All Vulnerabilities

  • 17-001 (January 10, 2017)
     Publish Date:  11 January 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    BIND RNDC
    1008099 - ISC BIND rndc Control Channel Denial Of Service Vulnerability (CVE-2016-1285)


    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1008119 - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)


    DCERPC Services - Client
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


    DNS Client
    1008053* - ISC BIND DNAME Answer Handling Denial Of Service Vulnerability (CVE-2016-8864)
    1007740* - ISC BIND Multiple DNS Cookies Denial Of Service Vulnerability (CVE-2016-2088)
    1008085 - Nginx DNS UDP Packet Handler Crash Denial Of Service Vulnerability (CVE-2016-0742)


    DNS Server
    1008092 - ISC BIND Assertion Failure Denial Of Service Vulnerability (CVE-2016-2848)
    1008105 - PowerDNS Authoritative Server Long Qname Denial Of Service Vulnerability (CVE-2016-5426)


    Directory Server LDAP
    1007360 - IBM Domino LDAP Server Remote Execution Vulnerability (CVE-2015-0117)
    1007932* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2016-3368)


    ISC LightWeight DNS Resolver
    1008100 - ISC BIND Long Name Query DOS Vulnerability (CVE-2016-2775)


    Microsoft Office
    1008116 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0003)


    NTP Server Linux
    1008040* - NTP AutoKey Malicious Message Multiple Denial Of Service Vulnerabilities
    1007383* - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
    1008086 - NTP Daemon CRYPTO_NAK Denial Of Service Vulnerability (CVE-2016-4957)
    1008048* - NTP Mrulist Malicious Query Denial Of Service Vulnerability (CVE-2016-7434)


    Novell GroupWise Admin Service
    1006822* - Novell Groupwise "poLibMaintenanceFileSave" Security Bypass Vulnerability


    SSL Client
    1008088 - GnuTLS Libtasn1 ASN.1 DER Infinite Loop Denial Of Service Vulnerability (CVE-2016-4008) - Client


    SSL/TLS Server
    1008089 - GnuTLS Libtasn1 ASN.1 DER Infinite Loop Denial Of Service Vulnerability (CVE-2016-4008) - Server


    Suspicious Client Ransomware Activity
    1007704* - Ransomware Network Traffic - 1


    Web Application Common
    1008050 - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799)
    1008046 - ImageMagick SGI Coder Out Of Bounds Read Vulnerability (CVE-2016-7101)


    Web Application PHP Based
    1008096 - Identified Drupal Core system.temporary Information Disclosure Vulnerability
    1008118 - Identified Suspicious Upload Of WordPress Plugin
    1008038* - PHP GC ZipArchive Class Use After Free Vulnerability (CVE-2016-5773)


    Web Client Common
    1008049 - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1
    1008047 - ImageMagick SGI Coder Out Of Bounds Read Vulnerability (CVE-2016-7101) - 1
    1007427* - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-014)
    1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)


    Web Server Miscellaneous
    1008001* - MongoDB Javascript Injection Collection Enumeration Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1003802* - Directory Server – Microsoft Windows Active Directory
  • 16-040 (December 27, 2016)
     Publish Date:  28 December 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services - Client
    1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)


    Novell GroupWise Admin Service
    1006822 - Novell Groupwise "poLibMaintenanceFileSave" Security Bypass Vulnerability


    Web Application PHP Based
    1007642 - WordPress Comment Handler Same Origin Method Execution Vulnerability (CVE-2015-3439)


    Web Client Common
    1007997* - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 2


    Web Server Miscellaneous
    1008001 - MongoDB Javascript Injection Collection Enumeration Vulnerability
    1005557* - Novell ZENWorks Mobile Management Multiple Directory Traversal Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-039 (December 20, 2016)
     Publish Date:  21 December 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1007740 - ISC BIND Multiple DNS Cookies Denial Of Service Vulnerability (CVE-2016-2088)


    Directory Server LDAP
    1007932* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2016-3368)


    Web Application Common
    1007610* - Identified Usage Of ImageMagick Pseudo Protocols


