Rule Update
25-040 (2025年9月30日)
2025年9月30日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP AutoPass License Server
1012228* - HPE AutoPass License Server Authentication Bypass Vulnerability (CVE-2024-51767)
HP Intelligent Management Center (IMC)
1012451 - Apache OFBiz Argument Injection Vulnerability (CVE-2025-54466) - 1
1012452 - Apache OFBiz Argument Injection Vulnerability (CVE-2025-54466) - 2
SAP NetWeaver Java Application Server
1012455 - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2017-12637)
Unix Samba
1012454 - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-22037)
Web Application Common
1005934* - Identified Suspicious Command Injection Attack
Web Application PHP Based
1012261* - WordPress 'Drag and Drop Multiple File Upload - Contact Form 7' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0595)
1012259* - WordPress 'VR Calendar' Plugin Command Injection Vulnerability (CVE-2022-2314)
Web Server HTTPS
1012262* - Veritas Enterprise Vault Cross-Site Scripting Vulnerability (CVE-2024-52943)
Web Server Miscellaneous
1012449 - XWiki SQL Injection Vulnerability (CVE-2025-32429)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP AutoPass License Server
1012228* - HPE AutoPass License Server Authentication Bypass Vulnerability (CVE-2024-51767)
HP Intelligent Management Center (IMC)
1012451 - Apache OFBiz Argument Injection Vulnerability (CVE-2025-54466) - 1
1012452 - Apache OFBiz Argument Injection Vulnerability (CVE-2025-54466) - 2
SAP NetWeaver Java Application Server
1012455 - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2017-12637)
Unix Samba
1012454 - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-22037)
Web Application Common
1005934* - Identified Suspicious Command Injection Attack
Web Application PHP Based
1012261* - WordPress 'Drag and Drop Multiple File Upload - Contact Form 7' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0595)
1012259* - WordPress 'VR Calendar' Plugin Command Injection Vulnerability (CVE-2022-2314)
Web Server HTTPS
1012262* - Veritas Enterprise Vault Cross-Site Scripting Vulnerability (CVE-2024-52943)
Web Server Miscellaneous
1012449 - XWiki SQL Injection Vulnerability (CVE-2025-32429)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.