Rule Update
17-010 (March 7, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1008203 - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204 - DNSMessenger Malware Domain Blocker
Microsoft Office
1004312* - Identified Suspicious Microsoft Word Document
NTP Server Linux
1007741 - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
P2P Applications
1007034* - Share EX2 P2P
1003086* - Winny
Web Application PHP Based
1006386* - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)
1008135 - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1007289 - PHP cURL Lib NULL Byte Injection Vulnerability
1008182 - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1008186 - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1004870* - Identified Suspicious Jar File
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Server Miscellaneous
1008104 - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
Web Server Oracle
1004840* - Oracle Application Server Web Cache HTTP Request Method Heap Overrun Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Client
1008203 - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204 - DNSMessenger Malware Domain Blocker
Microsoft Office
1004312* - Identified Suspicious Microsoft Word Document
NTP Server Linux
1007741 - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
P2P Applications
1007034* - Share EX2 P2P
1003086* - Winny
Web Application PHP Based
1006386* - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)
1008135 - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1007289 - PHP cURL Lib NULL Byte Injection Vulnerability
1008182 - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1008186 - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1004870* - Identified Suspicious Jar File
Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
Web Server Miscellaneous
1008104 - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
Web Server Oracle
1004840* - Oracle Application Server Web Cache HTTP Request Method Heap Overrun Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.