Deep Security

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Common
    1011442 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)


    Web Server Miscellaneous
    1011456 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011455 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    CentOS Web Panel
    1011441 - CentOS Web Panel 'ajax_dashboard' SQL Injection Vulnerability (CVE-2020-15626)
    1011437 - CentOS Web Panel Multiple SQL Injection Vulnerabilities


    DCERPC Services - Client
    1011436 - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2022-26809)


    Web Application Common
    1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)


    Web Application PHP Based
    1011435 - ThinkCMF Remote Code Execution Vulnerability
    1011439 - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)


    Web Server Miscellaneous
    1011440 - Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)


    Zoho ManageEngine Applications Manager
    1010698* - Zoho ManageEngine Applications Manager 'showMonitorGroupView' SQL Injection Vulnerability
    1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
    1011062* - Zoho ManageEngine Applications Manager Cross Site Scripting Vulnerability (CVE-2021-31813)
    1010903* - Zoho ManageEngine Applications Manager Custom Monitor Type SQL Injection Vulnerability
    1010109* - Zoho ManageEngine Applications Manager MASRequestProcessor 'serverID' SQL Injection Vulnerability
    1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
    1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)
    1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
    1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
    1011012* - Zoho ManageEngine Applications Manager URL Monitor SQL Injection Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Apache Kylin
    1011418 - Apache Kylin REST API Admin Configuration Information Disclosure Vulnerability (CVE-2020-13937)


    Atlassian Bitbucket
    1011432 - Atlassian Bitbucket Data Center Server Java Deserialization Vulnerability (CVE-2022-26133)


    Oracle E-Business Suite Web Interface
    1011429 - Oracle E-Business Suite 'iesfootprint' SQL Injection Vulnerability (CVE-2017-3549)


    SAP BusinessObjects Business Intelligence
    1011428 - SAP BusinessObjects Business Intelligence XXE Injection Vulnerability (CVE-2022-28213)


    SSL Client Applications
    1001113* - SSL/TLS Client (ATT&CK T1573.002, T1071.001)


    SolarWinds Network Performance Monitor
    1011417* - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)


    Suspicious Client Application Activity
    1003462* - Detected Web Client Traffic


    Web Application Common
    1010635* - Jenkins Groovy Plugin Sandbox Bypass Multiple Vulnerabilities


    Web Application PHP Based
    1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
    1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
    1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
    1010546* - GNUBoard Local/Remote File Inclusion Vulnerability (CVE-2009-0290)
    1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
    1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
    1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
    1009970* - PHP EXIF Parsing Heap Overflow Vulnerability (CVE-2019-11041 and CVE-2019-11042)
    1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
    1010037* - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
    1005671* - PHP SSL Module "subjectAltNames" NULL Byte Handling Security Vulnerability
    1005529* - Parallels Plesk Remote PHP Command Execution Vulnerability
    1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
    1011426 - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
    1011431 - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
    1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
    1011433 - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)


    Web Server Miscellaneous
    1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)


    Zoho ManageEngine
    1011427 - Zoho ManageEngine Multiple Products Information Disclosure Vulnerability (CVE-2022-29457)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    SolarWinds Network Performance Monitor
    1011417 - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)


    Web Application PHP Based
    1011425 - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
    1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
    1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
    1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
    1011423 - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)


    Web Client Common
    1011398* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
    1011397* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
    1011415* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3


    Web Server Adobe ColdFusion
    1011422* - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)


    Web Server Common
    1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)


    Zoho ManageEngine
    1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)


    Zoho ManageEngine ADSelfService Plus
    1011412* - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Kerberos KDC Server
    1011421 - Identified Kerberos Authentication with Spoofed Certificate


    Redis Server
    1011402* - Redis Remote Code Execution Vulnerability (CVE-2022-0543)


    Suspicious Client Application Activity
    1003462* - Detected Web Client Traffic


    Veeam Distribution Service
    1011408* - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)


    Web Application PHP Based
    1011416 - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
    1011411 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
    1011419 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
    1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
    1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
    1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
    1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)


    Web Server Adobe ColdFusion
    1011422 - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)


    Web Server Common
    1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)


    Web Server HTTPS
    1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerabilities (CVE-2021-22986 and CVE-2022-1388)
    1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)


