*** EX RELS 03494 Release ***
Total number of signatures: 6013

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:


Added 26 rule(s):
---------------
1131075	FILE Microsoft Office Memory Corruption Vulnerability -1.2 (CVE-2015-1641)
1135883	WEB Atlassian JIRA Template Injection Code Execution -2.1 (CVE-2019-11581)
1135971	WEB Pulse Secure diag.cgi Command Injection -1 (CVE-2019-11539)
1135985	WEB Jenkins Git Client Remote Command Execution -1.1 (CVE-2019-10392)
1136053	WEB Joomla Core Directory Traversal (CVE-2019-10945)
1136066	FILE Microsoft Graphics Device Interface CVE-2019-1252 Information Disclosure -1
1136628	EXPLOIT Citrix Application Delivery Controller Remote Code Execution -1.2 (CVE-2019-19781)
1136949	RPC Microsoft Windows Server Service RPC Request Handling Buffer Overflow -6 (MS08-067,CVE-2008-4250)
1136950	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.1 (CVE-2020-6967)
1136951	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -2 (CVE-2020-6967)
1136952	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -3 (CVE-2020-6967)
1136953	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -4 (CVE-2020-6967)
1136954	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -5 (CVE-2020-6967)
1136955	WEB Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability -1 (CVE-2020-3243)
1136964	WEB-CLIENT Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1058)
1136966	WEB-CLIENT Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1035)
1136973	WEB Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization (CVE-2020-2950)
1136976	WEB-CLIENT Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1060)
1136977	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.2 (CVE-2020-6967)
1136978	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.3 (CVE-2020-6967)
1136979	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.4 (CVE-2020-6967)
1136980	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.5 (CVE-2020-6967)
1136981	WEB Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization -1.6 (CVE-2020-6967)
1137334	WEB Pandora FMS Events Remote Command Execution (CVE-2020-13851)
1137342	WEB openSIS Unauthenticated PHP Code Execution (CVE-2020-13381)
1137351	SSDP D-Link DIR-816L Remote Command Execution (CVE-2020-15893)

Modified 146 rule(s):
---------------
1048888	NETWORK L3retriever Ping via ICMP -1
1048891	NETWORK icmpenum v1.1.1 via ICMP -1
1048892	NETWORK redirect host access via ICMP -1
1048893	NETWORK redirect net via ICMP -1
1048897	NETWORK Source Quench access via ICMP -1
1048900	NETWORK TJPingPro1.1Build 2 Windows access via ICMP -1
1048901	NETWORK PING WhatsupGold Windows access via ICMP -1
1048904	NETWORK Destination Unreachable access via ICMP -1
1048905	NETWORK Destination Unreachable access via ICMP -2
1048906	NETWORK Destination Unreachable access via ICMP -3
1048917	NETWORK PING LINUX/*BSD access via ICMP -1
1048925	NETWORK PING access via ICMP -1
1048926	NETWORK traceroute access via ICMP -1
1048927	NETWORK Address Mask Reply access via ICMP -1
1048929	NETWORK Address Mask Request access via ICMP -1
1048931	NETWORK Alternate Host Address access via ICMP -1
1048933	NETWORK Datagram Conversion Error access via ICMP -1
1048935	NETWORK Destination Unreachable access via ICMP -4
1048936	NETWORK Destination Unreachable access via ICMP -5
1048937	NETWORK Destination Unreachable access via ICMP -6
1048938	NETWORK Destination Unreachable access via ICMP -7
1048939	NETWORK Destination Unreachable access via ICMP -8
1048940	NETWORK Destination Unreachable access via ICMP -9
