Rule Update

19-051 (October 15, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1009947* - HPE Intelligent Management Center Various Expression Language Injection Vulnerabilities


Redis Server
1009967 - Redis Unauthenticated Code Execution Vulnerability


SSL Client
1010014 - Hola VPN Certificate Exchange Detected


SolarWinds Dameware Mini Remote Control
1009999 - SolarWinds DameWare Mini Remote Control CltDHPubKeyLen Out Of Bounds Read Vulnerability (CVE-2019-3956)
1010005 - SolarWinds DameWare Mini Remote Control RsaSignatureLen Out Of Bounds Read Vulnerability (CVE-2019-3957)


Web Application Common
1009531* - Jenkins CI Server Groovy Plugin Sandbox Bypass Multiple Vulnerabilities


Web Client Common
1010007 - LibreOffice Macro Python Code Execution Vulnerability (CVE-2019-9851)
1009987* - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1249)
1010024 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1250)


Web Server NAI ePolicy Orchestrator
1002360* - McAfee ePolicy Orchestrator Framework Services HTTP Buffer Overflow


Integrity Monitoring Rules:

1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050, T1036, T1031)


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3
1009771 - Microsoft Windows Sysmon Events - 1
1009777 - Microsoft Windows Sysmon Events - 2