Rule Update
20-027 (09 giugno 2020)
Publish Date: 09 giugno 2020
Descrizione
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1010317 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
DCERPC Services - Client
1010319 - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
Directory Server LDAP
1010321 - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)
1010301* - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)
HP Intelligent Management Center (IMC)
1010248 - HPE Intelligent Management Center 'ForwardRedirect' Expression Language Injection Vulnerability (CVE-2019-11969)
SSL/TLS Server
1010312 - Identified Suspicious TLS Request
1010316 - Identified Suspicious TLS Request - 1
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server
Suspicious Client Application Activity
1010307 - Identified Reverse Shell Communication Over HTTPS
1010306 - Identified Reverse Shell Communication Over HTTPS - 1
Web Application Common
1010175 - Cross-Site Scripting (XSS) Decoder
1010222* - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010218 - SolarWinds Serv-U FTP Server Web UI Stored Cross-Site Scripting Vulnerability (CVE-2019-13182) - 1
Web Application Tomcat
1010320 - Apache Tomcat Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-9484)
Web Client Internet Explorer/Edge
1010318 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2020-1219)
1010309 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1213)
1010310 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1214)
1010313 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1215)
1010314 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1216)
1010315 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1230)
1010311 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1260)
1002708* - Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow
Web Server Common
1010302* - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1010134* - rConfig Remote Command Execution Vulnerability (CVE-2019-19509)
Web Server Oracle
1010292 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2884)
Zoho ManageEngine DataSecurity Plus XNode server
1010297* - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298* - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1010317 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
DCERPC Services - Client
1010319 - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
Directory Server LDAP
1010321 - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)
1010301* - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)
HP Intelligent Management Center (IMC)
1010248 - HPE Intelligent Management Center 'ForwardRedirect' Expression Language Injection Vulnerability (CVE-2019-11969)
SSL/TLS Server
1010312 - Identified Suspicious TLS Request
1010316 - Identified Suspicious TLS Request - 1
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server
Suspicious Client Application Activity
1010307 - Identified Reverse Shell Communication Over HTTPS
1010306 - Identified Reverse Shell Communication Over HTTPS - 1
Web Application Common
1010175 - Cross-Site Scripting (XSS) Decoder
1010222* - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010218 - SolarWinds Serv-U FTP Server Web UI Stored Cross-Site Scripting Vulnerability (CVE-2019-13182) - 1
Web Application Tomcat
1010320 - Apache Tomcat Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-9484)
Web Client Internet Explorer/Edge
1010318 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2020-1219)
1010309 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1213)
1010310 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1214)
1010313 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1215)
1010314 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1216)
1010315 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1230)
1010311 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1260)
1002708* - Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow
Web Server Common
1010302* - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1010134* - rConfig Remote Command Execution Vulnerability (CVE-2019-19509)
Web Server Oracle
1010292 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2884)
Zoho ManageEngine DataSecurity Plus XNode server
1010297* - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298* - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.