Rule Update

16-037 (November 22, 2016)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Mail Client
1002452* - Application Control For Eudora


DNS Server
1007648 - PowerDNS Authoritative Server DNS Packet Processing Denial Of Service Vulnerability (CVE-2015-5311)


Suspicious Client Ransomware Activity
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra


Suspicious Server Application Activity
1002378* - Detected Virtual Network Computing (VNC) Server Traffic


Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1


Web Application Common
1007715* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118)
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)


Web Client Common
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007738* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118) - 1
1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1008033* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
1008044 - OpenJPEG JPEG2000 MCC Record Code Execution Vulnerability (CVE-2016-8332)


Web Client Internet Explorer/Edge
1006383* - Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)


Web Server Common
1007651* - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.