Rule Update
18-012 (February 27, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1000735* - Microsoft Windows Server Service Remote Code Execution
DNS Server
1000167* - Snort Back Orifice Pre-Processor Buffer Overflow
Kerberos KDC Server
1003977* - Kerberos Null Pointer Dereference Vulnerability
Mail Server Common
1005344* - POP3 Mail Server Possible Brute Force Attempt
Mail Server Microsoft Exchange
1002629* - Microsoft Outlook Web Access For Exchange Server Cross Site Scripting
Web Application PHP Based
1005654* - PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability
1008884 - PHP 'unserialize()' Function Denial Of Service Vulnerability (CVE-2015-4602)
1008890 - PHP 'unserialize()' Function Type Confusion Vulnerability (CVE-2015-4603)
Web Application Perl Based
1000095* - Lupii/Lupper Worm Vulnerabilities (AwStats)
Web Client Common
1008743* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
1008738* - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)
1000084* - BlackMal/KamaSutra Worm Counter Request
1004294* - Identified Microsoft Windows Shortcut File Over WebDav
1004305* - Identified Suspicious Compiled HTML(chm) File
1003693* - Mass Compromise Using Malicious iFrame
1008655* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717)
1008656* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718)
1004404* - Outlook Web Access Elevation Of Privilege Vulnerability
Web Client Internet Explorer/Edge
1004205* - Cumulative Security Updates of ActiveX Kill Bits - June 2010
1004282* - Identified Suspicious Usage Of ACCWIZ.dll ActiveX Control
1008774* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893)
1008849 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2018-0780)
1008821* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0774)
1008820* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0776)
1008853 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-11887)
Web Client Mozilla Firefox
1004112* - Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability
Web Client SSL
1005222* - Identified RSA Keys Less Than 1024 bits
Web Server Apache
1005439* - Apache 'mod_ssl' Log Function Format String Vulnerability
1000618* - Apache Linux Slapper Worm (.A variant) Probe
1000853* - Apache mod_tcl Module Format String Vulnerability
Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
1005553* - Oracle JavaDoc Frame Injection Vulnerability
iSCSI Framework
1004269* - iSCSI Target Multiple Implementations iSNS Stack Buffer Overflow
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1000735* - Microsoft Windows Server Service Remote Code Execution
DNS Server
1000167* - Snort Back Orifice Pre-Processor Buffer Overflow
Kerberos KDC Server
1003977* - Kerberos Null Pointer Dereference Vulnerability
Mail Server Common
1005344* - POP3 Mail Server Possible Brute Force Attempt
Mail Server Microsoft Exchange
1002629* - Microsoft Outlook Web Access For Exchange Server Cross Site Scripting
Web Application PHP Based
1005654* - PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability
1008884 - PHP 'unserialize()' Function Denial Of Service Vulnerability (CVE-2015-4602)
1008890 - PHP 'unserialize()' Function Type Confusion Vulnerability (CVE-2015-4603)
Web Application Perl Based
1000095* - Lupii/Lupper Worm Vulnerabilities (AwStats)
Web Client Common
1008743* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
1008738* - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)
1000084* - BlackMal/KamaSutra Worm Counter Request
1004294* - Identified Microsoft Windows Shortcut File Over WebDav
1004305* - Identified Suspicious Compiled HTML(chm) File
1003693* - Mass Compromise Using Malicious iFrame
1008655* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717)
1008656* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718)
1004404* - Outlook Web Access Elevation Of Privilege Vulnerability
Web Client Internet Explorer/Edge
1004205* - Cumulative Security Updates of ActiveX Kill Bits - June 2010
1004282* - Identified Suspicious Usage Of ACCWIZ.dll ActiveX Control
1008774* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893)
1008849 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2018-0780)
1008821* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0774)
1008820* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0776)
1008853 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-11887)
Web Client Mozilla Firefox
1004112* - Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability
Web Client SSL
1005222* - Identified RSA Keys Less Than 1024 bits
Web Server Apache
1005439* - Apache 'mod_ssl' Log Function Format String Vulnerability
1000618* - Apache Linux Slapper Worm (.A variant) Probe
1000853* - Apache mod_tcl Module Format String Vulnerability
Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
1005553* - Oracle JavaDoc Frame Injection Vulnerability
iSCSI Framework
1004269* - iSCSI Target Multiple Implementations iSNS Stack Buffer Overflow
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.