20-001 (January 7, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Solr RMI
1010116 - Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409)


DCERPC Services - Client
1010106* - Identify Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1086)


DNS Client
1010067* - PHP 'dns_get_record' Buffer Overflow Vulnerability (CVE-2019-9022)


DNS Server
1010118 - ISC BIND 'EDNS0' Key-Tag Memory Leak Denial Of Service Vulnerability (CVE-2018-5744)


Oracle E-Business Suite Web Interface
1010117* - Oracle E-Business Suite General Ledger SQL Injection Vulnerability (CVE-2019-2638)


Trend Micro OfficeScan
1010039* - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)


TurboVNC Server
1010079* - TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability (CVE-2019-15683)


Web Application Common
1010119 - Libexpat XML Parsing Heap Based Buffer Over-Read Vulnerability (CVE-2019-15903) - Server
1010107* - rConfig 'devices.inc.php' SQL Injection Vulnerability (CVE-2019-19207)


Web Application PHP Based
1010112* - PHP Type Confusion Infoleak Vulnerability (CVE-2015-4599)


Web Client Common
1009921* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6


Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)


Web Server IIS
1010115* - Microsoft Windows WebDAV Path Parsing Command Injection Remote Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2