Rule Update
18-009 (February 6, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
DCERPC Services - Client
1008577 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2016-3235)
Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
HP Intelligent Management Center (IMC)
1008764 - HPE Intelligent Management Center Directory Traversal Vulnerabilities
Trend Micro OfficeScan
1001050* - Trend Micro OfficeScan Server CGI Module Authentication Bypass
Web Application PHP Based
1008858 - Identified Access To 'wp-admin' Directory
1005725* - PHP 'phar_parse_tarfile' Function Integer Overflow
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability
Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004596* - Detected Night Dragon Network Communication
1005001* - Disallow Packed Executable Download Over HTTP
1003834* - FFmpeg 'lavf_demux' Animated GIF Processing Remote Denial Of Service Vulnerability
1005269* - Identified Download Of DLL File Over WebDAV
1004242* - Media Player Classic '.mpcpl' File Remote Denial Of Service Vulnerability
1008573 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2016-3235)
1008838 - Microsoft Windows ITS Protocol Information Disclosure Vulnerability (CVE-2017-11927)
1004665* - Multiple Browser "res://mshtml.dll" Remote Code Execution
1008457* - Ransomware Erebus
1005395* - Restrict Serialized Java Applet
1002519* - Storm Botnet Redirect Script Insertion Vulnerability
Web Client Internet Explorer/Edge
1004021* - IE DHTML Object Memory Corruption Vulnerability
1005301* - Identified Suspicious JavaScript Encoded Window Location Object
1003931* - Microsoft Windows Script Host wshom.ocx ActiveX RegWrite Code Execution
1004626* - Restrict Cisco Secure Desktop ActiveX Control
1004743* - Restrict Citrix Access Gateway ActiveX Control
1005822* - Restrict IBM iNotes UploadControl ActiveX Controls
1005152* - Restrict Microsoft Windows TabStrip ActiveX Control
Web Client Mozilla Firefox
1004371* - Mozilla Firefox Obfuscated URLs Within Iframes Vulnerability
Web Server Common
1005013* - Restrict Microsoft .Net Executable File Upload
Web Server Miscellaneous
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Web Server Oracle
1003439* - Oracle Application Server 10g OPMN Service Format String Vulnerability
Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
DCERPC Services - Client
1008577 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2016-3235)
Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
HP Intelligent Management Center (IMC)
1008764 - HPE Intelligent Management Center Directory Traversal Vulnerabilities
Trend Micro OfficeScan
1001050* - Trend Micro OfficeScan Server CGI Module Authentication Bypass
Web Application PHP Based
1008858 - Identified Access To 'wp-admin' Directory
1005725* - PHP 'phar_parse_tarfile' Function Integer Overflow
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability
Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004596* - Detected Night Dragon Network Communication
1005001* - Disallow Packed Executable Download Over HTTP
1003834* - FFmpeg 'lavf_demux' Animated GIF Processing Remote Denial Of Service Vulnerability
1005269* - Identified Download Of DLL File Over WebDAV
1004242* - Media Player Classic '.mpcpl' File Remote Denial Of Service Vulnerability
1008573 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2016-3235)
1008838 - Microsoft Windows ITS Protocol Information Disclosure Vulnerability (CVE-2017-11927)
1004665* - Multiple Browser "res://mshtml.dll" Remote Code Execution
1008457* - Ransomware Erebus
1005395* - Restrict Serialized Java Applet
1002519* - Storm Botnet Redirect Script Insertion Vulnerability
Web Client Internet Explorer/Edge
1004021* - IE DHTML Object Memory Corruption Vulnerability
1005301* - Identified Suspicious JavaScript Encoded Window Location Object
1003931* - Microsoft Windows Script Host wshom.ocx ActiveX RegWrite Code Execution
1004626* - Restrict Cisco Secure Desktop ActiveX Control
1004743* - Restrict Citrix Access Gateway ActiveX Control
1005822* - Restrict IBM iNotes UploadControl ActiveX Controls
1005152* - Restrict Microsoft Windows TabStrip ActiveX Control
Web Client Mozilla Firefox
1004371* - Mozilla Firefox Obfuscated URLs Within Iframes Vulnerability
Web Server Common
1005013* - Restrict Microsoft .Net Executable File Upload
Web Server Miscellaneous
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Web Server Oracle
1003439* - Oracle Application Server 10g OPMN Service Format String Vulnerability
Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.