Rule Update

17-010 (March 7, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1008203 - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204 - DNSMessenger Malware Domain Blocker


Microsoft Office
1004312* - Identified Suspicious Microsoft Word Document


NTP Server Linux
1007741 - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)


P2P Applications
1007034* - Share EX2 P2P
1003086* - Winny


Web Application PHP Based
1006386* - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)
1008135 - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1007289 - PHP cURL Lib NULL Byte Injection Vulnerability
1008182 - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1008186 - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)


Web Client Common
1004870* - Identified Suspicious Jar File


Web Client Internet Explorer/Edge
1008064* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)


Web Server Miscellaneous
1008104 - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)


Web Server Oracle
1004840* - Oracle Application Server Web Cache HTTP Request Method Heap Overrun Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.