Rule Update
22-053 (November 1, 2022)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1011587 - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
JBoss Remoting Connector Unified Invoker
1011570* - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability
SolarWinds Information Service
1011586 - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)
WSO2 Enterprise Integrator
1011580* - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)
Web Application Common
1011588 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
1011577* - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1505.003)
Web Application PHP Based
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011584 - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582 - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
Web Server Miscellaneous
1011581* - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572* - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
1011583 - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)
Zoho ManageEngine
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1011453* - Microsoft Windows WMI Events - 1
Deep Packet Inspection Rules:
DCERPC Services
1011587 - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
JBoss Remoting Connector Unified Invoker
1011570* - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability
SolarWinds Information Service
1011586 - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)
WSO2 Enterprise Integrator
1011580* - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)
Web Application Common
1011588 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
1011577* - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1505.003)
Web Application PHP Based
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011584 - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582 - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
Web Server Miscellaneous
1011581* - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572* - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
1011583 - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)
Zoho ManageEngine
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1011453* - Microsoft Windows WMI Events - 1