20-010 (February 25, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Mail Server Common
1010145* - OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)


Oracle E-Business Suite Web Interface
1010160* - Oracle E-Business Suite Human Resources SQL Injection Vulnerability (CVE-2020-2586)
1010170 - Oracle E-Business Suite Human Resources SQL Injection Vulnerability (CVE-2020-2587)


Pivotal RabbitMQ HTTP Protocol
1010144* - Pivotal RabbitMQ X-Reason HTTP Header Denial Of Service Vulnerability (CVE-2019-11287)


Web Server Common
1010136* - ELOG Project ELOG NULL Pointer Dereference Vulnerability (CVE-2019-3995)
1010096 - Total.js CMS Widget JavaScript Code Injection Vulnerability (CVE-2019-15954)


Web Server Oracle
1010168 - Oracle WebLogic Server Untrusted Data Deserialization Vulnerability (CVE-2020-2555)
1010171 - Oracle Weblogic Server Insecure Deserialization Vulnerability (CVE-2020-2551)


Zoho ManageEngine
1010109* - Zoho ManageEngine Applications Manager MASRequestProcessor 'serverID' SQL Injection Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.