Rule Update

21-004 (January 26, 2021)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

CA ARCserve D2D Administration Interface
1010699* - Arcserve D2D External Entity Injection Vulnerability (CVE-2020-27858)

DNS Server
1004747* - DNS Invalid Compression Denial Of Service

Directory Server LDAP
1010724* - Microsoft Windows Active Directory IntegratedDNS Remote Code Execution Vulnerability (CVE-2020-0718)
1010321* - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)

FTP Server IIS
1004553* - Microsoft IIS FTPSVC Unspecified Remote Denial Of Service

1010280* - OpenSSL SSL_check_chain NULL Pointer Dereference Vulnerability (CVE-2020-1967) - Server

Remote Desktop Protocol Over UDP
1010125* - Microsoft Windows RDP Gateway Server Remote Code Execution Vulnerabilities (CVE-2020-0609 and CVE-2020-0610)

Suspicious Client Application Activity
1010741 - Identified HTTP Backdoor Python FreakOut A Runtime Detection

Suspicious Client Ransomware Activity
1010732 - Identified FlawedGrace Checkin Request - Client

Suspicious Server Ransomware Activity
1010733 - Identified FlawedGrace Checkin Request - Server
1010616* - Identified HTTP Backdoor.Shell.Powertrick.A Runtime Detection
1010731 - Identified HTTP Redhat Webshell C&C Traffic
1010610* - Identified HTTP Trojan.Win64.BazarTrickbot Traffic

Web Application Common
1010727* - Mongo-Express Remote Code Execution Vulnerability (CVE-2019-10758)

Web Client Common
1004288* - Identified Suspicious Shellcode In HTML Documents

Web Server HTTPS
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)

Web Server Miscellaneous
1010729 - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
1010679* - SolarWinds Network Performance Monitor 'ExportToPDF' Information Disclosure Vulnerability (CVE-2020-27870)
1010678* - SolarWinds Network Performance Monitor 'VulnerabilitySettings' Directory Traversal Vulnerability (CVE-2020-27871)
1010677* - SolarWinds Network Performance Monitor 'WriteToFile' SQL Injection Vulnerability (CVE-2020-27869)
1010691* - SolarWinds Orion Remote Code Execution Vulnerability (CVE-2020-14005)
1010580* - Spring Security OAuth Open Redirect Vulnerability (CVE-2019-3778)

Web Server Oracle
1010739 - Oracle WebLogic Console JNDI Injection Vulnerability (CVE-2021-2109)

Web Server RealVNC
1010726* - LibVNCServer Denial Of Service Vulnerability (CVE-2020-25708)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.