Deep Security Center

RULE UPDATE: 15-022 (July 14, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database Microsoft SQL
1006840 - Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2015-1762)


Database MySQL
1006813 - Identified Oracle MySQL Database Operation


FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


Microsoft Office
1006873 - Microsoft Excel ASLR Bypass Vulnerability (CVE-2015-2375)
1006874 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2376)
1006875 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2377)
1006876 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2379)
1006877 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2380)
1006878 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2415)
1006769* - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770* - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
1000764* - Microsoft Publisher Font Parsing Buffer Overflow
1005990* - Microsoft Word RTF Remote Code Execution Vulnerability (CVE-2014-1761)


OpenSSL
1006655* - OpenSSL ASN_TYPE_cmp Segmentation Fault Vulnerability (CVE-2015-0286)
1006855 - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


OpenSSL Client
1006856 - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
1006093* - OpenSSL Client SSL/TLS Man In The Middle Security Bypass Vulnerability
1006806 - OpenSSL Malformed ECParameters Infinite Loop Denial Of Service Vulnerability


SSL Client
1006485* - SSL RSA Downgrade Vulnerability


Unix CUPS
1006814 - CUPS Print Service Remote Privilege Escalation Vulnerability


Unix Samba
1003999* - Samba MS-RPC Remote Shell Command Execution Vulnerability


Web Application Common
1006823 - Identified Suspicious Command Injection Attack - 1
1005402* - Identified Suspicious User Agent In HTTP Request


Web Application PHP Based
1006794* - PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability
1006390* - WordPress Denial Of Service Vulnerability (CVE-2014-9034)


Web Application Tomcat
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006860 - Adobe Flash Domain Policy Security Bypass Vulnerabilities
1006455* - Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309)
1006812 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
1006006* - Adobe Flash Player Information Disclosure Vulnerability (CVE-2014-0508)
1003891* - Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
1006399* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0574)
1006400* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0586)
1006461* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0310)
1006713* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3090)
1006861 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3117)
1006866 - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006779* - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1004229* - Adobe Flash Player Remote Code Execution Vulnerabilities - 2
1006464* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0312)
1006526* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0330)
1006138* - Adobe Flash Player Security Bypass Vulnerability (CVE-2014-4671)
1006865 - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006863 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006517* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0320)
1006862 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3118)
1006419* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8461)
1004042* - Google Chrome XML Denial Of Service
1006882 - Identified Suspicious Obfuscated JavaScript - 4
1006742 - Identified Suspicious User Agent In Outgoing HTTP Request
1006818 - Java SE Remote Security Vulnerability (CVE-2015-0459)
1006820 - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006872 - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-2369)
1006879 - Microsoft Windows Graphics Component EOP Vulnerability (CVE-2015-2364)
1006880 - Microsoft Windows OLE Elevation Of Privilege Vulnerability (CVE-2015-2416)
1006881 - Microsoft Windows OLE Elevation Of Privilege Vulnerability (CVE-2015-2417)
1006291* - Microsoft Windows OLE Remote Code Execution Vulnerability - 1
1006572 - Multiple Browser libjpeg/libjpeg-turbo Library Memory Corruption Vulnerability


Web Client Internet Explorer
1006839 - Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2421)
1006842 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-1729)
1006867 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2413)
1006868 - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006750 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1733)
1006752* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006754 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1738)
1006764* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006850 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1767)
1006843 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2383)
1006845 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2383) - 1
1006846 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2388)
1006847 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2389)
1006848 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2390)
1006849 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391)
1006831 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2397)
1006832 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2401)
1006851 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2403)
1006852 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2404)
1006833 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2406)
1006835 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2408)
1006836 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2409)
1006837 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2411)
1006853 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2422)
1006869 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2425)
1006841 - Microsoft Windows VBScript Memory Corruption Vulnerability (CVE-2015-2372)


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request


Web Server IIS
1006434 - Microsoft IIS Directory Traversal Vulnerability


Web Service HP SiteScope
1006816 - HP SiteScope Log Analyzer Privilege Escalation Vulnerability (CVE-2015-2120)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-021 (July 12, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006858 - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006859 - Adobe Flash Player BitmapData Remote Code Execution Vulnerability (CVE-2015-5123)
1006857 - Oracle Java SE Remote Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-020 (July 7, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006370* - Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)


