Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
DNS Server
1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)
HP OpenView
1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document
Suspicious Client Ransomware Activity
1007705* - Ransomware Network Traffic - 2
1007706* - Ransomware Network Traffic - 3
Web Application Common
1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1004593* - Heuristic Detection Of Malicious PDF Documents - 2
1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
Web Server Miscellaneous
1004911* - Apache Struts2 Multiple Vulnerabilities
1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
1008271 - Application - Docker
Log Inspection Rules:
1008145 - Web Server - Nginx
1002835* - Web Server - Web Access Events
Deep Packet Inspection Rules:
DCERPC Services - Client
1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
DNS Server
1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)
HP OpenView
1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document
Suspicious Client Ransomware Activity
1007705* - Ransomware Network Traffic - 2
1007706* - Ransomware Network Traffic - 3
Web Application Common
1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1004593* - Heuristic Detection Of Malicious PDF Documents - 2
1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
Web Server Miscellaneous
1004911* - Apache Struts2 Multiple Vulnerabilities
1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
1008271 - Application - Docker
Log Inspection Rules:
1008145 - Web Server - Nginx
1002835* - Web Server - Web Access Events
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
NTP Server Linux
1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
Web Application PHP Based
1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)
Web Client Internet Explorer/Edge
1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
Web Server Adobe ColdFusion
1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)
Web Server HTTPS
1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported
Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Client
1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
NTP Server Linux
1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
Web Application PHP Based
1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)
Web Client Internet Explorer/Edge
1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
Web Server Adobe ColdFusion
1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)
Web Server HTTPS
1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported
Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008224 - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1008187 - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1008177 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
Microsoft Office
1008165 - Microsoft Office Information Disclosure Vulnerability (CVE-2017-0027)
1008245 - Microsoft Office Information Disclosure Vulnerability (CVE-2017-0105)
1008242 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0006)
1008163 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0019)
1008164 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020)
1008167 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0030 and CVE-2016-0031)
1008243 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052)
1008244 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0053)
Web Client Common
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008237 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2017-0100)
1008170 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2017-0039)
1008176 - Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2017-0047)
1008238 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008239 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0062)
1008240 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0073)
1008241 - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008172 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-0050)
1008248 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS17-018)
1008168 - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247 - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008236 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011)
1008234 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
1008235 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008195 - Sun JDK JPG/BMP Parser Multiple Vulnerabilities (CVE-2007-2788)
Web Client Internet Explorer/Edge
1008157 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0011)
1008159 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017)
1008211 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008210 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0034)
1008219 - Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2017-0131)
1008156 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
1008158 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015)
1008160 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0032)
1008161 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0035)
1008213 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067)
1008216 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
1008217 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008221 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0140)
1008222 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
1008220 - Microsoft Edge Scripting Engine Memory Corruption Vulnerabilty (CVE-2017-0133)
1008212 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
1008215 - Microsoft Edge Spoofing Vulnerability (CVE-2017-0069)
1008150 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0009)
1008152 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008249 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0154)
1008149 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
1008208 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018)
1008154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0040)
1008209 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
1008250 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0149)
1008155 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049)
1008174 - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
1008173 - Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)
Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
Web Server Miscellaneous
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008224 - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1008187 - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1008177 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
Microsoft Office
1008165 - Microsoft Office Information Disclosure Vulnerability (CVE-2017-0027)
1008245 - Microsoft Office Information Disclosure Vulnerability (CVE-2017-0105)
1008242 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0006)
1008163 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0019)
1008164 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020)
1008167 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0030 and CVE-2016-0031)
1008243 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052)
1008244 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0053)
Web Client Common
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008237 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2017-0100)
1008170 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2017-0039)
1008176 - Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2017-0047)
1008238 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008239 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0062)
1008240 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0073)
1008241 - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008172 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-0050)
