Deep Security Center

RULE UPDATE: 15-028 (August 25, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service


Backup Server EMC Legato
1001104* - EMC Legato Networker Remote Exec Service Stack Overflow


DNS Client
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
1000159* - Microsoft SMTP Server DNS Handling Buffer Overflow


DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS


Database Oracle
1000251* - Oracle Database Server Buffer Overflow In Procedure START_LOG of CTX_OUTPUT Package


Microsoft Office
1005346* - Identified Suspicious Microsoft Word RTF File
1004978* - MSCOMCTL.OCX RCE Vulnerability For Office Binary File (CVE-2012-0158)
1006625* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)


Novell Configuration Management Preboot Policy Service
1006792 - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability
1006791 - Novell ZENworks Preboot Service Dynamic Port Decoder


Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected


OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006920 - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


Web Application PHP Based
1006021* - Joomla JCE Extension Multiple Vulnerabilities


Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability


Web Client Common
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006972* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006958* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006968 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5126)
1006984* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006987* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006967* - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006865* - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006974 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5554)
1006975* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1007012 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5562)
1006969 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5127)
1006988* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006989 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5551)
1006976* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006981* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1007016 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5564)
1006965* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5565)
1006966* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5566)
1007014 - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1007010 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2015-5089)
1007015 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5108)
1007007 - Adobe Reader And Acrobat Multiple Integer Overflow And Information Disclosure Vulnerabilities
1007001 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4443)
1007002 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4444)
1007009 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4435)
1007011 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4438)
1007000 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4441)
1007003 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4445)
1006886* - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1007004 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4449)
1007005 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4451)
1006998 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4452)
1006999 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5085)
1006996 - Identified Suspicious Microsoft Word RTF File - 1
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006944* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006945* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1004834* - Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow
1006699 - libpng Heap Based Buffer Overflow Vulnerability (CVE-2015-0973)


Web Client Internet Explorer
1006957* - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability (CVE-2015-2502)
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006932* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1004977* - Restrict Microsoft Windows Common ListView And TreeView ActiveX Controls


Web Server IIS
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability


Web Server Miscellaneous
1005597* - Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
1005994* - Apache Struts Multiple Directory Traversal Vulnerabilities
1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
1006155* - Apache Struts ParameterInterceptor Class OGNL Security Bypass Vulnerability
1004982* - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
1006908 - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Web Server Squid
1000388* - Restrict Squid Cache Manager Access


Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected


Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected


Log Inspection Rules:

1002795* - Microsoft Windows Events
RULE UPDATE: 15-027 (August 14, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006970 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5129)
1006972 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006973 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006958 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006962 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5541)
1006980 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1006964 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5544)
1006983 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5545)
1006984 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006985 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1006987 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006990 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5552)
1006991 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5553)
1006636* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0349)
1006967 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006975 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1006965 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3107)
1006966 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5124)
1006971 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5130)
1006959 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5134)
1006960 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5539)
1006961 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5540)
1006988 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006976 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006979 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5559)
1006981 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1006982 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5563)
1006599* - Identified Suspicious Obfuscated JavaScript – 3


Web Client Internet Explorer
1006992 - Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2445)
1006957 - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-026 (August 11, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006624 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1006936 - Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
1006940 - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1006937 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
1006938 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
1006939 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1006941 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1005158* - Restrict Microsoft Office Files With Embedded SWF - 2


OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


Oracle MySQL InnoDB Memcached Plugin
1005511* - Oracle MySQL Server InnoDB MemCached Remote Denial Of Service Vulnerability


Web Application PHP Based
1006817* - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819* - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821* - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006858* - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006914* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006915 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3134)
1006866* - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006863* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006913* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006918* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006943 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5117)
1006885 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2014-8450)
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006944 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006949 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1006950 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1006955 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
1006956 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
1006945 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1006951 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
1006952 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)


Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006928 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
1006929 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006931 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1006932 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1006933 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
1006934 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
1006935 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)


Web Client Mozilla Firefox
1006954 - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


Web Server Common
1000128* - HTTP Protocol Decoding


Web Server Miscellaneous
1004874* - TimThumb Plugin Remote Code Execution Vulnerability


Web Server RealVNC
1006884 - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)


Windows Services RPC Server
1006906* - Identified Usage Of PsExec Command Line Tool


