Rule Update
DPIルール他更新情報:20-033(2020年7月14日)
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス - クライアント
1010394 - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
DNSクライアント
1010406 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Client
DNSサーバ
1010293* - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
1010401 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Server
ディレクトリサーバ LDAP
1010350 - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
Remote Desktop Protocol Client
1010402 - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Webアプリケーション 共通
1010391 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Webクライアント 共通
1010392 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Client
1010403 - Microsoft Windows Font Parsing Remote Code Execution Vulnerability (CVE-2020-1355)
1010397 - Microsoft Windows JET Database Engine Remote Code Execution Vulnerability (CVE-2020-1400)
1010395 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2020-1421)
1010404 - Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability (CVE-2020-1436)
Webクライアント Internet Explorer/Edge
1010393 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1403)
Webサーバ Apache
1009963* - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)
Webサービス 共通
1010374 - Cayin CMS NTP Server Remote Code Execution Vulnerability (CVE-2020-7357)
1010405 - JAWS Remote Code Execution Vulnerability
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
1010342 - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1010387 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10547)
1010386 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10549)
1010378 - rConfig SQL Injection Vulnerability (CVE-2020-10546)
Webサーバ SharePoint
1010398 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439)
1010399 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439) - 1
変更監視(Integrity Monitoring)ルール:
1010389* - Unix - Monitor Processes Running From '/tmp' Directories (ATT&CK T1059)
セキュリティログ監視(Log Inspection)ルール:
1003631 - DNS Server - Microsoft Windows
DPI(Deep Packet Inspection) ルール:
DCERPCサービス - クライアント
1010394 - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
DNSクライアント
1010406 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Client
DNSサーバ
1010293* - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
1010401 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Server
ディレクトリサーバ LDAP
1010350 - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
Remote Desktop Protocol Client
1010402 - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Webアプリケーション 共通
1010391 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Webクライアント 共通
1010392 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Client
1010403 - Microsoft Windows Font Parsing Remote Code Execution Vulnerability (CVE-2020-1355)
1010397 - Microsoft Windows JET Database Engine Remote Code Execution Vulnerability (CVE-2020-1400)
1010395 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2020-1421)
1010404 - Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability (CVE-2020-1436)
Webクライアント Internet Explorer/Edge
1010393 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1403)
Webサーバ Apache
1009963* - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)
Webサービス 共通
1010374 - Cayin CMS NTP Server Remote Code Execution Vulnerability (CVE-2020-7357)
1010405 - JAWS Remote Code Execution Vulnerability
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
1010342 - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1010387 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10547)
1010386 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10549)
1010378 - rConfig SQL Injection Vulnerability (CVE-2020-10546)
Webサーバ SharePoint
1010398 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439)
1010399 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439) - 1
変更監視(Integrity Monitoring)ルール:
1010389* - Unix - Monitor Processes Running From '/tmp' Directories (ATT&CK T1059)
セキュリティログ監視(Log Inspection)ルール:
1003631 - DNS Server - Microsoft Windows