Rule Update

19-046 (September 10, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk RTP Protocol
1009953 - Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service (CVE-2019-12827)


DCERPC Services
1003292* - Block Conficker.B Worm Incoming Named Pipe Connection


DCERPC Services - Client
1003293* - Block Conficker.B Worm Outgoing Named Pipe Connection


DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol


HP Intelligent Management Center (IMC)
1009962 - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1009956 - HPE Intelligent Management Center 'PlatNavigationToBean' URL Expression Language Injection Vulnerability (CVE-2019-5387)
1009902 - HPE Intelligent Management Center 'perfSelectTask' Expression Language Injection Vulnerability (CVE-2019-5385)
1009947* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities (CVE-2019-11941 and CVE-2019-11943)


HP Intelligent Management Center Dbman
1009959 - HPE Intelligent Management Center 'dbman' Opcode Denial Of Service Vulnerability (CVE-2018-7123)


MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)


Redis Server
1009949* - Redis Integer Overflow Vulnerability (CVE-2018-11219)


Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt


SSL Client
1007384* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Client


SSL/TLS Server
1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server


Suspicious Server Application Activity
1008492* - Identified SambaShell C&C Traffic
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack


Web Application Common
1009594* - Apache httpd 'mod_md' Null Pointer Dereference Vulnerability (CVE-2018-8011)
1009946* - Atlassian JIRA Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)
1006823* - Identified Suspicious Command Injection Attack - 1
1009966 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1002684* - Mass Hack Script Insertion Attack
1002433* - Mass SQL Injection Script Insertion Attack
1002743* - Mass SQL Injection Script Insertion Attack 2


Web Client Common
1009972 - Adobe Flash Player Same Origin Bypass Vulnerability (CVE-2019-8069)
1009973 - Adobe Flash Player Use After Free Vulnerability (CVE-2019-8070)
1004315* - Identified Malicious PDF Document - 3
1004305* - Identified Suspicious Compiled HTML(chm) File
1009965 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714)
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1003693* - Mass Compromise Using Malicious iFrame
1002519* - Storm Botnet Redirect Script Insertion Vulnerability


Web Server Adobe ColdFusion
1009893* - Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability (CVE-2019-7816)


Web Server Apache
1009963 - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)


Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1007872* - HTTP Proxy Header Injection Vulnerabilities
1000193* - Null Byte Path Traversal Vulnerability


Web Server HTTPS
1009944* - Microsoft Windows HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)


Web Server SharePoint
1009971 - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)


Web Server Squid
1009943* - Squid Proxy HttpHeader 'getAuth' Heap Buffer Overflow Vulnerability (CVE-2019-12527)


Windows Services RPC Server DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)


Zoho ManageEngine
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories