Cloud One Workload Security and Deep Security Updates

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Storm Nimbus
1011236 - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


SolarWinds Network Performance Monitor
1011229 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221 - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)


Web Application Ruby Based
1011243 - Grafana Path Traversal Vulnerability (CVE-2021-43798)


Web Client Common
1011240 - Chromium Memory Corruption Vulnerability (CVE-2021-21118)
1011244 - Chromium Sandbox Bypass Vulnerability (CVE-2021-21132)
1011239 - Google Chrome Type Confusion Vulnerability (CVE-2021-30588)
1011238 - Google Chrome Use After Free Vulnerability (CVE-2020-15994)


Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Web Server SharePoint
1011224 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


Web Server Squid
1011234 - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


Zoho ManageEngine
1011237 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)


Integrity Monitoring Rules:

1010856* - Linux/Unix - Static boot loader files modified (ATT&CK T1542)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Common
1011242 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011241 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1011171* - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)


Web Application PHP Based
1010488* - Identified WordPress Database Reset Attempt
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
1011047* - WordPress 'Modern Events Calendar' Plugin Remote Code Execution Vulnerability (CVE-2021-24145)
1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)


Web Application Ruby Based
1011231 - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)


Web Client Common
1011225 - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
1011223 - Microsoft Teams amsVideo Cross Site Scripting Vulnerability (ZDI-CAN-13482)


Web Proxy Squid
1011213* - Squid Proxy Denial Of Service Vulnerability (CVE-2021-33620)
1011215* - Squid Proxy Denial of Service Vulnerability (CVE-2021-28662)


Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


Web Server Common
1011227 - Apache Druid Arbitrary File Read Vulnerability (CVE-2021-36749)


Web Server HTTPS
1011235 - Microsoft Exchange Server Reflected Cross-Site Scripting Vulnerability (CVE-2021-41349)
1011232 - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


Web Server Miscellaneous
1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)


Web Server SharePoint
1011233 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-40487)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)


DNS Client
1011122* - Zoom Client Marketplace Information Disclosure Vulnerability (ZDI-CAN-13616)


Web Client Common
1011217 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40725)
1011219 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40726)


Web Proxy Squid
1011213 - Squid Proxy Denial Of Service Vulnerability (CVE-2021-33620)
1011215 - Squid Proxy Denial of Service Vulnerability (CVE-2021-28662)


Web Server HTTPS
1011216* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)
1011214 - VMware vCenter Server Information Disclosure Vulnerability (CVE-2021-21985)
1011220 - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011209 - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share


SolarWinds Network Performance Monitor
1011205* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
1011203* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)


Web Application Common
1009222* - Identified Directory Traversal Sequence In Zip Archive
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)


Web Client Common
1010619* - Adobe Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2020-24426)
1011211 - Microsoft Visual Studio Code 'Maven for Java' Extension Remote Code Execution Vulnerability (CVE-2021-28472)


Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header


Web Server HTTPS
1011207* - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
1011204* - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
1011216 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)


Zoho ManageEngine ADSelfService Plus
1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

There are no new or updated Deep Packet Inspection Rules in this Security Update.


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1011037 - Identified Remote System Discovery Over SMB - 1 (ATT&CK T1018)
1011027 - Identified Session Enumeration Request Over SMB (ATT&CK T1049)


Microsoft Office
1011208 - Microsoft Access Remote Code Execution Vulnerability (CVE-2021-41368)
1011095* - Microsoft Excel Remote Code Execution Vulnerability (CVE-2021-34501)


SSL Client
1011178 - MD5 Algorithm Vulnerability (CVE-2004-2761)


SolarWinds Network Performance Monitor
1011205 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
1011203 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)


Suspicious Client Ransomware Activity
1010607* - Identified TCP Meterpreter Payload


Web Application Common
1011206 - BillQuick Web Suite SQL Injection Vulnerability (CVE-2021-42258)
1009621* - Identified Directory Traversal Sequence In HTTP Header


Web Application PHP Based
1011013* - WordPress 'Stop Spammers' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24245)


Web Server Common
1010919 - SQL Injection (SQLi) Decoder


Web Server HTTPS
1011207 - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
1011212 - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
1011204 - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)


Web Server Nagios
1011199* - Nagios XI Command Injection Vulnerability (CVE-2021-40345)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008619* - Application - Docker
1008852* - Auditd
1004488* - Database Server - Microsoft SQL
1003802* - Directory Server - Microsoft Windows Active Directory
1003443* - Mail Server - Postfix
1010595* - Microsoft LDAP Query Execution
1003843* - Microsoft Windows Security Events
1004057* - Microsoft Windows Security Events - 1
1003987* - Microsoft Windows Security Events - 2
1008670* - Microsoft Windows Security Events - 3
1011197 - Microsoft Windows Security Events - 5
1002831* - Unix - Syslog

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1011122 - Zoom Client Marketplace Information Disclosure Vulnerability (ZDI-CAN-13616)


Microsoft Office
1011121* - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-34478)


Web Application Common
1008192* - Identified Directory Traversal Sequence In Multipart HTTP Requests
1009227* - Identified Directory Traversal Sequence In Tar Archive
1009040* - Identified Directory Traversal Sequence In URI
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter


Web Application PHP Based
1011200 - WordPress 'The BulletProof Security' Plugin Information Disclosure Vulnerability (CVE-2021-39327)
1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)


Web Client Common
1011201 - Chromium Use After Free Vulnerability (CVE-2021-30573)


Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


Web Server Common
1010759 - Command Injection Decoder
1008397* - Identified Directory Traversal Attack In HTTP Request Headers


Web Server HTTPS
1011196* - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)
1011190* - Centreon 'ProceduresProxy.class.php' SQL Injection Vulnerability (CVE-2021-37558)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)


Web Server Miscellaneous
1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)


Web Server Nagios
1011199 - Nagios XI Command Injection Vulnerability (CVE-2021-40345)


Zoho ManageEngine ADSelfService Plus
1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010489* - Auditd - Mitre ATT&CK TA0003: Persistence
1010465* - Auditd - Mitre ATT&CK TA0007: Discovery
1002795* - Microsoft Windows Events
1002831* - Unix - Syslog

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Azure Open Management Infrastructure Tool
1011147* - Open Management Infrastructure Remote Code Execution Vulnerability (CVE-2021-38647)


Memcached
1011098* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1021.001)


Web Application PHP Based
1011193 - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)


Web Client Common
1010806* - Identified Directory Traversal Attack In HTTP Response Headers
1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)


Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


Web Server HTTPS
1011196 - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)
1011190 - Centreon 'ProceduresProxy.class.php' SQL Injection Vulnerability (CVE-2021-37558)


Web Server Nagios
1011191* - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


Zoho ManageEngine
1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


Zoho ManageEngine ADSelfService Plus
1011194 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)