Signature update version 40
New signatures rules are generated for the vulnerabilities identified for the week 2020-01-14. You can download and configure these signature rules to protect your appliance from security vulnerable attacks. The signature update includes the signature ID, signature version, and list of CVEs addressed.
Signature version
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
The signature update version 40 includes a fix for the incorrect signature rule 1861. Enabling Post body and Response body signature rules might affect NetScaler CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999732 | CVE-2019-1620 | WEB-MISC Cisco Data Center Network Manager Prior To 11.2(1) - Arbitrary File Upload Vulnerability (CVE-2019-1620) |
999733 | CVE-2019-16702 | WEB-MISC Integard Pro 2.2.0.9026 - NoJs Buffer Overflow Vulnerability (CVE-2019-16702) |
999734 | CVE-2019-1621 | WEB-MISC Cisco Data Center Network Manager Prior To 11.2(1) - Arbitrary File Download Vulnerability (CVE-2019-1621) |
999735 | CVE-2019-8451 | WEB-MISC Atlassian Jira Server Before 8.4.0 - Server Side Request Forgery Vulnerability (CVE-2019-8451) |
999736 | WEB-WORDPRESS GDPR Cookie Compliance plug-in Prior to 4.0.3 - Authenticated Arbitrary Settings Deletion Vulnerability | |
999737 | CVE-2019-11287 | WEB-MISC Pivotal RabbitMQ 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1 - Denial of Service Vulnerability (CVE-2019-11287) |
999738 | WEB-WORDPRESS Ultimate Addons For Elementor Prior To 1.20.1 - Authentication Bypass Via Facebook Login Vulnerability | |
999739 | WEB-WORDPRESS Ultimate Addons For Elementor Prior To 1.20.1 - Authentication Bypass Via Google Login Vulnerability | |
999740 | CVE-2019-19366 | WEB-MISC FusionPBX Prior to 4.4.10 - cross-site scripting Vulnerability in xml_cdr_search.php Via Redirect Parameter (CVE-2019-19366) |
999741 | CVE-2019-16931 | WEB-WORDPRESS Visualizer plug-in Prior to Version 3.3.1 - Unauthenticated cross-site scripting Vulnerability (CVE-2019-16931) |
999742 | CVE-2019-16932 | WEB-WORDPRESS Visualizer plug-in Prior to Version 3.3.1 - Unauthenticated SSRF (CVE-2019-16932) |
999743 | CVE-2019-1619 | WEB-MISC Cisco Data Center Network Manager Prior To 11.1(1) - Authentication Bypass Vulnerability (CVE-2019-1619) |
999744 | CVE-2019-12562 | WEB-MISC DotNetNuke Before 9.4.0 - Stored Cross Site Scripting Vulnerability (CVE-2019-12562) |
999745 | CVE-2019-8371 | WEB-MISC OpenEMR Prior to 5.0.2 - Remote Code Execution Vulnerability Via Form_Filedata Field (CVE-2019-8371) |
999746 | CVE-2019-8371 | WEB-MISC OpenEMR Prior to 5.0.2 - Remote Code Execution Vulnerability Via Form_Image Field (CVE-2019-8371) |
999747 | WEB-WORDPRESS Beaver Builder Ultimate Addons Prior To 1.24.1 - Authentication Bypass Via Facebook Login Vulnerability | |
999748 | WEB-WORDPRESS Beaver Builder Ultimate Addons Prior To 1.24.1 - Authentication Bypass Via Google Login Vulnerability | |
999749 | CVE-2019-19650 | WEB-MISC Zoho ManageEngine AM Prior to Build 13640 - SQLi Via Agent Servlet (CVE-2019-19650) |
999750 | WEB-MISC Zoho ManageEngine AM Prior to Build 13620 - API Key Disclosure Via OPMRequestHandlerServlet Servlet | |
999751 | CVE-2019-1622 | WEB-MISC Cisco Data Center Network Manager 11.0(1) - Information Disclosure Vulnerability (CVE-2019-1622) |
999752 | CVE-2019-16759 | WEB-MISC vBulletin Prior to 5.5.4 Patch Level 1 - Remote Code Execution Vulnerability (CVE-2019-16759) |
999753 | WEB-WORDPRESS Featured Image from URL plug-in Prior to 2.7.8 - Missing Access Controls on REST API Vulnerability | |
999754 | CVE-2019-10098 | WEB-MISC Apache HTTP Server Up To 2.4.39 - mod_rewrite Self-Referential Redirect Vulnerability (CVE-2019-10098) |
999755 | CVE-2019-1936 | WEB-MISC Cisco UCS Director 6.0 to 6.6.1.0 and 6.7.0.0 to 6.7.1.0 - Command Injection Vulnerability (CVE-2019-1936) |
999756 | CVE-2019-19649 | WEB-MISC Zoho ManageEngine AM Prior to Build 13620 - Unauthenticated SQLi Via EventID Parameter (CVE-2019-19649) |
999757 | CVE-2019-19649 | WEB-MISC Zoho ManageEngine AM Prior to Build 13620 - Unauthenticated SQLi Via Entity Parameter (CVE-2019-19649) |
999758 | CVE-2019-15036 | WEB-MISC JetBrains TeamCity Before 2019.1 - OS Command Injection Vulnerability (CVE-2019-15036) |
999759 | CVE-2019-17239 | WEB-WORDPRESS Download plug-ins and Themes from Dashboard plug-in Up To 1.5 - Stored cross-site scripting Vulnerability (CVE-2019-17239) |