Rule Update

15-018 (June 23, 2015)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1004707* - Application Control For Dropbox


Application Control For Web Media
1002451* - Application Control For YouTube


Elasticsearch
1006793 - Elasticsearch Groovy Search Sandbox Bypass Vulnerability


FTP Server ProFTPD
1006743 - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


LDAP Client
1006785 - Identified LDAP BindRequest Using NTLM Authentication Mechanism


Microsoft Office
1006370* - Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)


OpenSSL
1006655 - OpenSSL ASN_TYPE_cmp Segmentation Fault Vulnerability (CVE-2015-0286)


OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)


Suspicious Server Application Activity
1006560 - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack


Universal Plug And Play Service
1006746 - Detected Too Many SSDP Traffic Amplification Requests


Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1000608* - Generic SQL Injection Prevention


Web Application PHP Based
1006794 - PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability


Web Application Tomcat
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure


Web Client Common
1006299* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0558)
1006530* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0582)
1006353* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0584)
1006398* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0585)
1006449* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0590)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006646* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0359)
1006657* - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006512* - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0315)
1006787 - Adobe Font Driver Denial Of Service Vulnerability (CVE-2015-0074)
1006550* - Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0090)
1006421* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8457)
1006418* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8458)
1006420* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-9159)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006549* - OpenType Font Parsing Vulnerabilities


Web Client Internet Explorer
1006807 - Microsoft Internet Explorer ASLR Bypass Using MemoryProtection Vulnerability
1006790 - Microsoft Internet Explorer Memory Access Violation Vulnerability
1006758* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006789 - Microsoft Internet Explorer MemoryProtector ASLR Bypass Vulnerability
1006783 - Microsoft Internet Explorer Null Pointer Denial Of Service Vulnerability
1006809 - Microsoft Internet Explorer Type Confusion Using Isolated Heap Vulnerability
1006665* - Microsoft Internet Explorer VBScript ASLR Bypass (CVE-2015-1686)


Web Client Mozilla Firefox
1003324* - Mozilla Firefox URI Invisible Control Characters Incorrect Decoding


Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1006386 - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)


Web Server Miscellaneous
1006744 - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)


Windows Services RPC Client
1006784 - Identified Windows Group Policy Files Downloaded From Untrusted Sources
1003980* - SMB Client Race Condition Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.