Cloud One Workload Security and Deep Security Center

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Network Automation
    1008676 - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)


    Microsoft Office
    1008716* - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
    1008746* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


    SSL Client
    1008533 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Client


    SSL/TLS Server
    1008534 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server


    Suspicious Client Application Activity
    1008756 - Identified Potentially Malicious RAT Traffic - VII


    Web Application PHP Based
    1008626 - Drupal Services Module Remote Code Execution Vulnerability


    Web Client Common
    1008735* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5


    Web Client Internet Explorer/Edge
    1008701* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)


    Web Server Oracle
    1008688 - Oracle Identity Manager Default Account Vulnerability (CVE-2017-10151)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008660 - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)


    Microsoft Office
    1008746 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


    OpenSSL
    1008715 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server


    OpenSSL Client
    1008714 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client


    Solr Service
    1008691 - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)


    Web Application PHP Based
    1008548 - PHP Session Data Injection Vulnerability (CVE-2016-7125)


    Web Client Common
    1008739 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
    1008744 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 2
    1008743 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
    1008745 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
    1008735 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
    1008736 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
    1008740 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
    1008738 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)


    Web Server Miscellaneous
    1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Asterisk Server IAX2
    1008467* - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


    DHCPv6 Server
    1008651* - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


    DNS Client
    1008650* - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


    HP Intelligent Management Center WSM iNode
    1008551* - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


    Microsoft Office
    1008695 - Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854)


    Remote Desktop Protocol Server
    1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request


    SSL/TLS Server
    1008553* - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


    Unix Kerberos
    1008561 - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
    1008473* - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


    VoIP Smart
    1008466* - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


    Web Application Common
    1008530* - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


    Web Client Common
    1008538* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
    1004133* - Heuristic Detection Of Malicious PDF Documents
    1008716 - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
    1008630 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8631)
    1008708 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-11847)


    Web Client Internet Explorer/Edge
    1008710 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845)
    1008704 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
    1008705 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841)
    1008701 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)
    1008706 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
    1008696 - Microsoft Internet Explorer And Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-11791)
    1008700 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837)
    1008707 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843)
    1008712 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846)
    1008699 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858)
    1008697 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
    1008698 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856)
    1008703 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869)


    Web Proxy Apache
    1006244* - Apache HTTP Server 'mod_cache' Module Remote Denial Of Service Vulnerability


    Web Server Apache
    1008556* - Apache Continuum Arbitrary Command Execution Vulnerability
    1008683 - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)


    Web Server SAP
    1008615* - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


    Integrity Monitoring Rules:

    1006683* - TMTR-0016: Suspicious Running Processes Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007114* - Portable Executable File Uploaded On SMB Share


    HP Intelligent Management Center WSM iNode
    1008551 - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


    Microsoft Office
    1008375* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)


    SSL Client
    1008552 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Client


    SSL/TLS Server
    1008553 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


    Symantec Messaging Gateway
    1005286* - Symantec Messaging Gateway Arbitrary File Download Vulnerability


    Unix Kerberos
    1008473 - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


    Web Client Internet Explorer/Edge
    1008680 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8653)


    Web Server SAP
    1008615 - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1001852* - Identified Attempt To Brute Force Windows Login Credentials
    1008679 - Identified BADRABBIT Ransomware Propagation Over SMB


    Web Client Common
    1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
    1008678 - Identified BADRABBIT Ransomware Download Over HTTP
    1008634* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
    1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)


    Web Client Internet Explorer/Edge
    1008671 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802)


    Integrity Monitoring Rules:

    1008684 - Ransomware - BADRABBIT


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1008530 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


    Web Client Common
    1008645 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2017-11227)
    1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
    1008667* - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
    1008529 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640)


    Web Server Apache
    1008556 - Apache Continuum Arbitrary Command Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Asterisk Server IAX2
    1008467 - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


    DHCPv6 Server
    1008651 - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


    DNS Client
    1008650 - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


    HP Intelligent Management Center IMC Syslog Daemon
    1008505* - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


    Microsoft Office
    1008661 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)
    1008629 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8744)


    VoIP Smart
    1008466 - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


    Web Application Common
    1008606* - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


    Web Client Common
    1008667 - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
    1008655 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717)
    1008656 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718)


    Web Client Internet Explorer/Edge
    1008657 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-11794)
    1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)


    Web Server Apache
    1008127* - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)


    Web Server IIS
    1004398* - Request Header Buffer Overflow Vulnerability


    Web Server Miscellaneous
    1008620* - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Backup Server Veritas
    1008584* - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


    HP Intelligent Management Center Dbman
    1008506* - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


    Suspicious Server Ransomware Activity
    1007580* - Ransomware HTTP Request-1


    Web Application Common
    1008587* - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
    1008510* - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1
    1008608* - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


    Web Client Common
    1008478* - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
    1008623 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)
    1008628 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8743)
    1008634 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
    1008643 - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
    1008627 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8692)
    1008592* - Microsoft Windows Win32k Graphics Multiple Security Vulnerabilities (Sep-2017)
    1008642 - Microsoft Windows Win32k Multiple Elevation Of Privilege Vulnerabilities (October-2017)


    Web Client Internet Explorer/Edge
    1008595* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
    1008637 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798)
    1008638 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800)
    1008586 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657)
    1008631 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8661)
    1008624 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8729)
    1008597* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
    1008625 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8740)
    1008640 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822)
    1008636 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
    1008639 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)
    1008635 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)


    Web Server Apache
    1008127 - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)
    1008618* - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


    Web Server Common
    1008621* - Disallow Upload Of A JSP File


    Web Server Miscellaneous
    1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
    1005528* - Identified Apache Struts Allow Direct Member Access Method In HTTP Request


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Intelligent Management Center IMC Syslog Daemon
    1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


    Suspicious Client Application Activity
    1005294* - TMTR-0004: GHOST RAT HTTP Request


    Web Application Common
    1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


    Web Client Common
    1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
    1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
    1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
    1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
    1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


    Web Client Mozilla Firefox
    1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)


    Web Server IIS
    1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)


    Web Server Miscellaneous
    1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


    Integrity Monitoring Rules:

    1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
    1004950* - Microsoft Visual Studio - New Add-In Created
    1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Intelligent Management Center Dbman
    1004677* - HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
    1008506 - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


    Web Application Common
    1008587 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
    1008608 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


    Web Client Common
    1008576 - Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2017-3040)
    1008588 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252)
    1008609 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531)
    1008258 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-039)
    1008602* - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
    1008617 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2017-0293)
    1008263 - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0099)
    1007559* - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0135)
    1008196 - Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (CVE-2016-0051)


    Web Client Internet Explorer/Edge
    1008565 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8646)
    1008563* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)


    Web Server Apache
    1008618 - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


    Web Server Common
    1008621 - Disallow Upload Of A JSP File


    Web Server Miscellaneous
    1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request


    Integrity Monitoring Rules:

    1005041* - Malware - Suspicious Microsoft Windows Files Detected
    1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.