Rule Update
DPIルール他更新情報:20-026(2020年6月2日)
2020年6月2日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)
Directory server LDAP
1010301 - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)
FTPサーバ 共通
1010229* - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137* - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)
SSL/TLSサーバ
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server
Webアプリケーション 共通
1010210* - Identified Default Credentials Usage In Sonatype Nexus Repository Manager
1010222 - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010282 - Sonatype Nexus Repository Manager Java EL Injection Remote Code Execution Vulnerability (CVE-2020-10199)
Webクライアント HTTPS
1010290 - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client
Webクライアント Internet Explorer/Edge
1010133* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)
Web Proxy Squid
1010295 - Squid Proxy X.509 Certificate Cross Site Scripting Vulnerability (CVE-2018-19131)
Webサーバ 共有
1010268* - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1010302 - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1000128* - HTTP Protocol Decoding
1010294* - Symantec Web Gateway Postauth Command Injection Vulnerability
Webサーバ その他
1008527* - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)
Webサーバ Oracle
1010253* - Oracle WebLogic Server T3 Protocol Deserialization Of Untrusted Data Vulnerability (CVE-2020-2883)
Zoho ManageEngine DataSecurity Plus XNode server
1010297 - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298 - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1008670* - Microsoft Windows Security Events - 3
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)
Directory server LDAP
1010301 - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)
FTPサーバ 共通
1010229* - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137* - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)
SSL/TLSサーバ
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server
Webアプリケーション 共通
1010210* - Identified Default Credentials Usage In Sonatype Nexus Repository Manager
1010222 - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010282 - Sonatype Nexus Repository Manager Java EL Injection Remote Code Execution Vulnerability (CVE-2020-10199)
Webクライアント HTTPS
1010290 - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client
Webクライアント Internet Explorer/Edge
1010133* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)
Web Proxy Squid
1010295 - Squid Proxy X.509 Certificate Cross Site Scripting Vulnerability (CVE-2018-19131)
Webサーバ 共有
1010268* - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1010302 - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1000128* - HTTP Protocol Decoding
1010294* - Symantec Web Gateway Postauth Command Injection Vulnerability
Webサーバ その他
1008527* - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)
Webサーバ Oracle
1010253* - Oracle WebLogic Server T3 Protocol Deserialization Of Untrusted Data Vulnerability (CVE-2020-2883)
Zoho ManageEngine DataSecurity Plus XNode server
1010297 - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298 - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1008670* - Microsoft Windows Security Events - 3