Rule Update
20-056 (03 November 2020)
Publish Date: 03 November 2020
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1010577* - ISC BIND TSIG Authentication Bypass Vulnerability (CVE-2017-3143)
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Suspicious Client Ransomware Activity
1010597 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)
Web Client Common
1010520 - FasterXML jackson-databind Remote Code Execution Vulnerability (CVE-2020-9547 & CVE-2020-9548)
1010584* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over HTTP (CVE-2020-15999)
1009823* - Microsoft Windows ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888)
1010505* - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-1074)
Web Client Internet Explorer/Edge
1009570* - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
Web Server Common
1010578* - MobileIron MDM Remote Code Execution Vulnerability (CVE-2020-15505)
1010560* - Yaws Web Server XML External Entity Injection Vulnerability (CVE-2020-24379)
Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
Web Server Oracle
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
Web Server SharePoint
1010573* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-16952)
Zoho ManageEngine
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010558 - Auditd - Mitre ATT&CK TA0005: Defense Evasion
1010582 - Auditd - Mitre ATT&CK TA0008: Lateral Movement
Deep Packet Inspection Rules:
DNS Server
1010577* - ISC BIND TSIG Authentication Bypass Vulnerability (CVE-2017-3143)
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Suspicious Client Ransomware Activity
1010597 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)
Web Client Common
1010520 - FasterXML jackson-databind Remote Code Execution Vulnerability (CVE-2020-9547 & CVE-2020-9548)
1010584* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over HTTP (CVE-2020-15999)
1009823* - Microsoft Windows ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888)
1010505* - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-1074)
Web Client Internet Explorer/Edge
1009570* - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
Web Server Common
1010578* - MobileIron MDM Remote Code Execution Vulnerability (CVE-2020-15505)
1010560* - Yaws Web Server XML External Entity Injection Vulnerability (CVE-2020-24379)
Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
Web Server Oracle
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
Web Server SharePoint
1010573* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-16952)
Zoho ManageEngine
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010558 - Auditd - Mitre ATT&CK TA0005: Defense Evasion
1010582 - Auditd - Mitre ATT&CK TA0008: Lateral Movement