Rule Update
19-033 (June 18, 2019)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
IBM WebSphere Application Server
1009803 - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Jenkins Remoting
1009436 - Jenkins Remote Code Execution Vulnerability (CVE-2015-8103)
1009435 - Port Mapper for Jenkins Remoting
Mail Server Exim
1009797* - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)
SolarWinds Orion NPM
1009805 - SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)
Web Application Common
1009700* - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1009691* - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
1009531 - Jenkins CI Server Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003000)
Web Application PHP Based
1009795 - Pimcore Unserialize Remote Code Execution Vulnerability (CVE-2019-10867)
Web Client Common
1009800 - Microsoft Windows SymCrypt Denial-of-Service Vulnerability
Web Server Oracle
1009707* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)
Web Server Oracle HTTPS
1003476* - Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
Web Server RealVNC
1009386 - VMware VNC VMWDynResolution Heap Buffer Overflow Vulnerability (CVE-2017-4933)
Web Server SharePoint
1009706 - Microsoft Windows OData Library Denial Of Service Vulnerability (CVE-2018-8269)
Integrity Monitoring Rules:
1009643 - Clear Command History (ATT&CK: T1146)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK: T1131,T1174)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009638 - NetSh Helper DLL (ATT&CK: T1128)
1009704 - Port Monitor (ATT&CK: T1013)
1006076* - Task Scheduler Entries Modified (ATT&CK: T1168)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
IBM WebSphere Application Server
1009803 - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Jenkins Remoting
1009436 - Jenkins Remote Code Execution Vulnerability (CVE-2015-8103)
1009435 - Port Mapper for Jenkins Remoting
Mail Server Exim
1009797* - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)
SolarWinds Orion NPM
1009805 - SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)
Web Application Common
1009700* - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1009691* - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
1009531 - Jenkins CI Server Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003000)
Web Application PHP Based
1009795 - Pimcore Unserialize Remote Code Execution Vulnerability (CVE-2019-10867)
Web Client Common
1009800 - Microsoft Windows SymCrypt Denial-of-Service Vulnerability
Web Server Oracle
1009707* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)
Web Server Oracle HTTPS
1003476* - Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
Web Server RealVNC
1009386 - VMware VNC VMWDynResolution Heap Buffer Overflow Vulnerability (CVE-2017-4933)
Web Server SharePoint
1009706 - Microsoft Windows OData Library Denial Of Service Vulnerability (CVE-2018-8269)
Integrity Monitoring Rules:
1009643 - Clear Command History (ATT&CK: T1146)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK: T1131,T1174)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009638 - NetSh Helper DLL (ATT&CK: T1128)
1009704 - Port Monitor (ATT&CK: T1013)
1006076* - Task Scheduler Entries Modified (ATT&CK: T1168)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.