    Web Server Oracle
    1011413* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1


    Zoho ManageEngine
    1011420 - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)


    Zoho ManageEngine ADSelfService Plus
    1011412 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011360* - Microsoft Windows WMI Events
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Redis Server
    1011402 - Redis Remote Code Execution Vulnerability (CVE-2022-0543)


    Veeam Distribution Service
    1011408 - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)


    Web Application PHP Based
    1011405 - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
    1011409 - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
    1011410 - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
    1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
    1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
    1011407 - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
    1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)


    Web Client Common
    1011415 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3


    Web Server Common
    1011414 - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)


    Web Server HTTPS
    1011395* - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
    1011406 - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)


    Web Server Miscellaneous
    1011403 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)
    1011396* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)


    Web Server Oracle
    1011413 - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)


    MySQL Cluster
    1011222* - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)


    MySQL Cluster NDBD
    1011362* - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
    1011389* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
    1011391* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
    1011385* - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)
    1011390* - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)


    SolarWinds Network Performance Monitor
    1011384* - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)


    Web Application Common
    1000552* - Generic Cross Site Scripting(XSS) Prevention
    1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerabilities (CVE-2019-1003029 and CVE-2019-1003030)
    1011381* - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)


    Web Application PHP Based
    1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
    1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
    1011400 - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
    1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
    1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
    1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
    1011404 - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
    1011401 - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)


    Web Client Common
    1009919* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
    1011398 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
    1011397 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2


    Web Client VNC
    1011373* - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)


    Web Server Common
    1011343* - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
    1011377* - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
    1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)


    Web Server HTTPS
    1011395 - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)


    Web Server Miscellaneous
    1011396 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
    1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Database Microsoft SQL
    1000917* - Restrict Microsoft SQL Server XP_CMDSHELL Procedure


    MySQL Cluster NDBD
    1011389 - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
    1011391 - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
    1011390 - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)


    SolarWinds Network Performance Monitor
    1011384 - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)


    Web Application Common
    1005402* - Identified Suspicious User Agent In HTTP Request


    Web Application PHP Based
    1011392 - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
    1011388 - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
    1011393 - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)


    Web Application Tomcat
    1011322* - Laravel Deserialization Remote Code Execution Vulnerability (CVE-2021-3129)


    Web Client Common
    1011394 - Foxit Reader Use After Free Vulnerability (CVE-2018-17705)


    Web Client VNC
    1011373 - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)


    Web Server Common
    1011343 - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
    1011377 - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)


    Web Server Miscellaneous
    1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)


    Web Server Oracle
    1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    MySQL Cluster
    1011222 - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)


    MySQL Cluster NDBD
    1011362 - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
    1011385 - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)


    Web Application Common
    1011364* - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-0819)
    1011381 - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)


    Web Application PHP Based
    1011386 - Identified WordPress 'Error Log Viewer' Plugin File Clearing Request
    1011380 - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
    1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
    1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
    1011387 - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
    1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)


    Web Client Common
    1011383 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0289)


    Web Server Common
    1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
    1011372* - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)


    Web Server Miscellaneous
    1011378 - Eclipse Jetty Unauthenticated Information Disclosure Vulnerability (CVE-2021-28169)
    1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    OpenSSL Client
    1011370 - OpenSSL Client Denial Of Service Vulnerability (CVE-2022-0778)


    Web Application Common
    1011364 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-0819)


    Web Application PHP Based
    1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
    1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
    1011356 - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
    1011353 - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
    1011375 - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
    1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
    1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)


    Web Client Common
    1011367 - Chromium Based Browsers Incorrect Authorization Vulnerability (CVE-2022-0309)
    1011368 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0297)
    1011374 - Chromium Use After Free Vulnerability (CVE-2022-0609)


    Web Client Mozilla Firefox
    1011361 - Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability (CVE-2022-26381)


    Web Server Common
    1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
    1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
    1011344* - BMC Track-It Unrestricted File Upload Remote Code Execution Vulnerability (CVE-2021-35002)
    1010175* - Cross-Site Scripting (XSS) Decoder
    1011372* - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)
    1010721* - VMware Multiple Products Command Injection Vulnerability (CVE-2020-4006)


    Web Server Miscellaneous
    1011376 - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1002831* - Unix - Syslog