Integrity Monitoring Rules:

1006803 - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800 - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006802 - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801 - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006798 - TMTR-0005: Suspicious Files Detected In Application Directories
1006797 - TMTR-0006: Suspicious Files Detected In Application Directories
1006796 - TMTR-0007: Suspicious Files Detected In Application Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1006805 - TMTR-0009: Suspicious Files Detected In System Folder
1006804 - TMTR-0010: Suspicious Files Detected In System Folder
1006795 - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799 - TMTR-0014: Suspicious Service Detected
1006684* - TMTR-0015: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
1006691* - TMTR-0017: Microsoft Windows - SAM Domain Account Users Modification Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-025 (August 3, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1006909 - ISC BIND Zone Query Handler Denial Of Service Vulnerability


DNS Server
1006924 - ISC BIND TKEY Query Handling Denial Of Service Vulnerability (CVE-2015-5477)
1006925 - ISC BIND TKEY Query Handling Denial Of Service Vulnerability (CVE-2015-5477) - 1


Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic


Web Client Common
1006914 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006917 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-4431)
1006923 - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-3133)
1006921 - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-3126)
1006922 - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-4429)
1006910 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3120)
1006911 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3122)
1006912 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3124)
1006913 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006916 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1006918 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006815 - Google Chrome SpeechRecognitionClient Use After Free Vulnerability (CVE-2015-1251)


Web Server Common
1005567* - Identified No Ending Protocol In HTTP Request


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-024 (July 28, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006574* - Microsoft Office Local Zone Remote Code Execution Vulnerability (CVE-2015-0097)
1004099* - Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability


OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
1006854 - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
1006806* - OpenSSL Malformed ECParameters Infinite Loop Denial Of Service Vulnerability


Unix CUPS
1006814* - CUPS Print Service Remote Privilege Escalation Vulnerability


Web Application Common
1005936* - Identified Local File Inclusion (LFI) Over HTTP
1006823* - Identified Suspicious Command Injection Attack - 1


Web Application PHP Based
1006817 - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819 - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821 - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006905 - Adobe Flash Player Unspecified Memory Corruption Vulnerability (CVE-2015-3123)
1006903* - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
1006890 - Adobe Reader And Acrobat Buffer Overflow Vulnerability (CVE-2015-5093)
1006893 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5097)
1006889 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5087)
1006891 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5094)
1006894 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5098)
1006896 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5100)
1006897 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5101)
1006898 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5102)
1006899 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5103)
1006900 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5104)
1006886 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1006888 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5086)
1006887 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-4448)
1006892 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5095)
1006895 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5099)
1006901 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5111)
1006902 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5113)
1006883 - Google Chrome Cross Site Scripting Filter Bypass Vulnerability
1006872* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-2369)
1006857* - Oracle Java SE Remote Code Execution Vulnerability (CVE-2015-2590)


Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006832* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2401)
1006869* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2425)


Web Client Mozilla Firefox
1006825 - Mozilla Firefox XrayWrapper Privileged Javascript Injection Vulnerability (CVE-2014-8636)


Web Server IIS
1006434* - Microsoft IIS Directory Traversal Vulnerability


Web Server Miscellaneous
1003505* - Microsoft .Net Framework Null Byte Injection Vulnerability


Web Service HP SiteScope
1006816* - HP SiteScope Log Analyzer Privilege Escalation Vulnerability (CVE-2015-2120)


Windows Services RPC Server
1006906 - Identified Usage Of PsExec Command Line Tool


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-023 (July 20, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Remote Desktop Protocol Server
1006870 - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)


Web Client Common
1006858* - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006859* - Adobe Flash Player BitmapData Remote Code Execution Vulnerability (CVE-2015-5123)
1006530* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0582)
1006903 - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
1006904 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2424)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-022 (July 14, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database Microsoft SQL
1006840 - Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2015-1762)


Database MySQL
1006813 - Identified Oracle MySQL Database Operation


FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


Microsoft Office
1006873 - Microsoft Excel ASLR Bypass Vulnerability (CVE-2015-2375)
1006874 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2376)
1006875 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2377)
1006876 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2379)
1006877 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2380)
1006878 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2415)
1006769* - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770* - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
1000764* - Microsoft Publisher Font Parsing Buffer Overflow
1005990* - Microsoft Word RTF Remote Code Execution Vulnerability (CVE-2014-1761)


