Rule Update

20-051 (October 6, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Server
1010511* - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)


Database IBM DB2
1010537 - IBM DB2 Universal Database Default Credentials Vulnerability (CVE-2001-0051)


FTP Server Miscellaneous
1010531* - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)


IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)


NodeJS Debugging Protocol
1010497* - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)


Web Application Common
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)


Web Client Common
1010540 - Download Of A Suspicious PowerShell Script File Detected


Web Server Apache
1010400* - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
1010538 - ZenTao Pro Remote Code Execution Vulnerability (CVE-2020-7361)


Web Server Common
1010522 - Apache Druid LDAP Authentication Bypass Vulnerability (CVE-2020-1958)
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1
1010513* - Microsoft Exchange Server DlpUtils Remote Code Execution Vulnerability (CVE-2020-16875)


Web Server HTTPS
1010523 - Etaukey Webshell C&C Traffic


Web Server Nagios
1010369* - Nagios XI 'utils-rrdexport.inc.php' Command Injection Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010489 - Auditd - Mitre ATT&CK TA0003: Persistance
1010541 - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)