20-029 (June 23, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Directory Server LDAP
1010321* - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)


Docker Daemon
1010326 - Identified Docker Daemon Remote API Call


IBM WebSphere Application Server
1010343 - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)


IBM WebSphere Application Server IIOP protocol
1010348 - IBM WebSphere Application Server IIOP Deserialization Vulnerabilities (CVE-2020-4449 and CVE-2020-4450)


Oracle E-Business Suite Web Interface
1010325 - Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross Site Scripting Vulnerability (CVE-2020-2852)


Suspicious Client Application Activity
1010327 - Identified Potential Malicious Client Traffic


Suspicious Server Application Activity
1010328 - Identified Potential Malicious Server Traffic


Web Application Common
1010339 - Netty HTTP Request Smuggling Vulnerability (CVE-2019-20444)


Web Application PHP Based
1010338 - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)


Web Client Common
1010333 - Microsoft Windows .NET Core Remote Code Execution Vulnerability (CVE-2020-0605)


Web Server Common
1010322 - Oracle Business Intelligence AMF Deserialization Remote Code Execution Vulnerability (CVE-2020-2950)
1010351 - vBulletin Improper Access Control Vulnerability (CVE-2020-12720)


Web Server Miscellaneous
1010347 - Eclipse Jetty Chunk Length Parsing Integer Overflow Vulnerability (CVE-2017-7657)
1010346 - Eclipse Jetty HTTP/0.9 Handler Request Smuggling Vulnerability (CVE-2017-7656)


Windows SMB Client
1006994* - Executable File Download On Network Share Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1002831* - Unix - Syslog