ruleUpdate
22-043 (06 septembre 2022)
Publish Date: 06 septembre 2022
Description
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1011517 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (DogWalk) Over SMB (CVE-2022-34713)
DNS Client
1011523 - Identified Usage of dnscat2 Tool
Web Application PHP Based
1011528 - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
Web Client Common
1011350* - Zimbra Collaboration Cross-Site Scripting Vulnerability (CVE-2022-24682) - Client
Web Server HTTPS
1011525 - Zimbra Collaboration Cross-Site Scripting Vulnerability (CVE-2022-24682) - Server
Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
Web Server Miscellaneous
1011521* - Atlassian Jira Server and Data Center Reflected Cross Site Scripting Vulnerability (CVE-2022-36801)
Webmin
1011520* - Webmin Remote Code Execution Vulnerability (CVE-2022-36446)
Zimbra Proxy
1011514* - Zimbra Collaboration CRLF Injection Vulnerability (CVE-2022-27924)
Zoho ManageEngine
1011527 - Zoho ManageEngine Multiple Products 'getDNSResolveOption' Command Injection Vulnerability (CVE-2022-37024)
1011526 - Zoho ManageEngine Multiple Products 'getNmapInitialOption' Command Injection Vulnerability (CVE-2022-38772)
1011522* - Zoho ManageEngine Multiple Products 'getUserAPIKey' Authentication Bypass Vulnerability (CVE-2022-36923)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
Deep Packet Inspection Rules:
DCERPC Services - Client
1011517 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (DogWalk) Over SMB (CVE-2022-34713)
DNS Client
1011523 - Identified Usage of dnscat2 Tool
Web Application PHP Based
1011528 - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
Web Client Common
1011350* - Zimbra Collaboration Cross-Site Scripting Vulnerability (CVE-2022-24682) - Client
Web Server HTTPS
1011525 - Zimbra Collaboration Cross-Site Scripting Vulnerability (CVE-2022-24682) - Server
Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
Web Server Miscellaneous
1011521* - Atlassian Jira Server and Data Center Reflected Cross Site Scripting Vulnerability (CVE-2022-36801)
Webmin
1011520* - Webmin Remote Code Execution Vulnerability (CVE-2022-36446)
Zimbra Proxy
1011514* - Zimbra Collaboration CRLF Injection Vulnerability (CVE-2022-27924)
Zoho ManageEngine
1011527 - Zoho ManageEngine Multiple Products 'getDNSResolveOption' Command Injection Vulnerability (CVE-2022-37024)
1011526 - Zoho ManageEngine Multiple Products 'getNmapInitialOption' Command Injection Vulnerability (CVE-2022-38772)
1011522* - Zoho ManageEngine Multiple Products 'getUserAPIKey' Authentication Bypass Vulnerability (CVE-2022-36923)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)