Rule Update

20-026 (June 2, 2020)

Publish date: June 02, 2020

  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)


Directory Server LDAP
1010301 - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)


FTP Server Common
1010229* - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137* - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)


SSL/TLS Server
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server


Web Application Common
1010210* - Identified Default Credentials Usage In Sonatype Nexus Repository Manager
1010222 - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010282 - Sonatype Nexus Repository Manager Java EL Injection Remote Code Execution Vulnerability (CVE-2020-10199)


Web Client HTTPS
1010290 - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client


Web Client Internet Explorer/Edge
1010133* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)


Web Proxy Squid
1010295 - Squid Proxy X.509 Certificate Cross Site Scripting Vulnerability (CVE-2018-19131)


Web Server Common
1010268* - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1010302 - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1000128* - HTTP Protocol Decoding
1010294* - Symantec Web Gateway Postauth Command Injection Vulnerability


Web Server Miscellaneous
1008527* - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)


Web Server Oracle
1010253* - Oracle WebLogic Server T3 Protocol Deserialization Of Untrusted Data Vulnerability (CVE-2020-2883)


Zoho ManageEngine DataSecurity Plus XNode server
1010297 - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298 - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3

Featured Stories