Rule Update

20-022 (May 5, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Jenkins Remoting
1010233* - Jenkins JRMP Java Library Deserialization Remote Code Execution Vulnerability (CVE-2016-0788)

Oracle E-Business Suite Web Interface
1010251 - Oracle E-Business Suite Human Resources SQL Injection Vulnerability (CVE-2020-2882 and CVE-2020-2956)

Telnet Server
1010241 - netkit telnetd Buffer Overflow Vulnerability (CVE-2020-10188)

Web Application Common
1010219* - Centreon formMibs.php Command Injection Vulnerability (CVE-2019-15298)

Web Application PHP Based
1010245* - PHP 'ext/snmp/snmp.c' Use After Free Vulnerability (CVE-2016-6295)
1010234* - PHP 'get_headers()' NULL Byte Injection Vulnerability (CVE-2020-7066)
1010236 - PHP 'php_wddx_process_data' Function Illegal Memory Access Vulnerability (CVE-2016-7129)
1010246 - PHP WDDX Deserialization Use After Free Vulnerability (CVE-2016-3141)

Web Server Common
1010169 - Cisco Data Center Network Manager REST API Authentication Bypass Vulnerability (CVE-2019-15975)
1010173 - Cisco Data Center Network Manager REST API SQL Injection Vulnerability (CVE-2019-15984)

Web Server Oracle
1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)
1010242 - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2020-2798)
1010253 - Oracle WebLogic Server T3 Protocol Deserialization Of Untrusted Data Vulnerability (CVE-2020-2883)
1010168* - Oracle WebLogic Server Untrusted Data Deserialization Vulnerability (CVE-2020-2555)

Web Server SharePoint
1010238* - Microsoft Office SharePoint Cross Site Scripting Vulnerability (CVE-2020-0693)

Integrity Monitoring Rules:

1002776* - Microsoft Windows - Startup Programs Modified (ATT&CK T1112, T1060)

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.