Rule Update
20-025 (2020年5月26日)
2020年5月26日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1010293 - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
FTP Server Common
1010229 - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137 - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)
Memcached
1010237* - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)
OpenSSL
1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server
OpenSSL Client
1010291 - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Client
SSL/TLS Server
1010146 - Identified Single Sign On (SSO) Attempt to Cisco Data Center Network Manager
SolarWinds Dameware Mini Remote Control
1010269* - SolarWinds DameWare 'SigPubkeyLen' Heap Buffer Overflow Vulnerability (CVE-2020-5734)
Trend Micro OfficeScan
1010179* - Trend Micro Multiple Products Arbitrary File Delete Vulnerability (CVE-2020-8470)
Web Application Common
1010260* - Electron nodeIntegration Security Bypass Remote Code Execution Vulnerability (CVE-2018-1000136)
1010210* - Sonatype Nexus Repository Manager Default Credentials Vulnerability (CVE-2019-9629)
Web Application PHP Based
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
Web Client Common
1010285 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0959)
1010286 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0960)
1010287 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0988)
1010288 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0992)
1010289 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0994)
Web Server Common
1010268 - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1000128* - HTTP Protocol Decoding
1010294 - Symantec Web Gateway Postauth Command Injection Vulnerability
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server Oracle
1010242* - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2020-2798)
1010275* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2963)
Web Server SharePoint
1010277* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1102)
Windows SMB Client
1006994* - Executable File Download On Network Share Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003802* - Directory Server - Microsoft Windows Active Directory
1010002* - Microsoft PowerShell Command Execution
1002795* - Microsoft Windows Events
1010095* - Microsoft Windows Management Instrumentation Events
1004057* - Microsoft Windows Security Events - 1
1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2
1010068* - Microsoft Windows Sysmon Events IDs
Deep Packet Inspection Rules:
DNS Server
1010293 - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
FTP Server Common
1010229 - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137 - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)
Memcached
1010237* - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)
OpenSSL
1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server
OpenSSL Client
1010291 - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Client
SSL/TLS Server
1010146 - Identified Single Sign On (SSO) Attempt to Cisco Data Center Network Manager
SolarWinds Dameware Mini Remote Control
1010269* - SolarWinds DameWare 'SigPubkeyLen' Heap Buffer Overflow Vulnerability (CVE-2020-5734)
Trend Micro OfficeScan
1010179* - Trend Micro Multiple Products Arbitrary File Delete Vulnerability (CVE-2020-8470)
Web Application Common
1010260* - Electron nodeIntegration Security Bypass Remote Code Execution Vulnerability (CVE-2018-1000136)
1010210* - Sonatype Nexus Repository Manager Default Credentials Vulnerability (CVE-2019-9629)
Web Application PHP Based
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
Web Client Common
1010285 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0959)
1010286 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0960)
1010287 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0988)
1010288 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0992)
1010289 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0994)
Web Server Common
1010268 - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1000128* - HTTP Protocol Decoding
1010294 - Symantec Web Gateway Postauth Command Injection Vulnerability
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server Oracle
1010242* - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2020-2798)
1010275* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2963)
Web Server SharePoint
1010277* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1102)
Windows SMB Client
1006994* - Executable File Download On Network Share Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003802* - Directory Server - Microsoft Windows Active Directory
1010002* - Microsoft PowerShell Command Execution
1002795* - Microsoft Windows Events
1010095* - Microsoft Windows Management Instrumentation Events
1004057* - Microsoft Windows Security Events - 1
1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2
1010068* - Microsoft Windows Sysmon Events IDs