Citrix ADC

2020 年 12 月的签名更新

针对2020-12-02当周发现的漏洞,将生成新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名与以下软件版本的 Citrix Application Delivery Controller (ADC) (ADC) 11.1、12.0、12.1、13.0 和 13.1 兼容。

Citrix ADC 12.0 版本已达到生命周期终止 (EOL)。有关详细信息,请参阅 版本生命周期 页面。

注意:

启用发布主体和响应主体签名规则可能会影响 Citrix ADC CPU。作为签名更新版本 54 的一部分,签名 999720 的日志字符串已更改,以确保它仅包含 ASCI 字符。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
999394 CVE-2020-8255 WEB-MISC Pulse Connect Secure Prior To 9.1R9 - Information Disclosure Vulnerability (CVE-2020-8255)
999395 CVE-2020-6128 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CoursePeriodModal.php (CVE-2020-6128)
999396 CVE-2020-6126, CVE-2020-6127 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CoursePeriodModal.php (CVE-2020-6126, CVE-2020-6127)
999397 CVE-2020-28328 WEB-MISC SuiteCRM Prior to 7.11.16 - Remote Code Execution Vulnerability (CVE-2020-28328)
999398 CVE-2020-27995 WEB-MISC Zoho ManageEngine Applications Manager 14 Prior to Build 14560 - SQL Injection Vulnerability (CVE-2020-27995)
999399 CVE-2020-26879 WEB-MISC Ruckus vRIoT Server Prior to 1.6.0 - Authorization Bypass Vulnerability Via /service/ (CVE-2020-26879)
999400 CVE-2020-26879 WEB-MISC Ruckus vRIoT Server Prior to 1.6.0 - Authorization Bypass Vulnerability Via /reboot (CVE-2020-26879)
999401 CVE-2020-26879 WEB-MISC Ruckus vRIoT Server Prior to 1.6.0 - Authorization Bypass Vulnerability Via /patch/ (CVE-2020-26879)
999402 CVE-2020-26879 WEB-MISC Ruckus vRIoT Server Prior to 1.6.0 - Authorization Bypass Vulnerability Via /upgrade/ (CVE-2020-26879)
999403 CVE-2020-26879 WEB-MISC Ruckus vRIoT Server Prior to 1.6.0 - Authorization Bypass Vulnerability Via /module/ (CVE-2020-26879)
999404 CVE-2020-26878 WEB-MISC Ruckus vRIoT Server Prior to 1.6.0 - Arbitrary OS Command Injection Vulnerability (CVE-2020-26878)
999405 CVE-2020-25790 WEB-MISC Typesetter CMS 5.x Through 5.1 - Unsecure File Upload Vulnerability (CVE-2020-25790)
999406 CVE-2020-25540 WEB-MISC ThinkAdmin v6 - Directory Traversal Vulnerability (CVE-2020-25540)
999407 CVE-2020-14883 WEB-MISC Oracle WebLogic Server - Authenticated Remote Code Execution Vulnerability (CVE-2020-14883)
999408 CVE-2020-14882, CVE-2020-14750 WEB-MISC Oracle WebLogic Server - Authentication Bypass Vulnerability (CVE-2020-14882, CVE-2020-14750)
999409 CVE-2020-11975, CVE-2020-13942 WEB-MISC Apache Unomi Prior to 1.5.2 - Remote Code Execution Vulnerability (CVE-2020-11975, CVE-2020-13942)
999410 CVE-2020-11803 WEB-MISC Titan SpamTitan Prior To 7.08 - Remote Code Execution Vulnerability (CVE-2020-11803)
2020 年 12 月的签名更新