    Web Application PHP Based
    1008041 - Drupal Coder Module Remote Code Execution Vulnerability


    Web Application Ruby Based
    1005331* - Ruby On Rails XML Processor YAML Deserialization DoS


    Web Application Tomcat
    1000637* - Tomcat JSP Source Code Exposure Vulnerability (CVE-2002-1148)


    Web Client Common
    1008090 - Adobe Flash Player Multiple Security Vulnerabilities (APSB16-39)
    1008033* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)


    Web Client Internet Explorer/Edge
    1008063* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
    1008009* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
    1007920* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3247)
    1005366* - Microsoft Internet Explorer COMWindowProxy Use After Free Vulnerability (CVE-2013-0019)


    Web Server Miscellaneous
    1007650 - Identified Access To NetIQ URLs Prone To Information Disclosure Vulnerability (CVE-2014-5215)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-038 (December 13, 2016)
     Publish Date:  14 December 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Content Management Server Microsoft
    1000984* - Microsoft CMS Cross Site Scripting Vulnerability


    DNS Client
    1008053 - ISC BIND DNAME Answer Handling Denial Of Service Vulnerability (CVE-2016-8864)


    DNS Server
    1007648* - PowerDNS Authoritative Server DNS Packet Processing Denial Of Service Vulnerability (CVE-2015-5311)


    EMC AutoStart Agent Service
    1007640 - Identified EMC AutoStart Remote Code Execution Vulnerability


    Microsoft Office
    1008075 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
    1008074 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7265)
    1008070 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7268)
    1008076 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276)
    1007617* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
    1008077 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277)
    1008078 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
    1008073 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7262)
    1008072 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7266)
    1008071 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7267)
    1000764* - Microsoft Publisher Font Parsing Buffer Overflow


    NTP Client
    1008004 - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)


    NTP Server Linux
    1008040 - NTP AutoKey Malicious Message Multiple Denial Of Service Vulnerabilities
    1007399* - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)
    1008048 - NTP Mrulist Malicious Query Denial Of Service Vulnerability (CVE-2016-7434)


    OpenSSL
    1008039* - OpenSSL SSL3_AL_WARNING Remote Denial Of Service Vulnerability (CVE-2016-8610)


    Suspicious Client Ransomware Activity
    1007579* - Ransomware HTTP Request
    1007577* - Ransomware Hydra


    Suspicious Server Ransomware Activity
    1007580* - Ransomware HTTP Request-1


    Web Application Common
    1006823* - Identified Suspicious Command Injection Attack - 1


    Web Application Miscellaneous
    1000846* - Microsoft Windows Explorer Drag and Drop Remote Code Execution


    Web Application PHP Based
    1008038 - PHP GC ZipArchive Class Use After Free Vulnerability (CVE-2016-5773)
    1007973* - PHP ZipArchive Integer Overflow Vulnerability (CVE-2016-3078)


    Web Application Tomcat
    1000638* - Apache Tomcat "Tomcat Manager" Cross-Site Scripting
    1000967* - Apache Tomcat Servlet Engine Directory Traversal
    1000637* - Tomcat 4.x JSP source code exposure


    Web Client Common
    1007629* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-14) - 6
    1007635* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
    1008084 - Microsoft Office OLE DLL Loading Vulnerability Over WebDAV (CVE-2016-7275)
    1008079 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7259)
    1008080 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7260)
    1008029* - Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205)
    1008081 - Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2016-7295)
    1008069 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-7257)
    1008043 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3393)
    1008068 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
    1007989* - Microsoft Windows Multiple Security Vulnerabilities (MS16-118, MS16-119)
    1008082 - Microsoft Windows Multiple Security Vulnerabilities (MS16-149)
    1008067 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
    1008052 - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)


