22-043 (September 6, 2022)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1011517 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (DogWalk) Over SMB (CVE-2022-34713)


DNS Client
1011523 - Identified Usage of dnscat2 Tool


Web Application PHP Based
1011528 - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)


Web Client Common
1011350* - Zimbra Collaboration Cross-Site Scripting Vulnerability (CVE-2022-24682) - Client


Web Server HTTPS
1011525 - Zimbra Collaboration Cross-Site Scripting Vulnerability (CVE-2022-24682) - Server


Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)


Web Server Miscellaneous
1011521* - Atlassian Jira Server and Data Center Reflected Cross Site Scripting Vulnerability (CVE-2022-36801)


Webmin
1011520* - Webmin Remote Code Execution Vulnerability (CVE-2022-36446)


Zimbra Proxy
1011514* - Zimbra Collaboration CRLF Injection Vulnerability (CVE-2022-27924)


Zoho ManageEngine
1011527 - Zoho ManageEngine Multiple Products 'getDNSResolveOption' Command Injection Vulnerability (CVE-2022-37024)
1011526 - Zoho ManageEngine Multiple Products 'getNmapInitialOption' Command Injection Vulnerability (CVE-2022-38772)
1011522* - Zoho ManageEngine Multiple Products 'getUserAPIKey' Authentication Bypass Vulnerability (CVE-2022-36923)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)