概要

* は既存ルールの新バージョンを示します。

DPI(Deep Packet Inspection) ルール:

CA ARCserve D2D Administration Interface
1010699 - Arcserve D2D External Entity Injection Vulnerability (CVE-2020-27858)


DNSサーバ
1010633* - Identified DNS Trojan.Linux.Anchor.A Traffic
1010632* - Identified DNS Trojan.Win64.Anchor.A Traffic


ディレクトリサーバ LDAP
1010301* - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)


ランサムウェアに関連する不審な活動(クライアント)
1010597* - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596* - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)
1010617* - Identified TLS Cobalt Strike Beacon (Certificate)


ランサムウェアに関連する不審な活動(サーバ)
1010638* - Identified FTP Backdoor.Win32.Qbot.JINX Runtime Detection


Trend Micro OfficeScan
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)


Webアプリケーション 共通
1000552* - Generic Cross Site Scripting(XSS) Prevention
1010727 - Mongo-Express Remote Code Execution Vulnerability (CVE-2019-10758)


Webアプリケーション Tomcat
1010688* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2017-12617)


Webクライアント 共通
1009779* - Microsoft Windows Multiple Security Vulnerabilities (June-2019)
1010716 - XStream Library Insecure Deserialization Vulnerability (CVE-2020-26217)


Webサーバ Apache
1010400* - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)


Webサーバ 共通
1010734 - Identified BumbleBee Webshell Traffic Over HTTP
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1


Webサーバ HTTPS
1010718 - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
1009968* - Multiple HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9513)
1009998* - Multiple HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9511)
1009944* - Multiple HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)
1010712 - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)


Webサーバ その他
1010662* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14181)
1010679 - SolarWinds Network Performance Monitor 'ExportToPDF' Information Disclosure Vulnerability (CVE-2020-27870)
1010678 - SolarWinds Network Performance Monitor 'VulnerabilitySettings' Directory Traversal Vulnerability (CVE-2020-27871)
1010677 - SolarWinds Network Performance Monitor 'WriteToFile' SQL Injection Vulnerability (CVE-2020-27869)
1010717* - SolarWinds Orion Platform Authentication Bypass Vulnerability (CVE-2020-10148)


Webサーバ Nagios
1010696* - Nagios XI SNMP Trap SQL Injection Vulnerability


Webサーバ RealVNC
1010726 - LibVNCServer Denial Of Service Vulnerability (CVE-2020-25708)


Webサーバ SharePoint
1010702* - Microsoft SharePoint Authenticated Remote Code Execution Vulnerability (CVE-2021-1707)
1010707* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0971)


Webmin
1010704* - Webmin Arbitrary Remote Command Execution Vulnerability (CVE-2020-35606)


変更監視(Integrity Monitoring)ルール:

今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。


セキュリティログ監視(Log Inspection)ルール:

今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。