Rule Update
20-051 (October 6, 2020)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1010511* - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)
Database IBM DB2
1010537 - IBM DB2 Universal Database Default Credentials Vulnerability (CVE-2001-0051)
FTP Server Miscellaneous
1010531* - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
NodeJS Debugging Protocol
1010497* - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)
Web Application Common
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
Web Client Common
1010540 - Download Of A Suspicious PowerShell Script File Detected
Web Server Apache
1010400* - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
1010538 - ZenTao Pro Remote Code Execution Vulnerability (CVE-2020-7361)
Web Server Common
1010522 - Apache Druid LDAP Authentication Bypass Vulnerability (CVE-2020-1958)
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)
Web Server HTTPS
1010523 - Etaukey Webshell C&C Traffic
Web Server Nagios
1010369* - Nagios XI 'utils-rrdexport.inc.php' Command Injection Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010489 - Auditd - Mitre ATT&CK TA0003: Persistance
1010541 - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Deep Packet Inspection Rules:
DNS Server
1010511* - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)
Database IBM DB2
1010537 - IBM DB2 Universal Database Default Credentials Vulnerability (CVE-2001-0051)
FTP Server Miscellaneous
1010531* - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
NodeJS Debugging Protocol
1010497* - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)
Web Application Common
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
Web Client Common
1010540 - Download Of A Suspicious PowerShell Script File Detected
Web Server Apache
1010400* - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
1010538 - ZenTao Pro Remote Code Execution Vulnerability (CVE-2020-7361)
Web Server Common
1010522 - Apache Druid LDAP Authentication Bypass Vulnerability (CVE-2020-1958)
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)
Web Server HTTPS
1010523 - Etaukey Webshell C&C Traffic
Web Server Nagios
1010369* - Nagios XI 'utils-rrdexport.inc.php' Command Injection Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010489 - Auditd - Mitre ATT&CK TA0003: Persistance
1010541 - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)