ADC

Signature update version 36

New signatures rules are generated for the vulnerabilities identified in version 36. You can download and configure the signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 36 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999817 WEB-WORDPRESS WordPress Ad Inserter plug-in Prior to Version 2.4.22 - Remote Code Execution
999818 CVE-2019-7839 WEB-MISC Adobe ColdFusion Multiple Versions - Remote Code Execution Vulnerability Via HTTP/SOAP DotNet-to-Java (CVE-2019-7839)
999819 CVE-2019-7839 WEB-MISC Adobe ColdFusion Multiple Versions - Remote Code Execution Vulnerability Via HTTP/SOAP Java-to-DotNet (CVE-2019-7839)
999820 CVE-2019-11469 WEB-MISC Zoho ManageEngine Applications Manager Prior to 14 Build 14150 Allows SQLi Via resourceid Parameter (CVE-2019-11469)
999821 CVE-2019-11448 WEB-MISC Zoho ManageEngine Application Manager 11.0 Through 14.0 - Unauthenticated SQL Injection (CVE-2019-11448)
999822 CVE-2019-1003000 WEB-MISC Jenkins Script Security plug-in Up To 1.49 - Sandbox Bypass Vulnerability (CVE-2019-1003000)
999823 WEB-WORDPRESS WordPress Cforms2 plug-in Up To 15.0.1 - Unauthenticated HTML Injection Vulnerability
999824 CVE-2019-0193 WEB-MISC Apache Solr Prior To 8.2 - DIH Remote Code Execution Vulnerability Via dataConfig Parameter (CVE-2019-0193)
999825 CVE-2019-11580 WEB-MISC Atlassian Crowd Pdkinstall Development plug-in Enabled - Unauthenticated RCE (CVE-2019-11580)
999826 CVE-2019-0192 WEB-MISC Apache Solr Up To 5.5.5 / 6.6.5 - Config API Remote Code Execution Vulnerability (CVE-2019-0192)
999827 WEB-WORDPRESS WooCommerce Variation Swatches plug-in Up To 1.0.61 - Reflected cross-site scripting Vulnerability
999828 CVE-2019-1003001 WEB-MISC Jenkins Pipeline Groovy plug-in Up To 2.61 - Sandbox Bypass Vulnerability Via Job Creation (CVE-2019-1003001)
999829 CVE-2019-1003001 WEB-MISC Jenkins Pipeline Groovy plug-in Up To 2.61 - Sandbox Bypass Vulnerability (CVE-2019-1003001)
999830 WEB-WORDPRESS WordPress Bold Page Builder plug-in Prior To 2.3.2 - Security Bypass Vulnerability
999831 CVE-2019-15107 WEB-MISC Webmin Prior To 1.930 - Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)
999832 CVE-2019-2767 WEB-MISC Oracle BI Publisher 11.1.1.9.0 and 12.2.1.4 - XXE Vulnerability (CVE-2019-2767)
999833 CVE-2019-15106 WEB-MISC Zoho ManageEngine OpManager Through 12.4x - Authentication Bypass Vulnerability (CVE-2019-15106)
999948 CVE-2014-0114 Apache Struts 1 through 1.3.10 allows ClassLoader manipulation allowing arbitrary code execution via HTTP_FORM_FIELD
999949 CVE-2013-4316 Apache Struts 2 before 2.3.15.2 allows Dynamic Method Invocation by affecting confidentiality, integrity or availability
999950 CVE-2013-4316 Apache Struts 2 before 2.3.15.2 allows Dynamic Method Invocation by affecting confidentiality, integrity or availability

Note:

Signature rule 999947 is deleted because of performance issue.

Signature update version 36