Rule Update
17-019 (May 2, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008327 - Identified Server Suspicious SMB Session
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
DCERPC Services - Client
1008328 - Identified Client Suspicious SMB Session
DNS Server
1008188* - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278* - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
HP Intelligent Management Center (IMC)
1008299 - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
HP OpenView
1008256* - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Web Application Common
1008205* - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190* - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143* - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008322 - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
1008146* - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181* - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1007965* - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1008298 - Adobe Reader DC XObject stream Use After Free Remote Code Execution Vulnerability (CVE-2016-6938)
1008274* - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
Web Client Internet Explorer/Edge
1008162 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0046)
Web Server Miscellaneous
1008130* - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142* - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008327 - Identified Server Suspicious SMB Session
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
DCERPC Services - Client
1008328 - Identified Client Suspicious SMB Session
DNS Server
1008188* - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278* - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
HP Intelligent Management Center (IMC)
1008299 - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
HP OpenView
1008256* - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Web Application Common
1008205* - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190* - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143* - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008322 - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
1008146* - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181* - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1007965* - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1008298 - Adobe Reader DC XObject stream Use After Free Remote Code Execution Vulnerability (CVE-2016-6938)
1008274* - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
Web Client Internet Explorer/Edge
1008162 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0046)
Web Server Miscellaneous
1008130* - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142* - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.