Rule Update
20-048 (22 September 2020)
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache JServ Protocol
1010361* - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)
Java RMI
1010501* - Oracle Java SE Remote Security Vulnerability Over RMI (CVE-2017-3241)
Mail Server Common
1010001* - Dovecot And Pigeonhole Remote Code Execution Vulnerability (CVE-2019-11500)
Suspicious Client Application Activity
1010364* - Identified Reverse Shell Communication Over HTTPS - 2 (ATT&CK T1071)
1007184* - TMTR-0006: BUTERAT HTTP Request
TrendMicro SPLX Web Console
1010512* - Trend Micro ServerProtect For Linux Command Injection Vulnerability (CVE-2020-24561)
UWSGI Protocol
1010500* - Apache HTTP Server Mod_uwsgi Remote Code Execution Vulnerability (CVE-2020-11984)
Web Application Common
1008192* - Identified Directory Traversal Sequence In Multipart HTTP Requests
Web Application PHP Based
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
Web Server Common
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)
1010498 - Nagios XI Authenticated Remote Command Execution Vulnerability (CVE-2019-15949)
Web Server HTTPS
1010514* - Nagios XI 'command_test.php' Command Injection Vulnerability
Web Server Miscellaneous
1010516 - Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2186)
Web Server Nagios
1010504 - Nagios XI account 'main.php' Stored Cross-Site Scripting Vulnerability (CVE-2020-10821)
Windows SMB Server
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)
Windows Services RPC Server DCERPC
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010465 - Auditd - Mitre ATT&CK TA0007: Discovery
Deep Packet Inspection Rules:
Apache JServ Protocol
1010361* - Apache Tomcat Local File Inclusion Vulnerability (CVE-2020-1938)
Java RMI
1010501* - Oracle Java SE Remote Security Vulnerability Over RMI (CVE-2017-3241)
Mail Server Common
1010001* - Dovecot And Pigeonhole Remote Code Execution Vulnerability (CVE-2019-11500)
Suspicious Client Application Activity
1010364* - Identified Reverse Shell Communication Over HTTPS - 2 (ATT&CK T1071)
1007184* - TMTR-0006: BUTERAT HTTP Request
TrendMicro SPLX Web Console
1010512* - Trend Micro ServerProtect For Linux Command Injection Vulnerability (CVE-2020-24561)
UWSGI Protocol
1010500* - Apache HTTP Server Mod_uwsgi Remote Code Execution Vulnerability (CVE-2020-11984)
Web Application Common
1008192* - Identified Directory Traversal Sequence In Multipart HTTP Requests
Web Application PHP Based
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
Web Server Common
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)
1010498 - Nagios XI Authenticated Remote Command Execution Vulnerability (CVE-2019-15949)
Web Server HTTPS
1010514* - Nagios XI 'command_test.php' Command Injection Vulnerability
Web Server Miscellaneous
1010516 - Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2186)
Web Server Nagios
1010504 - Nagios XI account 'main.php' Stored Cross-Site Scripting Vulnerability (CVE-2020-10821)
Windows SMB Server
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)
Windows Services RPC Server DCERPC
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010465 - Auditd - Mitre ATT&CK TA0007: Discovery