Rule Update

22-018 (April 12, 2022)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

MySQL Cluster
1011222 - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)


MySQL Cluster NDBD
1011362 - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
1011385 - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)


Web Application Common
1011364* - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-0819)
1011381 - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)


Web Application PHP Based
1011386 - Identified WordPress 'Error Log Viewer' Plugin File Clearing Request
1011380 - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011387 - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)


Web Client Common
1011383 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0289)


Web Server Common
1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
1011372* - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)


Web Server Miscellaneous
1011378 - Eclipse Jetty Unauthenticated Information Disclosure Vulnerability (CVE-2021-28169)
1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.