DeepSecurity
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1008748 - HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload Vulnerability (CVE-2017-8961)
Unix RPC Services
1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application PHP Based
1008518 - PHP Double Free Memory Corruption Vulnerability (CVE-2016-5772)
1008520 - PHP Malicious Object Injection In Deserialization Vulnerability (CVE-2016-7124)
Web Client Internet Explorer/Edge
1008636* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008717 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
DHCP Server
1008591* - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)
HP Intelligent Management Center Dbman
1008749* - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)
RRAS Service
1008769* - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)
Remote Desktop Protocol Server
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
Unix Samba
1008791* - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)
Web Application PHP Based
1008550 - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
1008562 - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)
Web Application Ruby Based
1008574 - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Web Client Common
1008583 - Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CVE-2017-10952)
1008582 - Foxit Reader Remote Code Execution Vulnerability (CVE-2017-10951)
Web Server Miscellaneous
1008763* - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008792 - Microsoft Windows Security Events - 4 - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
DHCP Server
1008591 - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)
Microsoft Office
1008788 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935)
1008661* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)
RRAS Service
1008769 - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)
Solr Service
1008691* - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)
Unix RPC Services
1008371* - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)
Unix Samba
1008791 - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)
VoIP Smart
1008465 - Asterisk PJSIP Heap Overflow Vulnerability (CVE-2017-9372)
Web Client Common
1008736* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008740* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
1008789 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937)
1008643* - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008672 - Microsoft Windows XML External Entity Information Disclosure Vulnerability (CVE-2017-8710)
Web Client Internet Explorer/Edge
1008771 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888)
1008772 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11889)
1008774 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893)
1008780 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11909)
1008781 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11911)
1008783 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11914)
1008784 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11916)
1008785 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11918)
1008682 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811)
1008775 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11894)
1008776 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11895)
1008787 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11930)
1008770 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886)
1008773 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890)
1008777 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901)
1008778 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903)
1008779 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907)
1008782 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913)
Web Server Apache
1008683* - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003843* - Microsoft Windows Security Events
1004057* - Microsoft Windows Security Events - 1
1003987* - Microsoft Windows Security Events - 2
1008670 - Microsoft Windows Security Events - 3 - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008622 - Identified NTLMv1 Authentication Attempt Over SMB
1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)
DNS Client
1002657* - DNS Insufficient Socket Entropy Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1003928* - Oracle Secure Backup observiced.exe Buffer Overflow
DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS
1000167* - Snort Back Orifice Pre-Processor Buffer Overflow
HP Intelligent Management Center Dbman
1008749 - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)
HP Network Automation
1008676* - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)
Mail Server Exim
1008758 - Exim Unix Mailer Multiple Security Vulnerabilities
SSL/TLS Server
1008534* - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server
Unix Kerberos
1008561* - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
Web Application PHP Based
1008626* - Drupal Services Module Remote Code Execution Vulnerability
1008548* - PHP Session Data Injection Vulnerability (CVE-2016-7125)
Web Client Common
1008702 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)
Web Client Internet Explorer/Edge
1008635* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)
Web Server Miscellaneous
1008751 - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1004610* - Oracle Java SE And Java For Business Remote Security Vulnerability (CVE-2010-4476)
1008763 - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)
Integrity Monitoring Rules:
1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Network Automation
1008676 - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)
Microsoft Office
1008716* - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
1008746* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)
SSL Client
1008533 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Client
SSL/TLS Server
1008534 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server
Suspicious Client Application Activity
1008756 - Identified Potentially Malicious RAT Traffic - VII
Web Application PHP Based
1008626 - Drupal Services Module Remote Code Execution Vulnerability
Web Client Common
1008735* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
Web Client Internet Explorer/Edge
1008701* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)
Web Server Oracle
1008688 - Oracle Identity Manager Default Account Vulnerability (CVE-2017-10151)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008660 - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)
Microsoft Office
1008746 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)
OpenSSL
1008715 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server
OpenSSL Client
1008714 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client
Solr Service
1008691 - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)
Web Application PHP Based
1008548 - PHP Session Data Injection Vulnerability (CVE-2016-7125)
Web Client Common
1008739 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
1008744 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 2
1008743 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
1008745 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
1008735 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
1008736 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008740 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
1008738 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)
Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Asterisk Server IAX2
1008467* - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)
DHCPv6 Server
1008651* - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)
DNS Client
1008650* - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)
HP Intelligent Management Center WSM iNode
1008551* - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities
Microsoft Office
1008695 - Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854)
Remote Desktop Protocol Server
1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request
SSL/TLS Server
1008553* - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server
Unix Kerberos
1008561 - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
1008473* - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)
VoIP Smart
1008466* - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)
Web Application Common
1008530* - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1
Web Client Common
1008538* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
1004133* - Heuristic Detection Of Malicious PDF Documents
1008716 - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
1008630 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8631)
1008708 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-11847)
Web Client Internet Explorer/Edge
1008710 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845)
1008704 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
1008705 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841)
1008701 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)
1008706 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
1008696 - Microsoft Internet Explorer And Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-11791)
1008700 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837)
1008707 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843)
1008712 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846)
1008699 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858)
1008697 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
1008698 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856)
1008703 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869)
Web Proxy Apache
1006244* - Apache HTTP Server 'mod_cache' Module Remote Denial Of Service Vulnerability
Web Server Apache
1008556* - Apache Continuum Arbitrary Command Execution Vulnerability
1008683 - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)
Web Server SAP
1008615* - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)
Integrity Monitoring Rules:
1006683* - TMTR-0016: Suspicious Running Processes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007114* - Portable Executable File Uploaded On SMB Share
HP Intelligent Management Center WSM iNode
1008551 - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities
Microsoft Office
1008375* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)
SSL Client
1008552 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Client
SSL/TLS Server
1008553 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server
Symantec Messaging Gateway
1005286* - Symantec Messaging Gateway Arbitrary File Download Vulnerability
Unix Kerberos
1008473 - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)
Web Client Internet Explorer/Edge
1008680 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8653)
Web Server SAP
1008615 - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials
1008679 - Identified BADRABBIT Ransomware Propagation Over SMB
Web Client Common
1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
1008678 - Identified BADRABBIT Ransomware Download Over HTTP
1008634* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
Web Client Internet Explorer/Edge
1008671 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802)
Integrity Monitoring Rules:
1008684 - Ransomware - BADRABBIT
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1008530 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1
Web Client Common
1008645 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2017-11227)
1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008667* - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
1008529 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640)
Web Server Apache
1008556 - Apache Continuum Arbitrary Command Execution Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.