Signature update version 50
New signatures rules are generated for the vulnerabilities identified in the week 2020-09-26. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999532 | CVE-2020-1956 | WEB-MISC Apache Kylin - Cube Migrate Remote Code Execution Via dest-config (CVE-2020-1956) |
999533 | CVE-2020-1956 | WEB-MISC Apache Kylin - Cube Migrate Remote Code Execution Via src-config (CVE-2020-1956) |
999534 | CVE-2020-1956 | WEB-MISC Apache Kylin - Cube Migrate Remote Code Execution Via projectName (CVE-2020-1956) |
999535 | CVE-2020-3247 | WEB-MISC Cisco UCS Director - CopyFileRunnable Arbitrary Symlink Creation Vulnerability (CVE-2020-3247) |
999536 | CVE-2019-16872 | WEB-MISC Portainer Prior To 1.22.1 - Incorrect Access Control Vulnerability Via Update Stacks (CVE-2019-16872) |
999537 | CVE-2019-16872 | WEB-MISC Portainer Prior To 1.22.1 - Incorrect Access Control Vulnerability Via Create Stacks (CVE-2019-16872) |
999538 | CVE-2020-13855 | WEB-MISC Artica Pandora FMS 7.44 - Arbitrary File Upload Vulnerability Via File Repository Manager (CVE-2020-13855) |
999539 | CVE-2020-5902 | WEB-MISC F5 BIG-IP - Traffic Management User Interface RCE Vulnerability Via /hsqldb (CVE-2020-5902) |
999540 | CVE-2020-5902 | WEB-MISC F5 BIG-IP - Traffic Management User Interface RCE Vulnerability Via /tmui (CVE-2020-5902) |
999541 | WEB-MISC WebERP 4.15.1 and Prior - Unauthenticated Information Disclosure Vulnerability | |
999542 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via timeline.php and timestamp Param (CVE-2020-7209) |
999543 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and ts Param (CVE-2020-7209) |
999544 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and end Param (CVE-2020-7209) |
999545 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and start Param (CVE-2020-7209) |
999546 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and pid Param (CVE-2020-7209) |
999547 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kidsk_trace_view.php and end Param (CVE-2020-7209) |
999548 | CVE-2020-7209 | WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kidsk_trace_view.php and start Param (CVE-2020-7209) |
999549 | WEB-MISC PHP-Fusion Prior to 9.03.70 - PHP Object Injection Vulnerability | |
999550 | CVE-2020-1181 | WEB-MISC Microsoft SharePoint Server - Remote Code Execution via Web Parts (CVE-2020-1181) |
999551 | CVE-2020-10547 | WEB-MISC rConfig Prior to 3.9.5 - Unauthenticated SQLi Vulnerability in Policy Elements Via searchColumn (CVE-2020-10547) |
999552 | CVE-2020-10547 | WEB-MISC rConfig Prior to 3.9.5 - Unauthenticated SQLi Vulnerability in Policy Elements Via searchField (CVE-2020-10547) |
999553 | CVE-2020-8605 | WEB-MISC Trend Micro InterScan Web Security Virtual Appliance Prior to 6.5 SP2 Patch 4 - RCE Vulnerability (CVE-2020-8605) |
999554 | CVE-2019-10068 | WEB-MISC Kentico CMS Multiple Versions - Unauthenticated Remote Code Execution Vulnerability (CVE-2019-10068) |
999555 | CVE-2020-11108 | WEB-MISC Pi-hole Up To 4.4 - Authenticated RCE Vulnerability (CVE-2020-11108) |