Rule Update
18-023 (April 24, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DHCPv6 Server
1008668* - Dnsmasq Information Leak Vulnerability (CVE-2017-14494)
DNS Client
1008666* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)
Database Microsoft SQL
1008759* - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability
EMC Data Protector Advisor
1008827 - EMC Data Protection Advisor 'ScheduledReportResource' Directory Traversal Information Disclosure Vulnerability (CVE-2017-8003)
1008813* - EMC Data Protection Advisor 'ScheduledReportResource' Remote Command Injection Vulnerability (CVE-2017-10955)
HP Intelligent Management Center (IMC)
1008718* - HPE Intelligent Management Center 'userSelectPagingContent' Expression Language Injection Vulnerability (CVE-2017-12521)
HP Intelligent Management Center Dbman
1008795 - HPE Intelligent Management Center Multiple 'dbman' Opcode Command Injection Vulnerabilities
HP Network Automation
1008677* - HPE Network Automation PermissionFilter Authentication Bypass Vulnerability (CVE-2017-5812)
HP OpenView Network Node Manager Web
1004322* - HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow
Microsoft Office
1008872* - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
OpenSSL
1008268* - OpenSSL ChaCha20/Poly1305 Buffer Overflow Vulnerability (CVE-2017-3731)
1008810* - OpenSSL Invalid PSS Parameters Segmentation Fault Vulnerability (CVE-2015-0208)
RADIUS Server
1008816* - FreeRADIUS 'rad_coalesce' Out Of Bounds Read Vulnerability (CVE-2017-10979)
SSL/TLS Server
1008662* - Microsoft Windows SChannel Spoofing Vulnerability (CVE-2009-0085)
Trend Micro OfficeScan
1008811* - Trend Micro OfficeScan Memory Corruption Vulnerability (CVE-2017-14089)
1008907 - Trend Micro OfficeScan Multiple Security Vulnerabilities
1008659 - Trend Micro Smart Protection Server 'wcs_bwlists_handler' Command Injection Remote Code Execution Vulnerability
VoIP Smart
1008844* - Asterisk 'cdr_object_update_party_b_userfield_cb' Buffer Overflow Vulnerability (CVE-2017-16671)
VoIP Soft Phones
1008654* - Digium Asterisk app_minivm Caller-ID Command Execution Vulnerability (CVE-2017-14100)
Web Application Common
1009040 - Identified Directory Traversal Sequence In URI
1005934* - Identified Suspicious Command Injection Attack
1008888* - ImageMagick ReadOneMNGImage Denial Of Service Vulnerability (CVE-2017-17887) - 1
1008997 - Oracle WebLogic Remote Diagnosis Assistant Information Disclosure Vulnerability (CVE-2018-2617)
Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1008848 - PHP 'gdImageCreateFromGifCtx' Denial Of Service Vulnerability (CVE-2018-5711)
1008665* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12932)
1008663* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12934)
1008863* - PHP Openssl Extension PEM Sealing Denial Of Service Vulnerability (CVE-2017-11144)
1008904* - PHP Unserialize Use After Free Vulnerability (CVE-2016-9138)
1008893* - PHP ZIP Signature Verification Out Of Bound Memory Access Vulnerability (CVE-2016-7414)
Web Client Common
1008886* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008878* - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2018-4877)
1008855* - Foxit Reader And PhantonPDF XFA 'gotoURL' Command Injection Vulnerability (CVE-2017-10953)
1008981* - Trend Micro User-Mode Hooking (UMH) Module DLL Hijacking Vulnerability (CVE-2018-6218)
Web Client Internet Explorer/Edge
1009049 - Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0766)
1009048 - Microsoft Edge Memory Corruption Vulnerability (CVE-2018-1023)
Web Client SSL
1008528* - Squid Proxy Incorrect X509 Server Certificate Validation Vulnerability (CVE-2015-3455)
Web Server Common
1008725* - Trend Micro SafeSync For Enterprise Rollback Command Injection Remote Code Execution Vulnerability
Web Server Miscellaneous
1008944 - Novell ZenWorks Configuration Management Remote Code Execution Vulnerability (CVE-2015-0779)
Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
1009046 - Oracle WebLogic Server Elevation Of Privilege Vulnerability (CVE-2018-2628)
1002645* - Oracle mod_wl HTTP Request Method Remote Buffer Overflow
Web Server SAP
1008950 - SAP NetWeaver AS JAVA CRM Remote Command Execution Vulnerability (CVE-2018-2380)
Integrity Monitoring Rules:
1003019* - Trend Micro Deep Security Agent / Relay