Web Client Common
1004079* - Adobe Acrobat And Reader CFF Encodings Handling Heap Overflow Vulnerability
1003916* - Adobe Acrobat And Reader JpxDecode Memory Corruption
1003291* - Adobe Acrobat And Reader PDF File Handling Remote Code Execution Vulnerability
1003405* - Adobe Acrobat JavaScript getIcon Method Buffer Overflow
1003056* - Adobe Acrobat PDF Javascript getCosObj Memory Corruption
1003848* - Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution
1006824 - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006810* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
1006451* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8438)
1002445* - Adobe Multiple Products BMP Image Header Handling Buffer Overflow
1004191* - Adobe Photoshop Remote Code Execution
1003803* - Adobe Reader And Acrobat U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
1004857* - Adobe Reader And Acrobat U3D TIFF Resource Buffer Overflow Vulnerability (CVE-2011-2432)
1004506* - Adobe Reader Doc.printSeps() Memory Corruption Vulnerability
1004167* - Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
1004422* - Adobe Shockwave Director tSAC Chunk Memory Corruption
1004448* - Adobe Shockwave Director tSAC Chunk Remote Code Execution Vulnerability
1004494* - Adobe Shockwave Player 'dirapi.dll' Memory Corruption Vulnerability
1004517* - Adobe Shockwave Player 'dirapi.dll' Stack Overflow Vulnerability
1004287* - Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability
1003596* - Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
1004713* - Adobe Shockwave Player Memory Corruption (CVE-2011-2111)
1004552* - Adobe TIFF File Vulnerability - 3
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1002533* - Apple QuickTime Embedded Pascal Style Remote Integer Overflow
1003722* - Apple QuickTime FlashPix Sector Size Overflow Vulnerability
1002532* - Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
1003543* - Apple QuickTime Movie File Clipping Region Handling Heap Buffer Overflow
1003551* - Apple QuickTime PICT Image paintPoly Parsing Heap Buffer Overflow
1005251* - Apple QuickTime Targa Image Parsing Buffer Overflow Vulnerability
1003394* - BitDefender Internet Security Script Code Execution
1001009* - CA Product AV Engine CAB Header Parsing Stack Overflow
1004356* - Cinepak Codec Decompression Vulnerability
1004872* - Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability
1003163* - ClamAV 'get_unicode_name()' Off-By-One Heap Based Buffer Overflow
1002867* - ClamAV CHM Processing Denial Of Service
1003981* - DirectShow Heap Overflow Vulnerability
1003747* - FFmpeg vmd_read_header Integer Overflow
1004375* - Flash Movie Player File Magic Denial Of Service Vulnerability
1003114* - GDI Integer Overflow Vulnerability
1004651* - GDI+ Integer Overflow Vulnerability (CVE-2011-0041)
1003773* - GDI+ PNG Integer Overflow Vulnerability
1003775* - GDI+ TIFF Buffer Overflow Vulnerability
1002683* - GNOME Project libxslt Library RC4 Key String Buffer Overflow
1003749* - Google Apps 'googleapps.url.mailto' Handler Command Injection Vulnerability
1004080* - Google Chrome Invalid FTP Server Response Remote Denial Of Service Vulnerability Helper
1004278* - LibTIFF 'td_stripbytecount' NULL Pointer Dereference Remote Denial Of Service Vulnerability
1004329* - Libpng Memory Corruption And Memory Leak Vulnerability
1005403* - Libxml2 Entity Expansion Denial Of Service Vulnerability
1003431* - MJPEG Decompression Vulnerability
1004217* - MJPEG Media Decompression Vulnerability
1004354* - MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
1004093* - MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability
1004397* - MPEG-4 Codec Vulnerability
1003675* - Malformed AVI Header Vulnerability
1004223* - Media Decompression Vulnerability
1004319* - Media Player Classic DoS Vulnerability
1000849* - Microsoft Agent Memory Corruption Vulnerability
1000947* - Microsoft Antivirus Engine PDF File Remote Code Execution
1002590* - Microsoft DirectX Crafted MJPEG Stream Handling Code Execution
1003529* - Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
1001249* - Microsoft DirectX Parsing SAMI File Code Execution Vulnerability
1001129* - Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow
