Citrix ADC

2020 年 10 月的签名更新

New signatures rules are generated for the vulnerabilities identified in the week 2020-10-13. 您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名与以下软件版本的 Citrix Application Delivery Controller (ADC) (ADC) 11.1、12.0、12.1、13.0 和 13.1 兼容。

Citrix ADC 12.0 版本已达到生命周期终止 (EOL)。有关详细信息,请参阅 版本生命周期 页面。

注意:

启用发布主体和响应主体签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
999505   WEB-WORDPRESS WordPress plug-in wpDiscuz 7.0.0 Up To 7.0.4 - Unauthenticated Arbitrary File Upload Vulnerability
999506   WEB-WORDPRESS Quiz & Survey Master - cross-site scripting Vulnerability in Questions Feature
999507 CVE-2020-8604 WEB-MISC Trend Micro IWS VA Prior to 6.5 SP2 Patch 4 - Path Traversal Vuln Via /log_search and cf Param (CVE-2020-8604)
999508 CVE-2020-8604 WEB-MISC Trend Micro IWS VA Prior to 6.5 SP2 Patch 4 - Path Traversal Vuln Via /collection and cf Param (CVE-2020-8604)
999509 CVE-2020-8604 WEB-MISC Trend Micro IWS VA Prior to 6.5 SP2 Patch 4 - Path Traversal Vuln Via /log_search and File Param (CVE-2020-8604)
999510 CVE-2020-8604 WEB-MISC Trend Micro IWS VA Prior to 6.5 SP2 Patch 4 - Path Traversal Vuln Via /collection and File Param (CVE-2020-8604)
999511 CVE-2020-7361 WEB-MISC ZenTao Enterprise 8.8.3 and Prior - Remote Code Execution Vulnerability Via Repo-Edit (CVE-2020-7361)
999512 CVE-2020-7361 WEB-MISC ZenTao Pro 8.8.3 and Prior - Remote Code Execution Vulnerability Via Repo-Edit (CVE-2020-7361)
999513 CVE-2020-7361 WEB-MISC ZenTao Enterprise 8.8.3 and Prior - Remote Code Execution Vulnerability Via Repo-Create (CVE-2020-7361)
999514 CVE-2020-7361 WEB-MISC ZenTao Pro 8.8.3 and Prior - Remote Code Execution Vulnerability Via Repo-Create (CVE-2020-7361)
999515 CVE-2020-5768 WEB-WORDPRESS Icegram Email Subscribers & Newsletters plug-in Prior to 4.5.1 - SQL Injection Vulnerability (CVE-2020-5768)
999516 CVE-2020-5767 WEB-WORDPRESS Icegram Email Subscribers & Newsletters plug-in Prior to 4.5.1 - CSRF Vulnerability (CVE-2020-5767)
999517 CVE-2020-15299 WEB-WORDPRESS KingComposer plug-in Prior To 2.9.5 - cross-site scripting Vulnerability (CVE-2020-15299)
999518 CVE-2020-13854 WEB-MISC Artica Pandora FMS - Privilege Escalation Vulnerability (CVE-2020-13854)
999519 CVE-2020-13852 WEB-MISC Artica Pandora FMS - Arbitrary File Upload Vulnerability Via File Manager (CVE-2020-13852)
999520 CVE-2020-13700 WEB-WORDPRESS WordPress plug-in acf-to-rest-api Before 3.3.0 - Information Disclosure Vulnerability Via URI (CVE-2020-13700)
999521 CVE-2020-13700 WEB-WORDPRESS WordPress plug-in acf-to-rest-api Before 3.3.0 - Information Disclosure Vulnerability Via URL (CVE-2020-13700)
999522 CVE-2020-13379 WEB-MISC Grafana 3.0.1 Through 7.0.1 - CSRF Bypass Leading To DOS Vulnerability (CVE-2020-13379)
999523 CVE-2020-12851 WEB-MISC Pydio Cells Prior to 2.0.7 - Arbitrary File Write Vulnerability (CVE-2020-12851)
999524 CVE-2020-12848 WEB-MISC Pydio Cells Prior to 2.0.7 - Login as Temporary Shared User Vulnerability (CVE-2020-12848)
999525 CVE-2020-11749 WEB-MISC Artica Pandora FMS Prior To 7.47 - cross-site scripting Vulnerability Via SNMP Browser (CVE-2020-11749)
999526 CVE-2020-11579 WEB-MISC PHPKBV9 - File Exfiltration Vulnerability (CVE-2020-11579)
999527 CVE-2020-10546 WEB-MISC rConfig Prior to 3.9.5 - Unauthenticated SQLi Vulnerability in Compliance Policies Via searchColumn (CVE-2020-10546)
999528 CVE-2020-10546 WEB-MISC rConfig Prior to 3.9.5 - Unauthenticated SQLi Vulnerability in Compliance Policies Via searchField (CVE-2020-10546)
999529 CVE-2019-16876 WEB-MISC Portainer Prior To 1.22.1 - Directory Traversal Vulnerability (CVE-2019-16876)
999530   WEB-WORDPRESS - ADning plug-in Prior to 1.5.6 - Unauthenticated Arbitrary File Deletion Vulnerability
999531   WEB-WORDPRESS - ADning plug-in Prior to 1.5.6 - Unauthenticated Arbitrary File Upload Vulnerability
2020 年 10 月的签名更新