Rule Update

21-059 (December 21, 2021)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Storm Nimbus
1011236* - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


Directory Server LDAP
1011246 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over LDAP (CVE-2021-42278)


SolarWinds Network Performance Monitor
1011229* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221* - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
1011230 - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)


Web Application Common
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
1011198 - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)


Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header


Web Server HTTPS
1011232* - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


Web Server SharePoint
1011224* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


Web Server Squid
1011234* - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


Windows SMB Server
1011251 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)


Zoho ManageEngine
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011250 - Web Server - Apache - 2