Rule Update

18-064 (December 4, 2018)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Elasticsearch
1009209 - ElasticSearch Dynamic Script Arbitrary Java Code Execution Vulnerability (CVE-2014-3120)


HP Intelligent Management Center (IMC)
1008983 - HPE Intelligent Management Center 'saveSelectedDevices' Expression Language Injection Vulnerability (CVE-2017-12491)


TFTP Server
1009365 - Microsoft Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (CVE-2018-8476)


Web Application Common
1005934* - Identified Suspicious Command Injection Attack


Web Client Internet Explorer/Edge
1009244* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355)


Web Client Mozilla Firefox
1009396 - Mozilla Firefox Multiple Security Vulnerabilities


Web Server Adobe ColdFusion
1009387 - Adobe ColdFusion Remote File Upload Vulnerability (CVE-2018-15961)


Integrity Monitoring Rules:

1008271* - Application - Docker
1003131* - Virtualization Software - VMware Server


Log Inspection Rules:

1003802* - Directory Server - Microsoft Windows Active Directory