Rule Update
DPIルール他更新情報:19-046(2019年9月10日)
2019年9月10日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
Asterisk RTPプロトコル
1009953 - Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service (CVE-2019-12827)
DCERPCサービス
1003292* - Block Conficker.B Worm Incoming Named Pipe Connection
DCERPCサービス – クライアント
1003293* - Block Conficker.B Worm Outgoing Named Pipe Connection
DNSクライアント
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
HP Intelligent Management Center (IMC)
1009962 - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1009956 - HPE Intelligent Management Center 'PlatNavigationToBean' URL Expression Language Injection Vulnerability (CVE-2019-5387)
1009902 - HPE Intelligent Management Center 'perfSelectTask' Expression Language Injection Vulnerability (CVE-2019-5385)
1009947* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities (CVE-2019-11941 and CVE-2019-11943)
HP Intelligent Management Center Dbman
1009959 - HPE Intelligent Management Center 'dbman' Opcode Denial Of Service Vulnerability (CVE-2018-7123)
MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Redisサーバ
1009949* - Redis Integer Overflow Vulnerability (CVE-2018-11219)
Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
SSLクライアント
1007384* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Client
SSL/TLSサーバ
1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server
アプリケーションに関連する不審な活動(サーバ)
1008492* - Identified SambaShell C&C Traffic
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack
Webアプリケーション 共通
1009594* - Apache httpd 'mod_md' Null Pointer Dereference Vulnerability (CVE-2018-8011)
1009946* - Atlassian JIRA Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)
1006823* - Identified Suspicious Command Injection Attack - 1
1009966 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1002684* - Mass Hack Script Insertion Attack
1002433* - Mass SQL Injection Script Insertion Attack
1002743* - Mass SQL Injection Script Insertion Attack 2
Webクライアント 共通
1009972 - Adobe Flash Player Same Origin Bypass Vulnerability (CVE-2019-8069)
1009973 - Adobe Flash Player Use After Free Vulnerability (CVE-2019-8070)
1004315* - Identified Malicious PDF Document - 3
1004305* - Identified Suspicious Compiled HTML(chm) File
1009965 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714)
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1003693* - Mass Compromise Using Malicious iFrame
1002519* - Storm Botnet Redirect Script Insertion Vulnerability
Webサーバ Adobe ColdFusion
1009893* - Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability (CVE-2019-7816)
Webサーバ Apache
1009963 - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)
Webサーバ 共通
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1007872* - HTTP Proxy Header Injection Vulnerabilities
1000193* - Null Byte Path Traversal Vulnerability
Webサーバ HTTPS
1009944* - Microsoft Windows HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)
Webサーバ SharePoint
1009971 - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)
Webサーバ Squid
1009943* - Squid Proxy HttpHeader 'getAuth' Heap Buffer Overflow Vulnerability (CVE-2019-12527)
Windowsサービス RPCサーバ DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
Zoho ManageEngine
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。
DPI(Deep Packet Inspection) ルール:
Asterisk RTPプロトコル
1009953 - Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service (CVE-2019-12827)
DCERPCサービス
1003292* - Block Conficker.B Worm Incoming Named Pipe Connection
DCERPCサービス – クライアント
1003293* - Block Conficker.B Worm Outgoing Named Pipe Connection
DNSクライアント
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
HP Intelligent Management Center (IMC)
1009962 - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1009956 - HPE Intelligent Management Center 'PlatNavigationToBean' URL Expression Language Injection Vulnerability (CVE-2019-5387)
1009902 - HPE Intelligent Management Center 'perfSelectTask' Expression Language Injection Vulnerability (CVE-2019-5385)
1009947* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities (CVE-2019-11941 and CVE-2019-11943)
HP Intelligent Management Center Dbman
1009959 - HPE Intelligent Management Center 'dbman' Opcode Denial Of Service Vulnerability (CVE-2018-7123)
MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Redisサーバ
1009949* - Redis Integer Overflow Vulnerability (CVE-2018-11219)
Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
SSLクライアント
1007384* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Client
SSL/TLSサーバ
1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server
アプリケーションに関連する不審な活動(サーバ)
1008492* - Identified SambaShell C&C Traffic
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack
Webアプリケーション 共通
1009594* - Apache httpd 'mod_md' Null Pointer Dereference Vulnerability (CVE-2018-8011)
1009946* - Atlassian JIRA Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)
1006823* - Identified Suspicious Command Injection Attack - 1
1009966 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1002684* - Mass Hack Script Insertion Attack
1002433* - Mass SQL Injection Script Insertion Attack
1002743* - Mass SQL Injection Script Insertion Attack 2
Webクライアント 共通
1009972 - Adobe Flash Player Same Origin Bypass Vulnerability (CVE-2019-8069)
1009973 - Adobe Flash Player Use After Free Vulnerability (CVE-2019-8070)
1004315* - Identified Malicious PDF Document - 3
1004305* - Identified Suspicious Compiled HTML(chm) File
1009965 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714)
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1003693* - Mass Compromise Using Malicious iFrame
1002519* - Storm Botnet Redirect Script Insertion Vulnerability
Webサーバ Adobe ColdFusion
1009893* - Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability (CVE-2019-7816)
Webサーバ Apache
1009963 - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)
Webサーバ 共通
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1007872* - HTTP Proxy Header Injection Vulnerabilities
1000193* - Null Byte Path Traversal Vulnerability
Webサーバ HTTPS
1009944* - Microsoft Windows HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)
Webサーバ SharePoint
1009971 - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)
Webサーバ Squid
1009943* - Squid Proxy HttpHeader 'getAuth' Heap Buffer Overflow Vulnerability (CVE-2019-12527)
Windowsサービス RPCサーバ DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
Zoho ManageEngine
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。