Rule Update

18-010 (February 13, 2018)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1004808* - Identified Big-Endian Byte Order
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)


DCERPC Services - Client
1004293* - Identified Microsoft Windows Shortcut File Over Network Share


Database Microsoft SQL
1000917* - Restrict Microsoft SQL Server XP_CMDSHELL Procedure


Directory Server LDAP
1005455* - Microsoft Active Directory Memory Consumption Vulnerability (CVE-2013-1282)


HP Intelligent Management Center (IMC)
1008764* - HPE Intelligent Management Center Directory Traversal Vulnerabilities


Microsoft Office
1004283* - Identified Suspicious Usage Of ACCWIZ.dll ActiveX Control In Microsoft Office Documents
1008872 - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
1005014* - Restrict Microsoft Office File With Embedded EMF
1005019* - Restrict Microsoft Office File With Linked SWF


NFS Server
1008802* - Linux Kernel NFSv4 nfsd PNFS Denial Of Service Vulnerability (CVE-2017-8797)


Oracle Internet Directory
1002652* - Oracle Internet Directory Remote Preauthentication DoS
1003938* - Oracle Internet Directory oidldapd 'gslsbnrNormalizeString' DoS


TFTP Server
1000928* - AT-TFTP Server Long Filename Buffer Overflow


Unix CFEngine
1000451* - CFEngine CFServD Transaction Packet Buffer Overrun Vulnerability


Unix dtspcd
1000433* - Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability


Web Application Tomcat
1006107* - Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure


Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008878 - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2018-4877)
1003746* - IBM Installation Manager IIM URI Handling Code Execution
1002443* - IBM Lotus Expeditor URI Handler Command Execution Vulnerability
1003479* - IceWarp Merak Web Mail Server 'cleanHTML()' Function Cross-Site Scripting Vulnerability
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1004649* - Microsoft Compiled HTML Help File Stack Overflow Vulnerability
1008877 - Microsoft Windows Multiple Security Vulnerabilities (Feb-2018)
1008866 - Microsoft Windows StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825)


Web Client Internet Explorer/Edge
1002964* - Cumulative Security Update of ActiveX Kill Bits - October 2008
1004020* - Domino Web Access ActiveX Control Unspecified Buffer Overflow Vulnerability
1004297* - Microsoft Clip Organizer Multiple Insecure ActiveX Control Vulnerability
1008867 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0834)
1008868 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1008869 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0837)
1008870 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0838)
1008873 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0858)
1008874 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0860)
1008871 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0840)
1008881 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0866)
1005192* - Restrict Cisco AnyConnect Secure Mobility Client ActiveX Controls
1004098* - Restrict Windows Media Player ActiveX Control


Web Client Mozilla Firefox
1003580* - Mozilla Firefox Location Bar Spoofing Vulnerability
1003323* - Mozilla Firefox XBL Script Injection


Web Client SSL
1006296* - Detected SSLv3 Response
1006298* - Identified CBC Based Cipher Suite In SSLv3 Request


Web Server Apache
1000640* - Apache Geronimo Web Access log Viewer Scripts Insertion


Web Server IIS
1005076* - Detected Microsoft Windows Short File/Dir Names Over HTTP
1004887* - Microsoft .NET Framework Forms Authentication URI Spoofing Vulnerability (CVE-2011-3415)
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability


Web Server Miscellaneous
1008747* - Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)
1008840 - Apache CouchDB '_config' Command Execution Vulnerability (CVE-2017-12636)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008852 - Auditd
1004057* - Microsoft Windows Security Events - 1
1008670* - Microsoft Windows Security Events - 3