Rule Update
22-004 (January 25, 2022)
Publish date: January 25, 2022
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
H2 Database
1011281 - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)
LDAP Client
1011269 - Identified Java Code Download Attempt Over LDAP
Web Application Common
1011103* - PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)
Web Application PHP Based
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
1011283 - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
Web Server Common
1011279 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
1011285 - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server HTTPS
1011247* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22238)
Web Server Miscellaneous
1011253 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)
Zoho ManageEngine
1011284 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
H2 Database
1011281 - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)
LDAP Client
1011269 - Identified Java Code Download Attempt Over LDAP
Web Application Common
1011103* - PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)
Web Application PHP Based
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
1011283 - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
Web Server Common
1011279 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
1011285 - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server HTTPS
1011247* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22238)
Web Server Miscellaneous
1011253 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)
Zoho ManageEngine
1011284 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
- Kong API Gateway Misconfigurations: An API Gateway Security Case StudyTools that aggregate access into multiple different environments, such as API gateways, pose a security risk for all these environments upon breach. In this article, we continue our journey through the security issues of the API Gateway landscape. Our new research focuses on another popular API gateway — Kong.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more