ADC

Signature update version 50

September 21, 2023

Contributed by:

C S S

New signatures rules are generated for the vulnerabilities identified in the week 2020-09-26. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 50 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999532	CVE-2020-1956	WEB-MISC Apache Kylin - Cube Migrate Remote Code Execution Via dest-config (CVE-2020-1956)
999533	CVE-2020-1956	WEB-MISC Apache Kylin - Cube Migrate Remote Code Execution Via src-config (CVE-2020-1956)
999534	CVE-2020-1956	WEB-MISC Apache Kylin - Cube Migrate Remote Code Execution Via projectName (CVE-2020-1956)
999535	CVE-2020-3247	WEB-MISC Cisco UCS Director - CopyFileRunnable Arbitrary Symlink Creation Vulnerability (CVE-2020-3247)
999536	CVE-2019-16872	WEB-MISC Portainer Prior To 1.22.1 - Incorrect Access Control Vulnerability Via Update Stacks (CVE-2019-16872)
999537	CVE-2019-16872	WEB-MISC Portainer Prior To 1.22.1 - Incorrect Access Control Vulnerability Via Create Stacks (CVE-2019-16872)
999538	CVE-2020-13855	WEB-MISC Artica Pandora FMS 7.44 - Arbitrary File Upload Vulnerability Via File Repository Manager (CVE-2020-13855)
999539	CVE-2020-5902	WEB-MISC F5 BIG-IP - Traffic Management User Interface RCE Vulnerability Via /hsqldb (CVE-2020-5902)
999540	CVE-2020-5902	WEB-MISC F5 BIG-IP - Traffic Management User Interface RCE Vulnerability Via /tmui (CVE-2020-5902)
999541		WEB-MISC WebERP 4.15.1 and Prior - Unauthenticated Information Disclosure Vulnerability
999542	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via timeline.php and timestamp Param (CVE-2020-7209)
999543	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and ts Param (CVE-2020-7209)
999544	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and end Param (CVE-2020-7209)
999545	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and start Param (CVE-2020-7209)
999546	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kivis.php and pid Param (CVE-2020-7209)
999547	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kidsk_trace_view.php and end Param (CVE-2020-7209)
999548	CVE-2020-7209	WEB-MISC HP LinuxKI Prior to 6.0-2 - Unauthenticated RCE Vulnerability Via kidsk_trace_view.php and start Param (CVE-2020-7209)
999549		WEB-MISC PHP-Fusion Prior to 9.03.70 - PHP Object Injection Vulnerability
999550	CVE-2020-1181	WEB-MISC Microsoft SharePoint Server - Remote Code Execution via Web Parts (CVE-2020-1181)
999551	CVE-2020-10547	WEB-MISC rConfig Prior to 3.9.5 - Unauthenticated SQLi Vulnerability in Policy Elements Via searchColumn (CVE-2020-10547)
999552	CVE-2020-10547	WEB-MISC rConfig Prior to 3.9.5 - Unauthenticated SQLi Vulnerability in Policy Elements Via searchField (CVE-2020-10547)
999553	CVE-2020-8605	WEB-MISC Trend Micro InterScan Web Security Virtual Appliance Prior to 6.5 SP2 Patch 4 - RCE Vulnerability (CVE-2020-8605)
999554	CVE-2019-10068	WEB-MISC Kentico CMS Multiple Versions - Unauthenticated Remote Code Execution Vulnerability (CVE-2019-10068)
999555	CVE-2020-11108	WEB-MISC Pi-hole Up To 4.4 - Authenticated RCE Vulnerability (CVE-2020-11108)

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 50

September 21, 2023

Contributed by:

C S S

September 21, 2023

Contributed by:

C S S

Signature update version 50

Signature version

Common Vulnerability Entry (CVE) insight

In this article