概要

* は既存ルールの新バージョンを示します。

DPI(Deep Packet Inspection) ルール:

DNSサーバ
1010293 - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)


FTPサーバ 共通
1010229 - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137 - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)


Memcached
1010237* - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)


OpenSSL
1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server


OpenSSL Client
1010291 - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Client


SSL/TLSサーバ
1010146 - Identified Single Sign On (SSO) Attempt to Cisco Data Center Network Manager


SolarWinds Dameware Mini Remote Control
1010269* - SolarWinds DameWare 'SigPubkeyLen' Heap Buffer Overflow Vulnerability (CVE-2020-5734)


Trend Micro OfficeScan
1010179* - Trend Micro Multiple Products Arbitrary File Delete Vulnerability (CVE-2020-8470)


Webアプリケーション 共通
1010260* - Electron nodeIntegration Security Bypass Remote Code Execution Vulnerability (CVE-2018-1000136)
1010210* - Sonatype Nexus Repository Manager Default Credentials Vulnerability (CVE-2019-9629)


Webアプリケーション PHP
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)


Webクライアント 共通
1010285 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0959)
1010286 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0960)
1010287 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0988)
1010288 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0992)
1010289 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0994)


Webサーバ 共通
1010268 - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1000128* - HTTP Protocol Decoding
1010294 - Symantec Web Gateway Postauth Command Injection Vulnerability
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)


Webサーバ Oracle
1010242* - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2020-2798)
1010275* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2963)


Webサーバ SharePoint
1010277* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1102)


Windows SMB クライアント
1006994* - Executable File Download On Network Share Detected


変更監視(Integrity Monitoring)ルール:

今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。


セキュリティログ監視(Log Inspection)ルール:

1003802* - Directory Server - Microsoft Windows Active Directory
1010002* - Microsoft PowerShell Command Execution
1002795* - Microsoft Windows Events
1010095* - Microsoft Windows Management Instrumentation Events
1004057* - Microsoft Windows Security Events - 1
1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2
1010068* - Microsoft Windows Sysmon Events IDs