Citrix ADC

Signature update for April 2020

New signatures rules are generated for the vulnerabilities identified in the week 2020-04-27. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999683 CVE-2020-9043 WEB-WORDPRESS wpCentral plug-in Prior To 1.5.1 - Connection Key Disclosure Vulnerability (CVE-2020-9043)
999684   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent Cross-site Scripting
999685   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent Cross-site Scripting
999686 CVE-2020-0618 WEB-MISC Microsoft SQL Server Reporting Services - Remote Code Execution Vulnerability (CVE-2020-0618)
999687 CVE-2019-16278 WEB-MISC Nostromo Nhttpd Prior to 1.3.7 - Strcutl Function Allows Unauthenticated Remote Code Execution (CVE-2019-16278)
999688 CVE-2019-1937 WEB-MISC Cisco UCS Director 6.6.0.0 to 6.6.1.0 and 6.7.0.0 to 6.7.1.0 - Authentication Bypass Vulnerability (CVE-2019-1937)
999689   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent Cross-site Scripting
999690 CVE-2020-9006 WEB-WORDPRESS Popup Builder plug-in Prior to 3.0 - SQL Injection Via PHP Deserialization Vulnerability (CVE-2020-9006)
999691   WEB-WORDPRESS Duplicate-Post plug-in Version 3.2.3 and Prior - Persistent Cross-site Scripting
999692   WEB-MISC prevent request smuggling via content-length and transfer-encoding header
999693   WEB-WORDPRESS ThemeGrill Demo Importer plug-in Prior To 1.6.3 - Authentication Bypass And Database Wipe Vulnerability
999694 CVE-2019-17237 WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Prior to 3.4.1 - CSRF Vulnerability Via Message (CVE-2019-17237)
999695 CVE-2019-17237 WEB-WORDPRESS IgniteUp Coming Soon and Maintenance Mode plug-in Prior to 3.4.1 - CSRF Vulnerability Via Subject (CVE-2019-17237)
Signature update for April 2020