Rule Update
20-001 (07 Januar 2020)
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Solr RMI
1010116 - Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409)
DCERPC Services - Client
1010106* - Identify Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1086)
DNS Client
1010067* - PHP 'dns_get_record' Buffer Overflow Vulnerability (CVE-2019-9022)
DNS Server
1010118 - ISC BIND 'EDNS0' Key-Tag Memory Leak Denial Of Service Vulnerability (CVE-2018-5744)
Oracle E-Business Suite Web Interface
1010117* - Oracle E-Business Suite General Ledger SQL Injection Vulnerability (CVE-2019-2638)
Trend Micro OfficeScan
1010039* - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)
TurboVNC Server
1010079* - TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability (CVE-2019-15683)
Web Application Common
1010119 - Libexpat XML Parsing Heap Based Buffer Over-Read Vulnerability (CVE-2019-15903) - Server
1010107* - rConfig 'devices.inc.php' SQL Injection Vulnerability (CVE-2019-19207)
Web Application PHP Based
1010112* - PHP Type Confusion Infoleak Vulnerability (CVE-2015-4599)
Web Client Common
1009921* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6
Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
Web Server IIS
1010115* - Microsoft Windows WebDAV Path Parsing Command Injection Remote Code Execution Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2
Deep Packet Inspection Rules:
Apache Solr RMI
1010116 - Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409)
DCERPC Services - Client
1010106* - Identify Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1086)
DNS Client
1010067* - PHP 'dns_get_record' Buffer Overflow Vulnerability (CVE-2019-9022)
DNS Server
1010118 - ISC BIND 'EDNS0' Key-Tag Memory Leak Denial Of Service Vulnerability (CVE-2018-5744)
Oracle E-Business Suite Web Interface
1010117* - Oracle E-Business Suite General Ledger SQL Injection Vulnerability (CVE-2019-2638)
Trend Micro OfficeScan
1010039* - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)
TurboVNC Server
1010079* - TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability (CVE-2019-15683)
Web Application Common
1010119 - Libexpat XML Parsing Heap Based Buffer Over-Read Vulnerability (CVE-2019-15903) - Server
1010107* - rConfig 'devices.inc.php' SQL Injection Vulnerability (CVE-2019-19207)
Web Application PHP Based
1010112* - PHP Type Confusion Infoleak Vulnerability (CVE-2015-4599)
Web Client Common
1009921* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6
Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
Web Server IIS
1010115* - Microsoft Windows WebDAV Path Parsing Command Injection Remote Code Execution Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2