Rule Update
17-025 (2017年5月30日)
2017年5月30日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1008296 - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
Microsoft Office
1004853* - Identified Suspicious Microsoft Office Files With Embedded Font
Suspicious Client Ransomware Activity
1007534* - Ransomware Crydap
1007709* - Ransomware MadLocker
1007706* - Ransomware Network Traffic - 3
Unix Samba
1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Application PHP Based
1008391 - PHPMailer Remote Code Execution Vulnerability
Web Client Common
1008049* - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1
Web Client Internet Explorer/Edge
1008216* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
Web Server MDaemon Web Mail
1008311* - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1008296 - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
Microsoft Office
1004853* - Identified Suspicious Microsoft Office Files With Embedded Font
Suspicious Client Ransomware Activity
1007534* - Ransomware Crydap
1007709* - Ransomware MadLocker
1007706* - Ransomware Network Traffic - 3
Unix Samba
1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Application PHP Based
1008391 - PHPMailer Remote Code Execution Vulnerability
Web Client Common
1008049* - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1
Web Client Internet Explorer/Edge
1008216* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
Web Server MDaemon Web Mail
1008311* - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.