Rule Update
21-045 (October 12, 2021)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008422* - Detected SMB Request
DCERPC Services - Client
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
Trend Micro OfficeScan
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)
Web Application Common
1011171 - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)
1011170 - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1011173 - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011174 - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
Web Application PHP Based
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
Web Server Common
1011110 - Identified Slow HTTP Denial Of Service Attack (ATT&CK T1498.001)
Web Server HTTPS
1011161* - Centreon 'graph-split.php' SQL Injection Vulnerability
1011166* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22242)
1011167* - VMware vCenter Server File Upload Vulnerability (CVE-2021-22005)
1011120* - WebSVN Command Injection Vulnerability (CVE-2021-32305)
1011169 - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168 - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172 - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
Web Server Nagios
1011164* - Nagios XI Stored Cross-Site Scripting Vulnerability (CVE-2021-38156)
Zoho ManageEngine
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
Deep Packet Inspection Rules:
DCERPC Services
1008422* - Detected SMB Request
DCERPC Services - Client
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
Trend Micro OfficeScan
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)
Web Application Common
1011171 - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)
1011170 - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1011173 - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011174 - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
Web Application PHP Based
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
Web Server Common
1011110 - Identified Slow HTTP Denial Of Service Attack (ATT&CK T1498.001)
Web Server HTTPS
1011161* - Centreon 'graph-split.php' SQL Injection Vulnerability
1011166* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22242)
1011167* - VMware vCenter Server File Upload Vulnerability (CVE-2021-22005)
1011120* - WebSVN Command Injection Vulnerability (CVE-2021-32305)
1011169 - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168 - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172 - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
Web Server Nagios
1011164* - Nagios XI Stored Cross-Site Scripting Vulnerability (CVE-2021-38156)
Zoho ManageEngine
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)