Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command


Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI


Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt


Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request


Suspicious Server Application Activity
1009433 - Tildeb Knock Request


Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability


Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability


Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1009437* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 1
1009440* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 4


Web Client Internet Explorer/Edge
1009449 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8653)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Java RMI
1009390* - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability (CVE-2016-1000031)


Web Application Common
1009202 - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities - 1


Web Client Common
1008883* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1009327* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 9
1009437 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 1
1009438 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 2
1009439 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 3
1009440 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 4
1009441 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 5
1009444 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 6
1009442 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 7
1009443 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 8
1009394* - Adobe Acrobat And Reader NTLM SSO Hash Information Disclosure Vulnerability (CVE-2018-15979)
1009201 - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities
1009292 - Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8382)
1009307* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8423)
1009366* - Microsoft Outlook Multiple Security Vulnerabilities (Nov-2018)
1009446 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8596)
1009293* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
1002744* - RealNetworks RealPlayer SWF Flash File Buffer Overflow Vulnerability (CVE-2006-0323)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1009427 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2018-8628)


Web Application Common
1009425 - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323) - 1


Web Client Common
1009426 - 7-Zip Remote Code Execution Vulnerability (CVE-2018-10115)
1009321* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 3
1009326* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 8
1009424 - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323)
1009428 - Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587)
1009413 - Microsoft Text-To-Speech Remote Code Execution Vulnerability (CVE-2018-8634)
1009431 - Microsoft Windows Multiple Security Vulnerabilities (Dec-2018)
1009268 - Oracle Outside In Excel GelFrame Out-Of-Bounds Read (CVE-2018-2992)


Web Client Internet Explorer/Edge
1009409 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8583)
1009411 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8617)
1009412 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8618)
1009416 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8624)
1009415 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629)
1009335* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8460)
1009414 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631)
1009410 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8619)
1009430 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8625)
1009429 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8643)


Web Client Mozilla Firefox
1009159 - Mozilla Firefox Vorbis Audio Residue Codebook Out Of Bounds Write Vulnerability (CVE-2018-5146)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share


Web Client Common
1009405 - Adobe Flash Player Use After Free Vulnerability (CVE-2018-15982)
1009407 - Detected Suspicious DLL Side Loading Attempt Over WebDAV


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Elasticsearch
1009209 - ElasticSearch Dynamic Script Arbitrary Java Code Execution Vulnerability (CVE-2014-3120)


HP Intelligent Management Center (IMC)
1008983 - HPE Intelligent Management Center 'saveSelectedDevices' Expression Language Injection Vulnerability (CVE-2017-12491)


TFTP Server
1009365 - Microsoft Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (CVE-2018-8476)


Web Application Common
1005934* - Identified Suspicious Command Injection Attack


Web Client Internet Explorer/Edge
1009244* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355)


Web Client Mozilla Firefox
1009396 - Mozilla Firefox Multiple Security Vulnerabilities


Web Server Adobe ColdFusion
1009387 - Adobe ColdFusion Remote File Upload Vulnerability (CVE-2018-15961)


Integrity Monitoring Rules:

1008271* - Application - Docker
1003131* - Virtualization Software - VMware Server


Log Inspection Rules:

1003802* - Directory Server - Microsoft Windows Active Directory
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk RTP Protocol
1008964* - Digium Asterisk Compound RTCP Out-Of-Bounds Write Vulnerability (CVE-2017-17664)


Asterisk Server IAX2
1002607* - Asterisk IAX2 Packet Amplification Remote Denial Of Service Vulnerability (CVE-2008-1897)


Oracle Secure Backup
1003225* - Oracle Secure Backup NDMP CONECT_CLIENT_AUTH Command Buffer Overflow


Web Application PHP Based
1008817 - PHP WDDX NULL Pointer Dereference Vulnerability (CVE-2016-9934)


Web Client Common
1009273 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-09) - 8
1009349* - Microsoft Windows ALPC Elevation Of Privilege Vulnerability (CVE-2018-8584)
1009378* - Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
1009088* - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (May 2018)
1009382* - Microsoft Windows Multiple Security Vulnerabilities (Nov-2018)
1009293* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
1009171* - Microsoft Windows Shell Remote Code Execution Vulnerability
1009238* - Microsoft Windows Shell Remote Code Execution Vulnerability - 1
1009029* - PHP 'http_fopen_wrapper' Stack Buffer Overflow Vulnerability (CVE-2018-7584)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Java RMI
1009390 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability (CVE-2016-1000031)


Trend Micro OfficeScan
1009034* - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)


Web Application PHP Based
1009395 - PHP 'imap_open()' Remote Code Execution Vulnerability


Web Application Tomcat
1009388 - Apache Tomcat 'mod_jk' Information Disclosure Vulnerability (CVE-2018-11759)


Web Client Common
1009394 - Adobe Acrobat And Reader NTLM SSO Hash Information Disclosure Vulnerability (CVE-2018-15979)
1009393 - Adobe Flash Player Out Of Bounds Read Vulnerability (CVE-2018-15978)
1009398 - Adobe Flash Player Type Confusion Vulnerability (CVE-2018-15981)
1004085* - Heuristic Detection Of Malicious PDF Documents - 3


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1009368 - Microsoft Word Remote Code Execution Vulnerability (CVE-2018-8539)


Web Client Common
1009366 - Microsoft Outlook Multiple Security Vulnerabilities (Nov-2018)
1009349* - Microsoft Windows ALPC Elevation Of Privilege Vulnerability (CVE-2018-8584)
1009378 - Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
1009372 - Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2018-8553)
1009382 - Microsoft Windows Multiple Security Vulnerabilities (Nov-2018)
1009369 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)


Web Client Internet Explorer/Edge
1009383 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8542)
1009374 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8555)
1009375 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8556)
1009376 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8557)
1009381 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8588)
1009371 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database Oracle
1009342* - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)
1009306* - Oracle PL/SQL Procedures Arbitrary SQL Command Execution Vulnerability (CVE-2004-1370)


Trend Micro OfficeScan
1009034 - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)


Web Application Common
1009264* - GitLab Arbitrary File Write Vulnerability (CVE-2018-14364)
1009350* - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
1009356* - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)


Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)


Web Client Internet Explorer/Edge
1009384 - Microsoft Internet Explorer 'Tree::Notify_InvalidateDisplay' Null Pointer Dereference Vulnerability


Web Server Apache
1009045* - Apache httpd 'mod_cache_socache' Denial Of Service Vulnerability (CVE-2018-1303)


Web Server HTTPS
1008857* - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)


Web Server Oracle
1009358 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)
1009353* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.