Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
MySQL Cluster
1011292 - Oracle MySQL Cluster Management Server Remote Code Execution Vulnerability (CVE-2022-21279)
1011291 - Oracle MySQL Cluster Management Server Remote Code Execution Vulnerability (CVE-2022-21280)
Remote Desktop Protocol Server
1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request
SolarWinds Network Performance Monitor
1011271* - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 1
1011272* - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 2
Web Application PHP Based
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011351 - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011347 - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333 - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
Web Application Tomcat
1011322 - Laravel Deserialization Remote Code Execution Vulnerability (CVE-2021-3129)
Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)
Web Server Common
1011342 - Apache APISIX Remote Code Execution Vulnerability (CVE-2020-13945)
Web Server Miscellaneous
1011297* - Jenkins 'Badger' Plugin Cross-Site Scripting Vulnerability (CVE-2022-23108)
Webmin
1011338* - Webmin Improper Access Control Vulnerability (CVE-2022-0824)
Zoho ManageEngine
1011329* - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
MySQL Cluster
1011292 - Oracle MySQL Cluster Management Server Remote Code Execution Vulnerability (CVE-2022-21279)
1011291 - Oracle MySQL Cluster Management Server Remote Code Execution Vulnerability (CVE-2022-21280)
Remote Desktop Protocol Server
1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request
SolarWinds Network Performance Monitor
1011271* - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 1
1011272* - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 2
Web Application PHP Based
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011351 - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011347 - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333 - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
Web Application Tomcat
1011322 - Laravel Deserialization Remote Code Execution Vulnerability (CVE-2021-3129)
Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)
Web Server Common
1011342 - Apache APISIX Remote Code Execution Vulnerability (CVE-2020-13945)
Web Server Miscellaneous
1011297* - Jenkins 'Badger' Plugin Cross-Site Scripting Vulnerability (CVE-2022-23108)
Webmin
1011338* - Webmin Improper Access Control Vulnerability (CVE-2022-0824)
Zoho ManageEngine
1011329* - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1010766* - Identified Non Existing DNS Resource Record (RR) Types In DNS Traffic
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1573.002, T1071.001)
SolarWinds Network Performance Monitor
1011271 - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 1
1011272 - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 2
Suspicious Server Application Activity
1003594* - Detected SSL/TLS Server Traffic (ATT&CK T1573.002, T1071.001)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011337 - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011335 - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334 - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011320 - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011341 - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011321 - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011313* - WordPress 'secure-copy-content-protection' Plugin SQL Injection Vulnerability (CVE-2021-24931)
Web Application Ruby Based
1011332 - Grafana Authentication Bypass Vulnerability (CVE-2021-39226)
Web Client Common
1011133* - Microsoft Visual Studio Remote Code Execution Vulnerability (CVE-2021-36952)
Web Server HTTPS
1011336 - Identified Zabbix Frontend SAML SSO Authentication Request
Web Server Miscellaneous
1011297 - Jenkins 'Badger' Plugin Cross-Site Scripting Vulnerability (CVE-2022-23108)
Web Server Nagios
1011326* - Nagios XI AutoDiscovery Component Path Traversal Vulnerability (CVE-2021-37343)
Web Server SharePoint
1011318* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-42309)
Webmin
1011338 - Webmin Improper Access Control Vulnerability (CVE-2022-0824)
Zoho ManageEngine
1011327* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
1011329 - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
1011317* - Zoho ManageEngine ServiceDesk Plus Stored Cross-Site Scripting Vulnerability (CVE-2021-46065)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
Deep Packet Inspection Rules:
DNS Client
1010766* - Identified Non Existing DNS Resource Record (RR) Types In DNS Traffic
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1573.002, T1071.001)
SolarWinds Network Performance Monitor
1011271 - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 1
1011272 - SolarWinds Orion Platform Multiple Privilege Escalation Vulnerabilities (CVE-2021-35234) - 2
Suspicious Server Application Activity
1003594* - Detected SSL/TLS Server Traffic (ATT&CK T1573.002, T1071.001)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011337 - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011335 - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334 - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011320 - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011341 - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011321 - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011313* - WordPress 'secure-copy-content-protection' Plugin SQL Injection Vulnerability (CVE-2021-24931)
Web Application Ruby Based
1011332 - Grafana Authentication Bypass Vulnerability (CVE-2021-39226)
Web Client Common
1011133* - Microsoft Visual Studio Remote Code Execution Vulnerability (CVE-2021-36952)
Web Server HTTPS
1011336 - Identified Zabbix Frontend SAML SSO Authentication Request
Web Server Miscellaneous
1011297 - Jenkins 'Badger' Plugin Cross-Site Scripting Vulnerability (CVE-2022-23108)
Web Server Nagios