    Web Client Internet Explorer/Edge
    1003507* - AOL IWinAmpActiveX Class ConvertFile() Remote Buffer Overflow
    1005540* - Internet Explorer Memory Corruption Vulnerability (CVE-2013-3120)
    1008061 - Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7206)
    1008062 - Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7280)
    1007248* - Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
    1008063 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
    1008064 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
    1007984* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386)
    1008009* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
    1008013* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202)
    1008016* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240)
    1008011* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242)
    1008065 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296)
    1008066 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297)
    1007237* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6151)
    1008012* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195)
    1008056 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7279)
    1008017* - Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241)
    1008060 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287)
    1008057 - Microsoft Internet Explorer And Edge Security Feature Bypass Vulnerability (CVE-2016-7282)
    1008055 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7278)
    1008059 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7284)
    1006790* - Microsoft Internet Explorer Memory Access Violation Vulnerability
    1006312* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4141)
    1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
    1008083 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3384)
    1008054 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
    1008058 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)


    Web Server Miscellaneous
    1007603* - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
    1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
    1001781* - WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerability


    Web Server Oracle
    1003878* - Oracle E-Business Suite Multiple Remote Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-037 (November 22, 2016)
     Publish Date:  23 November 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Application Control For Mail Client
    1002452* - Application Control For Eudora


    DNS Server
    1007648 - PowerDNS Authoritative Server DNS Packet Processing Denial Of Service Vulnerability (CVE-2015-5311)


    Suspicious Client Ransomware Activity
    1007579* - Ransomware HTTP Request
    1007577* - Ransomware Hydra


    Suspicious Server Application Activity
    1002378* - Detected Virtual Network Computing (VNC) Server Traffic


    Suspicious Server Ransomware Activity
    1007580* - Ransomware HTTP Request-1


    Web Application Common
    1007715* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118)
    1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


    Web Application PHP Based
    1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)


    Web Client Common
    1006532* - Identified Malicious Adobe Flash SWF File - 1
    1007738* - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118) - 1
    1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
    1008033* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
    1008044 - OpenJPEG JPEG2000 MCC Record Code Execution Vulnerability (CVE-2016-8332)


    Web Client Internet Explorer/Edge
    1006383* - Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)


    Web Server Common
    1007651* - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-036 (November 15, 2016)
     Publish Date:  16 November 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1007425* - ISC BIND OpenPGP Key Handler Denial Of Service Vulnerability (CVE-2015-5986)
    1007465* - ISC BIND Response Handler Denial Of Service Vulnerability (CVE-2015-8000)


    Database Oracle
    1003510* - Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection


    HP OpenView Network Node Manager
    1007643* - HP OpenView Network Node Manager ovw.dll Message Handling Buffer Overflow (CVE-2008-1842)


    NTP Server Linux
    1007399 - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)


    OpenSSL
    1008039 - OpenSSL SSL3_AL_WARNING Remote Denial Of Service Vulnerability (CVE-2016-8610)


    Suspicious Client Application Activity
    1007907* - Cisco ASA Memory Corruption Vulnerability (CVE-2016-6366)


    Web Client Common
    1007310* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8446)
    1008042 - Adobe Flash Player Multiple Security Vulnerabilities (APSB16-37)
    1007620* - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
    1007622* - Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)


    Web Client Internet Explorer/Edge
    1007983* - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-7189)
    1007985* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3298)
    1007928* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324)


    Web Server HTTPS
    1007253* - Trend Micro Threat Intelligence Manager Multiple Vulnerabilities Remote Code Execution


    Web Server Miscellaneous
    1007993* - RedHat JBoss Web Application Server Remote Information Disclosure Vulnerability (CVE-2005-2006)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-035 (November 8, 2016)
     Publish Date:  09 November 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services - Client
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


    HP OpenView Network Node Manager
    1007643 - HP OpenView Network Node Manager ovw.dll Message Handling Buffer Overflow (CVE-2008-1842)


    Microsoft Office
    1008024 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7233)
    1008018 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7213)
    1008019 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7228)
    1008020 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7229)
    1008021 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7230)
    1008022 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231)
    1008023 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7232)
    1008025 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7234)
    1008026 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7235)
    1008027 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7236)


    NTP Server Linux
    1007383 - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)


    Web Application PHP Based
    1007973 - PHP ZipArchive Integer Overflow Vulnerability (CVE-2016-3078)


