Deep Security Center

RULE UPDATE: 15-032 (October 13, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1007119 - Identified Malicious Adobe Flash SWF File - 2


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-031 (October 13, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1003655* - Application Control For Share NT5


Directory Server LDAP
1002614* - OpenLDAP ber_get_next BER Decoding Denial of Service


HP AutoPass License Server
1006811 - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)


Microsoft Office
1006941* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1007110 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555)
1007111 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557)
1007112 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)


OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006920* - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


Suspicious Client Application Activity
1007116 - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability


Web Application PHP Based
1006656* - Magento Admin Authentication Bypass Vulnerability


Web Client Common
1007090 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6676)
1007093 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6678)
1006772* - Adobe Flash Player Cross Domain Policy Bypass Vulnerability
1006985* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1007073 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5567)
1007078 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007079 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5575)
1007080 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5576)
1007081 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5578)
1007082 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5579)
1007083 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5580)
1007085 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5582)
1007088 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5588)
1002948* - Adobe Flash Player SWF Version Null Pointer Dereference Denial Of Service
1007076 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5572)
1007091 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-6679)
1007087 - Adobe Flash Player Stack Buffer Overflow Vulnerability (CVE-2015-5587)
1007077 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-5573)
1007115 - Adobe Flash Player Use After Free Vulnerability
1006590* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1006780* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1007075 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5570)
1007084 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5581)
1007086 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5584)
1007092 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-6682)
1007074 - Adobe Flash Player Vector Length Corruption Vulnerability (CVE-2015-5568)
1007063 - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1006631* - Identified File Protocol Handler In HTTP Location Header
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1007061 - Mozilla Firefox Arbitrary JavaScript Code Execution
1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability


Web Client Internet Explorer
1007106 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046)
1007102 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007108 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059)
1007097 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007098 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007099 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048)
1007100 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007101 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050)
1007096 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007103 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055)
1007107 - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007105 - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
1007104 - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)


Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1


Web Server Common
1007117 - Identified Python Werkzeug Debugger Remote Code Execution


Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability


Web Server Miscellaneous
1006808 - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-030 (September 22, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1003655* - Application Control For Share NT5


Application Control Packet Size Detection
1007034 - Application Control For Share EX2 P2P


Microsoft Office
1007039* - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006940* - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1007040* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)
1006323* - Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
1006471* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
1007059 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)


Port Mapper Windows
1001033* - Windows Port Mapper Decoder


Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)


TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS


Web Application Common
1000608* - Generic SQL Injection Prevention


Web Application Miscellaneous
1003707* - Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability


Web Client Common
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006907 - Google Chrome Type Confusion Remote Code Execution Vulnerability (CVE-2015-1230)
1006996* - Identified Suspicious Microsoft Word RTF File - 1
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006949* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1005351* - Oracle Outside In Technology Paradox Database Stream Filter Vulnerability
1007047* - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)


Web Client Internet Explorer
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007046* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)


Web Client Mozilla Firefox
1006954* - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


Windows Media Service
1004097* - Media Services Stack-based Buffer Overflow Vulnerability


Windows Services DNS Server RPC Interface
1000986* - Microsoft Windows DNS Server RPC Buffer Overflow


Windows Services RPC Client
1006994 - Executable File Download On Network Share Detected


Windows Services RPC Server
1006995 - Remote Add Job Through SMBv1 Protocol Detected
1007037 - Remote Add Job Through SMBv2 Protocol Detected
1007020 - Remote CreateService Request Detected Through SMBv1 Protocol
1007066 - Remote Delete Job Through SMBv1 Protocol Detected
1007038 - Remote Delete Job Through SMBv2 Protocol Detected
1007035 - Remote DeleteService Request Through SMBv1 Detected
1007070 - Remote PWDUMP Through SMBv1 Protocol Detected
1007057 - Remote Registry Access Through SMBv1 Protocol Detected
1007021 - Remote Registry Access Through SMBv2 Protocol Detected
1007032 - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007033 - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1007069 - Remote Service Execution Through SMBv1 Detected


Windows Services RPC Server DCERPC
1007054 - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053 - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017 - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068 - Remote Service Execution Through SMBv2 Protocol Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-029 (September 8, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Download Manager
1004902* - Application Control For JDownloader


Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
1005063* - Restrict MySQL Database Access


Mail Server Common
1000883* - SMTP Header Length Restriction


Microsoft Office
1007039 - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006939* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1007040 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)


Novell Configuration Management Preboot Policy Service
1006792* - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability


Suspicious Server Application Activity
1004735* - Detected IP Messenger Server Traffic
1001164* - Detected Terminal Services (RDP) Server Traffic


Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS


Web Application PHP Based
1005465* - Identified Access To WordPress Sensitive Files
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability


Web Client Common
1007023 - Adobe Flash Player Cross Domain Information Disclosure Vulnerability (CVE-2015-5116)
1007022 - Adobe Flash Player DefineBitsLossless Memory Corruption Vulnerability (CVE-2015-3093)
1006409* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8460)
1005676* - Identified Download Of XML File With External Entity Reference
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007029 - Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-2513)
1006950* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1007052 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2506)
1007047 - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
1006927 - libtiff bmp2tiff Denial Of Service Vulnerability (CVE-2014-9330)


