16-039 (December 20, 2016)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1007740 - ISC BIND Multiple DNS Cookies Denial Of Service Vulnerability (CVE-2016-2088)


Directory Server LDAP
1007932* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2016-3368)


Web Application Common
1007610* - Identified Usage Of ImageMagick Pseudo Protocols


Web Application PHP Based
1008041 - Drupal Coder Module Remote Code Execution Vulnerability


Web Application Ruby Based
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS


Web Application Tomcat
1000637* - Tomcat JSP Source Code Exposure Vulnerability (CVE-2002-1148)


Web Client Common
1008090 - Adobe Flash Player Multiple Security Vulnerabilities (APSB16-39)
1008033* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)


Web Client Internet Explorer/Edge
1008063* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
1008009* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
1007920* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3247)
1005366* - Microsoft Internet Explorer COMWindowProxy Use After Free Vulnerability (CVE-2013-0019)


Web Server Miscellaneous
1007650 - Identified Access To NetIQ URLs Prone To Information Disclosure Vulnerability (CVE-2014-5215)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.