Rule Update

20-056 (November 3, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Server
1010577* - ISC BIND TSIG Authentication Bypass Vulnerability (CVE-2017-3143)


IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)


Suspicious Client Ransomware Activity
1010597 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)


Web Client Common
1010520 - FasterXML jackson-databind Remote Code Execution Vulnerability (CVE-2020-9547 & CVE-2020-9548)
1010584* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over HTTP (CVE-2020-15999)
1009823* - Microsoft Windows ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888)
1010505* - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-1074)


Web Client Internet Explorer/Edge
1009570* - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)


Web Server Common
1010578* - MobileIron MDM Remote Code Execution Vulnerability (CVE-2020-15505)
1010560* - Yaws Web Server XML External Entity Injection Vulnerability (CVE-2020-24379)


Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)


Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)


Web Server Oracle
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)


Web Server SharePoint
1010573* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-16952)


Zoho ManageEngine
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010558 - Auditd - Mitre ATT&CK TA0005: Defense Evasion
1010582 - Auditd - Mitre ATT&CK TA0008: Lateral Movement