Rule Update

19-025 (May 7, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1009717 - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB


Hot Rod Client
1009119 - Red Hat JBoss Data Grid Hot Rod Client Insecure Deserialization (CVE-2017-15089)


Web Application Common
1009700* - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1009315* - ImageMagick 'SetGrayscaleImage' Heap Overflow Vulnerability (CVE-2018-11625) - 1
1009352* - Libxml2 Null Pointer Dereference Vulnerability (CVE-2018-14404) - 1


Web Client Common
1009392 - Microsoft Windows MS XML Remote Code Execution Vulnerability (CVE-2018-8494)
1009714 - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability


Web Server Adobe ColdFusion
1009455 - Adobe ColdFusion CKEditor 'upload.cfm' Directory Traversal Vulnerability (CVE-2018-15960)


Web Server Common
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)


Web Server SAP
1009715 - SAP Gateway 'gw/acl_mode' Command Injection Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.