Rule Update
17-007 (February 21, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008180 - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136 - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
Unix Kerberos
1008095* - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1008125 - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008037 - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008131 - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008132* - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008183 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-04)
1008171 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1008108 - Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability (CVE-2016-3606)
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Media Applications
1002451* - YouTube
Web Server Miscellaneous
1008097* - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008141 - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
1008093* - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008180 - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136 - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
Unix Kerberos
1008095* - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1008125 - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008037 - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008131 - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008132* - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008183 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-04)
1008171 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1008108 - Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability (CVE-2016-3606)
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Media Applications
1002451* - YouTube
Web Server Miscellaneous
1008097* - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008141 - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
1008093* - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.