Rule Update
20-062 (15 Dezember 2020)
Publish Date: 15 Dezember 2020
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
DCERPC Services - Client
1003123* - Windows Common AVI Parsing Overflow
DNS Client
1010669 - Identified Malicious Domain - SolarWinds
DNS Server
1010633* - Identified DNS Trojan.Linux.Anchor.A Traffic
1010632* - Identified DNS Trojan.Win64.Anchor.A Traffic
Directory Server LDAP
1010667 - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0761)
Dynamics 365 Client Services
1010656* - Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158)
FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service
HP Intelligent Management Center (IMC)
1009962* - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1008969* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Mail Server Over SSL/TLS
1009977* - Exim Mail Server Remote Code Execution Vulnerability (CVE-2019-15846)
Microsoft Office
1010673 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17125)
1010674 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17128)
1010672 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2020-17124)
NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)
Port Mapper RPC
1010606* - Identified Out-Of-Sync RPCSEC_GSS_CONTINUE_INIT RPC Message
Remote Desktop Protocol Server
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
Suspicious Client Application Activity
1010675 - Identified HTTP Backdoor Win32.Beaconsolar.A Runtime Detection
1010676 - Identified HTTP Trojan.MSIL.Sunburst.A Traffic Request
Suspicious Server Application Activity
1010462* - Identified HTTP Drovorub Command And Control Traffic
Trend Micro InterScan Web Security Virtual Appliance
1010665 - Trend Micro InterScan Web Security Virtual Appliance Multiple Security Vulnerabilities
Web Application Common
1009966* - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
1009979* - XStream Library ReflectionConverter Insecure Deserialization Remote Command Execution Vulnerability (CVE-2019-10173) - Server
1010660 - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
Web Application PHP Based
1009545* - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
Web Client Common
1010659 - Adobe Acrobat and Acrobat Reader Information Disclosure Vulnerability (CVE-2020-29075)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1002377* - Microsoft Windows GDI Multiply By Zero Code Execution
1010651 - Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability (CVE-2020-1319)
1010586 - SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability (CVE-2020-6315)
1004956* - VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow Vulnerability
Web Client Internet Explorer/Edge
1010671 - Microsoft Edge Chakra LinearScan Memory Corruption Remote Code Execution Vulnerability (CVE-2020-17131)
1010602* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
Web Server Common
1010650 - SaltStack Salt 'rest_cherrypy' Command Injection Remote Code Execution Vulnerability (CVE-2020-16846)
Web Server HTTPS
1010479* - Identified HTTP Ngioweb Command And Control Traffic
Web Server Miscellaneous
1010662 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14181)
1010649* - Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144)
Web Server Oracle
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
Web Server SharePoint
1009971* - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)
1009974* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295)
1010655* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121)
Zoho ManageEngine
1009957* - Zoho ManageEngine Application Manager Remote Command Execution Vulnerability (CVE-2019-15105)
1009960* - Zoho ManageEngine OpManager Remote Command Execution Vulnerability (CVE-2019-15104)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
DCERPC Services - Client
1003123* - Windows Common AVI Parsing Overflow
DNS Client
1010669 - Identified Malicious Domain - SolarWinds
DNS Server
1010633* - Identified DNS Trojan.Linux.Anchor.A Traffic
1010632* - Identified DNS Trojan.Win64.Anchor.A Traffic
Directory Server LDAP
1010667 - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0761)
Dynamics 365 Client Services
1010656* - Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158)
FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service
HP Intelligent Management Center (IMC)
1009962* - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1008969* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Mail Server Over SSL/TLS
1009977* - Exim Mail Server Remote Code Execution Vulnerability (CVE-2019-15846)
Microsoft Office
1010673 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17125)
1010674 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-17128)
1010672 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2020-17124)
NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)
Port Mapper RPC
1010606* - Identified Out-Of-Sync RPCSEC_GSS_CONTINUE_INIT RPC Message
Remote Desktop Protocol Server
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
Suspicious Client Application Activity
1010675 - Identified HTTP Backdoor Win32.Beaconsolar.A Runtime Detection
1010676 - Identified HTTP Trojan.MSIL.Sunburst.A Traffic Request
Suspicious Server Application Activity
1010462* - Identified HTTP Drovorub Command And Control Traffic
Trend Micro InterScan Web Security Virtual Appliance
1010665 - Trend Micro InterScan Web Security Virtual Appliance Multiple Security Vulnerabilities
Web Application Common
1009966* - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
1009979* - XStream Library ReflectionConverter Insecure Deserialization Remote Command Execution Vulnerability (CVE-2019-10173) - Server
1010660 - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
Web Application PHP Based
1009545* - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
Web Client Common
1010659 - Adobe Acrobat and Acrobat Reader Information Disclosure Vulnerability (CVE-2020-29075)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1002377* - Microsoft Windows GDI Multiply By Zero Code Execution
1010651 - Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability (CVE-2020-1319)
1010586 - SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability (CVE-2020-6315)
1004956* - VideoLAN VLC Media Player MMS Plugin Stack Buffer Overflow Vulnerability
Web Client Internet Explorer/Edge
1010671 - Microsoft Edge Chakra LinearScan Memory Corruption Remote Code Execution Vulnerability (CVE-2020-17131)
1010602* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
Web Server Common
1010650 - SaltStack Salt 'rest_cherrypy' Command Injection Remote Code Execution Vulnerability (CVE-2020-16846)
Web Server HTTPS
1010479* - Identified HTTP Ngioweb Command And Control Traffic
Web Server Miscellaneous
1010662 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14181)
1010649* - Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144)
Web Server Oracle
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
Web Server SharePoint
1009971* - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)
1009974* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295)
1010655* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121)
Zoho ManageEngine
1009957* - Zoho ManageEngine Application Manager Remote Command Execution Vulnerability (CVE-2019-15105)
1009960* - Zoho ManageEngine OpManager Remote Command Execution Vulnerability (CVE-2019-15104)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.