Rule Update

15-028 (August 25, 2015)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service


Backup Server EMC Legato
1001104* - EMC Legato Networker Remote Exec Service Stack Overflow


DNS Client
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
1000159* - Microsoft SMTP Server DNS Handling Buffer Overflow


DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS


Database Oracle
1000251* - Oracle Database Server Buffer Overflow In Procedure START_LOG of CTX_OUTPUT Package


Microsoft Office
1005346* - Identified Suspicious Microsoft Word RTF File
1004978* - MSCOMCTL.OCX RCE Vulnerability For Office Binary File (CVE-2012-0158)
1006625* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)


Novell Configuration Management Preboot Policy Service
1006792 - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability
1006791 - Novell ZENworks Preboot Service Dynamic Port Decoder


Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected


OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006920 - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


Web Application PHP Based
1006021* - Joomla JCE Extension Multiple Vulnerabilities


Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability


Web Client Common
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006972* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006958* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006968 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5126)
1006984* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006987* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006967* - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006865* - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006974 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5554)
1006975* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1007012 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5562)
1006969 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5127)
1006988* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006989 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5551)
1006976* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006981* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1007016 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5564)
1006965* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5565)
1006966* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5566)
1007014 - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1007010 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2015-5089)
1007015 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5108)
1007007 - Adobe Reader And Acrobat Multiple Integer Overflow And Information Disclosure Vulnerabilities
1007001 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4443)
1007002 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4444)
1007009 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4435)
1007011 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4438)
1007000 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4441)
1007003 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4445)
1006886* - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1007004 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4449)
1007005 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4451)
1006998 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4452)
1006999 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5085)
1006996 - Identified Suspicious Microsoft Word RTF File - 1
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006944* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006945* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1004834* - Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow
1006699 - libpng Heap Based Buffer Overflow Vulnerability (CVE-2015-0973)


Web Client Internet Explorer
1006957* - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability (CVE-2015-2502)
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006932* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1004977* - Restrict Microsoft Windows Common ListView And TreeView ActiveX Controls


Web Server IIS
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability


Web Server Miscellaneous
1005597* - Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
1005994* - Apache Struts Multiple Directory Traversal Vulnerabilities
1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
1006155* - Apache Struts ParameterInterceptor Class OGNL Security Bypass Vulnerability
1004982* - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
1006908 - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Web Server Squid
1000388* - Restrict Squid Cache Manager Access


Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected


Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected


Log Inspection Rules:

1002795* - Microsoft Windows Events

Featured Stories