Rule Update
16-037 (November 22, 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Mail Client
1002452* - Application Control For Eudora
DNS Server
1007648 - PowerDNS Authoritative Server DNS Packet Processing Denial Of Service Vulnerability (CVE-2015-5311)
Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
Suspicious Server Application Activity
1002378* - Detected Virtual Network Computing (VNC) Server Traffic
Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1
Web Application Common
1007715* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118)
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
Web Client Common
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007738* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118) - 1
1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1008033* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
1008044 - OpenJPEG JPEG2000 MCC Record Code Execution Vulnerability (CVE-2016-8332)
Web Client Internet Explorer/Edge
1006383* - Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)
Web Server Common
1007651* - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For Mail Client
1002452* - Application Control For Eudora
DNS Server
1007648 - PowerDNS Authoritative Server DNS Packet Processing Denial Of Service Vulnerability (CVE-2015-5311)
Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
Suspicious Server Application Activity
1002378* - Detected Virtual Network Computing (VNC) Server Traffic
Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1
Web Application Common
1007715* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118)
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
Web Client Common
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007738* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118) - 1
1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1008033* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
1008044 - OpenJPEG JPEG2000 MCC Record Code Execution Vulnerability (CVE-2016-8332)
Web Client Internet Explorer/Edge
1006383* - Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)
Web Server Common
1007651* - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.