1011326* - Nagios XI AutoDiscovery Component Path Traversal Vulnerability (CVE-2021-37343)
Web Server SharePoint
1011318* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-42309)
Webmin
1011338 - Webmin Improper Access Control Vulnerability (CVE-2022-0824)
Zoho ManageEngine
1011327* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
1011329 - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
1011317* - Zoho ManageEngine ServiceDesk Plus Stored Cross-Site Scripting Vulnerability (CVE-2021-46065)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
H2 Database
1011316* - H2 Database Remote Code Execution Vulnerability (CVE-2022-23221)
Web Application PHP Based
1011319 - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011302 - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011314 - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011305 - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011325 - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011324 - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011313 - WordPress 'secure-copy-content-protection' Plugin SQL Injection Vulnerability (CVE-2021-24931)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Client Common
1010182* - Google Chrome Type Confusion Vulnerability (CVE-2020-6418)
Web Client Internet Explorer/Edge
1011323 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2022-24502)
Web Server Common
1010099* - Elastic Kibana Timelion Prototype Pollution Vulnerability (CVE-2019-7609)
Web Server HTTPS
1011328 - Microsoft Defender for IOT Privilege Escalation Vulnerability (CVE-2022-23266)
Web Server Miscellaneous
1011304* - Atlassian Jira Reflected Cross-Site Scripting Vulnerability (CVE-2021-43942)
1011301* - Jenkins 'Matrix Project' Plugin Cross-Site Scripting Vulnerability (CVE-2022-20615)
Web Server Nagios
1011326 - Nagios XI AutoDiscovery Component Path Traversal Vulnerability (CVE-2021-37343)
Web Server SharePoint
1011318 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-42309)
1011310* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)
Zoho ManageEngine
1011327 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
1011267* - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
1011254* - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
1011317 - Zoho ManageEngine ServiceDesk Plus Stored Cross-Site Scripting Vulnerability (CVE-2021-46065)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
Deep Packet Inspection Rules:
H2 Database
1011316* - H2 Database Remote Code Execution Vulnerability (CVE-2022-23221)
Web Application PHP Based
1011319 - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011302 - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011314 - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011305 - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011325 - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011324 - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011313 - WordPress 'secure-copy-content-protection' Plugin SQL Injection Vulnerability (CVE-2021-24931)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Client Common
1010182* - Google Chrome Type Confusion Vulnerability (CVE-2020-6418)
Web Client Internet Explorer/Edge
1011323 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2022-24502)
Web Server Common
1010099* - Elastic Kibana Timelion Prototype Pollution Vulnerability (CVE-2019-7609)
Web Server HTTPS
1011328 - Microsoft Defender for IOT Privilege Escalation Vulnerability (CVE-2022-23266)
Web Server Miscellaneous
1011304* - Atlassian Jira Reflected Cross-Site Scripting Vulnerability (CVE-2021-43942)
1011301* - Jenkins 'Matrix Project' Plugin Cross-Site Scripting Vulnerability (CVE-2022-20615)
Web Server Nagios
1011326 - Nagios XI AutoDiscovery Component Path Traversal Vulnerability (CVE-2021-37343)
Web Server SharePoint
1011318 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-42309)
1011310* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)
Zoho ManageEngine
1011327 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
1011267* - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
1011254* - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
1011317 - Zoho ManageEngine ServiceDesk Plus Stored Cross-Site Scripting Vulnerability (CVE-2021-46065)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
H2 Database
1011316 - H2 Database Remote Code Execution Vulnerability (CVE-2022-23221)
Trend Micro ServerProtect EarthAgent
1011312 - Identified Usage Of Trend Micro ServerProtect Static Credential
Web Application PHP Based
1011298 - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server HTTPS
1009761* - Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1009467* - Microsoft Exchange Server NTLM Reflection EWS Authentication Bypass Vulnerability (CVE-2018-8581)
1009310* - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)
1010183* - Microsoft Exchange Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)
Zoho ManageEngine
1011254 - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
Integrity Monitoring Rules:
1010422* - Linux/Unix - SCP process detected (ATT&CK T1048.001, T1105)
1010791* - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
H2 Database
1011316 - H2 Database Remote Code Execution Vulnerability (CVE-2022-23221)
Trend Micro ServerProtect EarthAgent
1011312 - Identified Usage Of Trend Micro ServerProtect Static Credential
Web Application PHP Based
1011298 - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server HTTPS
1009761* - Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1009467* - Microsoft Exchange Server NTLM Reflection EWS Authentication Bypass Vulnerability (CVE-2018-8581)
1009310* - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)
1010183* - Microsoft Exchange Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)
Zoho ManageEngine
1011254 - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
Integrity Monitoring Rules:
1010422* - Linux/Unix - SCP process detected (ATT&CK T1048.001, T1105)
