Rule Update

19-033 (June 18, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

IBM WebSphere Application Server
1009803 - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)


Jenkins Remoting
1009436 - Jenkins Remote Code Execution Vulnerability (CVE-2015-8103)
1009435 - Port Mapper for Jenkins Remoting


Mail Server Exim
1009797* - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)


SolarWinds Orion NPM
1009805 - SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)


Web Application Common
1009700* - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1009691* - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
1009531 - Jenkins CI Server Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003000)


Web Application PHP Based
1009795 - Pimcore Unserialize Remote Code Execution Vulnerability (CVE-2019-10867)


Web Client Common
1009800 - Microsoft Windows SymCrypt Denial-of-Service Vulnerability


Web Server Oracle
1009707* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)


Web Server Oracle HTTPS
1003476* - Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow


Web Server RealVNC
1009386 - VMware VNC VMWDynResolution Heap Buffer Overflow Vulnerability (CVE-2017-4933)


Web Server SharePoint
1009706 - Microsoft Windows OData Library Denial Of Service Vulnerability (CVE-2018-8269)


Integrity Monitoring Rules:

1009643 - Clear Command History (ATT&CK: T1146)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK: T1131,T1174)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009638 - NetSh Helper DLL (ATT&CK: T1128)
1009704 - Port Monitor (ATT&CK: T1013)
1006076* - Task Scheduler Entries Modified (ATT&CK: T1168)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.