Web Client Internet Explorer
1007041 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2483)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006931* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1007024 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2485)
1007025 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2486)
1007026 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007028 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2490)
1007030 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2491)
1007043 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2492)
1007045 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2498)
1007046 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
1007048 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2500)
1007049 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2501)
1007044 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2493)


Web Server Miscellaneous
1006908* - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-029 (September 8, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Download Manager
1004902* - Application Control For JDownloader


Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
1005063* - Restrict MySQL Database Access


Mail Server Common
1000883* - SMTP Header Length Restriction


Microsoft Office
1007039 - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006939* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1007040 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)


Novell Configuration Management Preboot Policy Service
1006792* - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability


Suspicious Server Application Activity
1004735* - Detected IP Messenger Server Traffic
1001164* - Detected Terminal Services (RDP) Server Traffic


Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS


Web Application PHP Based
1005465* - Identified Access To WordPress Sensitive Files
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability


Web Client Common
1007023 - Adobe Flash Player Cross Domain Information Disclosure Vulnerability (CVE-2015-5116)
1007022 - Adobe Flash Player DefineBitsLossless Memory Corruption Vulnerability (CVE-2015-3093)
1006409* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8460)
1005676* - Identified Download Of XML File With External Entity Reference
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007029 - Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-2513)
1006950* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1007052 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2506)
1007047 - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
1006927 - libtiff bmp2tiff Denial Of Service Vulnerability (CVE-2014-9330)


Web Client Internet Explorer
1007041 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2483)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006931* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1007024 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2485)
1007025 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2486)
1007026 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007028 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2490)
1007030 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2491)
1007043 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2492)
1007045 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2498)
1007046 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
1007048 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2500)
1007049 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2501)
1007044 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2493)


Web Server Miscellaneous
1006908* - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-028 (August 25, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service


Backup Server EMC Legato
1001104* - EMC Legato Networker Remote Exec Service Stack Overflow


DNS Client
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
1000159* - Microsoft SMTP Server DNS Handling Buffer Overflow


DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS


Database Oracle
1000251* - Oracle Database Server Buffer Overflow In Procedure START_LOG of CTX_OUTPUT Package


Microsoft Office
1005346* - Identified Suspicious Microsoft Word RTF File
1004978* - MSCOMCTL.OCX RCE Vulnerability For Office Binary File (CVE-2012-0158)
1006625* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)


Novell Configuration Management Preboot Policy Service
1006792 - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability
1006791 - Novell ZENworks Preboot Service Dynamic Port Decoder


Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected


OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006920 - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


Web Application PHP Based
1006021* - Joomla JCE Extension Multiple Vulnerabilities


Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability


Web Client Common
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006972* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006958* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006968 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5126)
1006984* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006987* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006967* - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006865* - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006974 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5554)
1006975* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1007012 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5562)
1006969 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5127)
1006988* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006989 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5551)
1006976* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006981* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1007016 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5564)
1006965* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5565)
1006966* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5566)
1007014 - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1007010 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2015-5089)
1007015 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5108)
1007007 - Adobe Reader And Acrobat Multiple Integer Overflow And Information Disclosure Vulnerabilities
1007001 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4443)
1007002 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4444)
1007009 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4435)
1007011 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4438)
1007000 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4441)
1007003 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4445)
1006886* - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1007004 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4449)
1007005 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4451)
1006998 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4452)
1006999 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5085)
1006996 - Identified Suspicious Microsoft Word RTF File - 1
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006944* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006945* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1004834* - Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow
1006699 - libpng Heap Based Buffer Overflow Vulnerability (CVE-2015-0973)


Web Client Internet Explorer
1006957* - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability (CVE-2015-2502)
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006932* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1004977* - Restrict Microsoft Windows Common ListView And TreeView ActiveX Controls


Web Server IIS
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability


Web Server Miscellaneous
1005597* - Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
1005994* - Apache Struts Multiple Directory Traversal Vulnerabilities
1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
1006155* - Apache Struts ParameterInterceptor Class OGNL Security Bypass Vulnerability
1004982* - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
1006908 - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


Web Server Squid
1000388* - Restrict Squid Cache Manager Access


Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected


Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected


Log Inspection Rules:

1002795* - Microsoft Windows Events
RULE UPDATE: 15-027 (August 14, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1006970 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5129)
1006972 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006973 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006958 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006962 - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5541)
1006980 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1006964 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5544)
1006983 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5545)
1006984 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006985 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1006987 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006990 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5552)
1006991 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5553)
1006636* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0349)
1006967 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006975 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1006965 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3107)
1006966 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5124)
1006971 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5130)
1006959 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5134)
1006960 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5539)
1006961 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5540)
1006988 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006976 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006979 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5559)
1006981 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1006982 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5563)
1006599* - Identified Suspicious Obfuscated JavaScript – 3


