Rule Update
22-001 (2022年1月4日)
2022年1月4日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1011259 - Dolibarr ERP And CRM Command Injection Vulnerability (CVE-2021-33816)
1011258 - Dolibarr ERP And CRM Stored Cross-Site Scripting Vulnerability (CVE-2021-33618)
Web Application PHP Based
1011252 - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
Web Server Common
1011245 - Apache APISIX 'uri-block' Plugin Path Traversal Vulnerability (CVE-2021-43557)
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)
Web Server Miscellaneous
1011256 - Jenkins 'Artifact Repository Parameter' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21622)
Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
Zoho ManageEngine
1011257 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011255 - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
Web Application Common
1011259 - Dolibarr ERP And CRM Command Injection Vulnerability (CVE-2021-33816)
1011258 - Dolibarr ERP And CRM Stored Cross-Site Scripting Vulnerability (CVE-2021-33618)
Web Application PHP Based
1011252 - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
Web Server Common
1011245 - Apache APISIX 'uri-block' Plugin Path Traversal Vulnerability (CVE-2021-43557)
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)
Web Server Miscellaneous
1011256 - Jenkins 'Artifact Repository Parameter' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21622)
Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
Zoho ManageEngine
1011257 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011255 - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3