签名更新版本 110

October 25, 2023

投稿者:

针对在 2023-07-25 周发现的漏洞生成了新的签名规则。您可以下载并配置这些签名规则，以保护您的设备免受安全漏洞攻击。

签名版本

签名版本 110 适用于 NetScaler 11.1、NetScaler 12.0、Citrix ADC 12.1、Citrix ADC 13.0、NetScaler 13.1、NetScaler 14.1 平台。

注意

启用帖子正文和响应正文签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则	CVE ID	说明
998646	CVE-2023-35036	WEB-MISC Progress MOVEit Transfer - Authenticated SQL Injection Vulnerability Via X-siLock-FolderID Smuggling (CVE-2023-35036)
998647	CVE-2023-35036	WEB-MISC Progress MOVEit Transfer - Authenticated SQL Injection Vulnerability Via X-siLock-FolderID (CVE-2023-35036)
998648	CVE-2023-3460	WEB-WORDPRESS Ultimate Member Wordpress plugin before 2.6.7 Improper Privilege Management (CVE-2023-3460)
998649	CVE-2023-33651	WEB-MISC Sitecore - Authorization Rules Bypass Vulnerability Via MVC Device Simulator (CVE-2023-33651)
998650	CVE-2023-33157	WEB-MISC Microsoft SharePoint - Remote Code Execution Vulnerability (CVE-2023-33157)
998651	CVE-2023-30777	WEB-WORDPRESS WordPress Plugin Advanced Custom Fields Up to 6.1.5 - Reflected XSS Vulnerability (CVE-2023-30777)
998652	CVE-2023-30545	WEB-MISC PrestaShop Prior to 8.0.4 and 1.7.8.9 - Arbitrary File Read Vulnerability via LOAD_FILE (CVE-2023-30545)
998653	CVE-2023-2986	WEB-WORDPRESS Abandoned Cart Lite for WooCommerce plugin up to 5.14.2 Authentication Bypass (CVE-2023-2986)
998654	CVE-2023-2982	WEB-WORDPRESS Wordpress Plugin Social Login and Register prior to 7.6.4 - Authentication Bypass (CVE-2023-2982)
998655	CVE-2023-29489	WEB-MISC cPanel prior to 11.102.0.31 - XSS Vulnerability (CVE-2023-29489)
998656	CVE-2023-29300、CVE-2023-38203、CVE-2023-38204	WEB-MISC Adobe ColdFusion - Deserialization of Untrusted Data Vulnerability (CVE-2023-29300, CVE-2023-38203, CVE-2023-38204)
998657	CVE-2023-29298、CVE-2023-38205	WEB-MISC Adobe ColdFusion Multiple Versions - Access Control Bypass Vulnerability via restplay (CVE-2023-29298,CVE-2023-38205)
998658	CVE-2023-29298、CVE-2023-38205	WEB-MISC Adobe ColdFusion Multiple Versions - Access Control Bypass Vulnerability via cfide (CVE-2023-29298,CVE-2023-38205)
998659	CVE-2023-28121	WEB-WORDPRESS WordPress Plugin WooCommerce Payments Up to 5.6.1 - Privilege Elevation Vulnerability (CVE-2023-28121)
998660	CVE-2023-27372	WEB-MISC SPIP up to 3.2.17, 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 Remote Code Execution (CVE-2023-27372)
998661	CVE-2023-27372	WEB-MISC SPIP up to 3.2.17, 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 Remote Code Execution (CVE-2023-27372)
998662	CVE-2023-27350	WEB-MISC PaperCut NG - Authentication Bypass Vulnerability (CVE-2023-27350)
998663	CVE-2023-27067	WEB-MISC Sitecore Up To 10.2 - Path Traversal Vulnerability (CVE-2023-27067)
998664	CVE-2023-26360	WEB-MISC Adobe ColdFusion 2018 prior to update 16 and 2021 prior to update 6 - Improper Access Control (CVE-2023-26360)
