2021 年 2 月的签名更新

将为 2021-02-03 周发现的漏洞生成新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名版本 57 适用于 NetScaler VPX 11.1、NetScaler 12.0、Citrix ADC 12.1、Citrix ADC 13.0 平台。

注意:

启用发布主体和响应主体签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
999339   WEB-MISC Zoom Meeting Connector 4.6.348.20201217 - Remote Code Execution Vulnerability Via proxyPasswd
999340   WEB-MISC Zoom Meeting Connector 4.6.348.20201217 - Remote Code Execution Vulnerability Via proxyName
999341 CVE-2021-3129 WEB-MISC Ignition Prior to 2.5.2 - Unauthenticated Remote Code Execution Vulnerability (CVE-2021-3129)
999342 CVE-2021-3025 WEB-MISC Invision Community IPS Community Suite Prior to 4.5.4.2 - SQL Injection Vulnerability Via sortDir (CVE-2021-3025)
999343 CVE-2021-2109 WEB-MISC Oracle WebLogic Server - Remote Code Execution Vulnerability Via JNDI Injection (CVE-2021-2109)
999344 CVE-2020-7200 WEB-MISC HPE Systems Insight Manager 7.6.x - AMF Unsecure Deserialization Vulnerability (CVE-2020-7200)
999345 CVE-2020-7199 WEB-MISC HPE EIM Prior to 1.21 - Improper Authentication Vulnerability in /private/EIMApplianceIP (CVE-2020-7199)
999346 CVE-2020-7199 WEB-MISC HPE EIM Prior to 1.21 - Improper Authentication Vulnerability in /private/AdminPassReset (CVE-2020-7199)
999347 CVE-2020-7199 WEB-MISC HPE EIM Prior to 1.21 - Improper Authentication Vulnerability in /private/ResetAppliance (CVE-2020-7199)
999348 CVE-2020-6136 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via DownloadWindow.php (CVE-2020-6136)
999349 CVE-2020-35729 WEB-MISC KLog Server 2.4.1 and Prior - OS Command Injection Vulnerability (CVE-2020-35729)
999350 CVE-2020-35701 WEB-MISC Cacti 1.2.16 and Prior - SQL Injection Vulnerability Via site_id (CVE-2020-35701)
999351 CVE-2020-35489 WEB-WORDPRESS Contact Form 7 Prior to 5.3.2 - Unrestricted File Upload Vulnerability (CVE-2020-35489)
999352 CVE-2020-27615 WEB-WORDPRESS Loginizer Plugin Prior to 1.6.4 - SQL Injection Vulnerability (CVE-2020-27615)
999353 CVE-2020-26046 WEB-MISC Fuel CMS 1.4.11 and Prior - XSS Vulnerability Via /fuel/sitevariables/create (CVE-2020-26046)
999354 CVE-2020-26046 WEB-MISC Fuel CMS 1.4.11 and Prior - XSS Vulnerability Via /fuel/sitevariables/edit (CVE-2020-26046)
999355 CVE-2020-26046 WEB-MISC Fuel CMS 1.4.11 and Prior - XSS Vulnerability Via /fuel/navigation/create (CVE-2020-26046)
999356 CVE-2020-26046 WEB-MISC Fuel CMS 1.4.11 and Prior - XSS Vulnerability Via /fuel/navigation/edit (CVE-2020-26046)
999357 CVE-2020-26046 WEB-MISC Fuel CMS 1.4.11 and Prior - XSS Vulnerability Via /fuel/blocks/create (CVE-2020-26046)
999358 CVE-2020-26046 WEB-MISC Fuel CMS 1.4.11 and Prior - XSS Vulnerability Via /fuel/blocks/edit (CVE-2020-26046)
999359 CVE-2020-26045 WEB-MISC Fuel CMS 1.4.11 - SQLi Vulnerability Via /fuel/permissions/create (CVE-2020-26045)
999360 CVE-2020-17519 WEB-MISC Apache Flink Prior to 1.11.3 - Arbitrary File Disclosure Vulnerability (CVE-2020-17519)
999361 CVE-2020-17518 WEB-MISC Apache Flink 1.5.1 to 1.11.2 - Arbitrary Location File Upload Vulnerability (CVE-2020-17518)
999362 CVE-2019-16010 WEB-MISC Cisco SD-WAN vManage Prior to 19.2.2 - Stored XSS Vulnerability (CVE-2019-16010)
999363 CVE-2019-15000 WEB-MISC VMWare Bitbucket Server and Data Center - Git Command Injection Vulnerability Via at (CVE-2019-15000)
999364 CVE-2019-15000 WEB-MISC VMWare Bitbucket Server and Data Center - Git Command Injection Vulnerability Via until/untilID (CVE-2019-15000)
999365 CVE-2019-15000 WEB-MISC VMWare Bitbucket Server and Data Center - Git Command Injection Vulnerability Via since/sinceID (CVE-2019-15000)
2021 年 2 月的签名更新