Rule Update
DPIルール他更新情報:21-011(2021年3月9日)
2021年3月9日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DNSサーバ
1010863 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26877)
1010865 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26897)
ディレクトリサーバ LDAP
1010820* - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
SolarWinds Orion Platform
1010810* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Webアプリケーション 共通
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Webアプリケーション PHP
1010852 - phpMyAdmin 'SearchController' SQL Injection Vulnerability (CVE-2020-26935)
Webクライアント 共通
1010861 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2021-24093)
Webクライアント Internet Explorer/Edge
1010857 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)
Webサーバ 共通
1010801* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1010862 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282)
1010858 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282) - 1
Webサーバ HTTPS
1010854* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
1010850* - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
Webサーバ その他
1010496* - Apache Struts2 File Upload Denial of Service Vulnerability (CVE-2019-0233)
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
1010682 - SolarWinds Orion Platform 'SaveUserSetting' Privilege Escalation Vulnerability (CVE-2021-27258)
Webサーバ Oracle
1010851 - Identified Oracle Application Server 'OWA_UTIL PL/SQL' Package Access
Webサーバ SharePoint
1010836 - Identified Microsoft SharePoint GetGroupCollection Request (ATT&CK T1589, T1213.002, T1087)
1010835 - Identified Microsoft SharePoint GetGroupCollectionFromRole Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010834 - Identified Microsoft SharePoint GetGroupCollectionFromSite Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010833 - Identified Microsoft SharePoint GetGroupCollectionFromUser Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010832 - Identified Microsoft SharePoint GetGroupCollectionFromWeb Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010831 - Identified Microsoft SharePoint GetGroupInfo Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010830 - Identified Microsoft SharePoint GetRoleCollection Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010864 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-27076)
Zoho ManageEngine
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
変更監視(Integrity Monitoring)ルール:
1010855* - Microsoft Exchange - HAFNIUM Targeted Vulnerabilities
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。
DPI(Deep Packet Inspection) ルール:
DNSサーバ
1010863 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26877)
1010865 - Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-26897)
ディレクトリサーバ LDAP
1010820* - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
SolarWinds Orion Platform
1010810* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)
Webアプリケーション 共通
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
Webアプリケーション PHP
1010852 - phpMyAdmin 'SearchController' SQL Injection Vulnerability (CVE-2020-26935)
Webクライアント 共通
1010861 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2021-24093)
Webクライアント Internet Explorer/Edge
1010857 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2021-26411)
Webサーバ 共通
1010801* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1010862 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282)
1010858 - SaltStack Salt Directory Traversal Vulnerability (CVE-2021-25282) - 1
Webサーバ HTTPS
1010854* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
1010850* - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
Webサーバ その他
1010496* - Apache Struts2 File Upload Denial of Service Vulnerability (CVE-2019-0233)
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)
1010682 - SolarWinds Orion Platform 'SaveUserSetting' Privilege Escalation Vulnerability (CVE-2021-27258)
Webサーバ Oracle
1010851 - Identified Oracle Application Server 'OWA_UTIL PL/SQL' Package Access
Webサーバ SharePoint
1010836 - Identified Microsoft SharePoint GetGroupCollection Request (ATT&CK T1589, T1213.002, T1087)
1010835 - Identified Microsoft SharePoint GetGroupCollectionFromRole Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010834 - Identified Microsoft SharePoint GetGroupCollectionFromSite Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010833 - Identified Microsoft SharePoint GetGroupCollectionFromUser Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010832 - Identified Microsoft SharePoint GetGroupCollectionFromWeb Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010831 - Identified Microsoft SharePoint GetGroupInfo Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010830 - Identified Microsoft SharePoint GetRoleCollection Request (ATT&CK T1589, T1213.002, T1087, T1069)
1010864 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-27076)
Zoho ManageEngine
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
変更監視(Integrity Monitoring)ルール:
1010855* - Microsoft Exchange - HAFNIUM Targeted Vulnerabilities
セキュリティログ監視(Log Inspection)ルール:
今回のセキュリティアップデートには、新規のセキュリティログ監視ルールおよび更新は含まれておりません。