Rule Update

18-006 (January 23, 2018)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1003292* - Block Conficker.B++ Worm Incoming Named Pipe Connection
1004807* - Identified SMB Raw Named Pipe In Write Mode


DCERPC Services - Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1004373* - Identified Microsoft DLL File Over Network Share
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)


Database MySQL
1005063* - Restrict MySQL Database Access


Database Oracle
1004995* - Oracle Database TNS Listener Poison Attack Vulnerability


FTP Server Common
1003784* - FTP Server Restrict Executable File Uploads
1005461* - Identified FTP Connection Without AUTH Command


HP Intelligent Management Center (IMC)
1008806 - HPE Intelligent Management Center FileUploadServlet Directory Traversal Vulnerability (CVE-2017-5794)


HP Intelligent Management Center Dbman
1008790 - HPE Intelligent Management Center dbman Opcode 10012 Use-After-Free Remote Code Execution Vulnerability (CVE-2017-12561)


Mail Server Exim
1008758* - Exim Unix Mailer Multiple Security Vulnerabilities


Microsoft Office
1004853* - Identified Suspicious Microsoft Office Files With Embedded Font
1005615* - Identified Suspicious Usage Of Shellcode In Microsoft Office Files
1004647* - Restrict Microsoft Office File With Embedded SWF
1005158* - Restrict Microsoft Office Files With Embedded SWF - 2


Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected


Oracle Tuxedo JOLT
1008845 - Oracle Tuxedo Remote Security Vulnerability (CVE-2017-10269)


Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V


Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic


Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS


Web Application Common
1004888* - Restrict Number Of Parameters In HTTP Request


Web Application PHP Based
1005465* - Identified Access To WordPress Sensitive Files
1006021* - Joomla JCE Extension Multiple Vulnerabilities
1000208* - SquirrelMail IMAP Command Injection Vulnerability
1000209* - SquirrelMail SMTP Command Injection Vulnerability
1006432* - WordPress Slider Revolution Responsive/Showbiz Pro Responsive Teaser Multiple Security Bypass Vulnerabilities


Web Client Common
1008833 - Foxit Reader JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerabilities
1005389* - Identified Suspicious Download Of Executable File Over HTTP
1004900* - Identified Suspicious Microsoft Office Files With Embedded Objects


Web Client Internet Explorer/Edge
1004339* - Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability


Web Server Common
1008724* - Trend Micro SafeSync For Enterprise 'device_id' 'role' Command Injection Vulnerability
1008723* - Trend Micro SafeSync For Enterprise Command Injection Vulnerability


Web Server Miscellaneous
1008673 - IBM Informix Open Admin Tool Heap Buffer Overflow Vulnerability (CVE-2017-1092)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories