2019 年 12 月的签名更新
针对 2019-12-19 周发现的漏洞生成新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。
签名版本
签名版本 39 适用于 NetScaler VPX 11.1、NetScaler 12.0、Citrix ADC 12.1、Citrix ADC 13.0 平台。
注意
启用后置正文和响应正文签名规则可能会影响 Citrix ADC CPU。
常见漏洞条目 (CVE) 见解
以下是签名规则、CVE ID 及其描述的列表。
| 签名规则 | CVE ID | 说明 |
|---|---|---|
| 999760 | WEB-MISC FusionPBX Versions Prior to 4.4.7 and 4.5.5 - Remote Code Execution Vulnerability Via /app/exec/exec.php | |
| 999761 | CVE-2019-12747 | WEB-MISC Typo3 Prior to 8.7.27 and 9.5.8 - Deserialization of Untrusted Data (CVE-2019-12747) |
| 999762 | CVE-2019-13608 | WEB-MISC Citrix StoreFront Server - XML External Entity Injection Vulnerability (CVE-2019-13608) |
| 999763 | WEB-WORDPRESS WordPress Prior To 5.2.4 - Unauthenticated View Of Private or Draft Posts/Pages Vulnerability Via FORM | |
| 999764 | WEB-WORDPRESS WordPress Prior To 5.2.4 - Unauthenticated View Of Private or Draft Posts/Pages Vulnerability Via URL | |
| 999765 | CVE-2019-15954 | WEB-MISC Total.js CMS 12.0.0 - Widget JavaScript Code Injection Vulnerability Via JSON (CVE-2019-15954) |
| 999766 | CVE-2019-15954 | WEB-MISC Total.js CMS 12.0.0 - Widget JavaScript Code Injection Vulnerability Via FORM (CVE-2019-15954) |
| 999767 | WEB-WORDPRESS SyntaxHighlighter 在 5.3.1 之前进化插件-通过评论存储的跨站点脚本漏洞 | |
| 999768 | WEB-WORDPRESS SyntaxHighlighter 在 5.3.1 之前进化插件-通过 POST 存储的跨站点脚本漏洞 | |
| 999769 | WEB-WORDPRESS SyntaxHighlighter 在 5.3.1 之前进化插件-通过 JSON 存储的跨站点脚本漏洞 | |
| 999770 | CVE-2019-16120 | WEB-WORDPRESS 活动门票插件 4.10.7.2 之前的插件-CSV 注入漏洞 (CVE-2019-16120) |
| 999771 | CVE-2019-15029 | WEB-MISC FusionPBX Prior to 4.4.8 - Remote Code Execution Vulnerability (CVE-2019-15029) |
| 999772 | WEB-WORDPRESS Sassy 社交共享插件 3.3.4 之前的版本-未经身份验证的跨站点脚本漏洞 | |
| 999773 | WEB-WORDPRESS 电子邮件订阅者和通讯插件 4.3.1 及以前版本-未经身份验证的盲 SQLI 漏洞 | |
| 999774 | CVE-2019-3398 | WEB-MISC Atlassian Confluence or Data Center - downloadallattachments Path Traversal Vulnerability (CVE-2019-3398) |
| 999775 | CVE-2019-15952 | WEB-MISC Total.js CMS 12.0.0 - Page Template Path Traversal Vulnerability (CVE-2019-15952) |
| 999776 | CVE-2019-17236 | WEB-WORDPRESS igniteUp 即将推出和维护模式插件高达 3.4.0-存储的跨站点脚本 (CVE-2019-17236) |
| 999777 | CVE-2019-10475 | WEB-MISC Jenkins 构建量度插件 1.3-反射跨站点脚本漏洞 (CVE-2019-10475) |
| 999778 | CVE-2019-17132 | WEB-MISC vBulletin Prior to 5.5.4 Patch Level 2 - UpdateAvatar API Endpoint Remote Code Execution Vulnerability (CVE-2019-17132) |
| 999779 | CVE-2019-14994 | WEB-MISC Atlassian Jira Service Desk - Path Traversal Vulnerability (CVE-2019-14994) |
| 999780 | CVE-2019-19367 | WEB-MISC FusionPBX 4.4.1 and Prior - Cross-Site Scripting Vulnerability (CVE-2019-19367) |
| 999781 | CVE-2019-18668 | WEB-WORDPRESS 货币切换器插件 2.11.2 之前-通过 POST 设置绕过漏洞 (CVE-2019-18668) |
| 999782 | CVE-2019-18668 | WEB-WORDPRESS 货币切换器插件 2.11.2 之前-通过 GET 绕过货币设置漏洞 (CVE-2019-18668) |
| 999783 | CVE-2019-16663 | WEB-MISC rConfig 3.9.2 and Prior - Remote Code Execution Vulnerability via Search.crud.php (CVE-2019-16663) |
| 999784 | WEB-MISC Apache Solr Up to 8.3.0 - Unauthenticated Remote Code Execution Via VelocityResponseWriter Custom Template | |
| 999785 | CVE-2019-17235 | WEB-WORDPRESS igniteUp 即将推出和维护模式插件高达 3.4.0-通过 Ccsv 进行信息披露 (CVE-2019-17235) |
| 999786 | CVE-2019-17235 | WEB-WORDPRESS igniteUp 即将推出和维护模式插件高达 3.4.0-通过密件抄送信息披露 (CVE-2019-17235) |
| 999787 | CVE-2019-12276 | WEB-MISC GrandNode 4.40 - LetsEncryptController Path Traversal Vulnerability (CVE-2019-12276) |
| 999788 | WEB-WORDPRESS 电子邮件订阅者和新闻稿 4.2.3 版之前的插件-未经身份验证的信息 | |
| 999789 | CVE-2019-4013 | WEB-MISC IBM BigFix Platform 9.5 - Authenticated Arbitrary File Upload With Root Privileges (CVE-2019-4013) |
| 999790 | CVE-2019-11409 | WEB-MISC FusionPBX Version 4.4.3 and Prior - Remote Code Execution Via /app/basic_operator_panel/exec.php (CVE-2019-11409) |
| 999791 | CVE-2019-11409 | WEB-MISC FusionPBX Version 4.4.3 and Prior - Remote Code Execution Via /app/operator_panel/exec.php (CVE-2019-11409) |
| 999792 | CVE-2019-16662 | WEB-MISC rConfig 3.9.2 and Prior - Unauthenticated Remote Code Execution Via AjaxServerSettingsChk.php (CVE-2019-16662) |
| 999793 | CVE-2019-7609 | WEB-MISC Elastic Kibana Prior to 5.6.15 and 6.6.1 - Prototype Pollution Vulnerability Allows Unauthenticated RCE (CVE-2019-7609) |
| 999794 | CVE-2019-10092 | WEB-MISC Apache HTTP Server Up To 2.4.39 - mod_proxy Limited Cross-Site Scripting (CVE-2019-10092) |
| 999795 | CVE-2019-16520 | WEB-WORDPRESS 一体搜索引擎优化包插件 3.2.7 之前的插件-存储的跨站点脚本漏洞 (CVE-2019-16520) |
| 999796 | CVE-2019-17234 | WEB-WORDPRESS igniteUp 即将推出和维护模式插件高达 3.4.0-任意文件删除 (CVE-2019-17234) |
| 999797 | CVE-2019-16525 | WEB-WORDPRESS 清单插件 1.1.9 版之前的版本-跨站点脚本漏洞 (CVE-2019-16525) |
| 999798 | WEB-WORDPRESS Safe SVG 插件 1.9.6 之前-跨站点脚本漏洞 | |
| 999799 | WEB-WORDPRESS 电子邮件订阅者和新闻通讯 4.2.3 之前的插件-未经身份验证的任意选项 |
2019 年 12 月的签名更新
本文中包含的内容
已复制
Failed!