Rule Update

22-050 (October 11, 2022)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

SolarWinds Information Service
1011552 - SolarWinds Network Performance Monitor 'UpdateActionsDescriptions' SQL Injection Vulnerability (CVE-2022-36961)


Web Application PHP Based
1011561 - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)


Web Client HTTPS
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1


Web Server Adobe ColdFusion
1011558 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38418)
1011557 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38421)
1011556 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38423)
1011563 - Adobe ColdFusion Information Disclosure Vulnerability (CVE-2022-38422)


Web Server Adobe ColdFusion AddOns
1011559 - Adobe ColdFusion Authentication Bypass Vulnerability (CVE-2022-38420)
1011560 - Adobe ColdFusion Information Disclosure Vulnerability (CVE-2022-38419)


Web Server Common
1011553 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4464)


Web Server HTTPS
1011550* - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)


Web Server Miscellaneous
1011546* - Apache JSPWiki 'AJAXPreview.jsp' Reflected Cross-Site Scripting (CVE-2022-28730)
1011551* - Apache JSPWiki 'WeblogPlugin' Stored Cross-Site Scripting Vulnerability (CVE-2022-28732)


Web Server SharePoint
1011554 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-38053)


Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)


Zoho ManageEngine
1011549 - Zoho ManageEngine Multiple Products 'DashBoardTableController' SQL Injection Vulnerability (CVE-2022-40300)


Integrity Monitoring Rules:

1003587* - Linux/Unix - Directory attributes of /bin modified (ATT&CK T1222.002)
1002766* - Linux/Unix - Directory attributes of /sbin modified (ATT&CK T1222.002)
1003573* - Linux/Unix - File attributes in the /bin directory modified
1003513* - Linux/Unix - File attributes in the /etc directory modified
1003514* - Linux/Unix - File attributes in the /lib directory modified
1003574* - Linux/Unix - File attributes in the /sbin directory modified
1002770* - Linux/Unix - File attributes in the /usr/bin and /usr/sbin directories modified
1008464* - Linux/Unix - File attributes in the /usr/etc, /usr/lib, /usr/lib64, /usr/libexec And /usr/local directories modified


Log Inspection Rules:

1004057* - Microsoft Windows Security Events - 1