Rule Update

20-042 (September 1, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1010164* - Identified Possible Ransomware File Extension Create Activity Over Network Share


Docker Daemon
1010326* - Identified Docker Daemon Remote API Call


HP Intelligent Management Center (IMC)
1010481 - Apache OFBiz XML-RPC Request Unsafe Deserialization Vulnerability (CVE-2020-9496)


Oracle SQL Net (TNS) Listener
1010475 - Oracle Database Server XML External Entity Injection Vulnerability (CVE-2014-6577)


Web Application Common
1010483 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11200)
1010484 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2019-11201)
1010482 - Identified Reflected File Download Attack in URI Query Parameter
1005934* - Identified Suspicious Command Injection Attack
1010488 - Identified WordPress Database Reset Attempt
1010225* - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
1010440* - OpenMRS Reflected Cross-Site Scripting Vulnerability (CVE-2020-5730)


Web Application PHP Based
1010212 - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)


Web Client Common
1008702* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)
1008171* - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038)
1010469* - TeamViewer Desktop Remote Code Execution Vulnerability (CVE-2020-13699)


Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)


Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)


Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1000131* - HTTP Header Length Restriction
1010477 - Java Unserialize Remote Code Execution Vulnerability - 1
1010445* - Opmantek Open-AudIT Command Injection Vulnerability (CVE-2020-12078)


Web Server HTTPS
1010479 - Malware Ngioweb


Web Server Miscellaneous
1010463* - Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization Vulnerability (CVE-2016-3642)


Web Server Oracle
1010474* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14625)
1010485 - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010478 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14644)
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)


Web Server SharePoint
1010335* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1181)


Zoho ManageEngine
1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
1010337 - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.