Rule Update

19-033 (2019年6月18日)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

IBM WebSphere Application Server
1009803 - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)

Jenkins Remoting
1009436 - Jenkins Remote Code Execution Vulnerability (CVE-2015-8103)
1009435 - Port Mapper for Jenkins Remoting

Mail Server Exim
1009797* - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)

SolarWinds Orion NPM
1009805 - SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)

Web Application Common
1009700* - Ghostscript Denial Of Service Vulnerability (CVE-2017-9835) - 1
1009691* - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
1009531 - Jenkins CI Server Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003000)

Web Application PHP Based
1009795 - Pimcore Unserialize Remote Code Execution Vulnerability (CVE-2019-10867)

Web Client Common
1009800 - Microsoft Windows SymCrypt Denial-of-Service Vulnerability

Web Server Oracle
1009707* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2725)

Web Server Oracle HTTPS
1003476* - Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow

Web Server RealVNC
1009386 - VMware VNC VMWDynResolution Heap Buffer Overflow Vulnerability (CVE-2017-4933)

Web Server SharePoint
1009706 - Microsoft Windows OData Library Denial Of Service Vulnerability (CVE-2018-8269)

Integrity Monitoring Rules:

1009643 - Clear Command History (ATT&CK: T1146)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK: T1131,T1174)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009638 - NetSh Helper DLL (ATT&CK: T1128)
1009704 - Port Monitor (ATT&CK: T1013)
1006076* - Task Scheduler Entries Modified (ATT&CK: T1168)

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.