1008248 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS17-018)
1008168 - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247 - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008236 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011)
1008234 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
1008235 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008195 - Sun JDK JPG/BMP Parser Multiple Vulnerabilities (CVE-2007-2788)
Web Client Internet Explorer/Edge
1008157 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0011)
1008159 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017)
1008211 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008210 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0034)
1008219 - Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2017-0131)
1008156 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
1008158 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015)
1008160 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0032)
1008161 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0035)
1008213 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067)
1008216 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
1008217 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008221 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0140)
1008222 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
1008220 - Microsoft Edge Scripting Engine Memory Corruption Vulnerabilty (CVE-2017-0133)
1008212 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
1008215 - Microsoft Edge Spoofing Vulnerability (CVE-2017-0069)
1008150 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0009)
1008152 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008249 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0154)
1008149 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
1008208 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018)
1008154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0040)
1008209 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
1008250 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0149)
1008155 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049)
1008174 - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
1008173 - Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)
Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
Web Server Miscellaneous
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1008203 - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204 - DNSMessenger Malware Domain Blocker
Microsoft Office
1004312* - Identified Suspicious Microsoft Word Document
NTP Server Linux
1007741 - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
P2P Applications
1007034* - Share EX2 P2P
1003086* - Winny
Web Application PHP Based
1006386* - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)
1008135 - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1007289 - PHP cURL Lib NULL Byte Injection Vulnerability
1008182 - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1008186 - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1004870* - Identified Suspicious Jar File
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Server Miscellaneous
1008104 - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
Web Server Oracle
1004840* - Oracle Application Server Web Cache HTTP Request Method Heap Overrun Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Client
1008203 - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204 - DNSMessenger Malware Domain Blocker
Microsoft Office
1004312* - Identified Suspicious Microsoft Word Document
NTP Server Linux
1007741 - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
P2P Applications
1007034* - Share EX2 P2P
1003086* - Winny
Web Application PHP Based
1006386* - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)
1008135 - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1007289 - PHP cURL Lib NULL Byte Injection Vulnerability
1008182 - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1008186 - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1004870* - Identified Suspicious Jar File
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Server Miscellaneous
1008104 - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
Web Server Oracle
1004840* - Oracle Application Server Web Cache HTTP Request Method Heap Overrun Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Backup Server IBM Tivoli Storage Manager FastBack Server
1007356* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow Vulnerability (CVE-2015-1924)
Database Oracle
1003340* - Oracle Database Trigger MDSYS.SDO_TOPO_DROP_FTBL SQL Injection
Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document
VoIP Smart
1008087* - IBM WebSphere Application Server SIP Processing DoS Vulnerability (CVE-2016-2960)
Web Application Common
1000608* - Generic SQL Injection Prevention
Web Application PHP Based
1008144 - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
Web Client Common
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008185 - Identified Suspicious Obfuscated PDF Document
1008028 - Microsoft Windows File Manager Remote Code Execution Vulnerability (CVE-2016-7212)
1008147 - Microsoft Windows RPC Network Data Representation Engine Remote Code Execution Vulnerability (CVE-2016-0178)
Web Client Mozilla Firefox
1007061* - Mozilla Firefox Arbitrary JavaScript Code Execution
1007062* - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)
1008052* - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)
Web Server Adobe ColdFusion
1008113 - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)
Web Server Common
1005671* - PHP SSL Module "subjectAltNames" NULL Byte Handling Security Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Backup Server IBM Tivoli Storage Manager FastBack Server
1007356* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow Vulnerability (CVE-2015-1924)
Database Oracle
1003340* - Oracle Database Trigger MDSYS.SDO_TOPO_DROP_FTBL SQL Injection
Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document
VoIP Smart
1008087* - IBM WebSphere Application Server SIP Processing DoS Vulnerability (CVE-2016-2960)
Web Application Common
1000608* - Generic SQL Injection Prevention
Web Application PHP Based
1008144 - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
Web Client Common
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008185 - Identified Suspicious Obfuscated PDF Document
1008028 - Microsoft Windows File Manager Remote Code Execution Vulnerability (CVE-2016-7212)
1008147 - Microsoft Windows RPC Network Data Representation Engine Remote Code Execution Vulnerability (CVE-2016-0178)
Web Client Mozilla Firefox
1007061* - Mozilla Firefox Arbitrary JavaScript Code Execution
1007062* - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)
1008052* - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)
Web Server Adobe ColdFusion
1008113 - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)
Web Server Common
1005671* - PHP SSL Module "subjectAltNames" NULL Byte Handling Security Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Internet Explorer/Edge
1008153 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Client Internet Explorer/Edge
1008153 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008180 - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136 - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
Unix Kerberos
1008095* - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1008125 - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008037 - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008131 - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008132* - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008183 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-04)
1008171 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1008108 - Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability (CVE-2016-3606)
