*** EX RELS 03340 Release *** Total number of signatures: 6045 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 8 rule(s): --------------- 1133892 WEB-CLIENT Microsoft Windows Performance Monitor XXE Injection Information Disclosure (CVE-2017-0170) 1133893 WEB Apache Struts Dynamic Method Invocation Remote Code Execution -3 1133894 RDP Microsoft Windows XP and Server 2003 RDP CVE-2017-0176 Heap Buffer Overflow -1 (CVE-2017-0176) 1133895 RDP Microsoft Windows XP and Server 2003 RDP CVE-2017-0176 Heap Buffer Overflow -2 (CVE-2017-0176) 1160597 SOCIAL Twitter access via SSL -4 1160598 IM WeChat login via SSL -2 1160599 IM WeChat transfer via SSL -1 1160600 IM WeChat access via TCP -5 Modified 49 rule(s): --------------- 1053869 AP State - TUNNEL Freegate http request fragment evasion 0-1 1060331 TCP port 843 traffic (eg. RTMP) 1060368 UDP port 201 traffic (eg. AppleTalk Routing Maintenance) 1060402 UDP port 387 traffic (eg. Appletalk Update-Based Routing Pro.) 1060432 UDP port 657 traffic (eg. IBM Remote monitoring and Control) 1060958 UDP port 1512 traffic (eg. Microsoft WINS) 1061296 STDPROTOCOL SOAP access via TCP -1 1061434 TCP port 1935 traffic (eg. RTMP) 1061806 AP State Flow- TUNNEL Freegate http request fragment evasion 1-F/Flow 1062412 UDP port 3306 traffic (eg. MySQL) 1063224 P2P Thunder Series Version Check via TCP -1 1067546 IM WeChat media via UDP -1 1068260 UDP port 3074 traffic (eg. Xbox) 1069245 TUNNEL HotspotShield access state 0 via SSL -2-1 1069688 TUNNEL HotspotShield access state 0 via SSL -3-1 1069689 TUNNEL HotspotShield access state 0 via SSL -2-2 1069693 TUNNEL HotspotShield access via SSL -3 1110895 WEB-CLIENT WScript.Shell Remote Code Execution -1 (Ransomware Attack Vector) 1133887 WEB IPFire ids.cgi OINKCODE Parameter Command Injection -2 (CVE-2017-9757) 1160045 TUNNEL HotspotShield access state 0 via SSL -4-1 1160061 TUNNEL HotspotShield access state 0 via SSL -5-1 1190005 UDP port 5353 traffic (eg. Zeroconf) 1190006 UDP port 1701 traffic (eg. L2TP) 1190007 UDP port 998 traffic (eg. puparp) 1190008 UDP port 996 traffic (eg. vsinet) 1190009 UDP port 997 traffic (eg. maitrd) 1190010 UDP port 999 traffic (eg. applix) 1190011 UDP port 3283 traffic (eg. Net Assistant) 1190012 UDP port 1812 traffic (eg. radius) 1190013 UDP port 136 traffic (eg. profile) 1190014 UDP port 2222 traffic (eg. msantipiracy) 1190015 UDP port 2049 traffic (eg. NFS) 1190016 UDP port 5060 traffic (eg. SIP) 1190017 UDP port 1025 traffic (eg. blackjack) 1190018 UDP port 1433 traffic (eg. ms-sql-s) 1190019 UDP port 3456 traffic (eg. vat) 1190020 UDP port 80 traffic (eg. HTTP) 1190022 UDP port 20031 traffic (eg. bakbonenetvault) 1190023 UDP port 1026 traffic (eg. win-rpc) 1190025 UDP port 1646 traffic (eg. radacct) 1190026 UDP port 1645 traffic (eg. radius) 1190027 UDP port 1719 traffic (eg. h323gatestat) 1190030 UDP port 2048 traffic (eg. dls-monitor) 1190031 UDP port 626 traffic (eg. serialnumberd) 1190032 UDP port 4444 traffic (eg. krb524) 1190033 UDP port 88 traffic (eg. kerberos) 1190034 UDP port 1718 traffic (eg. h323gatedisc) 1190035 UDP port 31337 traffic (eg. BackOrifice) 1190036 UDP port 515 traffic (eg. printer) Deleted 0 rule(s): ---------------