概要

* は既存ルールの新バージョンを示します。

DPI(Deep Packet Inspection) ルール:

HP System Management Homepage
1010221* - HPE System Management Homepage Remote Denial of Service Vulnerability (CVE-2017-12545)


Jenkins Remoting
1010233 - Jenkins JRMP Java Library Deserialization Remote Code Execution Vulnerability (CVE-2016-0788)


Memcached
1010237 - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)


Redisサーバ
1010231* - Redis Cron Remote Code Execution Vulnerability


Webアプリケーション 共通
1010219 - Centreon formMibs.php Command Injection Vulnerability (CVE-2019-15298)
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010217* - rConfig 'commands.inc.php' SQL Injection Vulnerability (CVE-2020-10220)


Webアプリケーション PHP
1010245 - PHP 'ext/snmp/snmp.c' Use After Free Vulnerability (CVE-2016-6295)
1010234 - PHP 'get_headers()' NULL Byte Injection Vulnerability (CVE-2020-7066)


Webクライアント 共通
1010182* - Google Chrome Type Confusion Vulnerability (CVE-2020-6418)
1010244 - Microsoft Remote Desktop Connection Manager Information Disclosure Vulnerability (CVE-2020-0765)
1010224 - Microsoft Windows Media Foundation Remote Code Execution Vulnerability (CVE-2019-1430)


Webサーバ その他
1009942* - GNOME 'libsoup' HTTP Chunked Encoding Remote Code Execution Vulnerability (CVE-2017-2885)


Webサーバ Oracle
1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)


Webサーバ SharePoint
1010238 - Microsoft Office SharePoint Cross Site Scripting Vulnerability (CVE-2020-0693)
1010227* - Microsoft SharePoint Scorecards Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-0931)
1010228* - Microsoft SharePoint TypeConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-0932)


変更監視(Integrity Monitoring)ルール:

今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。


セキュリティログ監視(Log Inspection)ルール:

1005468* - Web Application - Wordpress