Rule Update
23-001 (January 3, 2023)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
IPSec-IKE
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
SolarWinds Information Service
1011642 - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (CVE-2022-36964)
SolarWinds Orion Platform
1011630* - SolarWinds Network Performance Monitor Command Injection Vulnerability (CVE-2022-36962)
Splunk Enterprise
1011640* - Splunk Enterprise Cross-Site Scripting Vulnerability (CVE-2022-43568)
Web Application Common
1011649 - pgAdmin Remote Code Execution Vulnerability (CVE-2022-4223)
Web Application PHP Based
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Adobe ColdFusion
1011557* - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38421)
Web Server Common
1011646 - Apache Airflow Command Injection Vulnerability (CVE-2022-40127)
Web Server HTTPS
1011573* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42429)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002795* - Microsoft Windows Events
1011453* - Microsoft Windows WMI Events - 1
Deep Packet Inspection Rules:
IPSec-IKE
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
SolarWinds Information Service
1011642 - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (CVE-2022-36964)
SolarWinds Orion Platform
1011630* - SolarWinds Network Performance Monitor Command Injection Vulnerability (CVE-2022-36962)
Splunk Enterprise
1011640* - Splunk Enterprise Cross-Site Scripting Vulnerability (CVE-2022-43568)
Web Application Common
1011649 - pgAdmin Remote Code Execution Vulnerability (CVE-2022-4223)
Web Application PHP Based
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Adobe ColdFusion
1011557* - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38421)
Web Server Common
1011646 - Apache Airflow Command Injection Vulnerability (CVE-2022-40127)
Web Server HTTPS
1011573* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42429)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002795* - Microsoft Windows Events
1011453* - Microsoft Windows WMI Events - 1