Trend Micro Deep Security™️およびDPIルール等の関連情報
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008179 - Restrict File Extensions For Rename Activity Over Network Share
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
HP Intelligent Management Center (IMC)
1008299* - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
NNTP Client Microsoft Outlook Express
1000780* - Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Sun Solaris RPC Services
1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application Common
1008261* - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)
Web Application PHP Based
1008322* - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008376 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-15)
Web Server MDaemon Web Mail
1008311 - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Squid
1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability
Integrity Monitoring Rules:
1008385 - Ransomware - WannaCry
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1008332* - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008327* - Identified Server Suspicious SMB Session
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
DNS Server
1008332 - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Intel AMT
1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Suspicious Client Ransomware Activity
1007601* - Ransomware TCP Request
Unix SSH
1008313 - Identified Many SSH Client Key Exchange Requests
Web Application PHP Based
1008368 - Identified Suspicious Host Header In WordPress Reset Password Request
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
Web Application Tomcat
1005972* - Apache Tomcat Denial Of Service Vulnerability (CVE-2013-4322)
Web Client Common
1008262 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773) - 1
1008370 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290)
1008319 - Microsoft Windows Information Disclosure Vulnerability (CVE-2017-0058)
1008341 - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
1008106 - Oracle Java MethodHandle Remote Code Execution Vulnerability (CVE-2016-3587)
Web Client Internet Explorer/Edge
1008333 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221)
1008334 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
1008339 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
1008331 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266)
1008336 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
1008337 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
1008335 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
1008338 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
1008367 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064)
Web Server Apache
1008134 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785)
1003536* - Apache mod_dav svn Remote Denial Of Service
Web Server IIS
1006154* - IIS MX_STATS_LogLine NSIISlog.DLL Buffer Overflow Vulnerability
1008266* - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Oracle
1008317 - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094 - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008327 - Identified Server Suspicious SMB Session
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
DCERPC Services - Client
1008328 - Identified Client Suspicious SMB Session
DNS Server
1008188* - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278* - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
HP Intelligent Management Center (IMC)
1008299 - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
HP OpenView
1008256* - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Web Application Common
1008205* - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190* - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143* - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008322 - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
1008146* - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181* - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1007965* - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1008298 - Adobe Reader DC XObject stream Use After Free Remote Code Execution Vulnerability (CVE-2016-6938)
1008274* - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
Web Client Internet Explorer/Edge
1008162 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0046)
Web Server Miscellaneous
1008130* - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142* - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Mail Server Lotus Domino
1008310 - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
Mail Server Sendmail
1000368* - Sendmail SMTP Header And Command Buffer Overflow
Port Mapper Service Common
1008315 - Sun Solaris RPC Service PortMapper Decoder
Sun Solaris RPC Services
1008314 - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application Common
1008318 - CPanel Cgiemail And Cgiecho Format String Vulnerability (CVE-2017-5613)
Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
Web Media Applications
1002451* - YouTube
Web Server IIS
1008312 - Microsoft IIS WebDAV Remote Code Execution Vulnerability
Integrity Monitoring Rules:
1008257 - Microsoft Windows - USB Storage Device Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1000735* - Microsoft Windows Server Service Remote Code Execution
DCERPC Services - Client
1008300 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)
Web Application Common
1006256* - GNU Bash Remote Code Execution Vulnerability
1008261 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)
Web Client Common
1008308 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 1
1008304 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 2
1008309 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008301 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2017-3013)
1008302 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-10)
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution
1008269 - Microsoft Windows NDISAPI Driver Elevation Of Privilege Vulnerability (CVE-2011-1974)
1008234* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Web Client Internet Explorer/Edge
1008212* - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008306 - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008305 - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1004401* - Print Spooler Service Impersonation Vulnerability
Remote Desktop Protocol Server
1008307 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability
Web Application PHP Based
1008193* - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
Web Media Applications
1002451* - YouTube
Web Server Apache
1008117* - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194* - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server Miscellaneous
1008178* - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
DNS Server
1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)
HP OpenView
1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document
Suspicious Client Ransomware Activity
1007705* - Ransomware Network Traffic - 2
1007706* - Ransomware Network Traffic - 3
Web Application Common
1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1004593* - Heuristic Detection Of Malicious PDF Documents - 2
1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
Web Server Miscellaneous
1004911* - Apache Struts2 Multiple Vulnerabilities
1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
1008271 - Application - Docker
Log Inspection Rules:
1008145 - Web Server - Nginx
1002835* - Web Server - Web Access Events - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
NTP Server Linux
1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
Web Application PHP Based
1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)
Web Client Internet Explorer/Edge
1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
Web Server Adobe ColdFusion
1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)
Web Server HTTPS
1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported
Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.