Citrix ADC

2021 年 12 月的签名更新

针对2021-12-11周中发现的漏洞生成了新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名与以下软件版本的 Citrix Application Delivery Controller (ADC) (ADC) 11.1、12.0、12.1、13.0 和 13.1 兼容。

Citrix ADC 12.0 版本已达到生命周期终止 (EOL)。有关详细信息,请参阅 版本生命周期 页面。

注意:

启用发布主体和响应主体签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
999077 CVE-2021-44228 WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via FORM (CVE-2021-44228)
999078 CVE-2021-44228 WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via BODY (CVE-2021-44228)
999079 CVE-2021-44228 WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via HEADER (CVE-2021-44228)
999080 CVE-2021-44228 WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via URL (CVE-2021-44228)
999081 CVE-2021-42847 WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7006 - Unauthenticated Arbitrary File Write Vulnerability (CVE-2021-42847)
999082 CVE-2021-42321 WEB-MISC Microsoft Exchange Server - Remote Code Execution Vulnerability (CVE-2021-42321)
999083 CVE-2021-42258 WEB-MISC BQE BillQuick Web Suite 2021 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258)
999084 CVE-2021-42258 WEB-MISC BQE BillQuick Web Suite 2020 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258)
999085 CVE-2021-42258 WEB-MISC BQE BillQuick Web Suite 2019 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258)
999086 CVE-2021-42258 WEB-MISC BQE BillQuick Web Suite 2018 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258)
999087 CVE-2021-42237 WEB-MISC Sitecore From 7.5.0 To 8.2.7 - Remote Code Execution Vulnerability (CVE-2021-42237)
999088 CVE-2021-41950 WEB-MISC ResourceSpace 9.6 prior to rev 18277 - Unauthenticated Path Traversal Vulnerability via variant (CVE-2021-41950)
999089 CVE-2021-41950 WEB-MISC ResourceSpace 9.6 prior to rev 18277 - Unauthenticated Path Traversal Vulnerability via provider (CVE-2021-41950)
999090 CVE-2021-41349 WEB-MISC Microsoft Exchange Server - Cross-Site Scripting Vulnerability (CVE-2021-41349)
999091 CVE-2021-35217 WEB-MISC SolarWinds Orion Prior to 2020.2.6 HF1 - Deserialization Vulnerability Via WSAsyncExecuteTasks.aspx (CVE-2021-35217)
999092 CVE-2021-34416 WEB-MISC Zoom Meeting Connector 4.6.360.20210325 - Remote Code Execution Vulnerability (CVE-2021-34416)
999093 CVE-2021-22941 WEB-MISC Citrix ShareFile Storage Prior To 5.11.20 - Improper Access Control Vulnerability (CVE-2021-22941)
999094 CVE-2020-35136 WEB-MISC Dolibarr Prior to 12.0.4 - Remote Code Execution Vulnerability Via zipfilename_template and bz (CVE-2020-35136)
999095 CVE-2020-35136 WEB-MISC Dolibarr Prior to 12.0.4 - Remote Code Execution Vulnerability Via zipfilename_template and gz (CVE-2020-35136)
999096 CVE-2020-2950, CVE-2021-2456 WEB-MISC Oracle BI Publisher - Arbitrary Files Upload Vulnerability (CVE-2020-2950, CVE-2021-2456)
999097 CVE-2020-2950, CVE-2021-2456 WEB-MISC Oracle BI Publisher - Remote Code Execution Vulnerability (CVE-2020-2950, CVE-2021-2456)
2021 年 12 月的签名更新