Rule Update
DPIルール他更新情報:20-040(2020年8月18日)
2020年8月18日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
ActiveMQ OpenWire
1010428* - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DNSクライアント
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Plex Media Server
1010434 - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)
SSLクライアント
1010437 - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)
アプリケーションに関連する不審な活動(サーバ)
1003593* - Detected SSH Server Traffic (ATT&CK T1021)
1010462 - Malware Drovorub
Webアプリケーション 共通
1010368 - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010391* - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Webアプリケーション Tomcat
1010457 - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)
1010444 - Identified Too Many Incoming HTTP/2 Requests
Webクライアント 共通
1010456 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 1
1010452 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 2
1010451 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010460 - Google Chrome 'BlobRegistryImpl' Use-After-Free Vulnerability (CVE-2020-6461)
1010453 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1574)
1010454 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1585)
1010455 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2020-1577)
Webサーバ Apache
1010461 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Webサーバ 共通
1006540* - Enable X-Forwarded-For HTTP Header Logging
1010418* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1147)
1010416 - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010443* - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
1010459 - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)
Webサーバ その他
1010346* - Identified HTTP Request With HTTP/0.9 In Request Line
Webサーバ Oracle
1010447 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1008852* - Auditd
DPI(Deep Packet Inspection) ルール:
ActiveMQ OpenWire
1010428* - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DNSクライアント
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Plex Media Server
1010434 - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)
SSLクライアント
1010437 - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)
アプリケーションに関連する不審な活動(サーバ)
1003593* - Detected SSH Server Traffic (ATT&CK T1021)
1010462 - Malware Drovorub
Webアプリケーション 共通
1010368 - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010391* - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Webアプリケーション Tomcat
1010457 - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)
1010444 - Identified Too Many Incoming HTTP/2 Requests
Webクライアント 共通
1010456 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 1
1010452 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 2
1010451 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010460 - Google Chrome 'BlobRegistryImpl' Use-After-Free Vulnerability (CVE-2020-6461)
1010453 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1574)
1010454 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1585)
1010455 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2020-1577)
Webサーバ Apache
1010461 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Webサーバ 共通
1006540* - Enable X-Forwarded-For HTTP Header Logging
1010418* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1147)
1010416 - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010443* - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
1010459 - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)
Webサーバ その他
1010346* - Identified HTTP Request With HTTP/0.9 In Request Line
Webサーバ Oracle
1010447 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1008852* - Auditd