Rule Update

22-037 (August 2, 2022)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Spark
1011499* - Apache Spark Command Injection Vulnerability (CVE-2022-33891)

MySQL Cluster NDBD
1011502 - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2022-21489)

Suspicious Client Application Activity
1001162* - Detected HTTP Client Traffic (ATT&CK T1071.001)

Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000967* - Apache Tomcat Servlet Engine Directory Traversal

Web Server Common
1011494* - BMC Track-It! 'GetPopupSubQueryDetails' SQL Injection Vulnerability (CVE-2022-35864)
1011493* - BMC Track-It! Improper Access Control Vulnerability (CVE-2022-35865)

Web Server Miscellaneous
1011495* - Atlassian 'Mobile Plugin for Jira Data Center and Server' Plugin Server-Side Request Forgery Vulnerability (CVE-2022-26135)
1011501 - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2022-2230)
1011496* - Jenkins 'GitLab' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-34777)
1005516* - RedHat JBoss Enterprise Application Platform Block Access To Status Servlet

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.