Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

SSH Client
1008580 - OpenSSH Forward Option Handler Buffer Overflow Vulnerability (CVE-2016-0778)


Web Application Common
1005402* - Identified Suspicious User Agent In HTTP Request
1008512 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261) - 1
1008418* - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)
1008540 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644) - 1
1008542 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724) - 1


Web Client Common
1008511 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261)
1008539 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644)
1008541 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724)
1008604 - Microsoft Windows .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
1008602 - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
1008592 - Microsoft Windows Win32k Graphics Remote Code Execution Vulnerability (CVE-2017-8682)


Web Client Internet Explorer/Edge
1008594 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8731)
1008595 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
1008603 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8757)
1008484* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601)
1008564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8634)
1008566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8640)
1008597 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
1008601 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8753)
1008600 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8750)
1008598 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8747)
1008599 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8749)


Web Server Common
1008581 - Identified Suspicious IP Addresses In XFF HTTP Header


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Miscellaneous
1008605 - Apache Struts OGNL Expression Remote Code Execution Vulnerability (CVE-2017-12611)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Miscellaneous
1008590 - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


Directory Server LDAP
1008453 - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


Suspicious Client Ransomware Activity
1008572 - Ransomware Defray
1007602* - Ransomware Locky


VoIP Soft Phones
1008421* - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


Web Application Common
1008514 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
1008508 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1


Web Application PHP Based
1008524* - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


Web Application Ruby Based
1007645* - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


Web Client Common
1008545* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008513 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262)
1008507 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928)


Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging


Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1003222* - Block Administrative Share


DNS Client
1008571 - DNS Request To ShadowPad Domain Detection


VoIP Soft Phones
1008421 - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


Web Application Ruby Based
1007645 - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


Web Client Common
1008435* - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)


Web Client Internet Explorer/Edge
1008567 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8644)
1008570 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8548)
1008563 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)
1008482* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594)


Web Server Common
1000128* - HTTP Protocol Decoding


Web Server RealVNC
1008557 - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


Integrity Monitoring Rules:

1003063* - Mail Server - Microsoft Exchange Server


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008558 - Identified Windows Search Protocol Network Traffic Over SMB
1008560 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1008407 - Skype Insecure Library Loading Vulnerability Over Network Share (CVE-2017-6517)


Web Application PHP Based
1008524 - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


Web Client Common
1008408 - Skype Insecure Library Loading Vulnerability Over WebDAV (CVE-2017-6517)


Web Client Internet Explorer/Edge
1008547 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652)
1008531 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603)


Web Server Apache
1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

FTP Server Common
1008463* - Core FTP Server Heap Overflow Vulnerability


HP Intelligent Management Center (IMC)
1008469* - HPE Intelligent Management Center CommonUtils ZIP Directory Traversal Vulnerability (CVE-2017-5793)


Kerberos KDC Server
1008475* - MIT Kerberos TGS RequestHandler Denial Of Service Vulnerability (CVE-2015-2697)


Unix SSH
1008515* - OpenSSH KEXINIT Denial Of Service Vulnerability (CVE-2016-8858)


VoIP Soft Phones
1008430* - Asterisk Long Contact URIs REGISTER Requests Denial Of Service Vulnerability


Web Application Common
1008415* - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353)
1008496* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407) - 1
1008499* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439) - 1
1008500* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440) - 1
1008418* - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)


Web Application PHP Based
1008516* - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)
1008409* - PHP exif_process_IFD_in_TIFF Function Memory Leak Vulnerability (CVE-2016-7128)


Web Client Common
1008537 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 1
1008545 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
1008535 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 3
1008544 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008538 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
1008543 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 6
1008536 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 7
1008546 - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-3106)
1008392 - Foxit Reader BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008478 - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
1008480 - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8541)
1008532 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-0190)


Web Proxy Squid
1008111* - Squid HTTP Response Denial Of Service Vulnerability


Web Server Apache
1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


Web Server Miscellaneous
1008491* - Apache Struts Security Bypass Vulnerability (CVE-2016-4436)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008525 - SMBLoris Denial Of Service Vulnerability


Web Application PHP Based
1008516 - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)


Web Client Common
1008410 - Microsoft .NET Framework Pointer Verification Vulnerability (CVE-2009-0090)
1008522 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-0250)


Web Client Internet Explorer/Edge
1008523 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-8625)


Web Server Apache
1008519 - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

There are no new or updated Deep Packet Inspection Rules in this Security Update.


Integrity Monitoring Rules:

1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1002776* - Microsoft Windows - Startup Programs Modified
1008385* - Ransomware - WannaCry
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1006906* - Identified Usage Of PsExec Command Line Tool


DNS Server
1004747* - DNS Invalid Compression Denial Of Service


FTP Server Common
1008463 - Core FTP Server Heap Overflow Vulnerability


Kerberos KDC Server
1008475 - MIT Kerberos TGS RequestHandler Denial Of Service Vulnerability (CVE-2015-2697)


Unix SSH
1008515 - OpenSSH KEXINIT Denial Of Service Vulnerability (CVE-2016-8858)


Web Client Common
1008412 - FFmpeg mov_read_keys Integer Overflow Vulnerability (CVE-2016-5199)
1008471 - Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008517 - Google Chrome Array IndexOf Out-Of-Bounds Access Remote Code Execution Vulnerability (CVE-2017-5053)
1008521 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


Web Client Internet Explorer/Edge
1004986* - Dell Webcam Central CrazyTalk4 ActiveX Control Buffer Overflow Vulnerability


Integrity Monitoring Rules:

1002776* - Microsoft Windows - Startup Programs Modified


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.