ruleUpdate
21-004 (26 de stycznia de 2021)
Publish Date: 26 de stycznia de 2021
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CA ARCserve D2D Administration Interface
1010699* - Arcserve D2D External Entity Injection Vulnerability (CVE-2020-27858)
DNS Server
1004747* - DNS Invalid Compression Denial Of Service
Directory Server LDAP
1010724* - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0718)
1010321* - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)
FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service
OpenSSL
1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server
Remote Desktop Protocol Over UDP
1010125* - Microsoft Windows RDP Gateway Server Remote Code Execution Vulnerabilities (CVE-2020-0609 and CVE-2020-0610)
Suspicious Client Application Activity
1010741 - Identified HTTP Backdoor Python FreakOut A Runtime Detection
Suspicious Client Ransomware Activity
1010732 - Identified FlawedGrace Checkin Request - Client
Suspicious Server Ransomware Activity
1010733 - Identified FlawedGrace Checkin Request - Server
1010616* - Identified HTTP Backdoor.Shell.Powertrick.A Runtime Detection
1010731 - Identified HTTP Redhat Webshell C&C Traffic
1010610* - Identified HTTP Trojan.Win64.BazarTrickbot Traffic
Web Application Common
1010727* - Mongo-Express Remote Code Execution Vulnerability (CVE-2019-10758)
Web Client Common
1004288* - Identified Suspicious Shellcode In HTML Documents
Web Server HTTPS
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
Web Server Miscellaneous
1010729 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
1010679* - SolarWinds Network Performance Monitor 'ExportToPDF' Information Disclosure Vulnerability (CVE-2020-27870)
1010678* - SolarWinds Network Performance Monitor 'VulnerabilitySettings' Directory Traversal Vulnerability (CVE-2020-27871)
1010677* - SolarWinds Network Performance Monitor 'WriteToFile' SQL Injection Vulnerability (CVE-2020-27869)
1010691* - SolarWinds Orion Remote Code Execution Vulnerability (CVE-2020-14005)
1010580* - Spring Security OAuth Open Redirect Vulnerability (CVE-2019-3778)
Web Server Oracle
1010739 - Oracle WebLogic Console JNDI Injection Vulnerability (CVE-2021-2109)
Web Server RealVNC
1010726* - LibVNCServer Denial Of Service Vulnerability (CVE-2020-25708)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CA ARCserve D2D Administration Interface
1010699* - Arcserve D2D External Entity Injection Vulnerability (CVE-2020-27858)
DNS Server
1004747* - DNS Invalid Compression Denial Of Service
Directory Server LDAP
1010724* - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0718)
1010321* - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)
FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service
OpenSSL
1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server
Remote Desktop Protocol Over UDP
1010125* - Microsoft Windows RDP Gateway Server Remote Code Execution Vulnerabilities (CVE-2020-0609 and CVE-2020-0610)
Suspicious Client Application Activity
1010741 - Identified HTTP Backdoor Python FreakOut A Runtime Detection
Suspicious Client Ransomware Activity
1010732 - Identified FlawedGrace Checkin Request - Client
Suspicious Server Ransomware Activity
1010733 - Identified FlawedGrace Checkin Request - Server
1010616* - Identified HTTP Backdoor.Shell.Powertrick.A Runtime Detection
1010731 - Identified HTTP Redhat Webshell C&C Traffic
1010610* - Identified HTTP Trojan.Win64.BazarTrickbot Traffic
Web Application Common
1010727* - Mongo-Express Remote Code Execution Vulnerability (CVE-2019-10758)
Web Client Common
1004288* - Identified Suspicious Shellcode In HTML Documents
Web Server HTTPS
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
Web Server Miscellaneous
1010729 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
1010679* - SolarWinds Network Performance Monitor 'ExportToPDF' Information Disclosure Vulnerability (CVE-2020-27870)
1010678* - SolarWinds Network Performance Monitor 'VulnerabilitySettings' Directory Traversal Vulnerability (CVE-2020-27871)
1010677* - SolarWinds Network Performance Monitor 'WriteToFile' SQL Injection Vulnerability (CVE-2020-27869)
1010691* - SolarWinds Orion Remote Code Execution Vulnerability (CVE-2020-14005)
1010580* - Spring Security OAuth Open Redirect Vulnerability (CVE-2019-3778)
Web Server Oracle
1010739 - Oracle WebLogic Console JNDI Injection Vulnerability (CVE-2021-2109)
Web Server RealVNC
1010726* - LibVNCServer Denial Of Service Vulnerability (CVE-2020-25708)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.