Cloud One Workload Security and Deep Security Updates
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Port Mapper FTP Client
1009558 - Remote File Copy Over FTP
Suspicious Client Ransomware Activity
1007581* - Ransomware Lectool
1007711* - Ransomware XORBAT
Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1
Web Application Common
1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624) - 1
1009421* - ImageMagick Multiple Security Vulnerabilities (Server) - 25
1009328 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1
Web Client Common
1009207* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 2
1009239 - Foxit Reader 'addField' Use-After-Free Remote Code Execution Vulnerability (CVE-2018-9935)
1008829* - Foxit Reader Multiple Information Disclosure Vulnerabilities
1009318 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624)
1009329 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271)
1009489 - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)
Web Client Internet Explorer/Edge
1009469* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009579 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2019-0703)
Web Application Common
1009540 - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)
Web Application PHP Based
1009545 - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)
Web Client Common
1009266 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 11
1009212* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 5
1009322 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8392)
1009428* - Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587)
1009475 - Microsoft Windows Data Sharing Service Elevation Of Privilege Vulnerability (CVE-2019-0571)
1009294 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8396)
1009486 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8595)
1009571 - Microsoft Windows Multiple Information Disclosure Vulnerabilities (March 2019)
1009576 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0666)
1009583 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0797)
1009582 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
1009554 - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)
Web Client Internet Explorer/Edge
1009415* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629)
1009577 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0592)
1009574 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0639)
1009564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0769)
1009565 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0770)
1009566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0771)
1009567 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0773)
1009573 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2019-0612)
1009575 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0609)
1009414* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631)
1009568 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-0763)
1009569 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0680)
1009570 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
1009371* - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)
1009563 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0665)
1009578 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0667)
Web Server SharePoint
1009535 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)
Integrity Monitoring Rules:
1009434 - Kubernetes Cluster Node
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Common
1009572 - Google Chrome FileReader Use-After-Free Vulnerability (CVE-2019-5786)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1009477 - Identified Sensepost Ruler Traffic
1009457* - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1009553 - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)
Web Client Common
1009495 - LibTIFF Arbitrary Sized JBIG Decoding Denial Of Service Vulnerability (CVE-2018-18557)
Web Server SharePoint
1009534 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594)
Windows Services RPC Server DCERPC
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009490 - Block Administrative Share - 1
FTP Server Common
1003784* - FTP Server Restrict Executable File Uploads
Kubernetes Web UI (Dashboard)
1009493 - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)
Microsoft Office
1009538 - Microsoft Office Multiple Security Vulnerabilities (Feb 2019)
Web Application Common
1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability
Web Application PHP Based
1009541 - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009544 - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
Web Client Common
1009536* - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)
1009517 - Microsoft Windows JET Database Engine 'CreateLvSMLocs' Remote Code Execution (CVE-2019-0577)
1009537 - Microsoft Windows JET Database Engine Multiple Remote Code Execution Vulnerabilities (Feb - 2019)
1009533 - Microsoft Windows JET Database Out-of-Bounds Read Remote Code Execution Vulnerability (CVE-2019-0575)
1009539 - Microsoft Windows Multiple GDI Information Disclosure Vulnerabilities (Feb 2019)
Web Server Oracle
1009358* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2018-8581)
Web Client Common
1009536 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1009457 - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)
Web Client Common
1009523 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7089)
1009527 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 1
1009524 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 2
1009528 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 3
1009529 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 4
1009525 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 5
1009526 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 6
1009520 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 7
1009530 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 8
1009521 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 9
1009522 - Adobe Flash Player Out Of Bounds Read Vulnerability (CVE-2019-7090)
1009482 - SQLite Multiple Remote Code Execution Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009511 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)
DHCPv6 Client - Incoming
1008949* - ISC dhclient Buffer Overflow Vulnerability (CVE-2018-5732)
Microsoft Office
1009515 - Microsoft Excel Information Disclosure Vulnerability (CVE-2019-0669)
Web Application Common
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009401* - Nagios XI Magpie 'cURL' Argument Injection Vulnerability (CVE-2018-15708)
Web Application PHP Based
1009481 - Drupal Core Critical Arbitrary PHP Code Execution Vulnerability (CVE-2019-6339)
Web Client Common
1009454* - Microsoft Windows Information Disclosure Vulnerability (CVE-2019-0636)
1009500 - Microsoft Windows Multiple Security Vulnerabilities (Feb-2019)
Web Client Internet Explorer/Edge
1009509 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0645)
1009498 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0650)
1009497 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2019-0648)
1009501 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0590)
1009502 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0591)
1009503 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0593)
1009504 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0607)
1009506 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0610)
1009507 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0640)
1009508 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0642)
1009499 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0644)
1009510 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0651)
1009512 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0652)
1009516 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0655)
1009514 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0658)
1009513 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2019-0676)
1009505 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-0606)
Web Server Apache Tika
1009142* - Apache Tika 'tika-server' Command Injection Vulnerability (CVE-2018-1335)
Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
Windows Services RPC Server DCERPC
1009480 - Identified WMI Query Over DCE/RPC Protocol
Integrity Monitoring Rules:
1008271* - Application - Docker
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share
Web Application Common
1009496 - Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2018-8581)
Web Client Common
1009407* - Detected Suspicious DLL Side Loading Attempt Over WebDAV
1009483 - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
Web Server Apache
1005661* - Apache HTTP Server Remote Denial Of Service Vulnerability (CVE-2013-1896)
Web Server Oracle
1009417* - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.