Rule Update
21-047 (October 26, 2021)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Memcached
1011097* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)
1011098 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)
Web Client Common
1011127* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-55) - 2
1011185 - Chromium V8 Out Of Bounds Write Vulnerability (CVE-2021-30632)
1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)
Web Server HTTPS
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
Web Server Miscellaneous
1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)
Web Server Nagios
1011191 - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)
Web Server Squid
1011159* - Squid HTTP Request Smuggling Vulnerability (CVE-2019-18678)
Zoho ManageEngine
1011188 - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)
Integrity Monitoring Rules:
1002786* - Microsoft Windows - Microsoft hotfixes registry keys modified (ATT&CK T1112)
Log Inspection Rules:
1004488* - Database Server - Microsoft SQL
1010595* - Microsoft LDAP Query Execution
Deep Packet Inspection Rules:
Memcached
1011097* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)
1011098 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)
Web Client Common
1011127* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-55) - 2
1011185 - Chromium V8 Out Of Bounds Write Vulnerability (CVE-2021-30632)
1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)
Web Server HTTPS
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
Web Server Miscellaneous
1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)
Web Server Nagios
1011191 - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)
Web Server Squid
1011159* - Squid HTTP Request Smuggling Vulnerability (CVE-2019-18678)
Zoho ManageEngine
1011188 - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)
Integrity Monitoring Rules:
1002786* - Microsoft Windows - Microsoft hotfixes registry keys modified (ATT&CK T1112)
Log Inspection Rules:
1004488* - Database Server - Microsoft SQL
1010595* - Microsoft LDAP Query Execution