409 | WEB-MISC FusionPBX Version 4.4.3 and Prior - Remote Code Execution Via /app/basic_operator_panel/exec.php (CVE-2019-11409) |
| 999791 | CVE-2019-11409 | WEB-MISC FusionPBX Version 4.4.3 and Prior - Remote Code Execution Via /app/operator_panel/exec.php (CVE-2019-11409) |
| 999792 | CVE-2019-16662 | WEB-MISC rConfig 3.9.2 and Prior - Unauthenticated Remote Code Execution Via AjaxServerSettingsChk.php (CVE-2019-16662) |
| 999793 | CVE-2019-7609 | WEB-MISC Elastic Kibana Prior to 5.6.15 and 6.6.1 - Prototype Pollution Vulnerability Allows Unauthenticated RCE (CVE-2019-7609) |
| 999794 | CVE-2019-10092 | WEB-MISC Apache HTTP Server Up To 2.4.39 - mod_proxy Limited Cross-Site Scripting (CVE-2019-10092) |
| 999795 | CVE-2019-16520 | WEB-WORDPRESS All In One SEO Pack plug-in Before 3.2.7 - Stored cross-site scripting Vulnerability (CVE-2019-16520) |
| 999796 | CVE-2019-17234 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Up to 3.4.0 - Arbitrary File Deletion (CVE-2019-17234) |
| 999797 | CVE-2019-16525 | WEB-WORDPRESS Checklist plug-in Prior to Version 1.1.9 - cross-site scripting Vulnerability (CVE-2019-16525) |
| 999798 | WEB-WORDPRESS Safe SVG plug-in Prior to 1.9.6 - cross-site scripting Vulnerability | |
| 999799 | WEB-WORDPRESS Email Subscribers & Newsletters plug-in Prior to Version 4.2.3 - Unauthenticated Arbitrary Option Creation |
Signature update for December 2019
Copied!
Failed!