Rule Update
18-010 (February 13, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1004808* - Identified Big-Endian Byte Order
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
DCERPC Services - Client
1004293* - Identified Microsoft Windows Shortcut File Over Network Share
Database Microsoft SQL
1000917* - Restrict Microsoft SQL Server XP_CMDSHELL Procedure
Directory Server LDAP
1005455* - Microsoft Active Directory Memory Consumption Vulnerability (CVE-2013-1282)
HP Intelligent Management Center (IMC)
1008764* - HPE Intelligent Management Center Directory Traversal Vulnerabilities
Microsoft Office
1004283* - Identified Suspicious Usage Of ACCWIZ.dll ActiveX Control In Microsoft Office Documents
1008872 - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
1005014* - Restrict Microsoft Office File With Embedded EMF
1005019* - Restrict Microsoft Office File With Linked SWF
NFS Server
1008802* - Linux Kernel NFSv4 nfsd PNFS Denial Of Service Vulnerability (CVE-2017-8797)
Oracle Internet Directory
1002652* - Oracle Internet Directory Remote Preauthentication DoS
1003938* - Oracle Internet Directory oidldapd 'gslsbnrNormalizeString' DoS
TFTP Server
1000928* - AT-TFTP Server Long Filename Buffer Overflow
Unix CFEngine
1000451* - CFEngine CFServD Transaction Packet Buffer Overrun Vulnerability
Unix dtspcd
1000433* - Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
Web Application Tomcat
1006107* - Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure
Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008878 - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2018-4877)
1003746* - IBM Installation Manager IIM URI Handling Code Execution
1002443* - IBM Lotus Expeditor URI Handler Command Execution Vulnerability
1003479* - IceWarp Merak Web Mail Server 'cleanHTML()' Function Cross-Site Scripting Vulnerability
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1004649* - Microsoft Compiled HTML Help File Stack Overflow Vulnerability
1008877 - Microsoft Windows Multiple Security Vulnerabilities (Feb-2018)
1008866 - Microsoft Windows StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825)
Web Client Internet Explorer/Edge
1002964* - Cumulative Security Update of ActiveX Kill Bits - October 2008
1004020* - Domino Web Access ActiveX Control Unspecified Buffer Overflow Vulnerability
1004297* - Microsoft Clip Organizer Multiple Insecure ActiveX Control Vulnerability
1008867 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0834)
1008868 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1008869 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0837)
1008870 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0838)
1008873 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0858)
1008874 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0860)
1008871 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0840)
1008881 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0866)
1005192* - Restrict Cisco AnyConnect Secure Mobility Client ActiveX Controls
1004098* - Restrict Windows Media Player ActiveX Control
Web Client Mozilla Firefox
1003580* - Mozilla Firefox Location Bar Spoofing Vulnerability
1003323* - Mozilla Firefox XBL Script Injection
Web Client SSL
1006296* - Detected SSLv3 Response
1006298* - Identified CBC Based Cipher Suite In SSLv3 Request
Web Server Apache
1000640* - Apache Geronimo Web Access log Viewer Scripts Insertion
Web Server IIS
1005076* - Detected Microsoft Windows Short File/Dir Names Over HTTP
1004887* - Microsoft .NET Framework Forms Authentication URI Spoofing Vulnerability (CVE-2011-3415)
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
Web Server Miscellaneous
1008747* - Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)
1008840 - Apache CouchDB '_config' Command Execution Vulnerability (CVE-2017-12636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008852 - Auditd
1004057* - Microsoft Windows Security Events - 1
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
DCERPC Services
1004808* - Identified Big-Endian Byte Order
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
DCERPC Services - Client
1004293* - Identified Microsoft Windows Shortcut File Over Network Share
Database Microsoft SQL
1000917* - Restrict Microsoft SQL Server XP_CMDSHELL Procedure
Directory Server LDAP
1005455* - Microsoft Active Directory Memory Consumption Vulnerability (CVE-2013-1282)
HP Intelligent Management Center (IMC)
1008764* - HPE Intelligent Management Center Directory Traversal Vulnerabilities
Microsoft Office
1004283* - Identified Suspicious Usage Of ACCWIZ.dll ActiveX Control In Microsoft Office Documents
1008872 - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
1005014* - Restrict Microsoft Office File With Embedded EMF
1005019* - Restrict Microsoft Office File With Linked SWF
NFS Server
1008802* - Linux Kernel NFSv4 nfsd PNFS Denial Of Service Vulnerability (CVE-2017-8797)
Oracle Internet Directory
1002652* - Oracle Internet Directory Remote Preauthentication DoS
1003938* - Oracle Internet Directory oidldapd 'gslsbnrNormalizeString' DoS
TFTP Server
1000928* - AT-TFTP Server Long Filename Buffer Overflow
Unix CFEngine
1000451* - CFEngine CFServD Transaction Packet Buffer Overrun Vulnerability
Unix dtspcd
1000433* - Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
Web Application Tomcat
1006107* - Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability
1001074* - Apache Tomcat Cookie Handling Session ID Disclosure
Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008878 - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2018-4877)
1003746* - IBM Installation Manager IIM URI Handling Code Execution
1002443* - IBM Lotus Expeditor URI Handler Command Execution Vulnerability
1003479* - IceWarp Merak Web Mail Server 'cleanHTML()' Function Cross-Site Scripting Vulnerability
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1004649* - Microsoft Compiled HTML Help File Stack Overflow Vulnerability
1008877 - Microsoft Windows Multiple Security Vulnerabilities (Feb-2018)
1008866 - Microsoft Windows StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825)
Web Client Internet Explorer/Edge
1002964* - Cumulative Security Update of ActiveX Kill Bits - October 2008
1004020* - Domino Web Access ActiveX Control Unspecified Buffer Overflow Vulnerability
1004297* - Microsoft Clip Organizer Multiple Insecure ActiveX Control Vulnerability
1008867 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0834)
1008868 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1008869 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0837)
1008870 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0838)
1008873 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0858)
1008874 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0860)
1008871 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0840)
1008881 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0866)
1005192* - Restrict Cisco AnyConnect Secure Mobility Client ActiveX Controls
1004098* - Restrict Windows Media Player ActiveX Control
Web Client Mozilla Firefox
1003580* - Mozilla Firefox Location Bar Spoofing Vulnerability
1003323* - Mozilla Firefox XBL Script Injection
Web Client SSL
1006296* - Detected SSLv3 Response
1006298* - Identified CBC Based Cipher Suite In SSLv3 Request
Web Server Apache
1000640* - Apache Geronimo Web Access log Viewer Scripts Insertion
Web Server IIS
1005076* - Detected Microsoft Windows Short File/Dir Names Over HTTP
1004887* - Microsoft .NET Framework Forms Authentication URI Spoofing Vulnerability (CVE-2011-3415)
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
Web Server Miscellaneous
1008747* - Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)
1008840 - Apache CouchDB '_config' Command Execution Vulnerability (CVE-2017-12636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008852 - Auditd
1004057* - Microsoft Windows Security Events - 1
1008670* - Microsoft Windows Security Events - 3
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more