Rule Update
DPIルール他更新情報:21-009(2021年3月2日)
2021年3月2日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DNSクライアント
1010744* - DNS Request To Ngrok Domain Detected
ディレクトリサーバ LDAP
1010820 - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
1010799* - OpenLDAP Slapd Search Parsing Integer Underflow Vulnerability (CVE-2020-36228)
FTPサーバ IIS
1010797* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over FTP (CVE-2020-28001)
SAP NetWeaver Java Application Server
1010816 - Identified SAP Solution Manager Security Software Discovery Over HTTP (ATT&CK T1518.001)
1010822 - Identified SAP Solution Manager Tool Transfer Over HTTP (ATT&CK T1105, T1570)
SSLクライアント
1010410* - OpenSSL Large DH Parameter Denial Of Service Vulnerability (CVE-2018-0732)
SolarWinds Orion Platform
1010810 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Trend Micro OfficeScan
1010780 - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
Webアプリケーション 共通
1010818 - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Webクライアント 共通
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1001933* - Identified Suspicious Usage Of Shellcode For Client
Webサーバ 共通
1010796* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-25646)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
1010801 - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
1010761* - PRTG Network Monitor Command Injection Vulnerability (CVE-2018-9276)
1010804* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over HTTP (CVE-2020-28001)
Webサーバ HTTPS
1010850 - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
Zoho ManageEngine
1010811 - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1003613* - DHCP Server - Microsoft Windows
1003447* - Web Server - Apache
DPI(Deep Packet Inspection) ルール:
DNSクライアント
1010744* - DNS Request To Ngrok Domain Detected
ディレクトリサーバ LDAP
1010820 - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
1010799* - OpenLDAP Slapd Search Parsing Integer Underflow Vulnerability (CVE-2020-36228)
FTPサーバ IIS
1010797* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over FTP (CVE-2020-28001)
SAP NetWeaver Java Application Server
1010816 - Identified SAP Solution Manager Security Software Discovery Over HTTP (ATT&CK T1518.001)
1010822 - Identified SAP Solution Manager Tool Transfer Over HTTP (ATT&CK T1105, T1570)
SSLクライアント
1010410* - OpenSSL Large DH Parameter Denial Of Service Vulnerability (CVE-2018-0732)
SolarWinds Orion Platform
1010810 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Trend Micro OfficeScan
1010780 - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)
Webアプリケーション 共通
1010818 - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Webクライアント 共通
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1001933* - Identified Suspicious Usage Of Shellcode For Client
Webサーバ 共通
1010796* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-25646)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
1010801 - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
1010761* - PRTG Network Monitor Command Injection Vulnerability (CVE-2018-9276)
1010804* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over HTTP (CVE-2020-28001)
Webサーバ HTTPS
1010850 - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
Zoho ManageEngine
1010811 - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1003613* - DHCP Server - Microsoft Windows
1003447* - Web Server - Apache