概要

* は既存ルールの新バージョンを示します。

DPI(Deep Packet Inspection) ルール:

CyberArk Password Vault
1009127* - CyberArk Password Vault Memory Disclosure Vulnerability (CVE-2018-9842)


FTPサーバ WarFTPd
1009229 - WarFTPd 'CWD/MKD' Command Denial Of Service Vulnerability (CVE-2000-0131)


ISC DHCP OMAPI
1008902 - Identified Too Many DHCP OMAPI Connections


Microsoft Office
1009200 - Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8246)


VoIP Smart
1008911 - Asterisk SUBSCRIBE Request Buffer Overflow Remote Code Execution Vulnerability (CVE-2018-7284)


Webアプリケーション 共通
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
1009178 - ImageMagick 'MngInfoDiscardObject' Heap Use After Free Vulnerability (CVE-2017-18272) - 1
1009198 - ImageMagick 'ReadTXTImage' Denial Of Service Vulnerability (CVE-2017-18273) - 1


Webアプリケーション PHP
1008920 - Joomla Component 'jLike' Information Leak Vulnerability (CVE-2018-6610)


Webクライアント 共通
1009165 - Adobe Acrobat And Reader Heap Overflow Vulnerability (CVE-2018-4978)
1009175 - Adobe Acrobat And Reader Heap Overflow Vulnerability (CVE-2018-4984)
1008886* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1009096* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-09) - 1
1009208* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 3
1009177 - ImageMagick 'MngInfoDiscardObject' Heap Use After Free Vulnerability (CVE-2017-18272)
1009197 - ImageMagick 'ReadTXTImage' Denial Of Service Vulnerability (CVE-2017-18273)
1009149 - Microsoft Windows OpenType Font Driver Elevation Of Privilege Vulnerability (CVE-2018-1008)
1008961* - Microsoft Windows Remote Assistance Information Disclosure Vulnerability (CVE-2018-0878)
1009238* - Microsoft Windows Remote Code Execution Vulnerability


Webクライアント Internet Explorer/Edge
1009221 - Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8139)
1008929* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0893)


Webサーバ Apache
1009170 - Apache Server Side Include Cross Site Scripting Vulnerability (CVE-2002-0840)


Webサーバ その他
1008840* - Apache CouchDB '_config' Command Execution Vulnerability


変更監視(Integrity Monitoring)ルール:

今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。


セキュリティログ監視(Log Inspection)ルール:

1003447* - Webサーバ - Apache