OpenSSL
1006655* - OpenSSL ASN_TYPE_cmp Segmentation Fault Vulnerability (CVE-2015-0286)
1006855 - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


OpenSSL Client
1006856 - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
1006093* - OpenSSL Client SSL/TLS Man In The Middle Security Bypass Vulnerability
1006806 - OpenSSL Malformed ECParameters Infinite Loop Denial Of Service Vulnerability


SSL Client
1006485* - SSL RSA Downgrade Vulnerability


Unix CUPS
1006814 - CUPS Print Service Remote Privilege Escalation Vulnerability


Unix Samba
1003999* - Samba MS-RPC Remote Shell Command Execution Vulnerability


Web Application Common
1006823 - Identified Suspicious Command Injection Attack - 1
1005402* - Identified Suspicious User Agent In HTTP Request


Web Application PHP Based
1006794* - PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability
1006390* - WordPress Denial Of Service Vulnerability (CVE-2014-9034)


Web Application Tomcat
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006860 - Adobe Flash Domain Policy Security Bypass Vulnerabilities
1006455* - Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309)
1006812 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
1006006* - Adobe Flash Player Information Disclosure Vulnerability (CVE-2014-0508)
1003891* - Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
1006399* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0574)
1006400* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0586)
1006461* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0310)
1006713* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3090)
1006861 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3117)
1006866 - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006779* - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1004229* - Adobe Flash Player Remote Code Execution Vulnerabilities - 2
1006464* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0312)
1006526* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0330)
1006138* - Adobe Flash Player Security Bypass Vulnerability (CVE-2014-4671)
1006865 - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006863 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006517* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0320)
1006862 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3118)
1006419* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8461)
1004042* - Google Chrome XML Denial Of Service
1006882 - Identified Suspicious Obfuscated JavaScript - 4
1006742 - Identified Suspicious User Agent In Outgoing HTTP Request
1006818 - Java SE Remote Security Vulnerability (CVE-2015-0459)
1006820 - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006872 - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-2369)
1006879 - Microsoft Windows Graphics Component EOP Vulnerability (CVE-2015-2364)
1006880 - Microsoft Windows OLE Elevation Of Privilege Vulnerability (CVE-2015-2416)
1006881 - Microsoft Windows OLE Elevation Of Privilege Vulnerability (CVE-2015-2417)
1006291* - Microsoft Windows OLE Remote Code Execution Vulnerability - 1
1006572 - Multiple Browser libjpeg/libjpeg-turbo Library Memory Corruption Vulnerability


Web Client Internet Explorer
1006839 - Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2421)
1006842 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-1729)
1006867 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2413)
1006868 - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006750 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1733)
1006752* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006754 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1738)
1006764* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006850 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1767)
1006843 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2383)
1006845 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2383) - 1
1006846 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2388)
1006847 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2389)
1006848 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2390)
1006849 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391)
1006831 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2397)
1006832 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2401)
1006851 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2403)
1006852 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2404)
1006833 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2406)
1006835 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2408)
1006836 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2409)
1006837 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2411)
1006853 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2422)
1006869 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2425)
1006841 - Microsoft Windows VBScript Memory Corruption Vulnerability (CVE-2015-2372)


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request


Web Server IIS
1006434 - Microsoft IIS Directory Traversal Vulnerability


Web Service HP SiteScope
1006816 - HP SiteScope Log Analyzer Privilege Escalation Vulnerability (CVE-2015-2120)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-021 (July 12, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006858 - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006859 - Adobe Flash Player BitmapData Remote Code Execution Vulnerability (CVE-2015-5123)
1006857 - Oracle Java SE Remote Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-020 (July 7, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006370* - Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)


