Rule Update

21-017 (April 13, 2021)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1010900 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)


HP Intelligent Management Center (IMC)
1010889 - Apache OFBiz Unsafe Deserialization Vulnerability (CVE-2021-26295)


Suspicious Client Ransomware Activity
1010732* - Identified FlawedGrace Checkin Request - Client


Suspicious Server Ransomware Activity
1010733* - Identified FlawedGrace Checkin Request - Server


Web Application PHP Based
1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)


Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)


Web Client Common
1010806* - Identified Directory Traversal Attack In HTTP Response Headers
1010898 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2021-28310)


Web Client Internet Explorer/Edge
1010888 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11799)
1010896 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8755)


Web Server Common
1010892 - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010885 - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
1010871* - Cisco Data Center Network Manager Arbitrary File Upload Vulnerability (CVE-2019-1620)
1010874 - Identified Cisco Data Center Network Manager Authentication Bypass Attempt
1010891 - Identified Cisco Data Center Network Manager Information Disclosure Vulnerability (CVE-2019-1622)
1010755* - SAP Solution Manager Remote Code Execution Vulnerability (CVE-2020-6207)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1002798* - Database Server - PostgreSQL