ADC

Signature update version 41

New signatures rules are generated for the vulnerabilities identified for the week 2020-02-04. You can download and configure these signature rules to protect your appliance from security vulnerable attacks. The signature update includes the signature ID, signature version, and list of CVEs addressed.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

The signature update version 41 includes a fix for the incorrect signature rule 1861. Enabling Post body and Response body signature rules might affect NetScaler CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999717   WEB-WORDPRESS WordPress Version 5.3.x and Prior - Denial of Service Vulnerability Via xmlrpc.php pingback.ping Method
999718   WEB-WORDPRESS Backup And Staging By WP Time Capsule plug-in Prior To 1.21.16 - Authentication Bypass Vulnerability
999719 CVE-2019-19731 WEB-MISC Roxy Fileman For .NET 1.4.5 - Path Traversal Vulnerability Via RENAMEFILE (CVE-2019-19731)
999720 CVE-2019-19915 WEB-WORDPRESS 301 Redirects – Easy Redirect Manager plug-in Up To 2.4.0 - Multiple Vulnerabilities (CVE-2019-19915)
999721 CVE-2019-17662 WEB-MISC Cybele Software ThinVNC Prior to Version 1.0b1 - Directory Traversal Vulnerability (CVE-2019-17662)
999722 CVE-2020-6168 WEB-WORDPRESS Minimal Coming Soon And Maintenance Mode plug-in Prior To 2.17 - Maintenance Setting Vulnerability (CVE-2020-6168)
999723 CVE-2020-6166 WEB-WORDPRESS Minimal Coming Soon And Maintenance Mode plug-in Prior To 2.17 - Theme Change Vulnerability (CVE-2020-6166)
999724 CVE-2020-6166 WEB-WORDPRESS Minimal Coming Soon And Maintenance Mode plug-in Prior To 2.17 - Export Settings Vulnerability (CVE-2020-6166)
999725   WEB-WORDPRESS InifiniteWP Client plug-in Prior to 1.9.4.5 - Authentication Bypass Vulnerability
999726 CVE-2019-16773 WEB-WORDPRESS WordPress Versions Prior to 5.3.1 - cross-site scripting Vulnerability Via REST API With JSON Object (CVE-2019-16773)
999727 CVE-2019-16773 WEB-WORDPRESS WordPress Versions Prior to 5.3.1 - cross-site scripting Vulnerability Via REST API With FORM FIELD (CVE-2019-16773)
999728 CVE-2019-16773 WEB-WORDPRESS WordPress Versions Prior to 5.3.1 - cross-site scripting Vulnerability Via user-edit.php (CVE-2019-16773)
999729 CVE-2019-16773 WEB-WORDPRESS WordPress Versions Prior to 5.3.1 - cross-site scripting Vulnerability Via profile.php (CVE-2019-16773)
999730 CVE-2019-16113 WEB-MISC Bludit 3.9.2 - Image Upload Remote Code Execution Vulnerability Via uuid (CVE-2019-16113)
999731 CVE-2019-16113 WEB-MISC Bludit 3.9.2 - Image Upload Remote Code Execution Vulnerability Via filename (CVE-2019-16113)
Signature update version 41