rule Update
20-030 (30 de junio de 2020)
Publish date: 30 de junio de 2020
Descripción
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache JServ Protocol
1010361 - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)
1010184* - Identified Apache JServ Protocol (AJP) Traffic
DCERPC Services
1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)
MQTT Server
1010357 - Eclipse Mosquitto Improper Authentication Vulnerability (CVE-2017-7650)
Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1015,T1043,T1076,T1048,T1032,T1071)
Universal Plug And Play Service
1010358 - Identified CallStranger Vulnerability in UPNP Devices (CVE-2020-12695)
Unix SSH
1008313* - Identified Many SSH Client Key Exchange Requests (ATT&CK T1110)
Web Application Common
1010252 - Sonatype Nexus Repository Manager Stored Cross-Site Scripting Vulnerability (CVE-2020-10203)
Web Client Mozilla Firefox
1010355 - Mozilla Firefox Memory Corruption Vulnerability (CVE-2017-5400)
1010356 - Mozilla Firefox Sensitive Information Disclosure Vulnerability (CVE-2017-5407)
Web Server Common
1005728* - Parameter Value Length Restriction
1010362 - VMware Cloud Director Code Injection Vulnerability (CVE-2020-3956)
1010366 - vBulletin 'widgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2019-16759)
Windows Remote Management Client
1010073* - WinRM Service Detected & Powershell RCE Over HTTP - Client (ATT&CK T1028)
Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)
Integrity Monitoring Rules:
1002859* - Local Security Authority (LSA) Authentication Packages modified (ATT&CK T1174)
1010353 - Local Security Authority (LSA) Notification Packages modified (ATT&CK T1131)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache JServ Protocol
1010361 - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)
1010184* - Identified Apache JServ Protocol (AJP) Traffic
DCERPC Services
1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)
MQTT Server
1010357 - Eclipse Mosquitto Improper Authentication Vulnerability (CVE-2017-7650)
Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1015,T1043,T1076,T1048,T1032,T1071)
Universal Plug And Play Service
1010358 - Identified CallStranger Vulnerability in UPNP Devices (CVE-2020-12695)
Unix SSH
1008313* - Identified Many SSH Client Key Exchange Requests (ATT&CK T1110)
Web Application Common
1010252 - Sonatype Nexus Repository Manager Stored Cross-Site Scripting Vulnerability (CVE-2020-10203)
Web Client Mozilla Firefox
1010355 - Mozilla Firefox Memory Corruption Vulnerability (CVE-2017-5400)
1010356 - Mozilla Firefox Sensitive Information Disclosure Vulnerability (CVE-2017-5407)
Web Server Common
1005728* - Parameter Value Length Restriction
1010362 - VMware Cloud Director Code Injection Vulnerability (CVE-2020-3956)
1010366 - vBulletin 'widgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2019-16759)
Windows Remote Management Client
1010073* - WinRM Service Detected & Powershell RCE Over HTTP - Client (ATT&CK T1028)
Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)
Integrity Monitoring Rules:
1002859* - Local Security Authority (LSA) Authentication Packages modified (ATT&CK T1174)
1010353 - Local Security Authority (LSA) Notification Packages modified (ATT&CK T1131)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.