Rule Update

24-002 (January 9, 2024)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

ActiveMQ OpenWire
1011897* - Apache ActiveMQ Insecure Deserialization Vulnerability (CVE-2023-46604)

Adobe FrameMaker Publishing Server
1011929 - Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability (CVE-2023-44324)

HP Intelligent Management Center (IMC)
1011940 - Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)

1011855* - PaperCut NG and MF Remote Code Execution Vulnerability (CVE-2023-39469)

SolarWinds Information Service
1011901* - SolarWinds Network Configuration Manager Directory Traversal Vulnerability (CVE-2023-33226)

Splunk Enterprise
1011937 - Splunk Enterprise Arbitrary File Write Vulnerability (CVE-2023-46214)

Unix Samba
1011796* - Linux Kernel KSMBD Denial of Service Vulnerability (CVE-2023-32247)

Web Application PHP Based
1011936 - WordPress 'My Calendar' Plugin SQL Injection Vulnerability (CVE-2023-6360)

Web Server Miscellaneous
1011898* - Apache Superset Improper Input Validation Vulnerability (CVE-2023-39265)
1011844* - Atlassian Jira and Jira Service Desk 'Stagil Navigation Menus and Themes' Plugin Directory Traversal Vulnerability (CVE-2023-26255 and CVE-2023-26256)
1011906* - XWiki Change Request Extension Code Injection Vulnerability (CVE-2023-45138)
1011904* - XWiki Cross-Site Scripting Vulnerability (CVE-2023-40176)

Windows SMB Server
1011058* - Identified DCERPC EFSRPC Methods Call Over SMB Protocol (PetitPotam)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.