Signature update version 70
New signatures rules are generated for the vulnerabilities identified in the week 2021-10-26. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 70 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999127 | CVE-2021-42013 | WEB-MISC Apache HTTP Server 2.4.49 and 2.4.50 - Path Traversal Vulnerability Via %%32 (CVE-2021-42013) |
999128 | CVE-2021-42013 | WEB-MISC Apache HTTP Server 2.4.49 and 2.4.50 - Path Traversal Vulnerability Via %2% (CVE-2021-42013) |
999129 | CVE-2021-41773 | WEB-MISC Apache HTTP Server 2.4.49 - Path Traversal Vulnerability Via %2e%2e (CVE-2021-41773) |
999130 | CVE-2021-41773 | WEB-MISC Apache HTTP Server 2.4.49 - Path Traversal Vulnerability Via .%2e (CVE-2021-41773) |
999131 | CVE-2021-40539 | WEB-MISC Zoho ManageEngine ADSelfService Plus 6.1 Prior to Build 6114 - Authentication Bypass Vulnerability (CVE-2021-40539) |
999132 | CVE-2021-34648 | WEB-WORDPRESS Ninja Forms Plugin Up to 3.5.7 - REST_ROUTE Vulnerability via submissions email-action (CVE-2021-34648) |
999133 | CVE-2021-34648 | WEB-WORDPRESS Ninja Forms Plugin Up to 3.5.7 - REST API Vulnerability via submissions email-action (CVE-2021-34648) |
999134 | CVE-2021-34647 | WEB-WORDPRESS Ninja Forms Plugin Up to 3.5.7 - REST_ROUTE Vulnerability via Submissions Export (CVE-2021-34647) |
999135 | CVE-2021-34647 | WEB-WORDPRESS Ninja Forms Plugin Up to 3.5.7 - REST API Vulnerability via Submissions Export (CVE-2021-34647) |
999136 | CVE-2021-34623 | WEB-WORDPRESS ProfilePress Plugin Prior to 3.1.4 - Arbitrary File Upload Vulnerability Via eup_cover_image (CVE-2021-34623) |
999137 | CVE-2021-34623 | WEB-WORDPRESS ProfilePress Plugin Prior to 3.1.4 - Arbitrary File Upload Vulnerability Via eup_avatar (CVE-2021-34623) |
999138 | CVE-2021-2400 | WEB-MISC Oracle BI Publisher - SAXParser XXE Vulnerability Via mobile X ReportTemplateService(CVE-2021-2400) |
999139 | CVE-2021-2400 | WEB-MISC Oracle BI Publisher - SAXParser XXE Vulnerability Via mobile ReportTemplateService(CVE-2021-2400) |
999140 | CVE-2021-2400 | WEB-MISC Oracle BI Publisher - SAXParser XXE Vulnerability Via xmlpservice X ReportTemplateService (CVE-2021-2400) |
999141 | CVE-2021-2400 | WEB-MISC Oracle BI Publisher - SAXParser XXE Vulnerability Via xmlpservice ReportTemplateService (CVE-2021-2400) |
999142 | CVE-2021-21985 | WEB-MISC VMWare vCenter - Virtual SAN Health Check Plugin Remote Code Execution Vulnerability (CVE-2021-21985) |
999143 | CVE-2021-20078 | WEB-MISC Zoho ManageEngine OpManager 12.5 Prior to Build 125362 - Path Traversal Vulnerability (CVE-2021-20078) |
999144 | CVE-2020-29448 | WEB-MISC Atlassian Confluence Server and Data Center - Information Disclosure Vulnerability Via WEB-INF (CVE-2020-29448) |
999145 | CVE-2020-29448 | WEB-MISC Atlassian Confluence Server and Data Center - Information Disclosure Vulnerability Via META-INF (CVE-2020-29448) |
999146 | CVE-2020-12442 | WEB-MISC Ivanti Avalanche 6.3 - Unauthenticated SQL Injection Vulnerability Via osupdate Endpoint (CVE-2020-12442) |
999147 | CVE-2020-12442 | WEB-MISC Ivanti Avalanche 6.3 - Unauthenticated SQL Injection Vulnerability Via wapl Endpoint (CVE-2020-12442) |
999148 | WEB-WORDPRESS BuddyPress Plugin Prior to 9.1.1 - SQL Injection Vulnerability Via bp-members-invitations Feature |