ADC

签名更新版本 96

针对在 2022-10-23 周发现的漏洞生成了新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名版本 96 适用于 NetScaler 11.1、NetScaler 12.0、Citrix ADC 12.1、Citrix ADC 13.0、Citrix ADC 13.1 平台。

注意

启用帖子正文和响应正文签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
998850 CVE-2022-42889 WEB-MISC Apache Commons Text - Remote Code Execution Vulnerability via URL (CVE-2022-42889)
998851 CVE-2022-42889 WEB-MISC Apache Commons Text - Remote Code Execution Vulnerability via HEADER (CVE-2022-42889)
998852 CVE-2022-42889 WEB-MISC Apache Commons Text - Remote Code Execution Vulnerability via BODY (CVE-2022-42889)
998853 CVE-2022-42889 WEB-MISC Apache Commons Text - Remote Code Execution Vulnerability via FORM (CVE-2022-42889)
998854 CVE-2022-38358 WEB-MISC Eyes of Network - XSS Vulnerability via admin_user (CVE-2022-38358)
998855 CVE-2022-38358 WEB-MISC Eyes of Network - XSS Vulnerability via admin_notifier (CVE-2022-38358)
998856 CVE-2022-38358 WEB-MISC Eyes of Network - XSS Vulnerability via report_event (CVE-2022-38358)
998857 CVE-2022-38257 WEB-MISC Eyes of Network - iFrame Injection Vulnerability (CVE-2022-38257)
998858 CVE-2022-36981 WEB-MISC Ivanti Avalanche Prior to 6.3.4 - Path Traversal Vulnerability Allows Remote Code Execution (CVE-2022-36981)
998859 CVE-2022-36961 WEB-MISC SolarWinds Orion Prior to 2022.3 - SQL Injection Vulnerability (CVE-2022-36961)
998860 CVE-2022-36804 WEB-MISC Atlassian Bitbucket Server and Data Center - Remote Code Execution Vulnerability Via Body (CVE-2022-36804)
998861 CVE-2022-36804 WEB-MISC Atlassian Bitbucket Server and Data Center - Remote Code Execution Vulnerability Via URL (CVE-2022-36804)
998862 CVE-2022-3323 WEB-MISC Advantech iView 5.7.04.6469 - SQL Injection Vulnerability Via CommandServlet URI and column_value (CVE-2022-3323)
998863 CVE-2022-3323 WEB-MISC Advantech iView 5.7.04.6469 - SQL Injection Vulnerability Via CommandServlet URI and column_name (CVE-2022-3323)
998864 CVE-2022-3323 WEB-MISC Advantech iView 5.7.04.6469 - SQL Injection Vulnerability Via ConfigurationServlet URI and column_value (CVE-2022-3323)
998865 CVE-2022-3323 WEB-MISC Advantech iView 5.7.04.6469 - SQL Injection Vulnerability Via ConfigurationServlet URI and column_name (CVE-2022-3323)
998866 CVE-2022-29548 WEB-MISC WSO2 Multiple Products - XSS Vulnerability Via False Login Status (CVE-2022-29548)
998867 CVE-2022-29548 WEB-MISC WSO2 Multiple Products - XSS Vulnerability Via Failed Login Status (CVE-2022-29548)
998868 CVE-2022-2142 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Second-Order SQL Injection Vulnerability Via CommandServlet (CVE-2022-2142)
998869 CVE-2022-2142 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Second-Order SQL Injection Vulnerability Via NetworkServlet (CVE-2022-2142)
998870 CVE-2022-0666 WEB-MISC Microweber Prior to 1.2.11 - CRLF Injection Vulnerability (CVE-2022-0666)
签名更新版本 96