Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Network Automation
1008676 - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)


Microsoft Office
1008716* - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
1008746* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


SSL Client
1008533 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Client


SSL/TLS Server
1008534 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server


Suspicious Client Application Activity
1008756 - Identified Potentially Malicious RAT Traffic - VII


Web Application PHP Based
1008626 - Drupal Services Module Remote Code Execution Vulnerability


Web Client Common
1008735* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5


Web Client Internet Explorer/Edge
1008701* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)


Web Server Oracle
1008688 - Oracle Identity Manager Default Account Vulnerability (CVE-2017-10151)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008660 - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)


Microsoft Office
1008746 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


OpenSSL
1008715 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server


OpenSSL Client
1008714 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client


Solr Service
1008691 - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)


Web Application PHP Based
1008548 - PHP Session Data Injection Vulnerability (CVE-2016-7125)


Web Client Common
1008739 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
1008744 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 2
1008743 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
1008745 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
1008735 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
1008736 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008740 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
1008738 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)


Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1008467* - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


DHCPv6 Server
1008651* - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


DNS Client
1008650* - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


HP Intelligent Management Center WSM iNode
1008551* - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


Microsoft Office
1008695 - Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854)


Remote Desktop Protocol Server
1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request


SSL/TLS Server
1008553* - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


Unix Kerberos
1008561 - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
1008473* - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


VoIP Smart
1008466* - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


Web Application Common
1008530* - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


Web Client Common
1008538* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
1004133* - Heuristic Detection Of Malicious PDF Documents
1008716 - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
1008630 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8631)
1008708 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-11847)


Web Client Internet Explorer/Edge
1008710 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845)
1008704 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
1008705 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841)
1008701 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)
1008706 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
1008696 - Microsoft Internet Explorer And Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-11791)
1008700 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837)
1008707 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843)
1008712 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846)
1008699 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858)
1008697 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
1008698 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856)
1008703 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869)


Web Proxy Apache
1006244* - Apache HTTP Server 'mod_cache' Module Remote Denial Of Service Vulnerability


Web Server Apache
1008556* - Apache Continuum Arbitrary Command Execution Vulnerability
1008683 - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)


Web Server SAP
1008615* - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


Integrity Monitoring Rules:

1006683* - TMTR-0016: Suspicious Running Processes Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007114* - Portable Executable File Uploaded On SMB Share


HP Intelligent Management Center WSM iNode
1008551 - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


Microsoft Office
1008375* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)


SSL Client
1008552 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Client


SSL/TLS Server
1008553 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


Symantec Messaging Gateway
1005286* - Symantec Messaging Gateway Arbitrary File Download Vulnerability


Unix Kerberos
1008473 - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


Web Client Internet Explorer/Edge
1008680 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8653)


Web Server SAP
1008615 - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials
1008679 - Identified BADRABBIT Ransomware Propagation Over SMB


Web Client Common
1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
1008678 - Identified BADRABBIT Ransomware Download Over HTTP
1008634* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)


Web Client Internet Explorer/Edge
1008671 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802)


Integrity Monitoring Rules:

1008684 - Ransomware - BADRABBIT


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1008530 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


Web Client Common
1008645 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2017-11227)
1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008667* - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
1008529 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640)


Web Server Apache
1008556 - Apache Continuum Arbitrary Command Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1008467 - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


DHCPv6 Server
1008651 - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


DNS Client
1008650 - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


HP Intelligent Management Center IMC Syslog Daemon
1008505* - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


Microsoft Office
1008661 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)
1008629 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8744)


VoIP Smart
1008466 - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


Web Application Common
1008606* - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


Web Client Common
1008667 - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
1008655 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717)
1008656 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718)


Web Client Internet Explorer/Edge
1008657 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-11794)
1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)


Web Server Apache
1008127* - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)


Web Server IIS
1004398* - Request Header Buffer Overflow Vulnerability


Web Server Miscellaneous
1008620* - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Backup Server Veritas
1008584* - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


HP Intelligent Management Center Dbman
1008506* - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1


Web Application Common
1008587* - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008510* - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1
1008608* - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


Web Client Common
1008478* - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
1008623 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)
1008628 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8743)
1008634 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
1008643 - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008627 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8692)
1008592* - Microsoft Windows Win32k Graphics Multiple Security Vulnerabilities (Sep-2017)
1008642 - Microsoft Windows Win32k Multiple Elevation Of Privilege Vulnerabilities (October-2017)


Web Client Internet Explorer/Edge
1008595* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
1008637 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798)
1008638 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800)
1008586 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657)
1008631 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8661)
1008624 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8729)
1008597* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
1008625 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8740)
1008640 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822)
1008636 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
1008639 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)
1008635 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)


Web Server Apache
1008127 - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)
1008618* - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


Web Server Common
1008621* - Disallow Upload Of A JSP File


Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
1005528* - Identified Apache Struts Allow Direct Member Access Method In HTTP Request


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center IMC Syslog Daemon
1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


Suspicious Client Application Activity
1005294* - TMTR-0004: GHOST RAT HTTP Request


Web Application Common
1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


Web Client Common
1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


Web Client Mozilla Firefox
1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)


Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)


Web Server Miscellaneous
1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


Integrity Monitoring Rules:

1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1004950* - Microsoft Visual Studio - New Add-In Created
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center Dbman
1004677* - HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
1008506 - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


Web Application Common
1008587 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008608 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


Web Client Common
1008576 - Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2017-3040)
1008588 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252)
1008609 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531)
1008258 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-039)
1008602* - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
1008617 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2017-0293)
1008263 - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0099)
1007559* - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0135)
1008196 - Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (CVE-2016-0051)


Web Client Internet Explorer/Edge
1008565 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8646)
1008563* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)


Web Server Apache
1008618 - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


Web Server Common
1008621 - Disallow Upload Of A JSP File


Web Server Miscellaneous
1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.