Rule Update
22-007 (February 8, 2022)
Publish date: February 08, 2022
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
H2 Database
1011281* - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application Common
1011295 - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)
Web Application PHP Based
1011296 - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011287 - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011045* - WordPress 'Modern Events Calendar Lite' Plugin Improper Access Control Vulnerability (CVE-2021-24146)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290* - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011293 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785) - 1
1011288* - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Zoho ManageEngine
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011260 - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)
Integrity Monitoring Rules:
1010838* - Linux/Unix - Core system configuration files modified
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
H2 Database
1011281* - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)
Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application Common
1011295 - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)
Web Application PHP Based
1011296 - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011287 - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011045* - WordPress 'Modern Events Calendar Lite' Plugin Improper Access Control Vulnerability (CVE-2021-24146)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290* - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011293 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785) - 1
1011288* - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Zoho ManageEngine
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011260 - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)
Integrity Monitoring Rules:
1010838* - Linux/Unix - Core system configuration files modified
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
- Kong API Gateway Misconfigurations: An API Gateway Security Case StudyTools that aggregate access into multiple different environments, such as API gateways, pose a security risk for all these environments upon breach. In this article, we continue our journey through the security issues of the API Gateway landscape. Our new research focuses on another popular API gateway — Kong.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more