Rule Update
21-032 (July 13, 2021)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Oracle E-Business Suite Web Interface
1011019* - Oracle E-Business Suite Denial Of Service Vulnerability (CVE-2021-2190)
Pulsar Binary Protocol
1010998 - Apache Pulsar JSON Web Token Authentication Bypass Vulnerability Over Pulsar (CVE-2021-22160)
Web Client Common
1011032 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)
Web Client Internet Explorer/Edge
1011040 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448)
Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
Web Server HTTPS
1011041 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)
Web Server Miscellaneous
1011028 - Jenkins 'Scriptler' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21667)
Web Server Nagios
1011023 - Nagios XI 'Custom-includes' Module Directory Traversal Vulnerability (CVE-2021-3277)
Web Server SharePoint
1011030 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467)
Windows Server DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
Zoho ManageEngine
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
Integrity Monitoring Rules:
1002875* - Linux/Unix - Software installed, updated or removed
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
1010791 - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
1009643* - Linux/Unix - bash command history cleared (ATT&CK T1059.004)
1009622* - Linux/Unix - bash non-root user configuration files modified (ATT&CK T1546.004)
1011021 - Linux/Unix - bash root user configuration files modified (ATT&CK T1546.004)
Log Inspection Rules:
1011042 - SolarWinds Serv-U SSH EXCEPTION (CVE-2021-35211)
Deep Packet Inspection Rules:
Oracle E-Business Suite Web Interface
1011019* - Oracle E-Business Suite Denial Of Service Vulnerability (CVE-2021-2190)
Pulsar Binary Protocol
1010998 - Apache Pulsar JSON Web Token Authentication Bypass Vulnerability Over Pulsar (CVE-2021-22160)
Web Client Common
1011032 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)
Web Client Internet Explorer/Edge
1011040 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448)
Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
Web Server HTTPS
1011041 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)
Web Server Miscellaneous
1011028 - Jenkins 'Scriptler' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21667)
Web Server Nagios
1011023 - Nagios XI 'Custom-includes' Module Directory Traversal Vulnerability (CVE-2021-3277)
Web Server SharePoint
1011030 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467)
Windows Server DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
Zoho ManageEngine
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
Integrity Monitoring Rules:
1002875* - Linux/Unix - Software installed, updated or removed
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
1010791 - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
1009643* - Linux/Unix - bash command history cleared (ATT&CK T1059.004)
1009622* - Linux/Unix - bash non-root user configuration files modified (ATT&CK T1546.004)
1011021 - Linux/Unix - bash root user configuration files modified (ATT&CK T1546.004)
Log Inspection Rules:
1011042 - SolarWinds Serv-U SSH EXCEPTION (CVE-2021-35211)