Rule Update

16-032 (October 25, 2016)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Suspicious Server Application Activity
1003786* - Detected SNMP Server Traffic

Unix Samba
1004252* - Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability

Web Application PHP Based
1007739* - PHP TAR File Parsing Uninitialized Reference Vulnerability (CVE-2016-4343)

Web Application Tomcat
1003854* - Identified Login Attempt To Apache Tomcat Manager Using Default Credentials

Web Client Common
1007677 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4137)
1008003 - Adobe Flash Player Use-After-Free Vulnerability
1007930* - Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3374)
1007995* - Microsoft Windows Diagnostics Hub Elevation Of Privilege (CVE-2016-7188)
1007988* - Microsoft Windows Multiple Security Vulnerabilities (MS16-124)
1007665* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
1007908 - WPS Office PowerPoint Memory Corruption Vulnerability
1007909 - WPS Office SpreadSheet Memory Corruption Vulnerability
1007910 - WPS Office Writer Memory Corruption Vulnerability

Web Client Internet Explorer/Edge
1007984* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386)
1007982* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7190)
1007991* - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3267)
1007980* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3385)
1007903 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189) - 1

Web Server Common
1007914* - Symfony Security Component Denial Of Service Vulnerability

Web Server HTTPS
1007253 - Trend Micro Threat Intelligence Manager Multiple Vulnerabilities Remote Code Execution

Web Server Miscellaneous
1007528* - GlassFish Java EE Application Server Arbitrary File Read Vulnerability
1007993 - RedHat JBoss Web Application Server Remote Information Disclosure Vulnerability (CVE-2005-2006)

Web Service HP SiteScope
1007742* - HP SiteScope DNS Tool Command Injection Vulnerability

Windows Services RPC Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.