Rule Update

21-052 (November 23, 2021)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share

SolarWinds Network Performance Monitor
1011205* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35218)
1011203* - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-35215)

Web Application Common
1009222* - Identified Directory Traversal Sequence In Zip Archive
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)

Web Client Common
1010619* - Adobe Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2020-24426)
1011211 - Microsoft Visual Studio Code 'Maven for Java' Extension Remote Code Execution Vulnerability (CVE-2021-28472)

Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header

Web Server HTTPS
1011207* - Centreon 'generateImage.php' SQL Injection Vulnerability (CVE-2021-37557)
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerability (CVE-2021-22986)
1011204* - GitLab Remote Code Execution Vulnerability (CVE-2021-22205)
1011216 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)

Zoho ManageEngine ADSelfService Plus
1011194* - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3