Rule Update
DPIルール他更新情報:21-045(2021年10月12日)
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1008422* - Detected SMB Request
DCERPCサービス - クライアント
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
Trend Micro OfficeScan
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)
Webアプリケーション 共通
1011171 - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)
1011170 - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1011173 - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011174 - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
Webアプリケーション PHP
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
Webサーバ 共通
1011110 - Identified Slow HTTP Denial Of Service Attack (ATT&CK T1498.001)
Webサーバ HTTPS
1011161* - Centreon 'graph-split.php' SQL Injection Vulnerability
1011166* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22242)
1011167* - VMware vCenter Server File Upload Vulnerability (CVE-2021-22005)
1011120* - WebSVN Command Injection Vulnerability (CVE-2021-32305)
1011169 - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168 - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172 - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
Webサーバ Nagios
1011164* - Nagios XI Stored Cross-Site Scripting Vulnerability (CVE-2021-38156)
Zoho ManageEngine
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1008422* - Detected SMB Request
DCERPCサービス - クライアント
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
Trend Micro OfficeScan
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)
Webアプリケーション 共通
1011171 - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)
1011170 - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1011173 - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011174 - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
Webアプリケーション PHP
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
Webサーバ 共通
1011110 - Identified Slow HTTP Denial Of Service Attack (ATT&CK T1498.001)
Webサーバ HTTPS
1011161* - Centreon 'graph-split.php' SQL Injection Vulnerability
1011166* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22242)
1011167* - VMware vCenter Server File Upload Vulnerability (CVE-2021-22005)
1011120* - WebSVN Command Injection Vulnerability (CVE-2021-32305)
1011169 - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168 - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172 - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
Webサーバ Nagios
1011164* - Nagios XI Stored Cross-Site Scripting Vulnerability (CVE-2021-38156)
Zoho ManageEngine
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)