1048941	NETWORK Destination Unreachable access via ICMP -10
1048942	NETWORK Destination Unreachable access via ICMP -11
1048943	NETWORK Destination Unreachable access via ICMP -12
1048944	NETWORK Destination Unreachable access via ICMP -13
1048945	NETWORK Destination Unreachable access via ICMP -14
1048946	NETWORK Destination Unreachable access via ICMP -15
1048947	NETWORK Destination Unreachable access via ICMP -16
1048951	NETWORK Fragment Reassembly Time Exceeded access via ICMP -1
1048956	NETWORK Information Reply access via ICMP -1
1048958	NETWORK Information Request access via ICMP -1
1048960	NETWORK Mobile Host Redirect access via ICMP -1
1048962	NETWORK Mobile Registration Reply access via ICMP -1
1048964	NETWORK Mobile Registration Request access via ICMP -1
1048966	NETWORK Parameter Problem (Bad Length) access via ICMP -1
1048967	NETWORK Parameter Problem (Missing a Requiered Option) access via ICMP -1
1048968	NETWORK Parameter Problem (Unspecified Error) access via ICMP -1
1048970	NETWORK Photuris (Reserved) access via ICMP -1
1048971	NETWORK Photuris (Unknown Security Parameters Index) access via ICMP -1
1048972	NETWORK Photuris (Authentication Failed) access via ICMP -1
1048973	NETWORK Photuris (Decryption Failed) access via ICMP -1
1048975	NETWORK Redirect (for TOS and Host) access via ICMP -1
1048976	NETWORK Redirect (for TOS and Network) access via ICMP -1
1048978	NETWORK Reserved for Security (Type 19) access via ICMP -1
1048980	NETWORK Router Advertisement access via ICMP -1
1048981	NETWORK Router Selection access via ICMP -1
1048982	NETWORK SKIP access via ICMP -1
1048985	NETWORK Time-To-Live Exceeded in Transit access via ICMP -1
1048987	NETWORK Timestamp Reply access via ICMP -1
1048989	NETWORK Timestamp Request access via ICMP -1
1048991	NETWORK Traceroute ipopts access via ICMP -1
1049008	NETWORK Large ICMP Packet via ICMP -1
1050288	NETWORK source route - lsrr access via ICMP -1
1050290	NETWORK sourceroute-ssrr access via ICMP -1
1050946	FILE FTP transfer-upload via TCP -1
1050947	FILE FTP transfer-download via TCP -1
1051140	NETWORK PING SoftEther Keep-Alive access via ICMP -1
1052849	NETWORK NETBIOS SMB Empty Password Failed access via TCP -1
1053048	NETWORK SSL/TLS Handshake access via SSL -1
1053069	VOIP SIP communicate via TCP -1
1053070	VOIP SIP communicate via UDP -1
1053490	TCP port 23 traffic (eg. Telnet)
1053494	TCP port 107 traffic (eg. Telnet)
1053520	TCP port 53 traffic (eg. DNS)
1053521	UDP port 53 traffic (eg. DNS)
1053544	NETWORK DNS query access via UDP -1
1053557	WEB HTTP access via TCP -1
1053574	UDP port 138 traffic (eg. SMB)
1053887	TCP port 80 traffic (eg. HTTP)
1053888	TCP port 25 traffic (eg. SMTP)
1060224	TERMINAL Telnet communicate via TCP -1.1
1060300	TCP port 110 traffic (eg. POP3)
1060350	TCP port 143 traffic (eg. IMAP4)
1060351	UDP port 143 traffic (eg. IMAP4)
1060377	TCP port 220 traffic (eg. IMAP4)
1060378	UDP port 220 traffic (eg. IMAP4)
1060409	TCP port 587 traffic (eg. SMTP)
1060463	TCP port 953 traffic (eg. DNS)
1060464	UDP port 953 traffic (eg. DNS)
1060471	TCP port 992 traffic (eg. Telnet)
1060472	UDP port 992 traffic (eg. Telnet)
1060473	TCP port 993 traffic (eg. IMAP4)
1060474	TCP port 995 traffic (eg. POP3)
1060735	TCP port 8081 traffic (eg. HTTP)
1060796	TCP port 4993 traffic (eg. FTP Applications)
1060797	UDP port 4993 traffic (eg. FTP Applications)
1060825	TCP port 8080 traffic (eg. HTTP)
1062346	TCP port 443 traffic (eg. SSL/TLS)
1062452	TERMINAL Telnet communicate via TCP -1.2
1063342	STDPROTOCOL DHCP access via UDP -1
