Rule Update
20-040 (18 agosto 2020)
Descrição
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
ActiveMQ OpenWire
1010428* - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Plex Media Server
1010434 - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)
SSL Client
1010437 - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)
Suspicious Server Application Activity
1003593* - Detected SSH Server Traffic (ATT&CK T1021)
1010462 - Malware Drovorub
Web Application Common
1010368 - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010391* - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Web Application Tomcat
1010457 - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)
1010444 - Identified Too Many Incoming HTTP/2 Requests
Web Client Common
1010456 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 1
1010452 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 2
1010451 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010460 - Google Chrome 'BlobRegistryImpl' Use-After-Free Vulnerability (CVE-2020-6461)
1010453 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1574)
1010454 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1585)
1010455 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2020-1577)
Web Server Apache
1010461 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1010418* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1147)
1010416 - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010443* - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
1010459 - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)
Web Server Miscellaneous
1010346* - Identified HTTP Request With HTTP/0.9 In Request Line
Web Server Oracle
1010447 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008852* - Auditd
Deep Packet Inspection Rules:
ActiveMQ OpenWire
1010428* - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Plex Media Server
1010434 - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)
SSL Client
1010437 - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)
Suspicious Server Application Activity
1003593* - Detected SSH Server Traffic (ATT&CK T1021)
1010462 - Malware Drovorub
Web Application Common
1010368 - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010391* - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Web Application Tomcat
1010457 - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)
1010444 - Identified Too Many Incoming HTTP/2 Requests
Web Client Common
1010456 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 1
1010452 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 2
1010451 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010460 - Google Chrome 'BlobRegistryImpl' Use-After-Free Vulnerability (CVE-2020-6461)
1010453 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1574)
1010454 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1585)
1010455 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2020-1577)
Web Server Apache
1010461 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1010418* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1147)
1010416 - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010443* - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
1010459 - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)
Web Server Miscellaneous
1010346* - Identified HTTP Request With HTTP/0.9 In Request Line
Web Server Oracle
1010447 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008852* - Auditd