Rule Update
20-033 (July 14, 2020)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1010394 - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
DNS Client
1010406 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Client
DNS Server
1010293* - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
1010401 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Server
Directory Server LDAP
1010350 - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
Remote Desktop Protocol Client
1010402 - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Web Application Common
1010391 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Web Client Common
1010392 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Client
1010403 - Microsoft Windows Font Parsing Remote Code Execution Vulnerability (CVE-2020-1355)
1010397 - Microsoft Windows JET Database Engine Remote Code Execution Vulnerability (CVE-2020-1400)
1010395 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2020-1421)
1010404 - Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability (CVE-2020-1436)
Web Client Internet Explorer/Edge
1010393 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1403)
Web Server Apache
1009963* - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)
Web Server Common
1010374 - Cayin CMS NTP Server Remote Code Execution Vulnerability (CVE-2020-7357)
1010405 - JAWS Remote Code Execution Vulnerability
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
1010342 - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1010387 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10547)
1010386 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10549)
1010378 - rConfig SQL Injection Vulnerability (CVE-2020-10546)
Web Server SharePoint
1010398 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439)
1010399 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439) - 1
Integrity Monitoring Rules:
1010389* - Unix - Monitor Processes Running From '/tmp' Directories (ATT&CK T1059)
Log Inspection Rules:
1003631 - DNS Server - Microsoft Windows
Deep Packet Inspection Rules:
DCERPC Services - Client
1010394 - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
DNS Client
1010406 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Client
DNS Server
1010293* - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
1010401 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Server
Directory Server LDAP
1010350 - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
Remote Desktop Protocol Client
1010402 - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Web Application Common
1010391 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Web Client Common
1010392 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Client
1010403 - Microsoft Windows Font Parsing Remote Code Execution Vulnerability (CVE-2020-1355)
1010397 - Microsoft Windows JET Database Engine Remote Code Execution Vulnerability (CVE-2020-1400)
1010395 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2020-1421)
1010404 - Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability (CVE-2020-1436)
Web Client Internet Explorer/Edge
1010393 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1403)
Web Server Apache
1009963* - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)
Web Server Common
1010374 - Cayin CMS NTP Server Remote Code Execution Vulnerability (CVE-2020-7357)
1010405 - JAWS Remote Code Execution Vulnerability
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
1010342 - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1010387 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10547)
1010386 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10549)
1010378 - rConfig SQL Injection Vulnerability (CVE-2020-10546)
Web Server SharePoint
1010398 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439)
1010399 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439) - 1
Integrity Monitoring Rules:
1010389* - Unix - Monitor Processes Running From '/tmp' Directories (ATT&CK T1059)
Log Inspection Rules:
1003631 - DNS Server - Microsoft Windows