Rule Update
21-009 (02 März 2021)
Publish Date: 02 März 2021
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1010744* - DNS Request To Ngrok Domain Detected
Directory Server LDAP
1010820 - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
1010799* - OpenLDAP Slapd Search Parsing Integer Underflow Vulnerability (CVE-2020-36228)
FTP Server IIS
1010797* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over FTP (CVE-2020-28001)
SAP NetWeaver Java Application Server
1010816 - Identified SAP Solution Manager Security Software Discovery Over HTTP (ATT&CK T1518.001)
1010822 - Identified SAP Solution Manager Tool Transfer Over HTTP (ATT&CK T1105, T1570)
SSL Client
1010410* - OpenSSL Large DH Parameter Denial Of Service Vulnerability (CVE-2018-0732)
SolarWinds Orion Platform
1010810 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Trend Micro OfficeScan
1010780 - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
Web Application Common
1010818 - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Web Client Common
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1001933* - Identified Suspicious Usage Of Shellcode For Client
Web Server Common
1010796* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-25646)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
1010801 - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
1010761* - PRTG Network Monitor Command Injection Vulnerability (CVE-2018-9276)
1010804* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over HTTP (CVE-2020-28001)
Web Server HTTPS
1010850 - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
Zoho ManageEngine
1010811 - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003613* - DHCP Server - Microsoft Windows
1003447* - Web Server - Apache
Deep Packet Inspection Rules:
DNS Client
1010744* - DNS Request To Ngrok Domain Detected
Directory Server LDAP
1010820 - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
1010799* - OpenLDAP Slapd Search Parsing Integer Underflow Vulnerability (CVE-2020-36228)
FTP Server IIS
1010797* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over FTP (CVE-2020-28001)
SAP NetWeaver Java Application Server
1010816 - Identified SAP Solution Manager Security Software Discovery Over HTTP (ATT&CK T1518.001)
1010822 - Identified SAP Solution Manager Tool Transfer Over HTTP (ATT&CK T1105, T1570)
SSL Client
1010410* - OpenSSL Large DH Parameter Denial Of Service Vulnerability (CVE-2018-0732)
SolarWinds Orion Platform
1010810 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Trend Micro OfficeScan
1010780 - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
Web Application Common
1010818 - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Web Client Common
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1001933* - Identified Suspicious Usage Of Shellcode For Client
Web Server Common
1010796* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-25646)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
1010801 - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
1010761* - PRTG Network Monitor Command Injection Vulnerability (CVE-2018-9276)
1010804* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over HTTP (CVE-2020-28001)
Web Server HTTPS
1010850 - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
Zoho ManageEngine
1010811 - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003613* - DHCP Server - Microsoft Windows
1003447* - Web Server - Apache