22-005 (February 1, 2022)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Unix Samba
1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)


Web Application PHP Based
1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)


Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder


Web Server HTTPS
1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)


Web Server Miscellaneous
1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)


Integrity Monitoring Rules:

1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002831* - Unix - Syslog