Rule Update
21-052 (23 November 2021)
Publish Date: 23 November 2021
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
SolarWinds Network Performance Monitor
1011205* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
1011203* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)
Web Application Common
1009222* - Identified Directory Traversal Sequence In Zip Archive
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
Web Client Common
1010619* - Adobe Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2020-24426)
1011211 - Microsoft Visual Studio Code 'Maven for Java' Extension Remote Code Execution Vulnerability (CVE-2021-28472)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
Web Server HTTPS
1011207* - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
1011204* - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
1011216 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)
Zoho ManageEngine ADSelfService Plus
1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
SolarWinds Network Performance Monitor
1011205* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
1011203* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)
Web Application Common
1009222* - Identified Directory Traversal Sequence In Zip Archive
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
Web Client Common
1010619* - Adobe Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2020-24426)
1011211 - Microsoft Visual Studio Code 'Maven for Java' Extension Remote Code Execution Vulnerability (CVE-2021-28472)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
Web Server HTTPS
1011207* - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
1011204* - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
1011216 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)
Zoho ManageEngine ADSelfService Plus
1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3