Cloud One Workload Security and Deep Security Updates

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Common
    1011242 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011241 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1011171* - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)


    Web Application PHP Based
    1010488* - Identified WordPress Database Reset Attempt
    1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
    1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
    1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
    1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
    1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
    1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
    1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
    1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
    1011047* - WordPress 'Modern Events Calendar' Plugin Remote Code Execution Vulnerability (CVE-2021-24145)
    1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
    1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
    1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
    1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
    1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
    1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
    1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
    1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
    1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
    1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
    1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
    1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
    1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
    1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
    1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
    1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)


    Web Application Ruby Based
    1011231 - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)


    Web Client Common
    1011225 - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
    1011223 - Microsoft Teams amsVideo Cross Site Scripting Vulnerability (ZDI-CAN-13482)


    Web Proxy Squid
    1011213* - Squid Proxy Denial Of Service Vulnerability (CVE-2021-33620)
    1011215* - Squid Proxy Denial of Service Vulnerability (CVE-2021-28662)


    Web Server Apache
    1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server Common
    1011227 - Apache Druid Arbitrary File Read Vulnerability (CVE-2021-36749)


    Web Server HTTPS
    1011235 - Microsoft Exchange Server Reflected Cross-Site Scripting Vulnerability (CVE-2021-41349)
    1011232 - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


    Web Server Miscellaneous
    1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
    1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)


    Web Server SharePoint
    1011233 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-40487)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)


    DNS Client
    1011122* - Zoom Client Marketplace Information Disclosure Vulnerability (ZDI-CAN-13616)


    Web Client Common
    1011217 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40725)
    1011219 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40726)


    Web Proxy Squid
    1011213 - Squid Proxy Denial Of Service Vulnerability (CVE-2021-33620)
    1011215 - Squid Proxy Denial of Service Vulnerability (CVE-2021-28662)


    Web Server HTTPS
    1011216* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)
    1011214 - VMware vCenter Server Information Disclosure Vulnerability (CVE-2021-21985)
    1011220 - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
    1011209 - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share


    SolarWinds Network Performance Monitor
    1011205* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
    1011203* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)


    Web Application Common
    1009222* - Identified Directory Traversal Sequence In Zip Archive
    1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)


    Web Client Common
    1010619* - Adobe Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2020-24426)
    1011211 - Microsoft Visual Studio Code 'Maven for Java' Extension Remote Code Execution Vulnerability (CVE-2021-28472)


    Web Server Common
    1006540* - Enable X-Forwarded-For HTTP Header Logging
    1008581* - Identified Suspicious IP Addresses In XFF HTTP Header


    Web Server HTTPS
    1011207* - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
    1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
    1011204* - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
    1011216 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)


    Zoho ManageEngine ADSelfService Plus
    1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    There are no new or updated Deep Packet Inspection Rules in this Security Update.


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1011037 - Identified Remote System Discovery Over SMB - 1 (ATT&CK T1018)
    1011027 - Identified Session Enumeration Request Over SMB (ATT&CK T1049)


    Microsoft Office
    1011208 - Microsoft Access Remote Code Execution Vulnerability (CVE-2021-41368)
    1011095* - Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-34501)


    SSL Client
    1011178 - MD5 Algorithm Vulnerability (CVE-2004-2761)


    SolarWinds Network Performance Monitor
    1011205 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
    1011203 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)


    Suspicious Client Ransomware Activity
    1010607* - Identified TCP Meterpreter Payload


    Web Application Common
    1011206 - BillQuick Web Suite SQL Injection Vulnerability (CVE-2021-42258)
    1009621* - Identified Directory Traversal Sequence In HTTP Header


    Web Application PHP Based
    1011013* - WordPress 'Stop Spammers' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24245)


    Web Server Common
    1010919 - SQL Injection (SQLi) Decoder


    Web Server HTTPS
    1011207 - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
    1011212 - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
    1011204 - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
    1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
    1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)


