Rule Update
17-059 (December 19, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008717 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
DHCP Server
1008591* - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)
HP Intelligent Management Center Dbman
1008749* - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)
RRAS Service
1008769* - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)
Remote Desktop Protocol Server
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
Unix Samba
1008791* - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)
Web Application PHP Based
1008550 - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
1008562 - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)
Web Application Ruby Based
1008574 - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Web Client Common
1008583 - Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CVE-2017-10952)
1008582 - Foxit Reader Remote Code Execution Vulnerability (CVE-2017-10951)
Web Server Miscellaneous
1008763* - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008792 - Microsoft Windows Security Events - 4
Deep Packet Inspection Rules:
DCERPC Services
1008717 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
DHCP Server
1008591* - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)
HP Intelligent Management Center Dbman
1008749* - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)
RRAS Service
1008769* - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)
Remote Desktop Protocol Server
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
Unix Samba
1008791* - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)
Web Application PHP Based
1008550 - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
1008562 - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)
Web Application Ruby Based
1008574 - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Web Client Common
1008583 - Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CVE-2017-10952)
1008582 - Foxit Reader Remote Code Execution Vulnerability (CVE-2017-10951)
Web Server Miscellaneous
1008763* - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008792 - Microsoft Windows Security Events - 4