998665	CVE-2023-26262	WEB-MISC Sitecore - Unrestricted Language File Upload Vulnerability (CVE-2023-26262)
998666	CVE-2023-2611	WEB-MISC Advantech R-SeeNet Prior to 2.4.23 - Use of Hard-Coded Credentials Vulnerability (CVE-2023-2611)
998667	CVE-2023-25804	WEB-MISC Roxy-WI Prior to 6.3.6.0 - Path Traversal Vulnerability (CVE-2023-25804)
998668	CVE-2023-2575	WEB-MISC Advantech EKI-15XX - Stack-based Buffer Overflow Vulnerability (CVE-2023-2575)
998669	CVE-2023-2574	WEB-MISC Advantech EKI-15XX - OS Command Injection Vulnerability (CVE-2023-2574)
998670	CVE-2023-2573	WEB-MISC Advantech EKI-15XX - OS Command Injection Vulnerability (CVE-2023-2573)
998671	CVE-2023-25690	WEB-MISC Apache HTTP Server 2.4.0 Through 2.4.55 - Request Smuggling Vulnerability Via Line Feed (CVE-2023-25690)
998672	CVE-2023-25690	WEB-MISC Apache HTTP Server 2.4.0 Through 2.4.55 - Request Smuggling Vulnerability Via Carriage Return (CVE-2023-25690)
998673	CVE-2023-23489	WEB-WORDPRESS Wordpress plugin Easy Digital Downloads prior to v3.1.0.2 - SQL Injection Vulnerability (CVE-2023-23489)
998674	CVE-2023-20887	WEB-MISC VMware Aria Operations for Networks - Command Injection Vulnerability (CVE-2023-20887)
998675	CVE-2023-1671	WEB-MISC Sophos Web Appliance prior to 4.3.10.4 - Command Injection (CVE-2023-1671)
998676	CVE-2023-1196	WEB-WORDPRESS WordPress plugin Advanced Custom Fields prior to 5.12.5 and 6.1.0 - Untrusted Deserialization (CVE-2023-1196)
998677	CVE-2023-1138	WEB-MISC Delta Electronics InfraSuite Device Master Prior to 1.0.5 - Information Disclosure Via Report (CVE-2023-1138)
998678	CVE-2023-1138	WEB-MISC Delta Electronics InfraSuite Device Master Prior to 1.0.5 - Information Disclosure Via ModuleConfig (CVE-2023-1138)
998679	CVE-2023-1137	WEB-MISC Delta Electronics InfraSuite Device Master Prior to 1.0.5 - Information Disclosure Vulnerability (CVE-2023-1137)
998680	CVE-2023-0255	WEB-WORDPRESS Wordpress plugin Enable Media Replace prior to 4.0.2 - Arbitrary File Upload Vulnerability (CVE-2023-0255)
998681	CVE-2022-36963	WEB-MISC SolarWinds Platform Prior to 2023.2 - Command Injection Vulnerability Via TestCredentials (CVE-2022-36963)
998682	CVE-2022-29303	WEB-MISC Contec SolarView Compact Prior to 7.21 - OS Command Injection Vulnerability (CVE-2022-29303)
998683	CVE-2022-2185	WEB-MISC GitLab Multiple Versions Prior to 14.10.5 and 15.1.1 - Remote Execution Vulnerability (CVE-2022-2185)
998684	CVE-2020-5284	WEB-MISC Next.js Prior to 9.3.2 - Path Traversal Vulnerability (CVE-2020-5284)

本内容的正式版本为英文版。部分 Cloud Software Group 文档内容采用了机器翻译，仅供您参考。Cloud Software Group 无法控制机器翻译的内容，这些内容可能包含错误、不准确或不合适的语言。对于从英文原文翻译成任何其他语言的内容的准确性、可靠性、适用性或正确性，或者您的 Cloud Software Group 产品或服务沿用了任何机器翻译的内容，我们均不作任何明示或暗示的保证，并且适用的最终用户许可协议或服务条款或者与 Cloud Software Group 签订的任何其他协议（产品或服务与已进行机器翻译的任何文档保持一致）下的任何保证均不适用。对于因使用机器翻译的内容而引起的任何损害或问题，Cloud Software Group 不承担任何责任。

这是否有帮助？

签名更新版本 110

October 25, 2023

投稿者:

October 25, 2023

投稿者:

这是否有帮助？