Rule Update

21-047 (October 26, 2021)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Memcached
1011097* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)
1011098 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


Web Client Common
1011127* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-55) - 2
1011185 - Chromium V8 Out Of Bounds Write Vulnerability (CVE-2021-30632)
1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)


Web Server HTTPS
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)


Web Server Miscellaneous
1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)


Web Server Nagios
1011191 - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


Web Server Squid
1011159* - Squid HTTP Request Smuggling Vulnerability (CVE-2019-18678)


Zoho ManageEngine
1011188 - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


Integrity Monitoring Rules:

1002786* - Microsoft Windows - Microsoft hotfixes registry keys modified (ATT&CK T1112)


Log Inspection Rules:

1004488* - Database Server - Microsoft SQL
1010595* - Microsoft LDAP Query Execution