Deep Security

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008422 - Detected SMBv1 Request


    DCERPC Services - Client
    1008423 - Detected SMBv1 Response


    Database MySQL
    1008330 - MySQL Denial Of Service Vulnerability (CVE-2017-3599)


    HP Intelligent Management Center (IMC)
    1008329 - HP Intelligent Management Center RedirectServlet 'parafile' Directory Traversal Vulnerability


    OpenSSL
    1008270 - OpenSSL ChaCha20/Poly1305 Cipher Suite Heap Buffer Overflow Vulnerability (CVE-2016-7054)


    Unix Samba
    1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)


    Web Application Common
    1008318* - CPanel Cgiemail And Cgiecho Format String Vulnerability (CVE-2017-5613)


    Web Application PHP Based
    1008411 - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability


    Web Proxy Squid
    1008111 - Squid HTTP Response Denial Of Service Vulnerability


    Web Server Common
    1008397 - Identified Directory Traversal Attack In HTTP Request Headers


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008390 - FTP Server - CompleteFTP
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Intelligent Management Center (IMC)
    1008296 - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability


    Mail Server Lotus Domino
    1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability


    Microsoft Office
    1004853* - Identified Suspicious Microsoft Office Files With Embedded Font


    Suspicious Client Ransomware Activity
    1007534* - Ransomware Crydap
    1007709* - Ransomware MadLocker
    1007706* - Ransomware Network Traffic - 3


    Unix Samba
    1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)


    Web Application Common
    1007170* - Identified Suspicious China Chopper Webshell Communication


    Web Application PHP Based
    1008391 - PHPMailer Remote Code Execution Vulnerability


    Web Client Common
    1008049* - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1


    Web Client Internet Explorer/Edge
    1008216* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)


    Web Server MDaemon Web Mail
    1008311* - MDaemon WorldClient Remote Code Execution Vulnerability


    Web Server Oracle
    1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
    1008094* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008420 - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)


    Intel AMT
    1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)


    Microsoft Office
    1008375 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)


    Unix RPC Services
    1008371 - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)


    Web Client Common
    1008185* - Identified Suspicious Obfuscated PDF Document
    1008253* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)


    Web Client Internet Explorer/Edge
    1008291* - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
    1008209* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
    1008173* - Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)


    Web Server Common
    1000473* - Parameter Name Length Restriction


    Integrity Monitoring Rules:

    1008385* - Ransomware - WannaCry


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
    1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
    1008179 - Restrict File Extensions For Rename Activity Over Network Share


    DCERPC Services - Client
    1008328* - Identified Client Suspicious SMB Session
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


    HP Intelligent Management Center (IMC)
    1008299* - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability


    Intel AMT
    1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)


    Mail Server Lotus Domino
    1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability


    NNTP Client Microsoft Outlook Express
    1000780* - Microsoft Outlook Express NNTP Response Parsing Buffer Overflow


    Sun Solaris RPC Services
    1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)


    Web Application Common
    1008261* - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)


    Web Application PHP Based
    1008322* - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)


    Web Client Common
    1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
    1008376 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-15)


    Web Server MDaemon Web Mail
    1008311 - MDaemon WorldClient Remote Code Execution Vulnerability


    Web Server Squid
    1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability


    Integrity Monitoring Rules:

    1008385 - Ransomware - WannaCry


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Server
    1008332* - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008327* - Identified Server Suspicious SMB Session
    1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability


    DNS Server
    1008332 - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)


    Intel AMT
    1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)


    Suspicious Client Ransomware Activity
    1007601* - Ransomware TCP Request


    Unix SSH
    1008313 - Identified Many SSH Client Key Exchange Requests


    Web Application PHP Based
    1008368 - Identified Suspicious Host Header In WordPress Reset Password Request
    1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability


    Web Application Tomcat
    1005972* - Apache Tomcat Denial Of Service Vulnerability (CVE-2013-4322)


    Web Client Common
    1008262 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773) - 1
    1008370 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290)
    1008319 - Microsoft Windows Information Disclosure Vulnerability (CVE-2017-0058)
    1008341 - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
    1008106 - Oracle Java MethodHandle Remote Code Execution Vulnerability (CVE-2016-3587)


    Web Client Internet Explorer/Edge
    1008333 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221)
    1008334 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
    1008339 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
    1008331 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266)
    1008336 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
    1008337 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
    1008335 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
    1008338 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
    1008367 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064)


    Web Server Apache
    1008134 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785)
    1003536* - Apache mod_dav svn Remote Denial Of Service


    Web Server IIS
    1006154* - IIS MX_STATS_LogLine NSIISlog.DLL Buffer Overflow Vulnerability
    1008266* - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)


    Web Server Oracle
    1008317 - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
    1008094 - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008327 - Identified Server Suspicious SMB Session
    1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)


    DCERPC Services - Client
    1008328 - Identified Client Suspicious SMB Session


    DNS Server
    1008188* - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)


    Directory Server LDAP
    1008278* - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)


    HP Intelligent Management Center (IMC)
    1008299 - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability


    HP OpenView
    1008256* - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)


    Web Application Common
    1008205* - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
    1008190* - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)


    Web Application PHP Based
    1008143* - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
    1008322 - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
    1008146* - WordPress UserPro Plugin Remote File Upload Vulnerability


    Web Application Ruby Based
    1008181* - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)


    Web Client Common
    1007965* - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
    1008298 - Adobe Reader DC XObject stream Use After Free Remote Code Execution Vulnerability (CVE-2016-6938)
    1008274* - Microsoft Windows Multiple Security Vulnerabilities (April-2017)


    Web Client Internet Explorer/Edge
    1008162 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0046)


    Web Server Miscellaneous
    1008130* - Oracle Application Testing Suite Multiple Security Vulnerabilities
    1008142* - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)


    Web Server Oracle
    1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Mail Server Lotus Domino
    1008310 - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability


    Mail Server Sendmail
    1000368* - Sendmail SMTP Header And Command Buffer Overflow


    Port Mapper Service Common
    1008315 - Sun Solaris RPC Service PortMapper Decoder


    Sun Solaris RPC Services
    1008314 - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)


    Web Application Common
    1008318 - CPanel Cgiemail And Cgiecho Format String Vulnerability (CVE-2017-5613)


    Web Client Common
    1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3


    Web Media Applications
    1002451* - YouTube


    Web Server IIS
    1008312 - Microsoft IIS WebDAV Remote Code Execution Vulnerability


    Integrity Monitoring Rules:

    1008257 - Microsoft Windows - USB Storage Device Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1000735* - Microsoft Windows Server Service Remote Code Execution


    DCERPC Services - Client
    1008300 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)


    Web Application Common
    1006256* - GNU Bash Remote Code Execution Vulnerability
    1008261 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)


    Web Client Common
    1008308 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 1
    1008304 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 2
    1008309 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
    1008301 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2017-3013)
    1008302 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-10)
    1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution
    1008269 - Microsoft Windows NDISAPI Driver Elevation Of Privilege Vulnerability (CVE-2011-1974)
    1008234* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
    1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
    1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object


    Web Client Internet Explorer/Edge
    1008212* - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.