21-032 (July 13, 2021)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Oracle E-Business Suite Web Interface
1011019* - Oracle E-Business Suite Denial Of Service Vulnerability (CVE-2021-2190)


Pulsar Binary Protocol
1010998 - Apache Pulsar JSON Web Token Authentication Bypass Vulnerability Over Pulsar (CVE-2021-22160)


Web Client Common
1011032 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)


Web Client Internet Explorer/Edge
1011040 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448)


Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)


Web Server HTTPS
1011041 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)


Web Server Miscellaneous
1011028 - Jenkins 'Scriptler' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21667)


Web Server Nagios
1011023 - Nagios XI 'Custom-includes' Module Directory Traversal Vulnerability (CVE-2021-3277)


Web Server SharePoint
1011030 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467)


Windows Server DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol


Zoho ManageEngine
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability


Integrity Monitoring Rules:

1002875* - Linux/Unix - Software installed, updated or removed
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
1010791 - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
1009643* - Linux/Unix - bash command history cleared (ATT&CK T1059.004)
1009622* - Linux/Unix - bash non-root user configuration files modified (ATT&CK T1546.004)
1011021 - Linux/Unix - bash root user configuration files modified (ATT&CK T1546.004)


Log Inspection Rules:

1011042 - SolarWinds Serv-U SSH EXCEPTION (CVE-2021-35211)