Rule Update

20-025 (May 26, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Server
1010293 - ISC BIND TSIG Denial-of-Service Vulnerability (CVE-2020-8617)


FTP Server Common
1010229 - uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability (CVE-2020-5204)
1010137 - uftpd FTP Server compose_path Directory Traversal Vulnerability (CVE-2020-5221)


Memcached
1010237* - Memcached 'try_read_command_binary' Stack Buffer Overflow Vulnerability (CVE-2020-10931)


OpenSSL
1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server


OpenSSL Client
1010291 - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Client


SSL/TLS Server
1010146 - Identified Single Sign On (SSO) Attempt to Cisco Data Center Network Manager


SolarWinds Dameware Mini Remote Control
1010269* - SolarWinds DameWare 'SigPubkeyLen' Heap Buffer Overflow Vulnerability (CVE-2020-5734)


Trend Micro OfficeScan
1010179* - Trend Micro Multiple Products Arbitrary File Delete Vulnerability (CVE-2020-8470)


Web Application Common
1010260* - Electron nodeIntegration Security Bypass Remote Code Execution Vulnerability (CVE-2018-1000136)
1010210* - Sonatype Nexus Repository Manager Default Credentials Vulnerability (CVE-2019-9629)


Web Application PHP Based
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)


Web Client Common
1010285 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0959)
1010286 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0960)
1010287 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0988)
1010288 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0992)
1010289 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0994)


Web Server Common
1010268 - Apache OFBiz 'serviceContext' XStream Insecure Deserialization Vulnerability (CVE-2019-0189)
1000128* - HTTP Protocol Decoding
1010294 - Symantec Web Gateway Postauth Command Injection Vulnerability
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)


Web Server Oracle
1010242* - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2020-2798)
1010275* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2963)


Web Server SharePoint
1010277* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1102)


Windows SMB Client
1006994* - Executable File Download On Network Share Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1003802* - Directory Server - Microsoft Windows Active Directory
1010002* - Microsoft PowerShell Command Execution
1002795* - Microsoft Windows Events
1010095* - Microsoft Windows Management Instrumentation Events
1004057* - Microsoft Windows Security Events - 1
1009771* - Microsoft Windows Sysmon Events - 1
1009777* - Microsoft Windows Sysmon Events - 2
1010068* - Microsoft Windows Sysmon Events IDs