DeepSecurity

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DHCP Client
    1009597 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0726)


    DHCP Server
    1009542 - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


    Database PostgreSQL
    1009614 - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


    Kubernetes Web UI (Dashboard)
    1009493* - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)


    Microsoft Office
    1009635 - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


    Solr Service
    1009601* - Apache Solr Remote Code Execution Vulnerability (CVE-2019-0192)


    Suspicious Server Application Activity
    1009549 - Detected Terminal Services (RDP) Server Traffic - 1


    Unix RPC Services
    1009543 - Linux 'rpc.statd' Remote Format String Vulnerability (CVE-2000-0666)


    Web Application Common
    1009560* - Ghostscript Unauthorized Code Execution Vulnerability (CVE-2019-6116) - 1
    1009328* - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1
    1009540* - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)
    1009553* - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)
    1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)


    Web Application PHP Based
    1009617 - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
    1009631 - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


    Web Client Common
    1009624 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8394)
    1009625 - Microsoft Windows GDI Remote Code Execution Vulnerability (CVE-2018-8397)
    1009595 - Microsoft Windows Runtime Elevation Of Privilege Vulnerability (CVE-2019-0570)
    1009296 - Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability (CVE-2010-0846)
    1009556 - RARLAB WinRAR ACE Directory Traversal Vulnerability (CVE-2018-20251)


    Web Client Internet Explorer/Edge
    1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities


    Web Server Apache
    1009170* - Apache Server Side Include Cross Site Scripting Vulnerability (CVE-2002-0840)


    Web Server Common
    1009561 - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


    Web Server SharePoint
    1009535* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Internet Explorer/Edge
    1009640 - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Solr Service
    1009601 - Apache Solr Remote Code Execution Vulnerability (CVE-2019-0192)


    Web Application Common
    1009312* - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
    1009560 - Ghostscript Unauthorized Code Execution Vulnerability (CVE-2019-6116) - 1


    Web Application Tomcat
    1002707* - Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability


    Web Client Common
    1009311* - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)
    1009559 - Ghostscript Unauthorized Code Execution Vulnerability (CVE-2019-6116)


    Web Server Common
    1007185* - Java Unserialize Remote Code Execution Vulnerability


    Windows Services RPC Server DCERPC
    1009604 - Identified Usage Of WMI Execute Methods - Server - 1


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Port Mapper FTP Client
    1009558 - Remote File Copy Over FTP


    Suspicious Client Ransomware Activity
    1007581* - Ransomware Lectool
    1007711* - Ransomware XORBAT


    Suspicious Server Ransomware Activity
    1007582* - Ransomware Lectool-1


    Web Application Common
    1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624) - 1
    1009421* - ImageMagick Multiple Security Vulnerabilities (Server) - 25
    1009328 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1


    Web Client Common
    1009207* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 2
    1009239 - Foxit Reader 'addField' Use-After-Free Remote Code Execution Vulnerability (CVE-2018-9935)
    1008829* - Foxit Reader Multiple Information Disclosure Vulnerabilities
    1009318 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624)
    1009329 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271)
    1009489 - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
    1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


    Web Client Internet Explorer/Edge
    1009469* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1009579 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2019-0703)


    Web Application Common
    1009540 - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)


    Web Application PHP Based
    1009545 - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)


    Web Client Common
    1009266 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 11
    1009212* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 5
    1009322 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8392)
    1009428* - Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587)
    1009475 - Microsoft Windows Data Sharing Service Elevation Of Privilege Vulnerability (CVE-2019-0571)
    1009294 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8396)
    1009486 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8595)
    1009571 - Microsoft Windows Multiple Information Disclosure Vulnerabilities (March 2019)
    1009576 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0666)
    1009583 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0797)
    1009582 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
    1009554 - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


    Web Client Internet Explorer/Edge
    1009415* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629)
    1009577 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0592)
    1009574 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0639)
    1009564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0769)
    1009565 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0770)
    1009566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0771)
    1009567 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0773)
    1009573 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2019-0612)
    1009575 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0609)
    1009414* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631)
    1009568 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-0763)
    1009569 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0680)
    1009570 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
    1009371* - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)
    1009563 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0665)
    1009578 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0667)


    Web Server SharePoint
    1009535 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


    Integrity Monitoring Rules:

    1009434 - Kubernetes Cluster Node


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Common
    1009572 - Google Chrome FileReader Use-After-Free Vulnerability (CVE-2019-5786)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1009477 - Identified Sensepost Ruler Traffic
    1009457* - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)
    1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
    1009553 - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)


    Web Client Common
    1009495 - LibTIFF Arbitrary Sized JBIG Decoding Denial Of Service Vulnerability (CVE-2018-18557)


    Web Server SharePoint
    1009534 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594)


    Windows Services RPC Server DCERPC
    1009478* - Identified Remote Service Creation Over DCE/RPC Protocol


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1009490 - Block Administrative Share - 1


    FTP Server Common
    1003784* - FTP Server Restrict Executable File Uploads


    Kubernetes Web UI (Dashboard)
    1009493 - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)


    Microsoft Office
    1009538 - Microsoft Office Multiple Security Vulnerabilities (Feb 2019)


    Web Application Common
    1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability


    Web Application PHP Based
    1009541 - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
    1009544 - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)


    Web Client Common
    1009536* - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)
    1009517 - Microsoft Windows JET Database Engine 'CreateLvSMLocs' Remote Code Execution (CVE-2019-0577)
    1009537 - Microsoft Windows JET Database Engine Multiple Remote Code Execution Vulnerabilities (Feb - 2019)
    1009533 - Microsoft Windows JET Database Out-of-Bounds Read Remote Code Execution Vulnerability (CVE-2019-0575)
    1009539 - Microsoft Windows Multiple GDI Information Disclosure Vulnerabilities (Feb 2019)


    Web Server Oracle
    1009358* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2018-8581)


    Web Client Common
    1009536 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.