Web Client Common
1004079* - Adobe Acrobat And Reader CFF Encodings Handling Heap Overflow Vulnerability
1003916* - Adobe Acrobat And Reader JpxDecode Memory Corruption
1003291* - Adobe Acrobat And Reader PDF File Handling Remote Code Execution Vulnerability
1003405* - Adobe Acrobat JavaScript getIcon Method Buffer Overflow
1003056* - Adobe Acrobat PDF Javascript getCosObj Memory Corruption
1003848* - Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution
1006824 - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006810* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
1006451* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8438)
1002445* - Adobe Multiple Products BMP Image Header Handling Buffer Overflow
1004191* - Adobe Photoshop Remote Code Execution
1003803* - Adobe Reader And Acrobat U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
1004857* - Adobe Reader And Acrobat U3D TIFF Resource Buffer Overflow Vulnerability (CVE-2011-2432)
1004506* - Adobe Reader Doc.printSeps() Memory Corruption Vulnerability
1004167* - Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
1004422* - Adobe Shockwave Director tSAC Chunk Memory Corruption
1004448* - Adobe Shockwave Director tSAC Chunk Remote Code Execution Vulnerability
1004494* - Adobe Shockwave Player 'dirapi.dll' Memory Corruption Vulnerability
1004517* - Adobe Shockwave Player 'dirapi.dll' Stack Overflow Vulnerability
1004287* - Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability
1003596* - Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
1004713* - Adobe Shockwave Player Memory Corruption (CVE-2011-2111)
1004552* - Adobe TIFF File Vulnerability - 3
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1002533* - Apple QuickTime Embedded Pascal Style Remote Integer Overflow
1003722* - Apple QuickTime FlashPix Sector Size Overflow Vulnerability
1002532* - Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
1003543* - Apple QuickTime Movie File Clipping Region Handling Heap Buffer Overflow
1003551* - Apple QuickTime PICT Image paintPoly Parsing Heap Buffer Overflow
1005251* - Apple QuickTime Targa Image Parsing Buffer Overflow Vulnerability
1003394* - BitDefender Internet Security Script Code Execution
1001009* - CA Product AV Engine CAB Header Parsing Stack Overflow
1004356* - Cinepak Codec Decompression Vulnerability
1004872* - Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability
1003163* - ClamAV 'get_unicode_name()' Off-By-One Heap Based Buffer Overflow
1002867* - ClamAV CHM Processing Denial Of Service
1003981* - DirectShow Heap Overflow Vulnerability
1003747* - FFmpeg vmd_read_header Integer Overflow
1004375* - Flash Movie Player File Magic Denial Of Service Vulnerability
1003114* - GDI Integer Overflow Vulnerability
1004651* - GDI+ Integer Overflow Vulnerability (CVE-2011-0041)
1003773* - GDI+ PNG Integer Overflow Vulnerability
1003775* - GDI+ TIFF Buffer Overflow Vulnerability
1002683* - GNOME Project libxslt Library RC4 Key String Buffer Overflow
1003749* - Google Apps 'googleapps.url.mailto' Handler Command Injection Vulnerability
1004080* - Google Chrome Invalid FTP Server Response Remote Denial Of Service Vulnerability Helper
1004278* - LibTIFF 'td_stripbytecount' NULL Pointer Dereference Remote Denial Of Service Vulnerability
1004329* - Libpng Memory Corruption And Memory Leak Vulnerability
1005403* - Libxml2 Entity Expansion Denial Of Service Vulnerability
1003431* - MJPEG Decompression Vulnerability
1004217* - MJPEG Media Decompression Vulnerability
1004354* - MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
1004093* - MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability
1004397* - MPEG-4 Codec Vulnerability
1003675* - Malformed AVI Header Vulnerability
1004223* - Media Decompression Vulnerability
1004319* - Media Player Classic DoS Vulnerability
1000849* - Microsoft Agent Memory Corruption Vulnerability
1000947* - Microsoft Antivirus Engine PDF File Remote Code Execution
1002590* - Microsoft DirectX Crafted MJPEG Stream Handling Code Execution
1003529* - Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
1001249* - Microsoft DirectX Parsing SAMI File Code Execution Vulnerability
1001129* - Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow
1001246* - Microsoft DirectX WAV File Parsing Code Execution Vulnerability
1003406* - Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow
1005016* - Microsoft GDI+ Record Type Vulnerability (CVE-2012-0165)
1000936* - Microsoft Help Workshop HPJ File Handling Buffer Overflow
1000948* - Microsoft OLE Dialog Code Execution Vulnerability
