Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Unix Samba
1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)


Web Application PHP Based
1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)


Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder


Web Server HTTPS
1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)


Web Server Miscellaneous
1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)


Integrity Monitoring Rules:

1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1002831* - Unix - Syslog
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

H2 Database
1011281 - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)


LDAP Client
1011269 - Identified Java Code Download Attempt Over LDAP


Web Application Common
1011103* - PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)


Web Application PHP Based
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
1011283 - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)


Web Server Common
1011279 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
1011285 - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)


Web Server HTTPS
1011247* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22238)


Web Server Miscellaneous
1011253 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)


Zoho ManageEngine
1011284 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Mail Server Common
1010001* - Dovecot And Pigeonhole Remote Code Execution Vulnerability (CVE-2019-11500)


Web Application PHP Based
1011278 - October CMS Security Bypass Vulnerability (CVE-2021-32648)


Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)


Web Client Common
1011276 - Adobe Acrobat And Reader Improper Access Control Vulnerability (CVE-2021-44702)
1011275 - Adobe Acrobat And Reader Improper Input Validation Vulnerability (CVE-2021-44739)
1011277 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-01)


Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1011270 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1011274 - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
1011262 - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)


Web Server HTTPS
1011247 - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22238)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011273 - Microsoft Windows Firewall Events
1011250* - Web Server - Apache - 2
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Linux Kernel TIPC
1011263 - Linux Kernel TIPC Heap Buffer Overflow Vulnerability (CVE-2021-43267)


SolarWinds Network Performance Monitor
1011230* - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)


Web Application Common
1011259* - Dolibarr ERP And CRM Command Injection Vulnerability (CVE-2021-33816)
1011258* - Dolibarr ERP And CRM Stored Cross-Site Scripting Vulnerability (CVE-2021-33618)
1011198* - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)


Web Application PHP Based
1011266 - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1011261 - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
1011264 - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011013* - WordPress 'Stop Spammers' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24245)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)


Web Application Ruby Based
1011243* - Grafana Path Traversal Vulnerability (CVE-2021-43798)


Web Client Common
1011032* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)


Web Server Common
1011245* - Apache APISIX 'uri-block' Plugin Path Traversal Vulnerability (CVE-2021-43557)
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1011265 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)


Web Server HTTPS
1011196* - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)


Web Server Miscellaneous
1011256* - Jenkins 'Artifact Repository Parameter' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21622)


Web Server SharePoint
1011233* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-40487)


Windows SMB Server
1011251* - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)


Zoho ManageEngine
1011248* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
1011257* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011255* - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1011259 - Dolibarr ERP And CRM Command Injection Vulnerability (CVE-2021-33816)
1011258 - Dolibarr ERP And CRM Stored Cross-Site Scripting Vulnerability (CVE-2021-33618)


Web Application PHP Based
1011252 - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)


Web Server Common
1011245 - Apache APISIX 'uri-block' Plugin Path Traversal Vulnerability (CVE-2021-43557)
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)


Web Server Miscellaneous
1011256 - Jenkins 'Artifact Repository Parameter' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21622)


Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)


Zoho ManageEngine
1011257 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011255 - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Storm Nimbus
1011236* - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


Directory Server LDAP
1011246 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over LDAP (CVE-2021-42278)


SolarWinds Network Performance Monitor
1011229* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221* - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
1011230 - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)


Web Application Common
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
1011198 - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)


Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header


Web Server HTTPS
1011232* - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


Web Server SharePoint
1011224* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


Web Server Squid
1011234* - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


Windows SMB Server
1011251 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)


Zoho ManageEngine
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011250 - Web Server - Apache - 2
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Common
1011249 - Apache Log4j Denial of Service Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Storm Nimbus
1011236 - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


SolarWinds Network Performance Monitor
1011229 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221 - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)


Web Application Ruby Based
1011243 - Grafana Path Traversal Vulnerability (CVE-2021-43798)


Web Client Common
1011240 - Chromium Memory Corruption Vulnerability (CVE-2021-21118)
1011244 - Chromium Sandbox Bypass Vulnerability (CVE-2021-21132)
1011239 - Google Chrome Type Confusion Vulnerability (CVE-2021-30588)
1011238 - Google Chrome Use After Free Vulnerability (CVE-2020-15994)


Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Web Server SharePoint
1011224 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


Web Server Squid
1011234 - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


Zoho ManageEngine
1011237 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)


Integrity Monitoring Rules:

1010856* - Linux/Unix - Static boot loader files modified (ATT&CK T1542)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Common
1011242 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011241 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)