Rule Update
21-059 (December 21, 2021)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Storm Nimbus
1011236* - Apache Storm Command Injection Vulnerability (CVE-2021-38294)
Directory Server LDAP
1011246 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over LDAP (CVE-2021-42278)
SolarWinds Network Performance Monitor
1011229* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221* - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
1011230 - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)
Web Application Common
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
1011198 - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)
Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
Web Server HTTPS
1011232* - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)
Web Server SharePoint
1011224* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)
Web Server Squid
1011234* - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)
Windows SMB Server
1011251 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)
Zoho ManageEngine
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011250 - Web Server - Apache - 2
Deep Packet Inspection Rules:
Apache Storm Nimbus
1011236* - Apache Storm Command Injection Vulnerability (CVE-2021-38294)
Directory Server LDAP
1011246 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over LDAP (CVE-2021-42278)
SolarWinds Network Performance Monitor
1011229* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221* - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
1011230 - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)
Web Application Common
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
1011198 - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)
Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
Web Server HTTPS
1011232* - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)
Web Server SharePoint
1011224* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)
Web Server Squid
1011234* - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)
Windows SMB Server
1011251 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)
Zoho ManageEngine
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011250 - Web Server - Apache - 2