Citrix ADC

2021 年 6 月的签名更新

为 2021-06-02 周确定的漏洞生成了新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名与以下软件版本的 Citrix Application Delivery Controller (ADC) (ADC) 11.1、12.0、12.1、13.0 和 13.1 兼容。

Citrix ADC 12.0 版本已达到生命周期终止 (EOL)。有关详细信息,请参阅 版本生命周期 页面。

注意:

启用发布主体和响应主体签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
999243 CVE-2021-31761 WEB-MISC Webmin Prior to 1.974 - XSS Vulnerability Via /servers/link.cgi/ (CVE-2021-31761)
999244 CVE-2021-31761 WEB-MISC Webmin Prior to 1.974 - XSS Vulnerability Via /tunnel/link.cgi/ (CVE-2021-31761)
999245 CVE-2021-31166 WEB-IIS Microsoft HTTP Protocol Stack - Remote Code Execution Vulnerability (CVE-2021-31166)
999246 CVE-2021-29447 WEB-WORDPRESS WordPress Prior to 5.7.1 - Media Library XXE Vulnerability (CVE-2021-29447)
999247 CVE-2021-28157 WEB-MISC Devolutions Server Prior to 2021.1 and 2020.3.18 - SQL Injection Vulnerability Via User Delete (CVE-2021-28157)
999248 CVE-2021-27905 WEB-MISC Apache Solr Prior to 8.2.2 - ReplicationHandler SSRF Vulnerability via leaderUrl (CVE-2021-27905)
999249 CVE-2021-27905 WEB-MISC Apache Solr Prior to 8.2.2 - ReplicationHandler SSRF Vulnerability via masterUrl (CVE-2021-27905)
999250 CVE-2021-27890 WEB-MISC MyBB Prior to 1.8.26 - Theme Properties SQL Injection Vulnerability (CVE-2021-27890)
999251 CVE-2021-27850, CVE-2019-0195 WEB-MISC Apache Tapestry - Unauthenticated Information Disclosure Vulnerability (CVE-2021-27850 and CVE-2019-0195)
999252 CVE-2021-27183 WEB-MISC MDaemon Prior to 20.0.4 - Arbitrary File Write Vulnerability (CVE-2021-27183)
999253 CVE-2021-27181 WEB-MISC MDaemon Prior to 20.0.4 - Anti-CSRF Token Fixation Vulnerability (CVE-2021-27181)
999254 CVE-2021-27180 WEB-MISC MDaemon Prior to 20.0.4 - Reflected XSS Vulnerability (CVE-2021-27180)
999255 CVE-2021-24340 WEB-WORDPRESS WP Statistics Prior to 13.0.8 - Unauthenticated SQL Injection Vulnerability (CVE-2021-24340)
999256 CVE-2021-24171 WEB-WORDPRESS WooCommerce Upload Files Plugin Prior to 59.4 - Path Traversal Vulnerability (CVE-2021-24171)
999257 CVE-2021-24171 WEB-WORDPRESS WooCommerce Upload Files Plugin Prior to 59.4 - Arbitrary File Upload Vulnerability (CVE-2021-24171)
999258 CVE-2021-22658 WEB-MISC Advantech iView Prior to 5.7.03.6112 - SQLi Vulnerability Via UserServlet and user_password (CVE-2021-22658)
999259 CVE-2021-22658 WEB-MISC Advantech iView Prior to 5.7.03.6112 - SQLi Vulnerability Via UserServlet and user_name (CVE-2021-22658)
999260 CVE-2021-22658 WEB-MISC Advantech iView Prior to 5.7.03.6112 - SQLi Vulnerability Via CommandServlet and user_password (CVE-2021-22658)
999261 CVE-2021-22658 WEB-MISC Advantech iView Prior to 5.7.03.6112 - SQLi Vulnerability Via CommandServlet and user_name (CVE-2021-22658)
999262 CVE-2021-21983 WEB-MISC VMWare vRealize Operations Manager Prior to 8.4 - Arbitrary File Write Vulnerability (CVE-2021-21983)
999263 CVE-2020-6754 WEB-MISC dotCMS Prior to 5.2.4 - Directory Traversal Vulnerability Via assets (CVE-2020-6754)
999264 CVE-2020-27128 WEB-MISC Cisco SD-WAN vManage Prior to 20.3.1 - Arbitrary File Write Vulnerability Via remoteprocessing (CVE-2020-27128)
999265 CVE-2020-27128 WEB-MISC Cisco SD-WAN vManage Prior to 20.3.1 - Arbitrary File Write Vulnerability Via dr (CVE-2020-27128)
999266 CVE-2020-15714 WEB-MISC rConfig 3.9.5 and Prior - SQL Injection Vulnerability (CVE-2020-15714)
999267 CVE-2020-15713 WEB-MISC rConfig Prior to 3.9.6 - SQL Injection Vulnerability (CVE-2020-15713)
999268 CVE-2020-14295 WEB-MISC Cacti Prior to 1.2.13 - SQL Injection Vulnerability (CVE-2020-14295)
999269 CVE-2020-13778 WEB-MISC rConfig Prior to 3.9.5 - Remote Code Execution Vulnerability Via ajaxEditTemplate.php (CVE-2020-13778)
999270 CVE-2020-13778 WEB-MISC rConfig Prior to 3.9.5 - Remote Code Execution Vulnerability Via ajaxAddTemplate.php (CVE-2020-13778)
999271 CVE-2020-13592 WEB-MISC Rukovoditel Project Management App - SQL Injection Vulnerability Via selected_fields (CVE-2020-13592)
999272 CVE-2020-13592 WEB-MISC Rukovoditel Project Management App - SQL Injection Vulnerability Via lists_id (CVE-2020-13592)
999273 CVE-2020-13591 WEB-MISC Rukovoditel Project Management App - SQL Injection Vulnerability (CVE-2020-13591)
999274 CVE-2020-13550 WEB-MISC Advantech WebAccess/SCADA - Path Traversal Vulnerability Via fileName (CVE-2020-13550)
2021 年 6 月的签名更新