2021 年 3 月的签名更新

为 2021-03-08 周确定的漏洞生成了新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名与以下软件版本的 Citrix Application Delivery Controller (ADC) (ADC) 11.1、12.0、12.1、13.0 和 13.1 兼容。

Citrix ADC 12.0 版本已达到生命周期终止 (EOL)。有关详细信息,请参阅 版本生命周期 页面。

注意:

启用发布主体和响应主体签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
999313 CVE-2021-25299 WEB-MISC NagiosXI Up to 5.7.5 - XSS Vulnerability via url (CVE-2021-25299)
999314 CVE-2021-25298 WEB-MISC NagiosXI Up to 5.7.5 - Remote Code Execution Vulnerability via DigitalOcean Wizard (CVE-2021-25298)
999315 CVE-2021-25297 WEB-MISC NagiosXI Up to 5.7.5 - Remote Code Execution Vulnerability via Switch Wizard (CVE-2021-25297)
999316 CVE-2021-25296 WEB-MISC NagiosXI Up to 5.7.5 - Remote Code Execution Vulnerability via WindowsWMI Wizard (CVE-2021-25296)
999317 CVE-2021-24164 WEB-WORDPRESS Ninja Forms Plugin Prior to 3.4.34.1 - Information Disclosure Vulnerability (CVE-2021-24164)
999318 CVE-2021-24163 WEB-WORDPRESS Ninja Forms Plugin Prior to 3.4.34 - Authorization Bypass Vulnerability (CVE-2021-24163)
999319 CVE-2021-21972 WEB-MISC VMWare vCenter Server Plugin - Remote Code Execution Vulnerability (CVE-2021-21972)
999320 CVE-2020-35129 WEB-MISC Mautic Prior to 3.2.4 - XSS Vulnerability Via New Social Monitoring Form (CVE-2020-35129)
999321 CVE-2020-35129 WEB-MISC Mautic Prior to 3.2.4 - XSS Vulnerability Via Edit Social Monitoring Form (CVE-2020-35129)
999322 CVE-2020-35128 WEB-MISC Mautic Prior to 3.2.4 - XSS Vulnerability Via New Companies Form (CVE-2020-35128)
999323 CVE-2020-35128 WEB-MISC Mautic Prior to 3.2.4 - XSS Vulnerability Via Edit Companies Form (CVE-2020-35128)
999324 CVE-2020-35125 WEB-MISC Mautic Prior to 3.2.4 - XSS Vulnerability Via Referer Header (CVE-2020-35125)
999325 CVE-2020-35125 WEB-MISC Mautic Prior to 3.2.4 - XSS Vulnerability Via mauticform[return] (CVE-2020-35125)
999326 CVE-2020-13933 WEB-MISC Apache Shiro Prior to 1.6.0 - Authentication Bypass Vulnerability Via Semicolon (CVE-2020-13933)
999327 CVE-2020-13921, CVE-2020-9483 WEB-MISC Apache SkyWalking Prior to 8.4.0 - SQL Injection Vulnerability Via queryLogs Feature (CVE-2020-13921, CVE-2020-9483)
2021 年 3 月的签名更新