1010791* - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application PHP Based
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
Web Client Common
1011277* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-01)
1011300 - Chromium Based Browsers Out Of Bounds Write Vulnerability (CVE-2021-30547)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
Web Server Miscellaneous
1011304 - Atlassian Jira Reflected Cross-Site Scripting Vulnerability (CVE-2021-43942)
1011301 - Jenkins 'Matrix Project' Plugin Cross-Site Scripting Vulnerability (CVE-2022-20615)
Web Server SharePoint
1011310 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)
Zoho ManageEngine
1011267 - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application PHP Based
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
Web Client Common
1011277* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-01)
1011300 - Chromium Based Browsers Out Of Bounds Write Vulnerability (CVE-2021-30547)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
Web Server Miscellaneous
1011304 - Atlassian Jira Reflected Cross-Site Scripting Vulnerability (CVE-2021-43942)
1011301 - Jenkins 'Matrix Project' Plugin Cross-Site Scripting Vulnerability (CVE-2022-20615)
Web Server SharePoint
1011310 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)
Zoho ManageEngine
1011267 - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server Common
1011270* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1011279* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server Common
1011270* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1011279* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Microsoft Office
1011303 - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application Common
1011295* - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)
Web Application PHP Based
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011299 - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)
1011289 - Grafana Directory Traversal Vulnerability (CVE-2021-43813)
1011243* - Grafana Path Traversal Vulnerability (CVE-2021-43798)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server Miscellaneous
1011253* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)
Web Server Oracle
1011084* - Oracle Business Intelligence 'UpdateConnectionServlet' Remote Code Execution Vulnerability (CVE-2021-2396)
1002645* - Oracle mod_wl HTTP Request Method Remote Buffer Overflow
Zoho ManageEngine
1011260* - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Microsoft Office
1011303 - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application Common
1011295* - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)
Web Application PHP Based
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011299 - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)
1011289 - Grafana Directory Traversal Vulnerability (CVE-2021-43813)
1011243* - Grafana Path Traversal Vulnerability (CVE-2021-43798)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server Miscellaneous
1011253* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)
Web Server Oracle
1011084* - Oracle Business Intelligence 'UpdateConnectionServlet' Remote Code Execution Vulnerability (CVE-2021-2396)
1002645* - Oracle mod_wl HTTP Request Method Remote Buffer Overflow
Zoho ManageEngine
1011260* - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
H2 Database
1011281* - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application Common
1011295 - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)
Web Application PHP Based
1011296 - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011287 - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011045* - WordPress 'Modern Events Calendar Lite' Plugin Improper Access Control Vulnerability (CVE-2021-24146)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290* - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011293 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785) - 1
1011288* - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Zoho ManageEngine
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011260 - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)
Integrity Monitoring Rules:
1010838* - Linux/Unix - Core system configuration files modified
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
H2 Database
1011281* - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application Common
1011295 - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)
Web Application PHP Based
1011296 - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011287 - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011045* - WordPress 'Modern Events Calendar Lite' Plugin Improper Access Control Vulnerability (CVE-2021-24146)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290* - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011293 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785) - 1
1011288* - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Zoho ManageEngine
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011260 - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)
Integrity Monitoring Rules:
1010838* - Linux/Unix - Core system configuration files modified
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application PHP Based
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Application PHP Based
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Unix Samba
1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application PHP Based
1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Integrity Monitoring Rules:
1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002831* - Unix - Syslog
Deep Packet Inspection Rules:
Unix Samba
1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application PHP Based
1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Integrity Monitoring Rules:
1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002831* - Unix - Syslog
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more