Rule Update

18-011 (February 20, 2018)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service


DCERPC Services
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1005293* - Prevent Windows Administrator User Login Over SMB


DCERPC Services - Client
1006784* - Identified Windows Group Policy Files Downloaded From Untrusted Sources


Directory Server LDAP
1000086* - CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow


FTP Server Common
1000914* - FTP Argument Check


Mail Server Microsoft Exchange
1002632* - Microsoft Outlook Web Access For Exchange Server HTML Validating Cross Site Scripting


Oracle Internet Directory
1003917* - Oracle Internet Directory 'oidldapd' Remote Memory Corruption Vulnerability


TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload


Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
1000515* - CVS Max-dotdot Command Integer Overflow


Unix Samba SWAT
1000525* - Samba SWAT HTTP Authentication Buffer Overflow


Unix Subversion
1000519* - Subversion svn Protocol String Parsing Vulnerability


Web Application PHP Based
1005664* - PHP 'ip2long' Function String Validation Weakness Vulnerability


Web Application Tomcat
1003954* - Apache Tomcat Directory Traversal Weakness
1003094* - Identified runtime.getRuntime().exec() In HTTP Request


Web Client Common
1008891 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 1
1008883 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008886 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008885 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1004010* - FFmpeg Version Multiple Remote Vulnerabilities
1004308* - Identified PIF File Over HTTP
1005290* - Identified Suspicious JavaScript iframe Object
1004301* - Microsoft Office Outlook Web Access For Exchange Server 2003 XSRF Vulnerability
1004760* - Restrict Web Client Telnet And Remote Login Handlers


Web Client Internet Explorer/Edge
1005190* - Identified GE Proficy Historian KeyHelp ActiveX Control With LaunchTriPane Function
1001250* - Microsoft Internet Explorer HP Compaq Notebooks ActiveX Remote Code Execution
1004832* - Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability


Web Server Apache
1004668* - Apache APR 'apr_fnmatch()' Denial Of Service Vulnerability
1004655* - Apache mod_perl 'path_info' Denial Of Service


Web Server HTTPS
1004351* - Detected Malicious HTTP Requests


Web Server IIS
1003508* - Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability


Web Server Miscellaneous
1008751* - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008843 - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities


Web Server Squid
1000388* - Restrict Squid Cache Manager Access


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.