Signature update version 91
New signatures rules are generated for the vulnerabilities identified in the week 2022-08-23. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 91 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.
Note
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
998909 | CVE-2022-38129 | WEB-MISC Keysight SMS Prior to 2.4.1 - Path Traversal Vulnerability Allows RCE (CVE-2022-38129) |
998910 | CVE-2022-37042, CVE-2022-27925 | WEB-MISC Zimbra Collaboration Suite - MailboxImportServlet Multiple Vulnerabilities (CVE-2022-37042, CVE-2022-27925) |
998911 | CVE-2022-36446 | WEB-MISC Webmin Multiple Versions - HTML Injection and Remote Code Execution Vulnerabilities (CVE-2022-36446) |
998912 | CVE-2022-35405 | WEB-MISC Zoho ManageEngine Password Manager Pro Prior to 12101 - Java Deserialization Vulnerability (CVE-2022-35405) |
998913 | CVE-2022-34872 | WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via vhidden (CVE-2022-34872) |
998914 | CVE-2022-34872 | WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via rpn_function (CVE-2022-34872) |
998915 | CVE-2022-34872 | WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via unit_name (CVE-2022-34872) |
998916 | CVE-2022-34872 | WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via warn (CVE-2022-34872) |
998917 | CVE-2022-34872 | WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via crit (CVE-2022-34872) |
998918 | CVE-2022-34872 | WEB-MISC Centreon Prior to 21.10.7 - SQL Injection Vulnerability Via def_type (CVE-2022-34872) |
998919 | CVE-2022-31813 | WEB-MISC Apache HTTP Server Up to 2.4.53 - mod_proxy X-Forwarded-* Headers Removal Vulnerability (CVE-2022-31813) |
998920 | CVE-2022-31125 | WEB-MISC Roxy-wi Prior To 6.1.1.0 - Authentication Bypass Vulnerability Via alert_consumer (CVE-2022-31125) |
998921 | CVE-2022-31101 | WEB-MISC Prestashop Blockwishlist Prior to 2.1.1 - SQL Injection Vulnerability (CVE-2022-31101) |
998922 | CVE-2022-26137 | WEB-MISC Atlassian Products Multiple Versions - Cross-Origin Resource Sharing Bypass Vulnerability (CVE-2022-26137) |
998923 | CVE-2022-24299 | WEB-MISC pfSense CE Prior to 2.6.0 - Remote Code Execution Vulnerability Via vpn_openvpn_client.php (CVE-2022-24299) |
998924 | CVE-2022-24299 | WEB-MISC pfSense CE Prior to 2.6.0 - Remote Code Execution Vulnerability Via vpn_openvpn_server.php (CVE-2022-24299) |
998925 | CVE-2022-0817 | WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQL Injection Vulnerability Via get-achievements and user_id (CVE-2022-0817) |
998926 | CVE-2021-36749 | WEB-MISC Apache Druid - Arbitrary Local File Disclosure Vulnerability (CVE-2021-36749) |
998927 | CVE-2021-26919 | WEB-MISC Apache Druid Prior to 0.20.2 - Untrusted Deserialization Vulnerability via autoDeserialize=true (CVE-2021-26919) |
998928 | CVE-2021-26919 | WEB-MISC Apache Druid Prior to 0.20.2 - Untrusted Deserialization Vulnerability via detectCustomCollations=true (CVE-2021-26919) |