Rule Update
17-020 (May 9, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008327* - Identified Server Suspicious SMB Session
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
DNS Server
1008332 - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Intel AMT
1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Suspicious Client Ransomware Activity
1007601* - Ransomware TCP Request
Unix SSH
1008313 - Identified Many SSH Client Key Exchange Requests
Web Application PHP Based
1008368 - Identified Suspicious Host Header In WordPress Reset Password Request
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
Web Application Tomcat
1005972* - Apache Tomcat Denial Of Service Vulnerability (CVE-2013-4322)
Web Client Common
1008262 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773) - 1
1008370 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290)
1008319 - Microsoft Windows Information Disclosure Vulnerability (CVE-2017-0058)
1008341 - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
1008106 - Oracle Java MethodHandle Remote Code Execution Vulnerability (CVE-2016-3587)
Web Client Internet Explorer/Edge
1008333 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221)
1008334 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
1008339 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
1008331 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266)
1008336 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
1008337 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
1008335 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
1008338 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
1008367 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064)
Web Server Apache
1008134 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785)
1003536* - Apache mod_dav svn Remote Denial Of Service
Web Server IIS
1006154* - IIS MX_STATS_LogLine NSIISlog.DLL Buffer Overflow Vulnerability
1008266* - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Oracle
1008317 - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094 - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008327* - Identified Server Suspicious SMB Session
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
DNS Server
1008332 - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Intel AMT
1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Suspicious Client Ransomware Activity
1007601* - Ransomware TCP Request
Unix SSH
1008313 - Identified Many SSH Client Key Exchange Requests
Web Application PHP Based
1008368 - Identified Suspicious Host Header In WordPress Reset Password Request
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
Web Application Tomcat
1005972* - Apache Tomcat Denial Of Service Vulnerability (CVE-2013-4322)
Web Client Common
1008262 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773) - 1
1008370 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290)
1008319 - Microsoft Windows Information Disclosure Vulnerability (CVE-2017-0058)
1008341 - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
1008106 - Oracle Java MethodHandle Remote Code Execution Vulnerability (CVE-2016-3587)
Web Client Internet Explorer/Edge
1008333 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221)
1008334 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
1008339 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
1008331 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266)
1008336 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
1008337 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
1008335 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
1008338 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
1008367 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064)
Web Server Apache
1008134 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785)
1003536* - Apache mod_dav svn Remote Denial Of Service
Web Server IIS
1006154* - IIS MX_STATS_LogLine NSIISlog.DLL Buffer Overflow Vulnerability
1008266* - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Oracle
1008317 - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094 - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.