Signature update for December 2019
New signatures rules are generated for the vulnerabilities identified in the week 2019-12-19. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 39 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.
Note
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
| Signature rule | CVE ID | Description |
|---|---|---|
| 999760 | WEB-MISC FusionPBX Versions Prior to 4.4.7 and 4.5.5 - Remote Code Execution Vulnerability Via /app/exec/exec.php | |
| 999761 | CVE-2019-12747 | WEB-MISC Typo3 Prior to 8.7.27 and 9.5.8 - Deserialization of Untrusted Data (CVE-2019-12747) |
| 999762 | CVE-2019-13608 | WEB-MISC Citrix StoreFront Server - XML External Entity Injection Vulnerability (CVE-2019-13608) |
| 999763 | WEB-WORDPRESS WordPress Prior To 5.2.4 - Unauthenticated View Of Private or Draft Posts/Pages Vulnerability Via FORM | |
| 999764 | WEB-WORDPRESS WordPress Prior To 5.2.4 - Unauthenticated View Of Private or Draft Posts/Pages Vulnerability Via URL | |
| 999765 | CVE-2019-15954 | WEB-MISC Total.js CMS 12.0.0 - Widget JavaScript Code Injection Vulnerability Via JSON (CVE-2019-15954) |
| 999766 | CVE-2019-15954 | WEB-MISC Total.js CMS 12.0.0 - Widget JavaScript Code Injection Vulnerability Via FORM (CVE-2019-15954) |
| 999767 | WEB-WORDPRESS SyntaxHighlighter Evolved Plugin Prior To 5.3.1 - Stored Cross-Site Scripting Vulnerability Via Comment | |
| 999768 | WEB-WORDPRESS SyntaxHighlighter Evolved Plugin Prior To 5.3.1 - Stored Cross-Site Scripting Vulnerability Via POST | |
| 999769 | WEB-WORDPRESS SyntaxHighlighter Evolved Plugin Prior To 5.3.1 - Stored Cross-Site Scripting Vulnerability Via JSON | |
| 999770 | CVE-2019-16120 | WEB-WORDPRESS Event Tickets Plugin Before 4.10.7.2 - CSV Injection Vulnerability (CVE-2019-16120) |
| 999771 | CVE-2019-15029 | WEB-MISC FusionPBX Prior to 4.4.8 - Remote Code Execution Vulnerability (CVE-2019-15029) |
| 999772 | WEB-WORDPRESS Sassy Social Share Plugin Prior To 3.3.4 - Unauthenticated Cross-Site Scripting Vulnerability | |
| 999773 | WEB-WORDPRESS Email Subscribers & Newsletters Plugin Version 4.3.1 and Prior - Unauthenticated Blind SQLi Vulnerability | |
| 999774 | CVE-2019-3398 | WEB-MISC Atlassian Confluence or Data Center - downloadallattachments Path Traversal Vulnerability (CVE-2019-3398) |
| 999775 | CVE-2019-15952 | WEB-MISC Total.js CMS 12.0.0 - Page Template Path Traversal Vulnerability (CVE-2019-15952) |
| 999776 | CVE-2019-17236 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode Plugin Up To 3.4.0 - Stored XSS (CVE-2019-17236) |
| 999777 | CVE-2019-10475 | WEB-MISC Jenkins Build-Metrics Plugin 1.3 - Reflected XSS Vulnerability (CVE-2019-10475) |
| 999778 | CVE-2019-17132 | WEB-MISC vBulletin Prior to 5.5.4 Patch Level 2 - UpdateAvatar API Endpoint Remote Code Execution Vulnerability (CVE-2019-17132) |
| 999779 | CVE-2019-14994 | WEB-MISC Atlassian Jira Service Desk - Path Traversal Vulnerability (CVE-2019-14994) |
| 999780 | CVE-2019-19367 | WEB-MISC FusionPBX 4.4.1 and Prior - Cross-Site Scripting Vulnerability (CVE-2019-19367) |
| 999781 | CVE-2019-18668 | WEB-WORDPRESS Currency Switcher Plugin Before 2.11.2 - Currency Setting Bypass Vulnerability Via POST (CVE-2019-18668) |
| 999782 | CVE-2019-18668 | WEB-WORDPRESS Currency Switcher Plugin Before 2.11.2 - Currency Setting Bypass Vulnerability Via GET (CVE-2019-18668) |
| 999783 | CVE-2019-16663 | WEB-MISC rConfig 3.9.2 and Prior - Remote Code Execution Vulnerability via Search.crud.php (CVE-2019-16663) |
| 999784 | WEB-MISC Apache Solr Up to 8.3.0 - Unauthenticated Remote Code Execution Via VelocityResponseWriter Custom Template | |
| 999785 | CVE-2019-17235 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode Plugin Up To 3.4.0 - Information Disclosure Via Csv (CVE-2019-17235) |
| 999786 | CVE-2019-17235 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode Plugin Up To 3.4.0 - Information Disclosure Via Bcc (CVE-2019-17235) |
| 999787 | CVE-2019-12276 | WEB-MISC GrandNode 4.40 - LetsEncryptController Path Traversal Vulnerability (CVE-2019-12276) |
| 999788 | WEB-WORDPRESS Email Subscribers & Newsletters Plugin Prior to Version 4.2.3 - Unauthenticated Information Disclosure | |
| 999789 | CVE-2019-4013 | WEB-MISC IBM BigFix Platform 9.5 - Authenticated Arbitrary File Upload With Root Privileges (CVE-2019-4013) |
| 999790 | CVE-2019-11409 | WEB-MISC FusionPBX Version 4.4.3 and Prior - Remote Code Execution Via /app/basic_operator_panel/exec.php (CVE-2019-11409) |
| 999791 | CVE-2019-11409 | WEB-MISC FusionPBX Version 4.4.3 and Prior - Remote Code Execution Via /app/operator_panel/exec.php (CVE-2019-11409) |
| 999792 | CVE-2019-16662 | WEB-MISC rConfig 3.9.2 and Prior - Unauthenticated Remote Code Execution Via AjaxServerSettingsChk.php (CVE-2019-16662) |
| 999793 | CVE-2019-7609 | WEB-MISC Elastic Kibana Prior to 5.6.15 and 6.6.1 - Prototype Pollution Vulnerability Allows Unauthenticated RCE (CVE-2019-7609) |
| 999794 | CVE-2019-10092 | WEB-MISC Apache HTTP Server Up To 2.4.39 - mod_proxy Limited Cross-Site Scripting (CVE-2019-10092) |
| 999795 | CVE-2019-16520 | WEB-WORDPRESS All In One SEO Pack Plugin Before 3.2.7 - Stored XSS Vulnerability (CVE-2019-16520) |
| 999796 | CVE-2019-17234 | WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode Plugin Up to 3.4.0 - Arbitrary File Deletion (CVE-2019-17234) |
| 999797 | CVE-2019-16525 | WEB-WORDPRESS Checklist Plugin Prior to Version 1.1.9 - XSS Vulnerability (CVE-2019-16525) |
| 999798 | WEB-WORDPRESS Safe SVG Plugin Prior to 1.9.6 - XSS Vulnerability | |
| 999799 | WEB-WORDPRESS Email Subscribers & Newsletters Plugin Prior to Version 4.2.3 - Unauthenticated Arbitrary Option Creation |
Signature update for December 2019
Copied!
Failed!