Rule Update
20-042 (September 1, 2020)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1010164* - Identified Possible Ransomware File Extension Create Activity Over Network Share
Docker Daemon
1010326* - Identified Docker Daemon Remote API Call
HP Intelligent Management Center (IMC)
1010481 - Apache OFBiz XML-RPC Request Unsafe Deserialization Vulnerability (CVE-2020-9496)
Oracle SQL Net (TNS) Listener
1010475 - Oracle Database Server XML External Entity Injection Vulnerability (CVE-2014-6577)
Web Application Common
1010483 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11200)
1010484 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11201)
1010482 - Identified Reflected File Download Attack in URI Query Parameter
1005934* - Identified Suspicious Command Injection Attack
1010488 - Identified WordPress Database Reset Attempt
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010440* - OpenMRS Reflected Cross-Site Scripting Vulnerability (CVE-2020-5730)
Web Application PHP Based
1010212 - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
Web Client Common
1008702* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)
1008171* - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1010469* - TeamViewer Desktop Remote Code Execution Vulnerability (CVE-2020-13699)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1000131* - HTTP Header Length Restriction
1010477 - Java Unserialize Remote Code Execution Vulnerability - 1
1010445* - Opmantek Open-AudIT Command Injection Vulnerability (CVE-2020-12078)
Web Server HTTPS
1010479 - Malware Ngioweb
Web Server Miscellaneous
1010463* - Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization Vulnerability (CVE-2016-3642)
Web Server Oracle
1010474* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)
1010485 - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010478 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
Web Server SharePoint
1010335* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1181)
Zoho ManageEngine
1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
1010337 - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1010164* - Identified Possible Ransomware File Extension Create Activity Over Network Share
Docker Daemon
1010326* - Identified Docker Daemon Remote API Call
HP Intelligent Management Center (IMC)
1010481 - Apache OFBiz XML-RPC Request Unsafe Deserialization Vulnerability (CVE-2020-9496)
Oracle SQL Net (TNS) Listener
1010475 - Oracle Database Server XML External Entity Injection Vulnerability (CVE-2014-6577)
Web Application Common
1010483 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11200)
1010484 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11201)
1010482 - Identified Reflected File Download Attack in URI Query Parameter
1005934* - Identified Suspicious Command Injection Attack
1010488 - Identified WordPress Database Reset Attempt
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010440* - OpenMRS Reflected Cross-Site Scripting Vulnerability (CVE-2020-5730)
Web Application PHP Based
1010212 - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
Web Client Common
1008702* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)
1008171* - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1010469* - TeamViewer Desktop Remote Code Execution Vulnerability (CVE-2020-13699)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1000131* - HTTP Header Length Restriction
1010477 - Java Unserialize Remote Code Execution Vulnerability - 1
1010445* - Opmantek Open-AudIT Command Injection Vulnerability (CVE-2020-12078)
Web Server HTTPS
1010479 - Malware Ngioweb
Web Server Miscellaneous
1010463* - Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization Vulnerability (CVE-2016-3642)
Web Server Oracle
1010474* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)
1010485 - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010478 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
Web Server SharePoint
1010335* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1181)
Zoho ManageEngine
1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
1010337 - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.