Rule Update

21-045 (October 12, 2021)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008422* - Detected SMB Request


DCERPC Services - Client
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)


Trend Micro OfficeScan
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
1010708* - Trend Micro OfficeScan Multiple Information Disclosure Vulnerabilities (CVE-2020-28582 and CVE-2020-28583)


Web Application Common
1011171 - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)
1011170 - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1011173 - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011174 - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)


Web Application PHP Based
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)


Web Server Common
1011110 - Identified Slow HTTP Denial Of Service Attack (ATT&CK T1498.001)


Web Server HTTPS
1011161* - Centreon 'graph-split.php' SQL Injection Vulnerability
1011166* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22242)
1011167* - VMware vCenter Server File Upload Vulnerability (CVE-2021-22005)
1011120* - WebSVN Command Injection Vulnerability (CVE-2021-32305)
1011169 - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168 - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172 - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)


Web Server Nagios
1011164* - Nagios XI Stored Cross-Site Scripting Vulnerability (CVE-2021-38156)


Zoho ManageEngine
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)