Rule Update

20-041 (August 25, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)


Plex Media Server
1010434* - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)


SSL Client
1010471 - Identified Weak 'Encryption Key' in New Session Ticket TLS Record
1010437* - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)


Web Application Common
1010368* - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010440 - OpenMRS Reflected Cross-Site Scripting Vulnerability (CVE-2020-5730)
1009350* - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082)
1010074* - Unsecured Credentials - Cloud Instance Metadata API (ATT&CK T1552.005)


Web Application Tomcat
1010457* - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)


Web Client Common
1010148* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-05) - 1
1010467 - Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2020-1561)
1010466 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1560)
1010468 - Microsoft Windows Font Driver Host Remote Code Execution Vulnerability (CVE-2020-1520)
1010476 - Microsoft Windows MSI File Signature Spoofing Vulnerability (CVE-2020-1464)
1010464 - Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2020-1492)
1009067* - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174)
1010469 - TeamViewer Desktop Remote Code Execution Vulnerability (CVE-2020-13699)


Web Client Internet Explorer/Edge
1010470 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2020-1555)


Web Server Apache
1004824* - Apache HTTP Server 'mod_proxy' Reverse Proxy Exposure (CVE-2011-3368)
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)


Web Server Common
1004859* - Blocked HTTP Header: Request Contains Header Not Present In Approved Header List
1010412 - Bolt CMS Authenticated Remote Code Execution Vulnerability
1010445 - Opmantek Open-AudIT Command Injection Vulnerability (CVE-2020-12078)
1010416* - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010459* - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)


Web Server Miscellaneous
1010463 - Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization Vulnerability (CVE-2016-3642)


Web Server Oracle
1010474 - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)
1010415* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)


Zoho ManageEngine
1010448 - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)


Integrity Monitoring Rules:

1010422 - SCP - Remote File Copy (ATT&CK T1105, T1048.001)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.