20-052 (October 13, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Manager Interface
1010300 - Identified Asterisk 'Originate' Action With 'Originate' Application System Command Execution


DCERPC Services
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)


DCERPC Services - Client
1010553 - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over SMB (CVE-2020-16915)


Mail Server Lotus Domino
1001159* - IBM Lotus Domino IMAP Buffer Overflow


Remote Desktop Protocol Server
1010556 - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)


Web Application Common
1010339* - Netty HTTP Request Smuggling Vulnerability (CVE-2019-20444)


Web Application PHP Based
1010551 - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)


Web Client Common
1010552 - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over HTTP (CVE-2020-16915)
1010554 - Microsoft Windows Spoofing Vulnerability (CVE-2020-16922)


Web Server Apache
1010538* - ZenTao Pro Remote Code Execution Vulnerability (CVE-2020-7361)


Web Server Common
1010522* - Apache Druid LDAP Authentication Bypass Vulnerability (CVE-2020-1958)
1010548 - StackStorm Null Origin Remote Code Execution Vulnerability (CVE-2019-9580)


Web Server Miscellaneous
1010549 - Jenkins 'CVS' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2184)


Web Server Oracle
1008808* - Oracle WebLogic WLS Security Component Remote Code Execution Vulnerability (CVE-2017-10271)
1010550 - Oracle WebLogic WLS Security Component Remote Code Execution Vulnerability (CVE-2017-3506)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.