1001246* - Microsoft DirectX WAV File Parsing Code Execution Vulnerability
1003406* - Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow
1005016* - Microsoft GDI+ Record Type Vulnerability (CVE-2012-0165)
1000936* - Microsoft Help Workshop HPJ File Handling Buffer Overflow
1000948* - Microsoft OLE Dialog Code Execution Vulnerability
1002627* - Microsoft SQL Server Memory Corruption Vulnerability
1001007* - Microsoft Visio Version Validation Remote Code Execution
1000206* - Microsoft Visual Studio "dbp/sln" File Handling Buffer Overflow
1001096* - Microsoft Visual Studio Crystal Reports RPT Processing Buffer Overflow
1004038* - Microsoft Windows '.ani' File 'tagBITMAPINFOHEADER' Denial Of Service Vulnerability
1004562* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability
1000976* - Microsoft Windows ANI File Remote Code Execution
1004582* - Microsoft Windows Fax Cover Page Editor Memory Corruption
1004555* - Microsoft Windows Fax Cover Page Editor Remote Code Execution
1002757* - Microsoft Windows GDI+ BMP Integer Overflow Vulnerability
1002372* - Microsoft Windows GDI+ EMF Remote Code Execution
1001045* - Microsoft Windows GDI+ ICO File DoS
1002762* - Microsoft Windows GDI+ WMF Buffer Overrun Vulnerability
1001066* - Microsoft Windows Graphics Rendering Engine Image Handling Vulnerability
1001248* - Microsoft Windows Media Format ASF Parsing Remote Code Execution
1001252* - Microsoft Windows Media Player MP4 File Stack Overflow
1001068* - Microsoft Windows Media Player Remote Code Execution
1000182* - Microsoft Windows Metafile Integer Overflow Vulnerability
1002622* - Microsoft Windows Saved Search Remote Code Execution
1004302* - Microsoft Windows Shortcut Remote Code Execution
1001032* - Microsoft Windows URI Handler Registration Vulnerability
1001069* - Microsoft Windows Vista Feed Headlines Gadget Code Execution
1001137* - Microsoft vCard URL Handling Vulnerability
1004349* - Movie Maker Memory Corruption Vulnerability
1004928* - Msvcrt.dll Buffer Overflow Vulnerability (CVE-2012-0150)
1003541* - Multiple Products libxml2 XML File Processing Long Entity Name Buffer Overflow
1003703* - OpenOffice Word Document Table Parsing Heap Overflow
1004024* - OpenOffice.org Microsoft Word File sprmTSetBrc Processing Buffer Overflow
1004541* - OpenType Font File CFF table Code Execution Vulnerability
1004538* - OpenType Font File CMAP Table Paring Vulnerability
1004485* - OpenType Font Parsing Vulnerability
1004621* - Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability
1004932* - Oracle Java SE Deployment Component Unspecified Remote Code Execution
1004614* - Real Networks RealPlayer '.AVI' File Parsing Buffer Overflow
1004868* - RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability
1002746* - RealNetworks Multiple Products SMIL Wallclock Stack Overflow
1002750* - RealNetworks RealPlayer Invalid Chunk Size Heap Overflow Vulnerability
1002745* - RealNetworks RealPlayer Multiple Products RA File Processing Heap Overflow
1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability
1004781* - RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability
1002571* - SAMI Format Parsing Vulnerability
1002291* - Sun Java Web Start Charset Encoding Stack Buffer Overflow
1002653* - Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow
1002649* - Sun Java Web Start JNLP vm args Stack Overflow
1004543* - TIFF Image Converter Buffer Overflow Vulnerability
1004546* - TIFF Image Converter Heap Overflow Vulnerability
1003603* - VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
1002630* - VideoLAN VLC Media Player WAV Processing Integer Overflow
1003201* - VideoLAN VLC real.c ReadRealIndex Real Demuxer Integer Overflow
1001637* - WebDAV Mini-Redirector Remote Code Execution
1003825* - Win32k EOT Parsing Vulnerability
1003823* - Win32k TTF Parsing Vulnerability
1004844* - Winamp AMF File Handling Overflow
1004845* - Winamp Midi File Handling Overflow
1003710* - Windows Media Playback Memory Corruption Vulnerability
1003760* - Windows Media Runtime Voice Sample Rate Vulnerability
1003116* - Windows Saved Search Vulnerability
1003115* - Windows Search Parsing Vulnerability
1003785* - Xpdf Splash DrawImage Integer Overflow
1004753* - libsndfile PAF File Processing Integer Overflow


