ADC

Signature update version 46

New signatures rules are generated for the vulnerabilities identified in the week 2020-06-03. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect NetScaler CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999643   WEB-WORDPRESS 10Web Map Builder for Google Maps plug-in Prior to 10.0.64 - Unauthenticated cross-site scripting Vulnerability Via gmwd_setup Page
999644   WEB-WORDPRESS 10Web Map Builder for Google Maps plug-in 10.0.64 and Prior - cross-site scripting Vulnerability Via options_gmwd Page
999645 CVE-2020-5187 WEB-MISC DNN Up To 9.4.4 - Path Traversal Vulnerability Via URL (CVE-2020-5187)
999646 CVE-2020-5187 WEB-MISC DNN Up To 9.4.4 - Path Traversal Vulnerability Via Local (CVE-2020-5187)
999647 CVE-2020-9335 WEB-WORDPRESS Photo Gallery plug-in Prior to 1.5.46 - cross-site scripting Vulnerability Via image_alt_text_ Field (CVE-2020-9335)
999648 CVE-2020-9335 WEB-WORDPRESS Photo Gallery plug-in Prior to 1.5.46 - cross-site scripting Vulnerability Via Name Field (CVE-2020-9335)
999649 CVE-2020-9335 WEB-WORDPRESS Photo Gallery plug-in Prior to 1.5.46 - cross-site scripting Vulnerability Via Description Fields (CVE-2020-9335)
999650 CVE-2020-10189 WEB-MISC Zoho ManageEngine Desktop Central Prior to 10.0.479 - Unauthenticated Remote Code Execution Vuln (CVE-2020-10189)
999651 CVE-2020-10189 WEB-MISC Zoho ManageEngine Desktop Central Prior to 10.0.479 - Unauthenticated Arbitrary File Upload Vuln (CVE-2020-10189)
999652   WEB-WORDPRESS Flexible Checkout Fields for WooCommerce plug-in Prior to 2.3.2 - Unauthenticated Settings Modification Vuln
999653 CVE-2020-0688 WEB-MISC Microsoft Exchange Server - Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)
999654 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via ip_src Parameter (CVE-2020-8947, CVE-2019-20224)
999655 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via dst_port Parameter (CVE-2020-8947, CVE-2019-20224)
999656 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via src_port Parameter (CVE-2020-8947, CVE-2019-20224)
999657 CVE-2020-8947, CVE-2019-20224 WEB-MISC Artica Pandora FMS 7.0 - Remote Code Execution Vulnerability Via ip_dst Parameter (CVE-2020-8947, CVE-2019-20224)
999658 CVE-2020-5186 WEB-MISC DNN Up To 9.5.0 - Cross Site Scripting Vulnerability Via Journal XML Upload (CVE-2020-5186)
999659   WEB-WORDPRESS WP Sitemap Page plug-in 1.6.2 and Prior - cross-site scripting Vulnerability Via wsp_exclude_pages
999660 CVE-2020-5188 WEB-MISC DNN Up To 9.5.0 - Insecure Permissions Vulnerability Via UploadFromUrl (CVE-2020-5188)
999661 CVE-2020-5188 WEB-MISC DNN Up To 9.5.0 - Insecure Permissions Vulnerability Via UploadFromLocal (CVE-2020-5188)
999662 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via API Theme (CVE-2020-7799)
999663 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via API Email Template (CVE-2020-7799)
999664 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via GUI Theme (CVE-2020-7799)
999665 CVE-2020-7799 WEB-MISC FusionAuth Prior To 1.11.0 - Remote Code Execution Vulnerability Via GUI Email Template (CVE-2020-7799)
Signature update version 46