Rule Update
22-005 (February 1, 2022)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Unix Samba
1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application PHP Based
1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Integrity Monitoring Rules:
1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002831* - Unix - Syslog
Deep Packet Inspection Rules:
Unix Samba
1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)
Web Application PHP Based
1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)
Web Server Miscellaneous
1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)
Integrity Monitoring Rules:
1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002831* - Unix - Syslog