Rule Update
21-011 (March 9, 2021)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1010863 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26877)
1010865 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26897)
Directory Server LDAP
1010820* - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
SolarWinds Orion Platform
1010810* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Web Application Common
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Web Application PHP Based
1010852 - phpMyAdmin 'SearchController' SQL Injection Vulnerability (CVE-2020-26935)
Web Client Common
1010861 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2021-24093)
Web Client Internet Explorer/Edge
1010857 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)
Web Server Common
1010801* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1010862 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282)
1010858 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282) - 1
Web Server HTTPS
1010854* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
1010850* - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
Web Server Miscellaneous
1010496* - Apache Struts2 File Upload Denial of Service Vulnerability (CVE-2019-0233)
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
1010682 - SolarWinds Orion Platform 'SaveUserSetting' Privilege Escalation Vulnerability (CVE-2021-27258)
Web Server Oracle
1010851 - Identified Oracle Application Server 'OWA_UTIL PL/SQL' Package Access
Web Server SharePoint
1010836 - Identified Microsoft SharePoint GetGroupCollection Request (ATT&CK T1589, T1213.002, T1087)
1010835 - Identified Microsoft SharePoint GetGroupCollectionFromRole Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010834 - Identified Microsoft SharePoint GetGroupCollectionFromSite Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010833 - Identified Microsoft SharePoint GetGroupCollectionFromUser Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010832 - Identified Microsoft SharePoint GetGroupCollectionFromWeb Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010831 - Identified Microsoft SharePoint GetGroupInfo Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010830 - Identified Microsoft SharePoint GetRoleCollection Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010864 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-27076)
Zoho ManageEngine
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
Integrity Monitoring Rules:
1010855* - Microsoft Exchange - HAFNIUM Targeted Vulnerabilities
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Server
1010863 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26877)
1010865 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26897)
Directory Server LDAP
1010820* - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
SolarWinds Orion Platform
1010810* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Web Application Common
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Web Application PHP Based
1010852 - phpMyAdmin 'SearchController' SQL Injection Vulnerability (CVE-2020-26935)
Web Client Common
1010861 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2021-24093)
Web Client Internet Explorer/Edge
1010857 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)
Web Server Common
1010801* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1010862 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282)
1010858 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282) - 1
Web Server HTTPS
1010854* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
1010850* - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
Web Server Miscellaneous
1010496* - Apache Struts2 File Upload Denial of Service Vulnerability (CVE-2019-0233)
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
1010682 - SolarWinds Orion Platform 'SaveUserSetting' Privilege Escalation Vulnerability (CVE-2021-27258)
Web Server Oracle
1010851 - Identified Oracle Application Server 'OWA_UTIL PL/SQL' Package Access
Web Server SharePoint
1010836 - Identified Microsoft SharePoint GetGroupCollection Request (ATT&CK T1589, T1213.002, T1087)
1010835 - Identified Microsoft SharePoint GetGroupCollectionFromRole Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010834 - Identified Microsoft SharePoint GetGroupCollectionFromSite Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010833 - Identified Microsoft SharePoint GetGroupCollectionFromUser Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010832 - Identified Microsoft SharePoint GetGroupCollectionFromWeb Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010831 - Identified Microsoft SharePoint GetGroupInfo Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010830 - Identified Microsoft SharePoint GetRoleCollection Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010864 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-27076)
Zoho ManageEngine
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
Integrity Monitoring Rules:
1010855* - Microsoft Exchange - HAFNIUM Targeted Vulnerabilities
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.