Rule Update

20-001 (January 7, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Solr RMI
1010116 - Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409)

DCERPC Services - Client
1010106* - Identify Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1086)

DNS Client
1010067* - PHP 'dns_get_record' Buffer Overflow Vulnerability (CVE-2019-9022)

DNS Server
1010118 - ISC BIND 'EDNS0' Key-Tag Memory Leak Denial Of Service Vulnerability (CVE-2018-5744)

Oracle E-Business Suite Web Interface
1010117* - Oracle E-Business Suite General Ledger SQL Injection Vulnerability (CVE-2019-2638)

Trend Micro OfficeScan
1010039* - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)

TurboVNC Server
1010079* - TurboVNC Fence Message Stack-based Buffer Overflow Vulnerability (CVE-2019-15683)

Web Application Common
1010119 - Libexpat XML Parsing Heap Based Buffer Over-Read Vulnerability (CVE-2019-15903) - Server
1010107* - rConfig '' SQL Injection Vulnerability (CVE-2019-19207)

Web Application PHP Based
1010112* - PHP Type Confusion Infoleak Vulnerability (CVE-2015-4599)

Web Client Common
1009921* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6

Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
1010044* - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)

Web Server IIS
1010115* - Microsoft Windows WebDAV Path Parsing Command Injection Remote Code Execution Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2