1063404	MAIL IMAP4 access via TCP -1
1063568	STDPROTOCOL DHCP access via UDP -2
1063594	MEDIA Windows Media Player UPnP access via TCP -1
1063660	NETWORK SSL/TLS Handshake access via SSL -2
1063661	NETWORK SSL/TLS Handshake access via SSL -3
1063662	NETWORK SSL/TLS Handshake access via SSL -4
1063663	NETWORK SSL/TLS Handshake access via SSL -5
1063939	NETWORK SSL/TLS Handshake access via SSL -6
1063940	NETWORK Group Management access via IGMP -1
1063980	MAIL SMTP access state 0 via TCP -1.1
1063981	MAIL SMTP access state 0 via TCP -1.2
1063982	MAIL SMTP access state 1 via TCP -1
1063983	MAIL SMTP access via TCP -1.1
1063984	MAIL SMTP access via TCP -1.2
1063985	MAIL SMTP access via TCP -1.3
1063986	MAIL POP3 login state 0 via TCP -1
1063987	MAIL POP3 login state 1 via TCP -1.1
1063988	MAIL POP3 login state 1 via TCP -1.2
1063989	FILE FTP login state 0 via TCP -1
1063990	FILE FTP login state 1 via TCP -1
1063991	FILE FTP login state 2 via TCP -1
1063992	FILE FTP login via TCP -1
1064521	MAIL IMAP4 login state 0 via TCP -2
1064522	MAIL IMAP4 login state 1 via TCP -2.1
1064523	MAIL IMAP4 login via TCP -2.1
1066234	MAIL IMAP4 login state 1 via TCP -2.2
1066236	MAIL IMAP4 login via TCP -2.2
1066401	NETWORK PING access via ICMPv6 -1
1066504	NETWORK Echo Reply access via ICMPv6 -1
1066505	NETWORK Destination Unreachable access via ICMPv6 -1
1066506	NETWORK Packet Too Big access via ICMPv6 -1
1066507	NETWORK Time Exceeded access via ICMPv6 -1
1066508	NETWORK Parameter Problem access via ICMPv6 -1
1066509	NETWORK Router Solicitation access via ICMPv6 -1
1066510	NETWORK Router Advertisement access via ICMPv6 -1
1066511	NETWORK Neighbor Solicitation access via ICMPv6 -1
1066512	NETWORK Neighbor Advertisement access via ICMPv6 -1
1066513	NETWORK Redirect Message access via ICMPv6 -1
1066514	NETWORK access via ICMPv6 -1
1067096	TERMINAL Telnet communicate via TCP -1.3
1067097	TERMINAL Telnet communicate via TCP -1.4
1068094	FILE FTP login via TCP -2
1069622	WEB HTTP access via TCP -3
1090349	NETWORK DNS Name Resolution access via UDP -1
1090350	NETWORK DNS Zone Transfer via TCP -1
1160613	NETWORK SMB access via UDP -1
1160614	NETWORK SMB access via TCP -1
1162435	MAIL IMAP4 login state 1 via TCP -2.3
1162491	MAIL POP3 login via TCP -1
1162492	MAIL POP3 login via TCP -2.1
1162493	MAIL POP3 login via TCP -2.2
1190016	UDP port 5060 traffic (eg. SIP)
1190020	UDP port 80 traffic (eg. HTTP)
1190037	TCP port 5060 traffic (eg. SIP)

Deleted 15 rule(s):
---------------
1056958	EXPLOIT DCERPC recon attempt (old rule)
1059684	MISC Bitcoin/LiteCoin/Dogecoin Mining Activity -1 (old rule)
1130500	SSL TLS FREAK with CBC Cipher TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA -1.1 (old rule)
1131349	EXPLOIT Suspicious User-Agent Exploit Kit Activity (old rule)
1132456	SSL TLS FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 -1.1 (old rule)
1132460	SSL TLS FREAK with CBC Cipher TLS_RSA_EXPROT1024_WITH_RC4_56_SHA -1.1 (old rule)
1132464	SSL TLS FREAK with CBC Cipher TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA -1.1 (old rule)
1133189	MISC Bitcoin/LiteCoin/Dogecoin Mining Activity -2 (old rule)
1134268	TELNET Default Password Login -22 (old rule)
1134390	MISC Cryptocurrency Monero Mining Activity -1 (old rule)
1134404	TELNET Default Password Login -23 (old rule)
1134550	TELNET Default Password Login -24 (old rule)
1134551	TELNET Default Password Login -25 (old rule)
1134552	TELNET Default Password Login -26 (old rule)
1136595	FILE Microsoft Windows CryptoAPI Spoofing Vulnerability -1 (CVE-2020-0601) (old rule)