Rule Update

15-017 (June 9, 2015)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Remote Login
1002508* - Application Control For RDP


HP Intelligent Management Center (IMC)
1005476* - HP Intelligent Management Center Multiple Information Disclosure Vulnerabilities


Microsoft Office
1006771 - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
1006769 - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770 - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)


OpenSSL Client
1006318* - Multiple Browser Wildcard Certificate Spoofing Vulnerability
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)


Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic


VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability


Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request


Web Client Apple Safari
1004362* - Apple Safari For Windows Long Link DoS


Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006772 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
1006773 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
1006774 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
1006776 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006778 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006781 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
1006779 - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006775 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
1006657 - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006777 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
1006780 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1004715* - HTTP Web Client Decoding
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006619* - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
1006782 - Microsoft Windows HTML Application Denial Of Service Vulnerability


Web Client Internet Explorer
1003268* - CSS Memory Corruption Vulnerability (CVE-2009-0076)
1006761 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
1006745 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
1006747 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
1006748 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
1006749 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006751 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1006752 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006753 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
1006755 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
1006756 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
1006757 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
1006758 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006762 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
1006763 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
1006764 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006765 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
1006766 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
1006767 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
1005110* - Novell iPrint Client 'nipplib.dll' GetDriverSettings Realm Remote Code Execution Vulnerability


Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1


Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass


Web Server SharePoint
1003815* - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability


Windows Services RPC Client
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
1006677 - Suspicious Files Detected In Operating System Directories
1006658 - Suspicious Files Detected In Temporary Directories
1006683* - Suspicious Running Processes Detected
1003002* - Web Browser - Internet Explorer


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.