ruleUpdate
19-040 (30 de июля de 2019)
Publish Date: 30 de июля de 2019
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009801 - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
DHCPv6 Client - Incoming
1009798* - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0698)
Web Application Common
1009711* - GraphicsMagick Heap Buffer Overflow Vulnerability (CVE-2019-11505) - 1
1009580* - Jenkins CI Server Forced Migration Of User Records Vulnerability (CVE-2018-1000863)
1009701* - Jenkins Metaprogramming Remote Code Execution Vulnerability (CVE-2018-1000408)
Web Client Common
1009532* - Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537)
1009800* - Microsoft Windows SymCrypt Denial-of-Service Vulnerability (CVE-2019-0865)
Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
Web Server Miscellaneous
1009804 - Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Vulnerability (CVE-2018-12545)
Web Server Oracle
1009831* - Oracle WebLogic Arbitrary File Read Vulnerability (CVE-2019-2615)
Integrity Monitoring Rules:
1009628* - AppInit DLLs (ATT&CK: T1103)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050, T1036)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1009801 - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
DHCPv6 Client - Incoming
1009798* - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0698)
Web Application Common
1009711* - GraphicsMagick Heap Buffer Overflow Vulnerability (CVE-2019-11505) - 1
1009580* - Jenkins CI Server Forced Migration Of User Records Vulnerability (CVE-2018-1000863)
1009701* - Jenkins Metaprogramming Remote Code Execution Vulnerability (CVE-2018-1000408)
Web Client Common
1009532* - Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537)
1009800* - Microsoft Windows SymCrypt Denial-of-Service Vulnerability (CVE-2019-0865)
Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
Web Server Miscellaneous
1009804 - Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Vulnerability (CVE-2018-12545)
Web Server Oracle
1009831* - Oracle WebLogic Arbitrary File Read Vulnerability (CVE-2019-2615)
Integrity Monitoring Rules:
1009628* - AppInit DLLs (ATT&CK: T1103)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050, T1036)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.