Trend Micro Security
  Rule Update

21-003 (2021年1月19日)


  概要

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

CA ARCserve D2D Administration Interface
1010699 - Arcserve D2D External Entity Injection Vulnerability (CVE-2020-27858)


DNS Server
1010633* - Identified DNS Trojan.Linux.Anchor.A Traffic
1010632* - Identified DNS Trojan.Win64.Anchor.A Traffic


Directory Server LDAP
1010301* - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)


Suspicious Client Ransomware Activity
1010597* - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596* - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)
1010617* - Identified TLS Cobalt Strike Beacon (Certificate)


Suspicious Server Ransomware Activity
1010638* - Identified FTP Backdoor.Win32.Qbot.JINX Runtime Detection


Trend Micro OfficeScan
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)


Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1010727 - Mongo-Express Remote Code Execution Vulnerability (CVE-2019-10758)


Web Application Tomcat
1010688* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2017-12617)


Web Client Common
1009779* - Microsoft Windows Multiple Security Vulnerabilities (June-2019)
1010716 - XStream Library Insecure Deserialization Vulnerability (CVE-2020-26217)


Web Server Apache
1010400* - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)


Web Server Common
1010734 - Identified BumbleBee Webshell Traffic Over HTTP
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1


Web Server HTTPS
1010718 - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
1009968* - Multiple HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9513)
1009998* - Multiple HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9511)
1009944* - Multiple HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)
1010712 - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)


Web Server Miscellaneous
1010662* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14181)
1010679 - SolarWinds Network Performance Monitor 'ExportToPDF' Information Disclosure Vulnerability (CVE-2020-27870)
1010678 - SolarWinds Network Performance Monitor 'VulnerabilitySettings' Directory Traversal Vulnerability (CVE-2020-27871)
1010677 - SolarWinds Network Performance Monitor 'WriteToFile' SQL Injection Vulnerability (CVE-2020-27869)
1010717* - SolarWinds Orion Platform Authentication Bypass Vulnerability (CVE-2020-10148)


Web Server Nagios
1010696* - Nagios XI SNMP Trap SQL Injection Vulnerability


Web Server RealVNC
1010726 - LibVNCServer Denial Of Service Vulnerability (CVE-2020-25708)


Web Server SharePoint
1010702* - Microsoft SharePoint Authenticated Remote Code Execution Vulnerability (CVE-2021-1707)
1010707* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0971)


Webmin
1010704* - Webmin Arbitrary Remote Command Execution Vulnerability (CVE-2020-35606)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.