Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009728 - Jenkins Stapler Web Framework Remote Code Execution Vulnerability (CVE-2018-1000861)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1009717 - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB


Hot Rod Client
1009119 - Red Hat JBoss Data Grid Hot Rod Client Insecure Deserialization (CVE-2017-15089)


Web Application Common
1009700* - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1009315* - ImageMagick 'SetGrayscaleImage' Heap Overflow Vulnerability (CVE-2018-11625) - 1
1009352* - Libxml2 Null Pointer Dereference Vulnerability (CVE-2018-14404) - 1


Web Client Common
1009392 - Microsoft Windows MS XML Remote Code Execution Vulnerability (CVE-2018-8494)
1009714 - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability


Web Server Adobe ColdFusion
1009455 - Adobe ColdFusion CKEditor 'upload.cfm' Directory Traversal Vulnerability (CVE-2018-15960)


Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)


Web Server SAP
1009715 - SAP Gateway 'gw/acl_mode' Command Injection Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Oracle
1009707* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Mail Server Common
1000880* - Detected Format String Vulnerability In SMTP


Mail Server Miscellaneous
1000090* - Detected Format String Vulnerability In IMAP


TFTP Server
1009365* - Microsoft Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (CVE-2018-8476)


Web Application Common
1009700 - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1005934* - Identified Suspicious Command Injection Attack
1009315 - ImageMagick 'SetGrayscaleImage' Heap Overflow Vulnerability (CVE-2018-11625) - 1
1009352 - Libxml2 Null Pointer Dereference Vulnerability (CVE-2018-14404) - 1


Web Application PHP Based
1004998* - PHP-CGI Query String Parameter Vulnerability


Web Client Common
1009473 - GNU Libextractor ZIP File Comment Out-of-Bounds Read Vulnerability (CVE-2018-16430)
1009696 - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835)
1009671 - Google Chrome JSCreateObject Operation Type Confusion Vulnerability (CVE-2018-17463)
1009314 - ImageMagick 'SetGrayscaleImage' Heap Overflow Vulnerability (CVE-2018-11625)
1009351 - Libxml2 Null Pointer Dereference Vulnerability (CVE-2018-14404)
1009702 - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2018-8468)
1009369* - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)


Web Client Internet Explorer/Edge
1009468* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
1009546 - Microsoft Edge Multiple Elevation Of Privilege Vulnerabilities
1009570* - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
1009578* - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0667)


Web Server Apache Tika
1009142* - Apache Tika 'tika-server' Command Injection Vulnerability (CVE-2018-1335)


Web Server Common
1009705 - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)


Web Server Oracle
1009707* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Oracle
1009707 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009511* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)


Message Queuing Server Microsoft
1009623 - Microsoft Windows Message Queuing Buffer Overflow Vulnerability (CVE-2005-0059)


Suspicious Client Application Activity
1008946* - Heuristic Detection Of Suspicious Digital Certificate


Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)


Web Client Common
1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


Web Client Internet Explorer/Edge
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009490* - Block Administrative Share - 1 (ATT&CK T1077,T1105)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)


DHCP Server
1009542* - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


Database PostgreSQL
1009614* - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


Microsoft Office
1009635* - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1105)


Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1015,T1043,T1076)


Trend Micro OfficeScan
1009608* - Trend Micro Apex One And OfficeScan Directory Traversal Vulnerability (CVE-2019-9489)


Web Application Common
1009621 - Identified Directory Traversal Sequence In HTTP Header


Web Application PHP Based
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


Web Application Tomcat
1009697 - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)


Web Client Common
1009555 - Google Chrome Local File Information Disclosure Vulnerability
1005676* - Identified Download Of XML File With External Entity Reference
1009619 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-0614)


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1009561* - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


Web Server IIS HTTPS
1009641 - Microsoft IIS HTTP/2 Setting Frames Denial Of Service Vulnerability (ADV190005)


Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)


Windows Services RPC Server DCERPC
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1050)
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected (ATT&CK T1053)
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected (ATT&CK T1053)


Integrity Monitoring Rules:

1009628 - AppInit DLLs (ATT&CK: T1103)
1009626 - Windows Accessibility Features - ImageFileExecution (ATT&CK: T1015,T1183)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1009646 - Microsoft Office Remote Code Execution Vulnerability (CVE-2019-0801)


Web Client Common
1009663 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-17) - 1
1009666 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-17) - 2
1009662 - Adobe Flash Player Out-of-Bounds Read Vulnerability (CVE-2019-7108)
1009653 - Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2019-0822)
1009647 - Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2019-0803)
1009649 - Microsoft Windows Multiple Security Vulnerabilities (Apr-2019)
1009654 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0862)
1009650 - Microsoft XML Remote Code Execution Vulnerability (CVE-2019-0793)
1009651 - Microsoft XML Remote Code Execution Vulnerability (CVE-2019-0794)


Web Client Internet Explorer/Edge
1009652 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0806)
1009658 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0810)
1009659 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0812)
1009660 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0829)
1009661 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0860)
1009657 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0861)
1009655 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752)
1009656 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0753)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Trend Micro OfficeScan
1009608 - Trend Micro Apex One And OfficeScan Directory Traversal Vulnerability (CVE-2019-9489)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Client
1009597 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0726)


DHCP Server
1009542 - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


Database PostgreSQL
1009614 - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


Kubernetes Web UI (Dashboard)
1009493* - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)


Microsoft Office
1009635 - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


Solr Service
1009601* - Apache Solr Remote Code Execution Vulnerability (CVE-2019-0192)


Suspicious Server Application Activity
1009549 - Detected Terminal Services (RDP) Server Traffic - 1


Unix RPC Services
1009543 - Linux 'rpc.statd' Remote Format String Vulnerability (CVE-2000-0666)


Web Application Common
1009560* - Ghostscript Unauthorized Code Execution Vulnerability (CVE-2019-6116) - 1
1009328* - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1
1009540* - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)
1009553* - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)


Web Application PHP Based
1009617 - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1009631 - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


Web Client Common
1009624 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8394)
1009625 - Microsoft Windows GDI Remote Code Execution Vulnerability (CVE-2018-8397)
1009595 - Microsoft Windows Runtime Elevation Of Privilege Vulnerability (CVE-2019-0570)
1009296 - Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability (CVE-2010-0846)
1009556 - RARLAB WinRAR ACE Directory Traversal Vulnerability (CVE-2018-20251)


Web Client Internet Explorer/Edge
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities


Web Server Apache
1009170* - Apache Server Side Include Cross Site Scripting Vulnerability (CVE-2002-0840)


Web Server Common
1009561 - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


Web Server SharePoint
1009535* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.