1002627* - Microsoft SQL Server Memory Corruption Vulnerability
1001007* - Microsoft Visio Version Validation Remote Code Execution
1000206* - Microsoft Visual Studio "dbp/sln" File Handling Buffer Overflow
1001096* - Microsoft Visual Studio Crystal Reports RPT Processing Buffer Overflow
1004038* - Microsoft Windows '.ani' File 'tagBITMAPINFOHEADER' Denial Of Service Vulnerability
1004562* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability
1000976* - Microsoft Windows ANI File Remote Code Execution
1004582* - Microsoft Windows Fax Cover Page Editor Memory Corruption
1004555* - Microsoft Windows Fax Cover Page Editor Remote Code Execution
1002757* - Microsoft Windows GDI+ BMP Integer Overflow Vulnerability
1002372* - Microsoft Windows GDI+ EMF Remote Code Execution
1001045* - Microsoft Windows GDI+ ICO File DoS
1002762* - Microsoft Windows GDI+ WMF Buffer Overrun Vulnerability
1001066* - Microsoft Windows Graphics Rendering Engine Image Handling Vulnerability
1001248* - Microsoft Windows Media Format ASF Parsing Remote Code Execution
1001252* - Microsoft Windows Media Player MP4 File Stack Overflow
1001068* - Microsoft Windows Media Player Remote Code Execution
1000182* - Microsoft Windows Metafile Integer Overflow Vulnerability
1002622* - Microsoft Windows Saved Search Remote Code Execution
1004302* - Microsoft Windows Shortcut Remote Code Execution
1001032* - Microsoft Windows URI Handler Registration Vulnerability
1001069* - Microsoft Windows Vista Feed Headlines Gadget Code Execution
1001137* - Microsoft vCard URL Handling Vulnerability
1004349* - Movie Maker Memory Corruption Vulnerability
1004928* - Msvcrt.dll Buffer Overflow Vulnerability (CVE-2012-0150)
1003541* - Multiple Products libxml2 XML File Processing Long Entity Name Buffer Overflow
1003703* - OpenOffice Word Document Table Parsing Heap Overflow
1004024* - OpenOffice.org Microsoft Word File sprmTSetBrc Processing Buffer Overflow
1004541* - OpenType Font File CFF table Code Execution Vulnerability
1004538* - OpenType Font File CMAP Table Paring Vulnerability
1004485* - OpenType Font Parsing Vulnerability
1004621* - Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability
1004932* - Oracle Java SE Deployment Component Unspecified Remote Code Execution
1004614* - Real Networks RealPlayer '.AVI' File Parsing Buffer Overflow
1004868* - RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability
1002746* - RealNetworks Multiple Products SMIL Wallclock Stack Overflow
1002750* - RealNetworks RealPlayer Invalid Chunk Size Heap Overflow Vulnerability
1002745* - RealNetworks RealPlayer Multiple Products RA File Processing Heap Overflow
1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability
1004781* - RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability
1002571* - SAMI Format Parsing Vulnerability
1002291* - Sun Java Web Start Charset Encoding Stack Buffer Overflow
1002653* - Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow
1002649* - Sun Java Web Start JNLP vm args Stack Overflow
1004543* - TIFF Image Converter Buffer Overflow Vulnerability
1004546* - TIFF Image Converter Heap Overflow Vulnerability
1003603* - VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
1002630* - VideoLAN VLC Media Player WAV Processing Integer Overflow
1003201* - VideoLAN VLC real.c ReadRealIndex Real Demuxer Integer Overflow
1001637* - WebDAV Mini-Redirector Remote Code Execution
1003825* - Win32k EOT Parsing Vulnerability
1003823* - Win32k TTF Parsing Vulnerability
1004844* - Winamp AMF File Handling Overflow
1004845* - Winamp Midi File Handling Overflow
1003710* - Windows Media Playback Memory Corruption Vulnerability
1003760* - Windows Media Runtime Voice Sample Rate Vulnerability
1003116* - Windows Saved Search Vulnerability
1003115* - Windows Search Parsing Vulnerability
1003785* - Xpdf Splash DrawImage Integer Overflow
1004753* - libsndfile PAF File Processing Integer Overflow


Web Client Internet Explorer
1003267* - Microsoft Internet Explorer Uninitialized Memory Corruption


Web Server Common
1004859* - Disallowed HTTP header


Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)


Windows Services RPC Client
1006558* - Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability - 1


Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-019 (June 24, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006810 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
1006654* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3043)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.