Rule Update
20-044 (08 setembro 2020)
Data de publicação: 08 setembro 2020
Descrição
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache JServ Protocol
1010361* - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)
Database IBM Informix Dynamic Server
1010458 - IBM Informix Dynamic Server Directory Traversal Vulnerability
Directory Server LDAP
1010491 - Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0664)
1010494 - Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0856)
HP Intelligent Management Center (IMC)
1010481* - Apache OFBiz XML-RPC Request Unsafe Deserialization Vulnerability (CVE-2020-9496)
Oracle SQL Net (TNS) Listener
1010475* - Oracle Database Server XML External Entity Injection Vulnerability (CVE-2014-6577)
Trend Micro Deep Security Manager
1010487 - Trend Micro Vulnerability Protection And Deep Security Manager Authentication Bypass Vulnerabilities (CVE-2020-15601 and CVE-2020-15605)
Web Application Common
1010483* - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11200)
1010484* - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11201)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082)
Web Application PHP Based
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
Web Client Common
1010493 - Google Chrome WebGL Use After Free Vulnerability (CVE-2020-6492)
1005676* - Identified Download Of XML File With External Entity Reference
Web Server Apache
1010496 - Apache Struts2 File Upload Denial of Service Vulnerability (CVE-2019-0233)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1010204 - Nagios XI schedulereport.php Command Execution Vulnerability (CVE-2019-20197)
Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability
1010492 - rConfig 'configDevice.php' Cross-Site Scripting Vulnerability (CVE-2020-12259)
Web Server Miscellaneous
1010495 - RichFaces Framework Deserialization Vulnerability (CVE-2013-2165)
1010480 - RichFaces Framework Expression Language Injection Vulnerability (CVE-2018-14667)
Web Server Oracle
1010485* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010478* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
Zoho ManageEngine
1010337* - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache JServ Protocol
1010361* - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)
Database IBM Informix Dynamic Server
1010458 - IBM Informix Dynamic Server Directory Traversal Vulnerability
Directory Server LDAP
1010491 - Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0664)
1010494 - Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0856)
HP Intelligent Management Center (IMC)
1010481* - Apache OFBiz XML-RPC Request Unsafe Deserialization Vulnerability (CVE-2020-9496)
Oracle SQL Net (TNS) Listener
1010475* - Oracle Database Server XML External Entity Injection Vulnerability (CVE-2014-6577)
Trend Micro Deep Security Manager
1010487 - Trend Micro Vulnerability Protection And Deep Security Manager Authentication Bypass Vulnerabilities (CVE-2020-15601 and CVE-2020-15605)
Web Application Common
1010483* - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11200)
1010484* - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11201)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082)
Web Application PHP Based
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
Web Client Common
1010493 - Google Chrome WebGL Use After Free Vulnerability (CVE-2020-6492)
1005676* - Identified Download Of XML File With External Entity Reference
Web Server Apache
1010496 - Apache Struts2 File Upload Denial of Service Vulnerability (CVE-2019-0233)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1010204 - Nagios XI schedulereport.php Command Execution Vulnerability (CVE-2019-20197)
Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability
1010492 - rConfig 'configDevice.php' Cross-Site Scripting Vulnerability (CVE-2020-12259)
Web Server Miscellaneous
1010495 - RichFaces Framework Deserialization Vulnerability (CVE-2013-2165)
1010480 - RichFaces Framework Expression Language Injection Vulnerability (CVE-2018-14667)
Web Server Oracle
1010485* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010478* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
Zoho ManageEngine
1010337* - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.