Web Client Internet Explorer
1003267* - Microsoft Internet Explorer Uninitialized Memory Corruption


Web Server Common
1004859* - Disallowed HTTP header


Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)


Windows Services RPC Client
1006558* - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability - 1


Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-019 (June 24, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006810 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
1006654* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3043)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-018 (June 23, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1004707* - Application Control For Dropbox


Application Control For Web Media
1002451* - Application Control For YouTube


Elasticsearch
1006793 - Elasticsearch Groovy Search Sandbox Bypass Vulnerability


FTP Server ProFTPD
1006743 - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


LDAP Client
1006785 - Identified LDAP BindRequest Using NTLM Authentication Mechanism


Microsoft Office
1006370* - Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)


OpenSSL
1006655 - OpenSSL ASN_TYPE_cmp Segmentation Fault Vulnerability (CVE-2015-0286)


OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)


Suspicious Server Application Activity
1006560 - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack


Universal Plug And Play Service
1006746 - Detected Too Many SSDP Traffic Amplification Requests


Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1000608* - Generic SQL Injection Prevention


Web Application PHP Based
1006794 - PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability


Web Application Tomcat
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure


Web Client Common
1006299* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0558)
1006530* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0582)
1006353* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0584)
1006398* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0585)
1006449* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0590)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006646* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0359)
1006657* - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006512* - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0315)
1006787 - Adobe Font Driver Denial Of Service Vulnerability (CVE-2015-0074)
1006550* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0090)
1006421* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8457)
1006418* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8458)
1006420* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-9159)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006549* - OpenType Font Parsing Vulnerabilities


Web Client Internet Explorer
1006807 - Microsoft Internet Explorer ASLR Bypass Using MemoryProtection Vulnerability
1006790 - Microsoft Internet Explorer Memory Access Violation Vulnerability
1006758* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006789 - Microsoft Internet Explorer MemoryProtector ASLR Bypass Vulnerability
1006783 - Microsoft Internet Explorer Null Pointer Denial Of Service Vulnerability
1006809 - Microsoft Internet Explorer Type Confusion Using Isolated Heap Vulnerability
1006665* - Microsoft Internet Explorer VBScript ASLR Bypass (CVE-2015-1686)


Web Client Mozilla Firefox
1003324* - Mozilla Firefox URI Invisible Control Characters Incorrect Decoding


Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1006386 - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)


Web Server Miscellaneous
1006744 - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)


Windows Services RPC Client
1006784 - Identified Windows Group Policy Files Downloaded From Untrusted Sources
1003980* - SMB Client Race Condition Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-017 (June 9, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Remote Login
1002508* - Application Control For RDP


HP Intelligent Management Center (IMC)
1005476* - HP Intelligent Management Center Multiple Information Disclosure Vulnerabilities


Microsoft Office
1006771 - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
1006769 - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770 - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)


OpenSSL Client
1006318* - Multiple Browser Wildcard Certificate Spoofing Vulnerability
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)


Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic


VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability


Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request


Web Client Apple Safari
1004362* - Apple Safari For Windows Long Link DoS


Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006772 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
1006773 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
1006774 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
1006776 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006778 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006781 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
1006779 - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006775 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
1006657 - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006777 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
1006780 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1004715* - HTTP Web Client Decoding
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006619* - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
1006782 - Microsoft Windows HTML Application Denial Of Service Vulnerability


Web Client Internet Explorer
1003268* - CSS Memory Corruption Vulnerability (CVE-2009-0076)
1006761 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
1006745 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
1006747 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
1006748 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
1006749 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006751 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1006752 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006753 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
1006755 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
1006756 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
1006757 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
1006758 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006762 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
1006763 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
1006764 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006765 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
1006766 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
1006767 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
1005110* - Novell iPrint Client 'nipplib.dll' GetDriverSettings Realm Remote Code Execution Vulnerability


Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1


Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass


Web Server SharePoint
1003815* - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability


Windows Services RPC Client
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
1006677 - Suspicious Files Detected In Operating System Directories
1006658 - Suspicious Files Detected In Temporary Directories
1006683* - Suspicious Running Processes Detected
1003002* - Web Browser - Internet Explorer


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-016 (May 26, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Server
1001840* - Restrict DHCP Option Length


Database Oracle
1001141* - Oracle Database Server Core RDBMS Component Denial Of Service


SSL Client
1006740 - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client


Suspicious Server Application Activity
1003594* - Detected SSL/TLS Server Traffic


Unix Samba
1003999* - Samba MS-RPC Remote Shell Command Execution Vulnerability


Web Application PHP Based
1006656* - Magento Admin Authentication Bypass Vulnerability


Web Application Tomcat
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure


Web Client Common
1006732 - Adobe Acrobat And Reader Multiple JavaScript API Execution Remote Security Bypass Vulnerabilities
1006735 - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
1006719 - Adobe Acrobat And Reader Null Pointer Deference Remote Denial Of Service Vulnerability (CVE-2015-3047)
1006731 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution
1006736 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3074)
1006733 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution Vulnerability (CVE-2015-3069)
1006711 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-3088)
1006714 - Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-3091)
1006715 - Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-3092)
1006710 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3087)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006646* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0359)
1006702 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3078)
1006712 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3089)
1006713 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3090)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006301* - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569)
1006701 - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707 - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006709 - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3086)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006704 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3080)
1006718 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3046)
1006721 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3050)
1006722 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3051)
1006723 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3052)
1006727 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3056)
1006728 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3057)
1006730 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3059)
1006734 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3070)
1006738 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-3076)
1006724 - Adobe Reader And Acrobat Remote Code Execution Vulnerability (CVE-2015-3053)
1006725 - Adobe Reader And Acrobat Remote Code Execution Vulnerability (CVE-2015-3054)
1006726 - Adobe Reader And Acrobat Remote Code Execution Vulnerability (CVE-2015-3055)
1006737 - Adobe Reader And Acrobat Remote Code Execution Vulnerability (CVE-2015-3075)
1005170* - Java Applet Remote Code Execution Vulnerability
1005178* - Java Applet Remote Code Execution Vulnerability - 2
1006739 - Java Applet Remote Code Execution Vulnerability - 3
1001129* - Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow
1006443* - Sun Java Runtime Environment Web Start JNLP File Stack Buffer Overflow Vulnerability


Web Client Internet Explorer
1004717* - Identified Suspicious AllowScriptAccess Parameter Of Shockwave Flash Player ActiveX Control
1006668* - Microsoft Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2015-1692)
1006618* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1668)
1006674* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1705)
1004339* - Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability


Web Server Apache
1006316 - Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Vulnerability (CVE-2011-4317)


Web Server Common
1005434* - Disallow Upload Of A File (Php/Class/Archive)


Web Server HTTPS
1006741 - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database MySQL
1006262* - MySQL yaSSL Pre-authentication Code Execution Vulnerability


HP OpenView
1006250* - HP Data Protector Unspecified Arbitrary Code Execution Vulnerability (CVE-2014-2623)


HP System Management Homepage
1006447 - HP System Management Homepage Cross Site Scripting Vulnerability (CVE-2014-2640)


Microsoft Office
1006625 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)
1006626 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1650)
1006627 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1651)
1006623 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)


OpenSSL
1006621 - OpenSSL Client Authentication Handler ClientKeyExchange Message Denial Of Service Vulnerability (CVE-2015-1787)


OpenSSL Client
1006318 - Multiple Browser Wildcard Certificate Spoofing Vulnerability


Web Application PHP Based
1004998* - PHP-CGI Query String Parameter Vulnerability


Web Client Common
1006631 - Identified File Protocol Handler In HTTP Location Header
1006619 - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)


