Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009477 - Identified Sensepost Ruler Traffic
1009457* - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1009553 - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)


Web Client Common
1009495 - LibTIFF Arbitrary Sized JBIG Decoding Denial Of Service Vulnerability (CVE-2018-18557)


Web Server SharePoint
1009534 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594)


Windows Services RPC Server DCERPC
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009490 - Block Administrative Share - 1


FTP Server Common
1003784* - FTP Server Restrict Executable File Uploads


Kubernetes Web UI (Dashboard)
1009493 - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)


Microsoft Office
1009538 - Microsoft Office Multiple Security Vulnerabilities (Feb 2019)


Web Application Common
1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability


Web Application PHP Based
1009541 - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009544 - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)


Web Client Common
1009536* - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)
1009517 - Microsoft Windows JET Database Engine 'CreateLvSMLocs' Remote Code Execution (CVE-2019-0577)
1009537 - Microsoft Windows JET Database Engine Multiple Remote Code Execution Vulnerabilities (Feb - 2019)
1009533 - Microsoft Windows JET Database Out-of-Bounds Read Remote Code Execution Vulnerability (CVE-2019-0575)
1009539 - Microsoft Windows Multiple GDI Information Disclosure Vulnerabilities (Feb 2019)


Web Server Oracle
1009358* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2018-8581)


Web Client Common
1009536 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009457 - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)


Web Client Common
1009523 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7089)
1009527 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 1
1009524 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 2
1009528 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 3
1009529 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 4
1009525 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 5
1009526 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 6
1009520 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 7
1009530 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 8
1009521 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-07) - 9
1009522 - Adobe Flash Player Out Of Bounds Read Vulnerability (CVE-2019-7090)
1009482 - SQLite Multiple Remote Code Execution Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009511 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)


DHCPv6 Client - Incoming
1008949* - ISC dhclient Buffer Overflow Vulnerability (CVE-2018-5732)


Microsoft Office
1009515 - Microsoft Excel Information Disclosure Vulnerability (CVE-2019-0669)


Web Application Common
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009401* - Nagios XI Magpie 'cURL' Argument Injection Vulnerability (CVE-2018-15708)


Web Application PHP Based
1009481 - Drupal Core Critical Arbitrary PHP Code Execution Vulnerability (CVE-2019-6339)


Web Client Common
1009454* - Microsoft Windows Information Disclosure Vulnerability (CVE-2019-0636)
1009500 - Microsoft Windows Multiple Security Vulnerabilities (Feb-2019)


Web Client Internet Explorer/Edge
1009509 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0645)
1009498 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0650)
1009497 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2019-0648)
1009501 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0590)
1009502 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0591)
1009503 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0593)
1009504 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0607)
1009506 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0610)
1009507 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0640)
1009508 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0642)
1009499 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0644)
1009510 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0651)
1009512 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0652)
1009516 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0655)
1009514 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0658)
1009513 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2019-0676)
1009505 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-0606)


Web Server Apache Tika
1009142* - Apache Tika 'tika-server' Command Injection Vulnerability (CVE-2018-1335)


Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)


Windows Services RPC Server DCERPC
1009480 - Identified WMI Query Over DCE/RPC Protocol


Integrity Monitoring Rules:

1008271* - Application - Docker


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share


Web Application Common
1009496 - Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2018-8581)


Web Client Common
1009407* - Detected Suspicious DLL Side Loading Attempt Over WebDAV
1009483 - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)


Web Server Apache
1005661* - Apache HTTP Server Remote Denial Of Service Vulnerability (CVE-2013-1896)


Web Server Oracle
1009417* - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1008746* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


Web Application Common
1009421 - ImageMagick Multiple Security Vulnerabilities (Server) - 25
1009467* - Microsoft Exchange Server NTLM Reflection EWS Authentication Bypass Vulnerability (CVE-2018-8581)
1009487 - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)


Web Client Common
1009210* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 4
1009213* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 7
1009309 - Foxit Reader Multiple Security Vulnerabilities - 16
1009420 - ImageMagick Multiple Security Vulnerabilities (Client) - 25


Windows Services RPC Server DCERPC
1009478 - Identified Remote Service Creation Over DCE/RPC Protocol


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCPv6 Client - Incoming
1008949 - ISC dhclient Buffer Overflow Vulnerability (CVE-2018-5732)


Database MySQL
1009357* - MySQL 5.5.8 NULL Pointer Dereference Denial Of Service Vulnerability (CVE-2011-5049)


Memcached
1009459* - Memcached 'process_bin_append_prepend' Integer Overflow Vulnerability (CVE-2016-8704)
1009458* - Memcached 'process_bin_update' Function And 'body_len' Parameter Integer Overflow Vulnerability (CVE-2016-8705)


Web Application Common
1009308 - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009401 - Nagios XI Magpie 'cURL' Argument Injection Vulnerability (CVE-2018-15708)


Web Application PHP Based
1009395* - PHP 'imap_open()' Remote Code Execution Vulnerability (CVE-2018-19518)


Web Client Common
1009206* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 1
1009211* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 6
1009215* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 9
1009405* - Adobe Flash Player Use After Free Vulnerability (CVE-2018-15982)
1009403 - Apache Traffic Server ESI Plugin Cookie Header Information Disclosure (CVE-2018-8040)
1009338* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)


Web Server Apache Tika
1009142 - Apache Tika tika-server Command Injection Vulnerability (CVE-2018-1335)


Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability


Web Server Oracle
1009417* - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database MySQL
1009357 - MySQL 5.5.8 NULL Pointer Dereference Denial Of Service Vulnerability (CVE-2011-5049)


Elasticsearch
1009209* - ElasticSearch Dynamic Script Arbitrary Java Code Execution Vulnerability (CVE-2014-3120)


Web Client Common
1004315* - Identified Malicious PDF Document - 3
1009359 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8424)
1009369* - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)
1009218* - Microsoft Windows VBScript Engine Use-After-Free Vulnerability (CVE-2018-8373)


Web Client Internet Explorer/Edge
1009246* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8372)
1009243* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8353)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1002797* - Database Server - MySQL
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI


Memcached
1009459 - Memcached 'process_bin_append_prepend' Integer Overflow Vulnerability (CVE-2016-8704)
1009458 - Memcached 'process_bin_update' Function And 'body_len' Parameter Integer Overflow Vulnerability (CVE-2016-8705)


Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt


Web Application Common
1009202* - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities - 1
1009425* - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323) - 1


Web Application PHP Based
1009445* - WordPress Authenticated Phar Insecure Deserialization Vulnerability


Web Client Common
1009460 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-02)
1009452 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
1009461 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 1
1009466 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 2


Web Client Internet Explorer/Edge
1009463 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
1009468 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
1009469 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
1009462 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
1009465 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
1009464 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)


Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


Web Server Oracle
1009417 - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.