Rule Update

19-058 (November 26, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1010025* - Microsoft Windows NTLM Tampering Vulnerability (CVE-2019-1166)


HP Intelligent Management Center (IMC)
1010042* - HPE Intelligent Management Center AMF3 Externalizable Deserialization (CVE-2019-11944)


HP Intelligent Management Center Dbman
1010022* - HPE Intelligent Management Center Information Disclosure Vulnerability (CVE-2019-5392)


Solr Service
1010063 - Apache Solr 'Velocity Template' Command Injection Vulnerability (CNVD-2019-38290)
1010038 - Apache Solr DataImportHandler Remote Code Execution Vulnerability (CVE-2019-0193)


Trend Micro OfficeScan
1010041* - Trend Micro ApexOne And OfficeScan Directory Traversal Vulnerability (CVE-2019-18189)
1010040* - Trend Micro ApexOne Command Injection Vulnerability (CVE-2019-18188)
1010039* - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)


Web Application Common
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1100)
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037* - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
1010046* - rConfig Remote Command Execution Vulnerability (CVE-2019-16662)
1010047* - rConfig Remote Command Execution Vulnerability (CVE-2019-16663)


Web Application PHP Based
1010065 - PHP EXIF Uninitialized Read Vulnerabilities (CVE-2019-9638 and CVE-2019-9639)
1010064 - PHP Exif Heap Buffer Overflow Vulnerability (CVE-2019-11040)


Web Client Common
1010066 - Oracle Database ODBC Driver Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2019-2799)


Web Server HTTPS
1010049* - Apache Traffic Server HTTP/2 Denial Of Service Vulnerability (CVE-2019-9515)


Web Server Oracle
1010045 - Oracle Event Processing Arbitrary File Upload Vulnerability (CVE-2014-2424)


Webmin
1010043* - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.