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DHCPv6 Server
1008668* - Dnsmasq Information Leak Vulnerability (CVE-2017-14494)
DNS Client
1008666* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)
Database Microsoft SQL
1008759* - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability
EMC Data Protector Advisor
1008827 - EMC Data Protection Advisor 'ScheduledReportResource' Directory Traversal Information Disclosure Vulnerability (CVE-2017-8003)
1008813* - EMC Data Protection Advisor 'ScheduledReportResource' Remote Command Injection Vulnerability (CVE-2017-10955)
HP Intelligent Management Center (IMC)
1008718* - HPE Intelligent Management Center 'userSelectPagingContent' Expression Language Injection Vulnerability (CVE-2017-12521)
HP Intelligent Management Center Dbman
1008795 - HPE Intelligent Management Center Multiple 'dbman' Opcode Command Injection Vulnerabilities
HP Network Automation
1008677* - HPE Network Automation PermissionFilter Authentication Bypass Vulnerability (CVE-2017-5812)
HP OpenView Network Node Manager Web
1004322* - HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow
Microsoft Office
1008872* - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
OpenSSL
1008268* - OpenSSL ChaCha20/Poly1305 Buffer Overflow Vulnerability (CVE-2017-3731)
1008810* - OpenSSL Invalid PSS Parameters Segmentation Fault Vulnerability (CVE-2015-0208)
RADIUS Server
1008816* - FreeRADIUS 'rad_coalesce' Out Of Bounds Read Vulnerability (CVE-2017-10979)
SSL/TLS Server
1008662* - Microsoft Windows SChannel Spoofing Vulnerability (CVE-2009-0085)
Trend Micro OfficeScan
1008811* - Trend Micro OfficeScan Memory Corruption Vulnerability (CVE-2017-14089)
1008907 - Trend Micro OfficeScan Multiple Security Vulnerabilities
1008659 - Trend Micro Smart Protection Server 'wcs_bwlists_handler' Command Injection Remote Code Execution Vulnerability
VoIP Smart
1008844* - Asterisk 'cdr_object_update_party_b_userfield_cb' Buffer Overflow Vulnerability (CVE-2017-16671)
VoIP Soft Phones
1008654* - Digium Asterisk app_minivm Caller-ID Command Execution Vulnerability (CVE-2017-14100)
Web Application Common
1009040 - Identified Directory Traversal Sequence In URI
1005934* - Identified Suspicious Command Injection Attack
1008888* - ImageMagick ReadOneMNGImage Denial Of Service Vulnerability (CVE-2017-17887) - 1
1008997 - Oracle WebLogic Remote Diagnosis Assistant Information Disclosure Vulnerability (CVE-2018-2617)
Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1008848 - PHP 'gdImageCreateFromGifCtx' Denial Of Service Vulnerability (CVE-2018-5711)
1008665* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12932)
1008663* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12934)
1008863* - PHP Openssl Extension PEM Sealing Denial Of Service Vulnerability (CVE-2017-11144)
1008904* - PHP Unserialize Use After Free Vulnerability (CVE-2016-9138)
1008893* - PHP ZIP Signature Verification Out Of Bound Memory Access Vulnerability (CVE-2016-7414)
Web Client Common
1008886* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008878* - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2018-4877)
1008855* - Foxit Reader And PhantonPDF XFA 'gotoURL' Command Injection Vulnerability (CVE-2017-10953)
1008981* - Trend Micro User-Mode Hooking (UMH) Module DLL Hijacking Vulnerability (CVE-2018-6218)
Web Client Internet Explorer/Edge
1009049 - Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0766)
1009048 - Microsoft Edge Memory Corruption Vulnerability (CVE-2018-1023)
Web Client SSL
1008528* - Squid Proxy Incorrect X509 Server Certificate Validation Vulnerability (CVE-2015-3455)
Web Server Common
1008725* - Trend Micro SafeSync For Enterprise Rollback Command Injection Remote Code Execution Vulnerability
Web Server Miscellaneous
1008944 - Novell ZenWorks Configuration Management Remote Code Execution Vulnerability (CVE-2015-0779)
Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
1009046 - Oracle WebLogic Server Elevation Of Privilege Vulnerability (CVE-2018-2628)
1002645* - Oracle mod_wl HTTP Request Method Remote Buffer Overflow
Web Server SAP
1008950 - SAP NetWeaver AS JAVA CRM Remote Command Execution Vulnerability (CVE-2018-2380)
Integrity Monitoring Rules:
1003019* - Trend Micro Deep Security Agent / Relay
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.