ruleUpdate
15-033 (27 października 2015)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP AutoPass License Server
1006811* - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)
HP OpenView
1003899* - HP OpenView Data Protector Application Recovery Manager Buffer Overflow
Microsoft Office
1007112* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Suspicious Client Application Activity
1007113 - HTRANS Response Detected
TFTP Server
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS
Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability
Web Client Common
1006735* - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
1007122 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3073)
1006973* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1007126 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7625)
1007127 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7627)
1007132 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7633)
1007128 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-7628)
1006916* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1007129 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7629)
1007130 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7631)
1007131 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7632)
1007031 - Google Chrome SVG Use After Free Arbitrary Code Execution Vulnerability (CVE-2015-1256)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006956* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
Web Client Internet Explorer
1007102* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007096* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007094 - Microsoft Internet Explorer Stack Underflow Vulnerability
1007107* - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007104* - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
Web Server Miscellaneous
1006700 - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
1006808* - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities
Windows Services RPC Server
1007134 - Batch File Upload On Network Share
1007065 - Executable File Uploaded On Network Share
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
1007114 - Portable Executable File Uploaded On SMB Share
1007121 - Remote Access Event Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP AutoPass License Server
1006811* - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)
HP OpenView
1003899* - HP OpenView Data Protector Application Recovery Manager Buffer Overflow
Microsoft Office
1007112* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Suspicious Client Application Activity
1007113 - HTRANS Response Detected
TFTP Server
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS
Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability
Web Client Common
1006735* - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
1007122 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3073)
1006973* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1007126 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7625)
1007127 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7627)
1007132 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7633)
1007128 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-7628)
1006916* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1007129 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7629)
1007130 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7631)
1007131 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7632)
1007031 - Google Chrome SVG Use After Free Arbitrary Code Execution Vulnerability (CVE-2015-1256)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006956* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
Web Client Internet Explorer
1007102* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007096* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007094 - Microsoft Internet Explorer Stack Underflow Vulnerability
1007107* - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007104* - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
Web Server Miscellaneous
1006700 - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
1006808* - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities
Windows Services RPC Server
1007134 - Batch File Upload On Network Share
1007065 - Executable File Uploaded On Network Share
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
1007114 - Portable Executable File Uploaded On SMB Share
1007121 - Remote Access Event Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.