    Web Client Common
    1008029 - Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205)
    1008031 - Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217)
    1008035 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-138)
    1007990 - Microsoft Windows Multiple Security Vulnerabilities (MS16-134)
    1008034 - Microsoft Windows Multiple Security Vulnerabilities (MS16-135)
    1008030 - Microsoft Windows OpenType Font Information Disclosure Vulnerability (CVE-2016-7210)
    1008036 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256)


    Web Client Internet Explorer/Edge
    1008014 - Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204)
    1007994* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7194)
    1008008 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200)
    1008009 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
    1008013 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202)
    1008010 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203)
    1008016 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240)
    1008011 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242)
    1008015 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-7227)
    1008012 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195)
    1008006 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7196)
    1008007 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7198)
    1008017 - Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-034 (November 3, 2016)
     Publish Date:  04 November 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1007458* - glibc getaddrinfo Stack Based Buffer Overflow Vulnerability (CVE-2015-7547)


    Web Client Common
    1008003* - Adobe Flash Player Use-After-Free Vulnerability (CVE-2016-7855)
    1008033 - Microsoft Windows Elevation Of Privilege Vulnerability
    1007929* - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-3370)
    1007930* - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-3374)


    Web Client Internet Explorer/Edge
    1007923* - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3325)


    Web Server Common
    1000128* - HTTP Protocol Decoding
    1005496* - Identified HTTP Request Smuggling Attack


    Web Server HTTPS
    1007253* - Trend Micro Threat Intelligence Manager Multiple Vulnerabilities Remote Code Execution


    Web Server Miscellaneous
    1007522* - JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-033 (October 28, 2016)
     Publish Date:  29 October 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application PHP Based
    1008005 - Joomla Core Security Bypass Vulnerabilities


    Web Client Common
    1008003* - Adobe Flash Player Use-After-Free Vulnerability (CVE-2016-7855)
    1007978* - Microsoft Windows GDI+ Information Disclosure Vulnerability (CVE-2016-3263)
    1007976* - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-120)
    1007975* - Microsoft Windows Multiple Security Vulnerabilities (MS16-123)


    Web Client Internet Explorer/Edge
    1007987* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3382)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 16-032 (October 25, 2016)
     Publish Date:  26 October 2016
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Suspicious Server Application Activity
    1003786* - Detected SNMP Server Traffic


    Unix Samba
    1004252* - Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability


    Web Application PHP Based
    1007739* - PHP TAR File Parsing Uninitialized Reference Vulnerability (CVE-2016-4343)


    Web Application Tomcat
    1003854* - Identified Login Attempt To Apache Tomcat Manager Using Default Credentials


    Web Client Common
    1007677 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4137)
    1008003 - Adobe Flash Player Use-After-Free Vulnerability
    1007930* - Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3374)
    1007995* - Microsoft Windows Diagnostics Hub Elevation Of Privilege (CVE-2016-7188)
    1007988* - Microsoft Windows Multiple Security Vulnerabilities (MS16-124)
    1007665* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
    1007908 - WPS Office PowerPoint Memory Corruption Vulnerability
    1007909 - WPS Office SpreadSheet Memory Corruption Vulnerability
    1007910 - WPS Office Writer Memory Corruption Vulnerability


    Web Client Internet Explorer/Edge
    1007984* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386)
    1007982* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7190)
    1007991* - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3267)
    1007980* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3385)
    1007903 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189) - 1


    Web Server Common
    1007914* - Symfony Security Component Denial Of Service Vulnerability


    Web Server HTTPS
    1007253 - Trend Micro Threat Intelligence Manager Multiple Vulnerabilities Remote Code Execution


    Web Server Miscellaneous
    1007528* - GlassFish Java EE Application Server Arbitrary File Read Vulnerability
    1007993 - RedHat JBoss Web Application Server Remote Information Disclosure Vulnerability (CVE-2005-2006)


    Web Service HP SiteScope
    1007742* - HP SiteScope DNS Tool Command Injection Vulnerability


    Windows Services RPC Client
    1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.