Rule Update
17-047 (September 26, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center Dbman
1004677* - HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
1008506 - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities
Web Application Common
1008587 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008608 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1
Web Client Common
1008576 - Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2017-3040)
1008588 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252)
1008609 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531)
1008258 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-039)
1008602* - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
1008617 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2017-0293)
1008263 - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0099)
1007559* - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0135)
1008196 - Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (CVE-2016-0051)
Web Client Internet Explorer/Edge
1008565 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8646)
1008563* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)
Web Server Apache
1008618 - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)
Web Server Common
1008621 - Disallow Upload Of A JSP File
Web Server Miscellaneous
1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP Intelligent Management Center Dbman
1004677* - HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
1008506 - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities
Web Application Common
1008587 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008608 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1
Web Client Common
1008576 - Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2017-3040)
1008588 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252)
1008609 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531)
1008258 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-039)
1008602* - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
1008617 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2017-0293)
1008263 - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0099)
1007559* - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0135)
1008196 - Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (CVE-2016-0051)
Web Client Internet Explorer/Edge
1008565 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8646)
1008563* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)
Web Server Apache
1008618 - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)
Web Server Common
1008621 - Disallow Upload Of A JSP File
Web Server Miscellaneous
1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.