ruleUpdate
20-038 (04 août 2020)
Description
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Directory Server LDAP
1010350* - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
HP Intelligent Management Center (IMC)
1010425 - Apache OFBiz Cross-Site Scripting Vulnerability (CVE-2020-1943)
1009947* - HPE Intelligent Management Center Various Expression Language Injection Vulnerabilities
SAP NetWeaver Java Application Server
1010417* - SAP NetWeaver AS JAVA Authentication Bypass Vulnerability (CVE-2020-6287)
1010413* - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2020-6286)
Web Application Common
1010345* - Kentico CMS Staging SyncServer Unserialize Remote Command Execution Vulnerability (CVE-2019-10068)
1010332* - Netty HTTP Request Smuggling Vulnerability (CVE-2020-7238)
Web Application Ruby Based
1010411* - Ruby On Rails Remote Code Execution Vulnerability (CVE-2020-8163)
Web Client Common
1010427 - Google Chrome ClipboardHost Use-After-Free Vulnerability (CVE-2020-6462)
1010429 - Google Chrome webkitSpeechRecognition Use-After-Free Vulnerability (CVE-2020-6457)
Web Server Common
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server Oracle
1010415* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)
Integrity Monitoring Rules:
1002999* - Database Server - Microsoft SQL Server
Log Inspection Rules:
1008619* - Application - Docker
1010349 - Docker Daemon Remote API Calls
1010421 - Trend Micro Deep Security Agent Removal Attempt
Deep Packet Inspection Rules:
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Directory Server LDAP
1010350* - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
HP Intelligent Management Center (IMC)
1010425 - Apache OFBiz Cross-Site Scripting Vulnerability (CVE-2020-1943)
1009947* - HPE Intelligent Management Center Various Expression Language Injection Vulnerabilities
SAP NetWeaver Java Application Server
1010417* - SAP NetWeaver AS JAVA Authentication Bypass Vulnerability (CVE-2020-6287)
1010413* - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2020-6286)
Web Application Common
1010345* - Kentico CMS Staging SyncServer Unserialize Remote Command Execution Vulnerability (CVE-2019-10068)
1010332* - Netty HTTP Request Smuggling Vulnerability (CVE-2020-7238)
Web Application Ruby Based
1010411* - Ruby On Rails Remote Code Execution Vulnerability (CVE-2020-8163)
Web Client Common
1010427 - Google Chrome ClipboardHost Use-After-Free Vulnerability (CVE-2020-6462)
1010429 - Google Chrome webkitSpeechRecognition Use-After-Free Vulnerability (CVE-2020-6457)
Web Server Common
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server Oracle
1010415* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)
Integrity Monitoring Rules:
1002999* - Database Server - Microsoft SQL Server
Log Inspection Rules:
1008619* - Application - Docker
1010349 - Docker Daemon Remote API Calls
1010421 - Trend Micro Deep Security Agent Removal Attempt