Rule Update

20-051 (October 6, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Server
1010511* - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)

Database IBM DB2
1010537 - IBM DB2 Universal Database Default Credentials Vulnerability (CVE-2001-0051)

FTP Server Miscellaneous
1010531* - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)

IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)

NodeJS Debugging Protocol
1010497* - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)

Web Application Common
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)

Web Client Common
1010540 - Download Of A Suspicious PowerShell Script File Detected

Web Server Apache
1010400* - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
1010538 - ZenTao Pro Remote Code Execution Vulnerability (CVE-2020-7361)

Web Server Common
1010522 - Apache Druid LDAP Authentication Bypass Vulnerability (CVE-2020-1958)
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)

Web Server HTTPS
1010523 - Etaukey Webshell C&C Traffic

Web Server Nagios
1010369* - Nagios XI '' Command Injection Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1010489 - Auditd - Mitre ATT&CK TA0003: Persistance
1010541 - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)