20-033 (July 14, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1010394 - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)


DNS Client
1010406 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Client


DNS Server
1010293* - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)
1010401 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) - Server


Directory Server LDAP
1010350 - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)


Remote Desktop Protocol Client
1010402 - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)


Web Application Common
1010391 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server


Web Client Common
1010392 - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Client
1010403 - Microsoft Windows Font Parsing Remote Code Execution Vulnerability (CVE-2020-1355)
1010397 - Microsoft Windows JET Database Engine Remote Code Execution Vulnerability (CVE-2020-1400)
1010395 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2020-1421)
1010404 - Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability (CVE-2020-1436)


Web Client Internet Explorer/Edge
1010393 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1403)


Web Server Apache
1009963* - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)


Web Server Common
1010374 - Cayin CMS NTP Server Remote Code Execution Vulnerability (CVE-2020-7357)
1010405 - JAWS Remote Code Execution Vulnerability
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
1010342 - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1010387 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10547)
1010386 - rConfig Network Device Configuration Tool SQL Injection Vulnerability (CVE-2020-10549)
1010378 - rConfig SQL Injection Vulnerability (CVE-2020-10546)


Web Server SharePoint
1010398 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439)
1010399 - Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439) - 1


Integrity Monitoring Rules:

1010389* - Unix - Monitor Processes Running From '/tmp' Directories (ATT&CK T1059)


Log Inspection Rules:

1003631 - DNS Server - Microsoft Windows