概要

* は既存ルールの新バージョンを示します。

DPI(Deep Packet Inspection) ルール:

DCERPCサービス
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)


Directory server LDAP
1010301 - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)


FTPサーバ 共通
1010229* - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137* - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)


SSL/TLSサーバ
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server


Webアプリケーション 共通
1010210* - Identified Default Credentials Usage In Sonatype Nexus Repository Manager
1010222 - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010282 - Sonatype Nexus Repository Manager Java EL Injection Remote Code Execution Vulnerability (CVE-2020-10199)


Webクライアント HTTPS
1010290 - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client


Webクライアント Internet Explorer/Edge
1010133* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)


Web Proxy Squid
1010295 - Squid Proxy X.509 Certificate Cross Site Scripting Vulnerability (CVE-2018-19131)


Webサーバ 共有
1010268* - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1010302 - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1000128* - HTTP Protocol Decoding
1010294* - Symantec Web Gateway Postauth Command Injection Vulnerability


Webサーバ その他
1008527* - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)


Webサーバ Oracle
1010253* - Oracle WebLogic Server T3 Protocol Deserialization Of Untrusted Data Vulnerability (CVE-2020-2883)


Zoho ManageEngine DataSecurity Plus XNode server
1010297 - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298 - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)


変更監視(Integrity Monitoring)ルール:

今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。


セキュリティログ監視(Log Inspection)ルール:

1008670* - Microsoft Windows Security Events - 3