Rule Update

18-064 (December 4, 2018)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

1009209 - ElasticSearch Dynamic Script Arbitrary Java Code Execution Vulnerability (CVE-2014-3120)

HP Intelligent Management Center (IMC)
1008983 - HPE Intelligent Management Center 'saveSelectedDevices' Expression Language Injection Vulnerability (CVE-2017-12491)

TFTP Server
1009365 - Microsoft Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (CVE-2018-8476)

Web Application Common
1005934* - Identified Suspicious Command Injection Attack

Web Client Internet Explorer/Edge
1009244* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355)

Web Client Mozilla Firefox
1009396 - Mozilla Firefox Multiple Security Vulnerabilities

Web Server Adobe ColdFusion
1009387 - Adobe ColdFusion Remote File Upload Vulnerability (CVE-2018-15961)

Integrity Monitoring Rules:

1008271* - Application - Docker
1003131* - Virtualization Software - VMware Server

Log Inspection Rules:

1003802* - Directory Server - Microsoft Windows Active Directory