Web Client Internet Explorer
1006992 - Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2445)
1006957 - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-026 (August 11, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006624 - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1006936 - Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
1006940 - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1006937 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
1006938 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
1006939 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
1006941 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1005158* - Restrict Microsoft Office Files With Embedded SWF - 2


OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


Oracle MySQL InnoDB Memcached Plugin
1005511* - Oracle MySQL Server InnoDB MemCached Remote Denial Of Service Vulnerability


Web Application PHP Based
1006817* - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819* - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821* - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006858* - Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
1006914* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006915 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3134)
1006866* - Adobe Flash Player Multiple Use After Free Vulnerabilities
1006863* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3119)
1006864* - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3121)
1006913* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006918* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006943 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5117)
1006885 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2014-8450)
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006944 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006949 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1006950 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
1006955 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
1006956 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
1006945 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1006951 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
1006952 - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)


Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006928 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
1006929 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006931 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
1006932 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1006933 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
1006934 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
1006935 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)


Web Client Mozilla Firefox
1006954 - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


Web Server Common
1000128* - HTTP Protocol Decoding


Web Server Miscellaneous
1004874* - TimThumb Plugin Remote Code Execution Vulnerability


Web Server RealVNC
1006884 - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)


Windows Services RPC Server
1006906* - Identified Usage Of PsExec Command Line Tool


Integrity Monitoring Rules:

1006803 - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800 - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006802 - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801 - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006798 - TMTR-0005: Suspicious Files Detected In Application Directories
1006797 - TMTR-0006: Suspicious Files Detected In Application Directories
1006796 - TMTR-0007: Suspicious Files Detected In Application Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1006805 - TMTR-0009: Suspicious Files Detected In System Folder
1006804 - TMTR-0010: Suspicious Files Detected In System Folder
1006795 - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799 - TMTR-0014: Suspicious Service Detected
1006684* - TMTR-0015: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
1006691* - TMTR-0017: Microsoft Windows - SAM Domain Account Users Modification Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-025 (August 3, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1006909 - ISC BIND Zone Query Handler Denial Of Service Vulnerability


DNS Server
1006924 - ISC BIND TKEY Query Handling Denial Of Service Vulnerability (CVE-2015-5477)
1006925 - ISC BIND TKEY Query Handling Denial Of Service Vulnerability (CVE-2015-5477) - 1


Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic


Web Client Common
1006914 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3130)
1006917 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-4431)
1006923 - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-3133)
1006921 - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-3126)
1006922 - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-4429)
1006910 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3120)
1006911 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-3122)
1006912 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3124)
1006913 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3129)
1006919 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3132)
1006916 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1006918 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4433)
1006815 - Google Chrome SpeechRecognitionClient Use After Free Vulnerability (CVE-2015-1251)


Web Server Common
1005567* - Identified No Ending Protocol In HTTP Request


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-024 (July 28, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1006574* - Microsoft Office Local Zone Remote Code Execution Vulnerability (CVE-2015-0097)
1004099* - Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability


OpenSSL
1006855* - OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
1006854 - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
1006806* - OpenSSL Malformed ECParameters Infinite Loop Denial Of Service Vulnerability


Unix CUPS
1006814* - CUPS Print Service Remote Privilege Escalation Vulnerability


Web Application Common
1005936* - Identified Local File Inclusion (LFI) Over HTTP
1006823* - Identified Suspicious Command Injection Attack - 1


Web Application PHP Based
1006817 - PHP 'phar_parse_tarfile' Memory Corruption Vulnerability
1006819 - PHP DateTime Use After Free Vulnerability (CVE-2015-0273)
1006821 - PHP DateTimeZone Type Confusion Information Disclosure Vulnerability


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006905 - Adobe Flash Player Unspecified Memory Corruption Vulnerability (CVE-2015-3123)
1006903* - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
1006890 - Adobe Reader And Acrobat Buffer Overflow Vulnerability (CVE-2015-5093)
1006893 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5097)
1006889 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5087)
1006891 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5094)
1006894 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5098)
1006896 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5100)
1006897 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5101)
1006898 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5102)
1006899 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5103)
1006900 - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2015-5104)
1006886 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1006888 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5086)
1006887 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-4448)
1006892 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5095)
1006895 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5099)
1006901 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5111)
1006902 - Adobe Reader And Acrobat Use After Free Vulnerability (CVE-2015-5113)
1006883 - Google Chrome Cross Site Scripting Filter Bypass Vulnerability
1006872* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-2369)
1006857* - Oracle Java SE Remote Code Execution Vulnerability (CVE-2015-2590)


Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006832* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2401)
1006869* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2425)


Web Client Mozilla Firefox
1006825 - Mozilla Firefox XrayWrapper Privileged Javascript Injection Vulnerability (CVE-2014-8636)


Web Server IIS
1006434* - Microsoft IIS Directory Traversal Vulnerability


Web Server Miscellaneous
1003505* - Microsoft .Net Framework Null Byte Injection Vulnerability


Web Service HP SiteScope
1006816* - HP SiteScope Log Analyzer Privilege Escalation Vulnerability (CVE-2015-2120)


Windows Services RPC Server
1006906 - Identified Usage Of PsExec Command Line Tool


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.