Rule Update

20-026 (June 2, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)

Directory Server LDAP
1010301 - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)

FTP Server Common
1010229* - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137* - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)

SSL/TLS Server
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server

Web Application Common
1010210* - Identified Default Credentials Usage In Sonatype Nexus Repository Manager
1010222 - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010282 - Sonatype Nexus Repository Manager Java EL Injection Remote Code Execution Vulnerability (CVE-2020-10199)

Web Client HTTPS
1010290 - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client

Web Client Internet Explorer/Edge
1010133* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)

Web Proxy Squid
1010295 - Squid Proxy X.509 Certificate Cross Site Scripting Vulnerability (CVE-2018-19131)

Web Server Common
1010268* - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1010302 - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1000128* - HTTP Protocol Decoding
1010294* - Symantec Web Gateway Postauth Command Injection Vulnerability

Web Server Miscellaneous
1008527* - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)

Web Server Oracle
1010253* - Oracle WebLogic Server T3 Protocol Deserialization Of Untrusted Data Vulnerability (CVE-2020-2883)

Zoho ManageEngine DataSecurity Plus XNode server
1010297 - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298 - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3