Rule Update

17-048 (October 3, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center IMC Syslog Daemon
1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


Suspicious Client Application Activity
1005294* - TMTR-0004: GHOST RAT HTTP Request


Web Application Common
1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


Web Client Common
1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


Web Client Mozilla Firefox
1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)


Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)


Web Server Miscellaneous
1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


Integrity Monitoring Rules:

1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1004950* - Microsoft Visual Studio - New Add-In Created
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.