ADC

Signature update version 93

New signatures rules are generated for the vulnerabilities identified in the week 2022-10-02. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 93 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998871 CVE-2022-41082, CVE-2022-41040 WEB-MISC Microsoft Exchange Server - RCE Vulnerability (CVE-2022-41082, CVE-2022-41040)
998872 CVE-2022-37299 WEB-MISC Shirne CMS 1.2.0 - Path Traversal Vulnerability Via /static/ueditor/php/controller.php (CVE-2022-37299)
998873 CVE-2022-36923 WEB-MISC Zoho ManageEngine Multiple Products Multiple Versions - Authentication Bypass Vulnerability (CVE-2022-36923)
998874 CVE-2022-33891 WEB-MISC Apache Spark UI Multiple Versions - Remote Code Execution Vulnerability Via doAs Parameter (CVE-2022-33891)
998875 CVE-2022-3184, CVE-2022-3183 WEB-MISC DataProbe iBoot-PDU Prior to 1.42.06162022 - Remote Code Execution Vulnerability (CVE-2022-3184, CVE-2022-3183)
998876 CVE-2022-31814 WEB-MISC pfSense pfBlockerNG Prior to 2.1.4_26 - Remote Code Execution Vulnerability (CVE-2022-31814)
998877 CVE-2022-31097 WEB-MISC Apache Grafana - Unified Alerting Stored XSS Vulnerability (CVE-2022-31097)
998878 CVE-2022-2903 WEB-WORDPRESS NinjaForms Plugin Prior to 3.6.13 - PHP Object Injection Vulnerability (CVE-2022-2903)
998879 CVE-2022-2552 WEB-WORDPRESS Duplicator Plugin Prior to 1.4.7.1 - Unauthenticated Information Disclosure Vulnerability (CVE-2022-2552)
998880 CVE-2022-23854 WEB-MISC AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Vulnerability Via SG URI (CVE-2022-23854)
998881 CVE-2022-23854 WEB-MISC AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Vulnerability Via Blaze URI (CVE-2022-23854)
998882 CVE-2022-23854 WEB-MISC AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Vulnerability Via AccessAnywhere URI (CVE-2022-23854)
998883 CVE-2017-9841 WEB-MISC PHPUnit Before 4.8.28 and 5.x Before 5.6.3 - Remote Code Execution Vulnerability Via eval-stdin.php (CVE-2017-9841)

Consolidated and updated signature rules

A few redundant signature rules are deleted and the CVE IDs of these rules are consolidated in the updated rules. Make sure to enable the corresponding signature rules for each deleted rule.

The following table lists the consolidated and updated signature rule IDs:

Deleted Signature Rules Updated Signature Rules CVE ID
1242 1243 CVE-2000-0071
1245 1244 CVE-2000-0071
1589 1221 CVE-2001-0224, NESSUS-10609
1648 832 CVE-1999-0509, NESSUS-10173, www.cert.org/advisories/CA-1996-11.html
1700 821 CVE-1999-0951, NESSUS-10122
2598 2597 CVE-2004-0600
999779 999721 CVE-2019-14994
999861 999859 CVE-2019-12099
999862 999857 https://www.wordfence.com/blog/2019/05s-command-injection-vulnerability-patched-in-wp-database-backup-plugin/
999863 999858 https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/
Signature update version 93