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Media Applications
1002451* - YouTube
Web Server Miscellaneous
1008097* - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008141 - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
1008093* - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008180 - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136 - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
Unix Kerberos
1008095* - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1008125 - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008037 - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008131 - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008132* - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008183 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-04)
1008171 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1008108 - Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability (CVE-2016-3606)
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Media Applications
1002451* - YouTube
Web Server Miscellaneous
1008097* - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008141 - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
1008093* - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Backup Server IBM Tivoli Storage Manager FastBack Server
1007357* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
DCERPC Services
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008128* - ISC BIND ANY Query Assertion Failure Vulnerability (CVE-2016-9131)
1008115* - ISC BIND DNAME Resource Records Denial Of Service Vulnerability (CVE-2016-1286)
Directory Server LDAP
1007360* - IBM Domino LDAP Server Remote Execution Vulnerability (CVE-2015-0117)
1008051* - Samba Active Directory Server Denial Of Service Vulnerability (CVE-2015-3223)
HP OpenView
1008110* - HP Data Protector Buffer Overflow Vulnerability (CVE-2016-2005)
1008114* - HP Data Protector Multiple Remote Code Execution Vulnerabilities
1008109* - HP Data Protector Remote Code Execution Vulnerability (CVE-2016-2007)
HP OpenView Network Node Manager
1007466* - HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow (CVE-2008-1852)
Microsoft Office
1008075* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
1008078* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
NTP Server Linux
1007383* - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
1007399* - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)
1008091* - NTP Oversized UDP Packet Denial Of Service Vulnerability (CVE-2016-9312)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1006247* - Identified Potentially Malicious RAT Traffic - VI
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Suspicious Server Application Activity
1005974* - Identified DNS Reflected Denial Of Service
1006560* - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack
1006240* - Identified NTP Reflected Denial Of Service
1005090* - Identified Potentially Harmful Server Traffic
1005957* - Identified SNMP Reflected Denial Of Service
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack
1005517* - Restrict Maximum Packet (Transport Data Length) Size
Unix Kerberos
1008095 - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application PHP Based
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1008132 - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008124* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 1
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004114* - Identified Malicious Adobe SWF File
1008139 - Linux Kernel Use After Free Remote Code Execution Vulnerability (CVE-2016-7117)
1008068* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
1008052* - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)
Web Proxy Squid
1008103* - Squid Proxy ESI Response Handler Buffer Overflow Vulnerability (CVE-2016-4054)
1008101 - Squid Proxy ESI Response Processing Denial Of Service Vulnerability (CVE-2016-4555)
Web Server Common
1000473* - Parameter Name Length Restriction
Web Server Miscellaneous
1008120* - Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal (CVE-2016-0709)
1008129 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
1008097 - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008093 - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Web Server Oracle HTTPS
1003212* - Oracle Secure Backup exec_qr() Command Injection Vulnerability
Windows Services RPC Client DCERPC
1007538* - Windows Client Port Mapper Decoder
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Backup Server IBM Tivoli Storage Manager FastBack Server
1007357* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
DCERPC Services
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008128* - ISC BIND ANY Query Assertion Failure Vulnerability (CVE-2016-9131)
1008115* - ISC BIND DNAME Resource Records Denial Of Service Vulnerability (CVE-2016-1286)
Directory Server LDAP
1007360* - IBM Domino LDAP Server Remote Execution Vulnerability (CVE-2015-0117)
1008051* - Samba Active Directory Server Denial Of Service Vulnerability (CVE-2015-3223)
HP OpenView
1008110* - HP Data Protector Buffer Overflow Vulnerability (CVE-2016-2005)
1008114* - HP Data Protector Multiple Remote Code Execution Vulnerabilities
1008109* - HP Data Protector Remote Code Execution Vulnerability (CVE-2016-2007)
HP OpenView Network Node Manager
1007466* - HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow (CVE-2008-1852)
Microsoft Office
1008075* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
1008078* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
NTP Server Linux
1007383* - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
1007399* - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)
1008091* - NTP Oversized UDP Packet Denial Of Service Vulnerability (CVE-2016-9312)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1006247* - Identified Potentially Malicious RAT Traffic - VI
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Suspicious Server Application Activity
1005974* - Identified DNS Reflected Denial Of Service
1006560* - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack
1006240* - Identified NTP Reflected Denial Of Service
1005090* - Identified Potentially Harmful Server Traffic
1005957* - Identified SNMP Reflected Denial Of Service
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack
1005517* - Restrict Maximum Packet (Transport Data Length) Size
Unix Kerberos
1008095 - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application PHP Based
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1008132 - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008124* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 1
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004114* - Identified Malicious Adobe SWF File
1008139 - Linux Kernel Use After Free Remote Code Execution Vulnerability (CVE-2016-7117)
1008068* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
1008052* - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)
Web Proxy Squid
1008103* - Squid Proxy ESI Response Handler Buffer Overflow Vulnerability (CVE-2016-4054)
1008101 - Squid Proxy ESI Response Processing Denial Of Service Vulnerability (CVE-2016-4555)
Web Server Common
1000473* - Parameter Name Length Restriction
Web Server Miscellaneous
1008120* - Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal (CVE-2016-0709)
1008129 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
1008097 - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008093 - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Web Server Oracle HTTPS
1003212* - Oracle Secure Backup exec_qr() Command Injection Vulnerability
Windows Services RPC Client DCERPC
1007538* - Windows Client Port Mapper Decoder
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.