    Web Server Nagios
    1011199* - Nagios XI Command Injection Vulnerability (CVE-2021-40345)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008619* - Application - Docker
    1008852* - Auditd
    1004488* - Database Server - Microsoft SQL
    1003802* - Directory Server - Microsoft Windows Active Directory
    1003443* - Mail Server - Postfix
    1010595* - Microsoft LDAP Query Execution
    1003843* - Microsoft Windows Security Events
    1004057* - Microsoft Windows Security Events - 1
    1003987* - Microsoft Windows Security Events - 2
    1008670* - Microsoft Windows Security Events - 3
    1011197 - Microsoft Windows Security Events - 5
    1002831* - Unix - Syslog
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1011122 - Zoom Client Marketplace Information Disclosure Vulnerability (ZDI-CAN-13616)


    Microsoft Office
    1011121* - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-34478)


    Web Application Common
    1008192* - Identified Directory Traversal Sequence In Multipart HTTP Requests
    1009227* - Identified Directory Traversal Sequence In Tar Archive
    1009040* - Identified Directory Traversal Sequence In URI
    1005933* - Identified Directory Traversal Sequence In Uri Query Parameter


    Web Application PHP Based
    1011200 - WordPress 'The BulletProof Security' Plugin Information Disclosure Vulnerability (CVE-2021-39327)
    1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)


    Web Client Common
    1011201 - Chromium Use After Free Vulnerability (CVE-2021-30573)


    Web Server Apache
    1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server Common
    1010759 - Command Injection Decoder
    1008397* - Identified Directory Traversal Attack In HTTP Request Headers


    Web Server HTTPS
    1011196* - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)
    1011190* - Centreon 'ProceduresProxy.class.php' SQL Injection Vulnerability (CVE-2021-37558)
    1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)


    Web Server Miscellaneous
    1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
    1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)


    Web Server Nagios
    1011199 - Nagios XI Command Injection Vulnerability (CVE-2021-40345)


    Zoho ManageEngine ADSelfService Plus
    1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1010489* - Auditd - Mitre ATT&CK TA0003: Persistence
    1010465* - Auditd - Mitre ATT&CK TA0007: Discovery
    1002795* - Microsoft Windows Events
    1002831* - Unix - Syslog
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Azure Open Management Infrastructure Tool
    1011147* - Open Management Infrastructure Remote Code Execution Vulnerability (CVE-2021-38647)


    Memcached
    1011098* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


    Suspicious Server Application Activity
    1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1021.001)


    Web Application PHP Based
    1011193 - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)


    Web Client Common
    1010806* - Identified Directory Traversal Attack In HTTP Response Headers
    1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)


    Web Server Apache
    1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server HTTPS
    1011196 - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)
    1011190 - Centreon 'ProceduresProxy.class.php' SQL Injection Vulnerability (CVE-2021-37558)


    Web Server Nagios
    1011191* - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


    Zoho ManageEngine
    1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


    Zoho ManageEngine ADSelfService Plus
    1011194 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Memcached
    1011097* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)
    1011098 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


    Web Client Common
    1011127* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-55) - 2
    1011185 - Chromium V8 Out Of Bounds Write Vulnerability (CVE-2021-30632)
    1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)


    Web Server HTTPS
    1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)


    Web Server Miscellaneous
    1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
    1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)
    1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)


    Web Server Nagios
    1011191 - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


    Web Server Squid
    1011159* - Squid HTTP Request Smuggling Vulnerability (CVE-2019-18678)


    Zoho ManageEngine
    1011188 - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


    Integrity Monitoring Rules:

    1002786* - Microsoft Windows - Microsoft hotfixes registry keys modified (ATT&CK T1112)


    Log Inspection Rules:

    1004488* - Database Server - Microsoft SQL
    1010595* - Microsoft LDAP Query Execution
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Memcached
    1011097 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)


    Microsoft Office
    1011181 - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40480)
    1011182 - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40481)
    1011184 - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)


    Web Application Common
    1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
    1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)


    Web Client Common
    1011175 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-104) - 1
    1011176 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40730)


    Web Server Apache
    1011183 - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server HTTPS
    1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)


    Web Server Miscellaneous
    1011177 - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
    1011179 - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1002828* - Application - Secure Shell Daemon (SSHD)
    1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
    1004057* - Microsoft Windows Security Events - 1