Rule Update
DPIルール他更新情報:19-029(2019年5月21日)
2019年5月21日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1006906* - Identified Usage Of PsExec Command Line Tool
HP Intelligent Management Center Dbman
1009043 - HPE Intelligent Management Center 'dbman' FileTrans Arbitrary File Write Vulnerability (CVE-2017-5822)
1009637 - HPE Intelligent Management Center 'dbman' Stack Buffer Overflow Vulnerability (CVE-2018-7115)
HP OpenView Network Node Manager Web
1004280* - HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow
Remote Desktop Protocol Server
1009749* - Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)
Webアプリケーション 共通
1009687 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10218) - 1
1009691 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
1009423 - ImageMagick Multiple Security Vulnerabilities (Server) - 26
Webクライアント 共通
1009234 - Foxit Reader Multiple Security Vulnerabilities - 7
1009686 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10218)
1009690 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220)
1009422 - ImageMagick Multiple Security Vulnerabilities (Client) - 26
1009539* - Microsoft Windows Multiple GDI Information Disclosure Vulnerabilities (Feb 2019)
1009582* - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
1009698 - Microsoft Word Information Disclosure Vulnerability (CVE-2019-0561)
Webクライアント Internet Explorer/Edge
1009411* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8617)
1009463* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
1009464* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
Webサーバ SAP
1009715* - SAP Gateway 'gw/acl_mode' Command Injection Vulnerability (10KBLAZE)
Zoho ManageEngine
1009399 - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)
変更監視(Integrity Monitoring)ルール:
1007295* - Application - chrony
1003168* - Unix - Open Port Monitor
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1006906* - Identified Usage Of PsExec Command Line Tool
HP Intelligent Management Center Dbman
1009043 - HPE Intelligent Management Center 'dbman' FileTrans Arbitrary File Write Vulnerability (CVE-2017-5822)
1009637 - HPE Intelligent Management Center 'dbman' Stack Buffer Overflow Vulnerability (CVE-2018-7115)
HP OpenView Network Node Manager Web
1004280* - HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow
Remote Desktop Protocol Server
1009749* - Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)
Webアプリケーション 共通
1009687 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10218) - 1
1009691 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
1009423 - ImageMagick Multiple Security Vulnerabilities (Server) - 26
Webクライアント 共通
1009234 - Foxit Reader Multiple Security Vulnerabilities - 7
1009686 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10218)
1009690 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220)
1009422 - ImageMagick Multiple Security Vulnerabilities (Client) - 26
1009539* - Microsoft Windows Multiple GDI Information Disclosure Vulnerabilities (Feb 2019)
1009582* - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
1009698 - Microsoft Word Information Disclosure Vulnerability (CVE-2019-0561)
Webクライアント Internet Explorer/Edge
1009411* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8617)
1009463* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
1009464* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
Webサーバ SAP
1009715* - SAP Gateway 'gw/acl_mode' Command Injection Vulnerability (10KBLAZE)
Zoho ManageEngine
1009399 - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)
変更監視(Integrity Monitoring)ルール:
1007295* - Application - chrony
1003168* - Unix - Open Port Monitor
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。