Rule Update
DPIルール他更新情報:24-022(2024年4月30日)
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007125* - Remote Access Event Through SMBv1 Protocol Detected
DCERPCサービス - クライアント
1008187* - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1008201* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
1008177* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
Djangoサーバ
1012022 - Django Denial Of Service Vulnerability (CVE-2023-46695)
Ivanti Avalanche Remote Control Server
1011962* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2023-46262)
NTPクライアント
1008004* - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)
1006630* - NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
SolarWinds Access Rights Manager
1012024 - SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23477)
SolarWinds Orion Platform
1011977* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-35188)
1011986* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-50395)
Solrサービス
1012028 - Apache Solr Arbitrary File Upload Vulnerability (CVE-2023-50386)
Unix Samba
1012023 - Linux Kernel KSMBD Buffer Overflow Vulnerability (CVE-2023-52440)
Webクライアント 共通
1011960* - 7-Zip Integer Underflow Vulnerability (CVE-2023-31102)
Webサーバ HTTPS
1011973* - Cacti SQL Injection Vulnerability (CVE-2023-51448)
Webサーバ Nagios
1012004* - Nagios XI Directory Traversal Vulnerability (CVE-2023-48085)
1012027 - Nagios XI SQL Injection Vulnerability (CVE-2024-24401)
Windowsサービス RPCクライアント DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007125* - Remote Access Event Through SMBv1 Protocol Detected
DCERPCサービス - クライアント
1008187* - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1008201* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
1008177* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
Djangoサーバ
1012022 - Django Denial Of Service Vulnerability (CVE-2023-46695)
Ivanti Avalanche Remote Control Server
1011962* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2023-46262)
NTPクライアント
1008004* - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)
1006630* - NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
SolarWinds Access Rights Manager
1012024 - SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23477)
SolarWinds Orion Platform
1011977* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-35188)
1011986* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-50395)
Solrサービス
1012028 - Apache Solr Arbitrary File Upload Vulnerability (CVE-2023-50386)
Unix Samba
1012023 - Linux Kernel KSMBD Buffer Overflow Vulnerability (CVE-2023-52440)
Webクライアント 共通
1011960* - 7-Zip Integer Underflow Vulnerability (CVE-2023-31102)
Webサーバ HTTPS
1011973* - Cacti SQL Injection Vulnerability (CVE-2023-51448)
Webサーバ Nagios
1012004* - Nagios XI Directory Traversal Vulnerability (CVE-2023-48085)
1012027 - Nagios XI SQL Injection Vulnerability (CVE-2024-24401)
Windowsサービス RPCクライアント DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。