Web Client Internet Explorer
1006628 - MSXML Same Origin Policy Security Bypass Vulnerability (CVE-2015-1646)
1005591* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3163)
1006609 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1652)
1006610 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1657)
1006611 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1659)
1006612 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1660)
1006613 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1661)
1006614 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1662)
1006615 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1665)
1006616 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1666)
1006617 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1667)
1006618 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1668)


Web Server IIS
1006629 - Microsoft Windows ASP.NET Information Disclosure Vulnerability (CVE-2015-1648)
1006620 - Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635)


Windows Services RPC Server
1003015* - Microsoft SMB Credential Reflection Vulnerability
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1000391* - Microsoft Windows Plug And Play Registry Key Access Buffer Overflow
1000817* - Microsoft Windows Workstation RPC Stack Overflow


Integrity Monitoring Rules:

1003375* - Application - Postfix
1005041* - Malware - Suspicious Microsoft Windows Files Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Server
1001840* - Restrict DHCP Option Length


Database MySQL
1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability


Microsoft Office
1004266* - Identified Suspicious Microsoft Office Document
1006322* - Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334)
1004848* - Microsoft Office Excel Data Initialization Vulnerability (CVE-2011-0105)
1005747* - Microsoft Silverlight Invalid Typecast Memory Disclosure Vulnerability
1006583 - Microsoft Silverlight Invalid Typecast Memory Disclosure Vulnerability (CVE-2013-0074)


NTP Server Linux
1006435* - Network Time Protocol configure() and ctl_putdata() Stack Based Buffer Overflow Vulnerability


OpenSSL
1006541* - Openssl DTLS 'dtls1_buffer_record' Memory Exhaustion Denial Of Service Vulnerability (CVE-2015-0206)


OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)


Solr Service
1006448 - Apache Solr SolrResourceLoader Directory Traversal Vulnerability


Web Application PHP Based
1006559* - PHPMoAdmin Unauthorized Remote Code Execution Vulnerability


Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006521* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-0327)
1006595 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-0338)
1006352* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0576)
1006451* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8438)
1006515* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0318)
1006594 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0337)
1006593 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0339)
1006596 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0332)
1006588 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0335)
1006589 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006584 - Adobe Flash Player Remote Memory Corruption Vulnerability (CVE-2013-0634) -1
1006592 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-0340)
1006597 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-0334)
1006591 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0341)
1006590 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1004866* - Adobe Flex SDK Cross Site Scripting Vulnerability (CVE-2011-2461)
1006551* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0091)
1006553* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0092)
1006587 - Adobe Reader And Acrobat U3D File Invalid Array Index Remote Vulnerability (CVE-2009-2990)
1004552* - Adobe TIFF File Vulnerability - 3
1006442* - Identified Suspicious Obfuscated JavaScript - 2
1006599 - Identified Suspicious Obfuscated JavaScript – 3
1005170* - Java Applet Remote Code Execution Vulnerability
1006545 - Microsoft Office CGM Image Converter Buffer Overflow Vulnerability
1006598 - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over WebDav (CVE-2015-0096)
1004226* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability
1006582 - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability (CVE-2010-1885)
1006577* - Microsoft Windows Text Service Remote Code Execution Vulnerability (CVE-2015-0081)
1006536 - Oracle Java SE Hotspot Object Arbitrary Code Execution Vulnerability (CVE-2015-0395)
1006585 - Oracle Java SE Remote Java Runtime Environment Vulnerability (CVE-2012-0507) -1
1004867* - Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
1005924* - Restrict Download Of EICAR Test File Over HTTP


Web Client Internet Explorer
1006603 - Microsoft Internet Explorer CSS Parsing Remote Code Execution (CVE-2010-3971)
1006564* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0099)
1006570* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0100)
1006565* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1622)
1005908* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-0322)
1005911* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-0322) - 3
1006557 - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability
1006324* - Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332)


Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic


Web Server Apache
1006027* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2014-0098)


Web Server Common
1005434* - Disallow Upload Of A File (Php/Class/Archive)


Windows Services RPC Client
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006558 - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability - 1


Windows Services RPC Server
1006579 - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)


Integrity Monitoring Rules:

1003019* - Trend Micro Deep Security Agent


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.