Signature update for October 2021

New signatures rules are generated for the vulnerabilities identified in the week 2021-10-09. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 69 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 and Citrix ADC 13.1 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999149 CVE-2021-38312 WEB-WORDPRESS Gutenberg Template Library and Redux Framework Plugin Prior to 4.2.12 - REST_ROUTE Vulnerability (CVE-2021-38312)
999150 CVE-2021-38312 WEB-WORDPRESS Gutenberg Template Library and Redux Framework Plugin Prior to 4.2.12 - REST API Vulnerability (CVE-2021-38312)
999151 CVE-2021-34639 WEB-WORDPRESS Download Manager Plugin Prior to 3.1.25 - Double Extension Upload Vulnerability (CVE-2021-34639)
999152 CVE-2021-34621 WEB-WORDPRESS ProfilePress Plugin Prior to 3.1.3 - Elevation of Privilege Vulnerability Via wp_capabilities (CVE-2021-34621)
999153 CVE-2021-32682 WEB-MISC elFinder Prior To 2.1.59 - Path Traversal Vulnerability Via Rename Command (CVE-2021-32682)
999154 CVE-2021-32682 WEB-MISC elFinder Prior To 2.1.59 - Path Traversal Vulnerability Via Abort Command (CVE-2021-32682)
999155 CVE-2021-26086 WEB-MISC Atlassian Jira Server and Data Center - Information Disclosure Vulnerability Via WEB-INF (CVE-2021-26086)
999156 CVE-2021-26086 WEB-MISC Atlassian Jira Server and Data Center - Information Disclosure Vulnerability Via META-INF (CVE-2021-26086)
999157 CVE-2021-22005 WEB-MISC VMWare vCenter - File Upload Vulnerability Via Data App (CVE-2021-22005)
999158 CVE-2021-22005 WEB-MISC VMWare vCenter - File Upload Vulnerability Via Telemetry Stage Log (CVE-2021-22005)
999159 CVE-2021-22005 WEB-MISC VMWare vCenter - File Upload Vulnerability Via Telemetry Prod Log (CVE-2021-22005)
999160 CVE-2021-20081 WEB-MISC Zoho ManageEngine Service Desk Prior to 11.2.0.5 - Remote Code Execution Vulnerability (CVE-2021-20081)
999161 CVE-2020-29453 WEB-MISC Atlassian Jira Server and Data Center - Information Disclosure Vulnerability Via WEB-INF (CVE-2020-29453)
999162 CVE-2020-29453 WEB-MISC Atlassian Jira Server and Data Center - Information Disclosure Vulnerability Via META-INF (CVE-2020-29453)
Signature update for October 2021