Rule Update

20-053 (October 20, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1010553* - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over SMB (CVE-2020-16915)


Microsoft Office
1010569 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-16929)
1010570 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-16930)
1010565 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-16931)
1010571 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-16932)


Remote Desktop Protocol Server
1010556* - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)


Web Application Common
1010561 - Identified Kubernetes Unprotected Primary Channel Information Disclosure
1010557 - Yaws Web Server Command Injection Vulnerability (CVE-2020-24916)


Web Application PHP Based
1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)


Web Client Common
1010451* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010568 - Microsoft Windows Base3D Remote Code Execution Vulnerability (CVE-2020-17003)
1010572 - Microsoft Windows Camera Codec Pack Remote Code Execution Vulnerability (CVE-2020-16967)
1010566 - Microsoft Windows Camera Codec Pack Remote Code Execution Vulnerability (CVE-2020-16968)
1010567 - Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2020-1167)
1010552* - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over HTTP (CVE-2020-16915)


Web Server Common
1010548* - StackStorm Null Origin Remote Code Execution Vulnerability (CVE-2019-9580)


Web Server HTTPS
1010559 - Identified Spring Boot Actuator Endpoint Access Attempt
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)


Web Server Miscellaneous
1008843* - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities
1010549* - Jenkins 'CVS' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2184)
1010480* - RichFaces Framework Expression Language Injection Vulnerability (CVE-2018-14667)


Web Server SharePoint
1010573 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-16952)


Integrity Monitoring Rules:

1010055* - AntiVirus - Trend Micro ApexOne Server


Log Inspection Rules:

1010528 - Auditd - Mitre ATT&CK TA0004: Privilege Escalation
1010536 - Auditd - Mitre ATT&CK TA0006: Credential Access
1010465* - Auditd - Mitre ATT&CK TA0007: Discovery