20-038 (August 4, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)


Directory Server LDAP
1010350* - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)


HP Intelligent Management Center (IMC)
1010425 - Apache OFBiz Cross-Site Scripting Vulnerability (CVE-2020-1943)
1009947* - HPE Intelligent Management Center Various Expression Language Injection Vulnerabilities


SAP NetWeaver Java Application Server
1010417* - SAP NetWeaver AS JAVA Authentication Bypass Vulnerability (CVE-2020-6287)
1010413* - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2020-6286)


Web Application Common
1010345* - Kentico CMS Staging SyncServer Unserialize Remote Command Execution Vulnerability (CVE-2019-10068)
1010332* - Netty HTTP Request Smuggling Vulnerability (CVE-2020-7238)


Web Application Ruby Based
1010411* - Ruby On Rails Remote Code Execution Vulnerability (CVE-2020-8163)


Web Client Common
1010427 - Google Chrome ClipboardHost Use-After-Free Vulnerability (CVE-2020-6462)
1010429 - Google Chrome webkitSpeechRecognition Use-After-Free Vulnerability (CVE-2020-6457)


Web Server Common
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)


Web Server Oracle
1010415* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)


Integrity Monitoring Rules:

1002999* - Database Server - Microsoft SQL Server


Log Inspection Rules:

1008619* - Application - Docker
1010349 - Docker Daemon Remote API Calls
1010421 - Trend Micro Deep Security Agent Removal Attempt