Rule Update

20-029 (June 23, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Directory Server LDAP
1010321* - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)

Docker Daemon
1010326 - Identified Docker Daemon Remote API Call

IBM WebSphere Application Server
1010343 - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)

IBM WebSphere Application Server IIOP protocol
1010348 - IBM WebSphere Application Server IIOP Deserialization Vulnerabilities (CVE-2020-4449 and CVE-2020-4450)

Oracle E-Business Suite Web Interface
1010325 - Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross Site Scripting Vulnerability (CVE-2020-2852)

Suspicious Client Application Activity
1010327 - Identified Potential Malicious Client Traffic

Suspicious Server Application Activity
1010328 - Identified Potential Malicious Server Traffic

Web Application Common
1010339 - Netty HTTP Request Smuggling Vulnerability (CVE-2019-20444)

Web Application PHP Based
1010338 - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)

Web Client Common
1010333 - Microsoft Windows .NET Core Remote Code Execution Vulnerability (CVE-2020-0605)

Web Server Common
1010322 - Oracle Business Intelligence AMF Deserialization Remote Code Execution Vulnerability (CVE-2020-2950)
1010351 - vBulletin Improper Access Control Vulnerability (CVE-2020-12720)

Web Server Miscellaneous
1010347 - Eclipse Jetty Chunk Length Parsing Integer Overflow Vulnerability (CVE-2017-7657)
1010346 - Eclipse Jetty HTTP/0.9 Handler Request Smuggling Vulnerability (CVE-2017-7656)

Windows SMB Client
1006994* - Executable File Download On Network Share Detected

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1002831* - Unix - Syslog