Rule Update

22-056 (November 15, 2022)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1011037* - Identified Remote System Discovery Over SMB - 1 (ATT&CK T1018)
1011027* - Identified Session Enumeration Request Over SMB (ATT&CK T1049)

Directory Server LDAP
1004656* - IBM Tivoli Directory Server Remote Code Execution Vulnerability (CVE-2011-1206)

Web Application PHP Based
1011601 - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011602 - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599 - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603 - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011600 - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)

Web Server Common
1011466* - Apache HTTP Server 'mod_sed' Denial Of Service Vulnerability (CVE-2022-30522)

Web Server HTTPS
1011550* - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)

Web Server IIS
1000101* - Microsoft IIS Malformed HTTP Request DoS Vulnerability

Web Server Miscellaneous
1011598 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36097)

Web Server SharePoint
1011541* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-35823)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1002835* - Web Server - Web Access Events