20-048 (22 September 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache JServ Protocol
1010361* - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)


Java RMI
1010501* - Oracle Java SE Remote Security Vulnerability Over RMI (CVE-2017-3241)


Mail Server Common
1010001* - Dovecot And Pigeonhole Remote Code Execution Vulnerability (CVE-2019-11500)


Suspicious Client Application Activity
1010364* - Identified Reverse Shell Communication Over HTTPS - 2 (ATT&CK T1071)
1007184* - TMTR-0006: BUTERAT HTTP Request


TrendMicro SPLX Web Console
1010512* - Trend Micro ServerProtect For Linux Command Injection Vulnerability (CVE-2020-24561)


UWSGI Protocol
1010500* - Apache HTTP Server Mod_uwsgi Remote Code Execution Vulnerability (CVE-2020-11984)


Web Application Common
1008192* - Identified Directory Traversal Sequence In Multipart HTTP Requests


Web Application PHP Based
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)


Web Server Common
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)
1010498 - Nagios XI Authenticated Remote Command Execution Vulnerability (CVE-2019-15949)


Web Server HTTPS
1010514* - Nagios XI 'command_test.php' Command Injection Vulnerability


Web Server Miscellaneous
1010516 - Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2186)


Web Server Nagios
1010504 - Nagios XI account 'main.php' Stored Cross-Site Scripting Vulnerability (CVE-2020-10821)


Windows SMB Server
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)


Windows Services RPC Server DCERPC
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010465 - Auditd - Mitre ATT&CK TA0007: Discovery