All Vulnerabilities

  • 17-046 (September 19, 2017)
     Publish Date:  20 septembre 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Backup Server Veritas
    1008584 - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


    DCERPC Services - Client
    1008585 - Microsoft Windows LNK Remote Code Execution Over SMB (CVE-2017-8464)


    Directory Server LDAP
    1008453* - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


    Web Application Common
    1008512* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261) - 1
    1008514* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
    1008508* - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1
    1008540* - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644) - 1
    1008542* - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724) - 1
    1008510 - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1


    Web Client Common
    1008613 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-28)
    1008509 - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446)
    1008616 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8641)
    1008199 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-3219)
    1008604* - Microsoft Windows .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
    1008198 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-0180)
    1008435* - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)
    1008612 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2017-8464)
    1008200 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-073)
    1008265 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-098)
    1008259 - Microsoft Windows Multiple Security Vulnerabilities (MS16-090)


    Web Client Internet Explorer/Edge
    1008568 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8635)
    1008569 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8636)


    Web Server Common
    1004859* - Disallowed HTTP Header


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-045 (September 12, 2017)
     Publish Date:  13 septembre 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    SSH Client
    1008580 - OpenSSH Forward Option Handler Buffer Overflow Vulnerability (CVE-2016-0778)


    Web Application Common
    1005402* - Identified Suspicious User Agent In HTTP Request
    1008512 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261) - 1
    1008418* - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)
    1008540 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644) - 1
    1008542 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724) - 1


    Web Client Common
    1008511 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261)
    1008539 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644)
    1008541 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724)
    1008604 - Microsoft Windows .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
    1008602 - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
    1008592 - Microsoft Windows Win32k Graphics Remote Code Execution Vulnerability (CVE-2017-8682)


    Web Client Internet Explorer/Edge
    1008594 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8731)
    1008595 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
    1008603 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8757)
    1008484* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601)
    1008564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8634)
    1008566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8640)
    1008597 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
    1008601 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8753)
    1008600 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8750)
    1008598 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8747)
    1008599 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8749)


    Web Server Common
    1008581 - Identified Suspicious IP Addresses In XFF HTTP Header


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-044 (September 8, 2017)
     Publish Date:  09 septembre 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Miscellaneous
    1008605 - Apache Struts OGNL Expression Remote Code Execution Vulnerability (CVE-2017-12611)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-043 (September 6, 2017)
     Publish Date:  07 septembre 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Miscellaneous
    1008590 - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-042 (September 5, 2017)
     Publish Date:  06 septembre 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution


    DCERPC Services - Client
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


    Directory Server LDAP
    1008453 - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


    Suspicious Client Ransomware Activity
    1008572 - Ransomware Defray
    1007602* - Ransomware Locky


    VoIP Soft Phones
    1008421* - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


    Web Application Common
    1008514 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
    1008508 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1


    Web Application PHP Based
    1008524* - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


    Web Application Ruby Based
    1007645* - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


    Web Client Common
    1008545* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
    1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
    1008513 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262)
    1008507 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928)


    Web Server Common
    1006540* - Enable X-Forwarded-For HTTP Header Logging


    Web Server RealVNC
    1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-041 (August 29, 2017)
     Publish Date:  30 août 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1003222* - Block Administrative Share


    DNS Client
    1008571 - DNS Request To ShadowPad Domain Detection


    VoIP Soft Phones
    1008421 - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


    Web Application Ruby Based
    1007645 - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


    Web Client Common
    1008435* - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)


    Web Client Internet Explorer/Edge
    1008567 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8644)
    1008570 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8548)
    1008563 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)
    1008482* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594)


    Web Server Common
    1000128* - HTTP Protocol Decoding


    Web Server RealVNC
    1008557 - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


    Integrity Monitoring Rules:

    1003063* - Mail Server - Microsoft Exchange Server


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-040 (August 22, 2017)
     Publish Date:  23 août 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1008558 - Identified Windows Search Protocol Network Traffic Over SMB
    1008560 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)


    DCERPC Services - Client
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
    1008407 - Skype Insecure Library Loading Vulnerability Over Network Share (CVE-2017-6517)


    Web Application PHP Based
    1008524 - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


    Web Client Common
    1008408 - Skype Insecure Library Loading Vulnerability Over WebDAV (CVE-2017-6517)


    Web Client Internet Explorer/Edge
    1008547 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652)
    1008531 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603)


    Web Server Apache
    1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-039 (August 15, 2017)
     Publish Date:  15 août 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    FTP Server Common
    1008463* - Core FTP Server Heap Overflow Vulnerability


    HP Intelligent Management Center (IMC)
    1008469* - HPE Intelligent Management Center CommonUtils ZIP Directory Traversal Vulnerability (CVE-2017-5793)


    Kerberos KDC Server
    1008475* - MIT Kerberos TGS RequestHandler Denial Of Service Vulnerability (CVE-2015-2697)


    Unix SSH
    1008515* - OpenSSH KEXINIT Denial Of Service Vulnerability (CVE-2016-8858)


    VoIP Soft Phones
    1008430* - Asterisk Long Contact URIs REGISTER Requests Denial Of Service Vulnerability


    Web Application Common
    1008415* - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353)
    1008496* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407) - 1
    1008499* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439) - 1
    1008500* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440) - 1
    1008418* - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)


    Web Application PHP Based
    1008516* - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)
    1008409* - PHP exif_process_IFD_in_TIFF Function Memory Leak Vulnerability (CVE-2016-7128)


    Web Client Common
    1008537 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 1
    1008545 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
    1008535 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 3
    1008544 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
    1008538 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
    1008543 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 6
    1008536 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 7
    1008546 - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-3106)
    1008392 - Foxit Reader BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
    1008478 - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
    1008480 - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8541)
    1008532 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-0190)


    Web Proxy Squid
    1008111* - Squid HTTP Response Denial Of Service Vulnerability


    Web Server Apache
    1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


    Web Server Miscellaneous
    1008491* - Apache Struts Security Bypass Vulnerability (CVE-2016-4436)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-038 (August 8, 2017)
     Publish Date:  09 août 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008525 - SMBLoris Denial Of Service Vulnerability


    Web Application PHP Based
    1008516 - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)


    Web Client Common
    1008410 - Microsoft .NET Framework Pointer Verification Vulnerability (CVE-2009-0090)
    1008522 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-0250)


    Web Client Internet Explorer/Edge
    1008523 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-8625)


    Web Server Apache
    1008519 - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-037 (August 4, 2017)
     Publish Date:  05 août 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    There are no new or updated Deep Packet Inspection Rules in this Security Update.


    Integrity Monitoring Rules:

    1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
    1002776* - Microsoft Windows - Startup Programs Modified
    1008385* - Ransomware - WannaCry
    1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
    1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.