Rule Update

16-038 (December 13, 2016)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Content Management Server Microsoft
1000984* - Microsoft CMS Cross Site Scripting Vulnerability


DNS Client
1008053 - ISC BIND DNAME Answer Handling Denial Of Service Vulnerability (CVE-2016-8864)


DNS Server
1007648* - PowerDNS Authoritative Server DNS Packet Processing Denial Of Service Vulnerability (CVE-2015-5311)


EMC AutoStart Agent Service
1007640 - Identified EMC AutoStart Remote Code Execution Vulnerability


Microsoft Office
1008075 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
1008074 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7265)
1008070 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7268)
1008076 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276)
1007617* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1008077 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277)
1008078 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
1008073 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7262)
1008072 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7266)
1008071 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7267)
1000764* - Microsoft Publisher Font Parsing Buffer Overflow


NTP Client
1008004 - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)


NTP Server Linux
1008040 - NTP AutoKey Malicious Message Multiple Denial Of Service Vulnerabilities
1007399* - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)
1008048 - NTP Mrulist Malicious Query Denial Of Service Vulnerability (CVE-2016-7434)


OpenSSL
1008039* - OpenSSL SSL3_AL_WARNING Remote Denial Of Service Vulnerability (CVE-2016-8610)


Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra


Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1


Web Application Common
1006823* - Identified Suspicious Command Injection Attack - 1


Web Application Miscellaneous
1000846* - Microsoft Windows Explorer Drag and Drop Remote Code Execution


Web Application PHP Based
1008038 - PHP GC ZipArchive Class Use After Free Vulnerability (CVE-2016-5773)
1007973* - PHP ZipArchive Integer Overflow Vulnerability (CVE-2016-3078)


Web Application Tomcat
1000638* - Apache Tomcat "Tomcat Manager" Cross-Site Scripting
1000967* - Apache Tomcat Servlet Engine Directory Traversal
1000637* - Tomcat 4.x JSP source code exposure


Web Client Common
1007629* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-14) - 6
1007635* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1008084 - Microsoft Office OLE DLL Loading Vulnerability Over WebDAV (CVE-2016-7275)
1008079 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7259)
1008080 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7260)
1008029* - Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205)
1008081 - Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2016-7295)
1008069 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-7257)
1008043 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3393)
1008068 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
1007989* - Microsoft Windows Multiple Security Vulnerabilities (MS16-118, MS16-119)
1008082 - Microsoft Windows Multiple Security Vulnerabilities (MS16-149)
1008067 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008052 - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)


Web Client Internet Explorer/Edge
1003507* - AOL IWinAmpActiveX Class ConvertFile() Remote Buffer Overflow
1005540* - Internet Explorer Memory Corruption Vulnerability (CVE-2013-3120)
1008061 - Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7206)
1008062 - Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7280)
1007248* - Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
1008063 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
1008064 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
1007984* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386)
1008009* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
1008013* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202)
1008016* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240)
1008011* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242)
1008065 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296)
1008066 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297)
1007237* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6151)
1008012* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195)
1008056 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7279)
1008017* - Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241)
1008060 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287)
1008057 - Microsoft Internet Explorer And Edge Security Feature Bypass Vulnerability (CVE-2016-7282)
1008055 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7278)
1008059 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7284)
1006790* - Microsoft Internet Explorer Memory Access Violation Vulnerability
1006312* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4141)
1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
1008083 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3384)
1008054 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
1008058 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)


Web Server Miscellaneous
1007603* - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
1001781* - WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerability


Web Server Oracle
1003878* - Oracle E-Business Suite Multiple Remote Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.