Signature update version 36
New signatures rules are generated for the vulnerabilities identified in version 36. You can download and configure the signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect NetScaler CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
| Signature rule | CVE ID | Description |
|---|---|---|
| 999817 | WEB-WORDPRESS WordPress Ad Inserter plug-in Prior to Version 2.4.22 - Remote Code Execution | |
| 999818 | CVE-2019-7839 | WEB-MISC Adobe ColdFusion Multiple Versions - Remote Code Execution Vulnerability Via HTTP/SOAP DotNet-to-Java (CVE-2019-7839) |
| 999819 | CVE-2019-7839 | WEB-MISC Adobe ColdFusion Multiple Versions - Remote Code Execution Vulnerability Via HTTP/SOAP Java-to-DotNet (CVE-2019-7839) |
| 999820 | CVE-2019-11469 | WEB-MISC Zoho ManageEngine Applications Manager Prior to 14 Build 14150 Allows SQLi Via resourceid Parameter (CVE-2019-11469) |
| 999821 | CVE-2019-11448 | WEB-MISC Zoho ManageEngine Application Manager 11.0 Through 14.0 - Unauthenticated SQL Injection (CVE-2019-11448) |
| 999822 | CVE-2019-1003000 | WEB-MISC Jenkins Script Security plug-in Up To 1.49 - Sandbox Bypass Vulnerability (CVE-2019-1003000) |
| 999823 | WEB-WORDPRESS WordPress Cforms2 plug-in Up To 15.0.1 - Unauthenticated HTML Injection Vulnerability | |
| 999824 | CVE-2019-0193 | WEB-MISC Apache Solr Prior To 8.2 - DIH Remote Code Execution Vulnerability Via dataConfig Parameter (CVE-2019-0193) |
| 999825 | CVE-2019-11580 | WEB-MISC Atlassian Crowd Pdkinstall Development plug-in Enabled - Unauthenticated RCE (CVE-2019-11580) |
| 999826 | CVE-2019-0192 | WEB-MISC Apache Solr Up To 5.5.5 / 6.6.5 - Config API Remote Code Execution Vulnerability (CVE-2019-0192) |
| 999827 | WEB-WORDPRESS WooCommerce Variation Swatches plug-in Up To 1.0.61 - Reflected cross-site scripting Vulnerability | |
| 999828 | CVE-2019-1003001 | WEB-MISC Jenkins Pipeline Groovy plug-in Up To 2.61 - Sandbox Bypass Vulnerability Via Job Creation (CVE-2019-1003001) |
| 999829 | CVE-2019-1003001 | WEB-MISC Jenkins Pipeline Groovy plug-in Up To 2.61 - Sandbox Bypass Vulnerability (CVE-2019-1003001) |
| 999830 | WEB-WORDPRESS WordPress Bold Page Builder plug-in Prior To 2.3.2 - Security Bypass Vulnerability | |
| 999831 | CVE-2019-15107 | WEB-MISC Webmin Prior To 1.930 - Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107) |
| 999832 | CVE-2019-2767 | WEB-MISC Oracle BI Publisher 11.1.1.9.0 and 12.2.1.4 - XXE Vulnerability (CVE-2019-2767) |
| 999833 | CVE-2019-15106 | WEB-MISC Zoho ManageEngine OpManager Through 12.4x - Authentication Bypass Vulnerability (CVE-2019-15106) |
| 999948 | CVE-2014-0114 | Apache Struts 1 through 1.3.10 allows ClassLoader manipulation allowing arbitrary code execution via HTTP_FORM_FIELD |
| 999949 | CVE-2013-4316 | Apache Struts 2 before 2.3.15.2 allows Dynamic Method Invocation by affecting confidentiality, integrity or availability |
| 999950 | CVE-2013-4316 | Apache Struts 2 before 2.3.15.2 allows Dynamic Method Invocation by affecting confidentiality, integrity or availability |
Note:
Signature rule 999947 is deleted because of performance issue.
Signature update version 36
Copied!
Failed!