Rule Update

21-020 (April 27, 2021)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Manager Interface (AMI) HTTP
1009148* - Asterisk HTTP Server Denial Of Service Vulnerability (CVE-2018-7287)

Directory Server LDAP
1010895 - OpenLDAP Slapd CancelRequest Denial Of Service Vulnerability (CVE-2020-36227)

Web Application Common
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1010918 - Nagios XI Remote Code Execution Vulnerability (CVE-2020-35578)

Web Client Common
1010917 - Chromium Based Browsers Improper Input Validation Vulnerability (CVE-2021-21123)
1010910 - Chromium V8 Out-Of-Bounds Access Remote Code Execution Vulnerability (CVE-2021-21220)
1010922 - Google Chrome Out Of Bounds Write Vulnerability (CVE-2020-6507)
1010908 - Microsoft 3D Builder Remote Code Execution Vulnerability (ZDI-21-406)
1010907 - Microsoft Print 3D Remote Code Execution Vulnerability (ZDI-21-405)
1010924 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2021-28468)
1010925 - XStream Library Arbitrary Code Execution Vulnerability (CVE-2021-21351)

Web Server Apache
1009087* - Apache Httpd FilesMatch Directive Security Restriction Bypass Vulnerability (CVE-2017-15715)

Web Server Common
1010902* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-26919)
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)

Web Server HTTPS
1010913* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26858)

Web Server Miscellaneous
1010916 - Atlassian Jira Information Disclosure Vulnerability (CVE-2019-3403)
1010893 - Jenkins 'Repository Connector' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21618)
1008763* - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)

Zoho ManageEngine
1010903 - Zoho ManageEngine Applications Manager Custom Monitor Type SQL Injection Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1002831* - Unix - Syslog