Rule Update
17-048 (October 3, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center IMC Syslog Daemon
1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)
Suspicious Client Application Activity
1005294* - TMTR-0004: GHOST RAT HTTP Request
Web Application Common
1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1
Web Client Common
1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)
Web Client Mozilla Firefox
1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)
Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
Web Server Miscellaneous
1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)
Integrity Monitoring Rules:
1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1004950* - Microsoft Visual Studio - New Add-In Created
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP Intelligent Management Center IMC Syslog Daemon
1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)
Suspicious Client Application Activity
1005294* - TMTR-0004: GHOST RAT HTTP Request
Web Application Common
1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1
Web Client Common
1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)
Web Client Mozilla Firefox
1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)
Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
Web Server Miscellaneous
1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)
Integrity Monitoring Rules:
1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1004950* - Microsoft Visual Studio - New Add-In Created
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.