Rule Update

17-025 (May 30, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1008296 - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability


Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability


Microsoft Office
1004853* - Identified Suspicious Microsoft Office Files With Embedded Font


Suspicious Client Ransomware Activity
1007534* - Ransomware Crydap
1007709* - Ransomware MadLocker
1007706* - Ransomware Network Traffic - 3


Unix Samba
1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)


Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication


Web Application PHP Based
1008391 - PHPMailer Remote Code Execution Vulnerability


Web Client Common
1008049* - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1


Web Client Internet Explorer/Edge
1008216* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)


Web Server MDaemon Web Mail
1008311* - MDaemon WorldClient Remote Code Execution Vulnerability


Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.