ruleUpdate
20-021 (28 de апреля de 2020)
Publish Date: 28 de апреля de 2020
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP System Management Homepage
1010221* - HPE System Management Homepage Remote Denial of Service Vulnerability (CVE-2017-12545)
Jenkins Remoting
1010233 - Jenkins JRMP Java Library Deserialization Remote Code Execution Vulnerability (CVE-2016-0788)
Memcached
1010237 - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)
Redis Server
1010231* - Redis Cron Remote Code Execution Vulnerability
Web Application Common
1010219 - Centreon formMibs.php Command Injection Vulnerability (CVE-2019-15298)
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010217* - rConfig 'commands.inc.php' SQL Injection Vulnerability (CVE-2020-10220)
Web Application PHP Based
1010245 - PHP 'ext/snmp/snmp.c' Use After Free Vulnerability (CVE-2016-6295)
1010234 - PHP 'get_headers()' NULL Byte Injection Vulnerability (CVE-2020-7066)
Web Client Common
1010182* - Google Chrome Type Confusion Vulnerability (CVE-2020-6418)
1010244 - Microsoft Remote Desktop Connection Manager Information Disclosure Vulnerability (CVE-2020-0765)
1010224 - Microsoft Windows Media Foundation Remote Code Execution Vulnerability (CVE-2019-1430)
Web Server Miscellaneous
1009942* - GNOME 'libsoup' HTTP Chunked Encoding Remote Code Execution Vulnerability (CVE-2017-2885)
Web Server Oracle
1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)
Web Server SharePoint
1010238 - Microsoft Office SharePoint Cross Site Scripting Vulnerability (CVE-2020-0693)
1010227* - Microsoft SharePoint Scorecards Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-0931)
1010228* - Microsoft SharePoint TypeConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-0932)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1005468* - Web Application - Wordpress
Deep Packet Inspection Rules:
HP System Management Homepage
1010221* - HPE System Management Homepage Remote Denial of Service Vulnerability (CVE-2017-12545)
Jenkins Remoting
1010233 - Jenkins JRMP Java Library Deserialization Remote Code Execution Vulnerability (CVE-2016-0788)
Memcached
1010237 - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)
Redis Server
1010231* - Redis Cron Remote Code Execution Vulnerability
Web Application Common
1010219 - Centreon formMibs.php Command Injection Vulnerability (CVE-2019-15298)
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010217* - rConfig 'commands.inc.php' SQL Injection Vulnerability (CVE-2020-10220)
Web Application PHP Based
1010245 - PHP 'ext/snmp/snmp.c' Use After Free Vulnerability (CVE-2016-6295)
1010234 - PHP 'get_headers()' NULL Byte Injection Vulnerability (CVE-2020-7066)
Web Client Common
1010182* - Google Chrome Type Confusion Vulnerability (CVE-2020-6418)
1010244 - Microsoft Remote Desktop Connection Manager Information Disclosure Vulnerability (CVE-2020-0765)
1010224 - Microsoft Windows Media Foundation Remote Code Execution Vulnerability (CVE-2019-1430)
Web Server Miscellaneous
1009942* - GNOME 'libsoup' HTTP Chunked Encoding Remote Code Execution Vulnerability (CVE-2017-2885)
Web Server Oracle
1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)
Web Server SharePoint
1010238 - Microsoft Office SharePoint Cross Site Scripting Vulnerability (CVE-2020-0693)
1010227* - Microsoft SharePoint Scorecards Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-0931)
1010228* - Microsoft SharePoint TypeConverter Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-0932)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1005468* - Web Application - Wordpress