Rule Update
18-011 (February 20, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
DCERPC Services
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1005293* - Prevent Windows Administrator User Login Over SMB
DCERPC Services - Client
1006784* - Identified Windows Group Policy Files Downloaded From Untrusted Sources
Directory Server LDAP
1000086* - CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow
FTP Server Common
1000914* - FTP Argument Check
Mail Server Microsoft Exchange
1002632* - Microsoft Outlook Web Access For Exchange Server HTML Validating Cross Site Scripting
Oracle Internet Directory
1003917* - Oracle Internet Directory 'oidldapd' Remote Memory Corruption Vulnerability
TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
1000515* - CVS Max-dotdot Command Integer Overflow
Unix Samba SWAT
1000525* - Samba SWAT HTTP Authentication Buffer Overflow
Unix Subversion
1000519* - Subversion svn Protocol String Parsing Vulnerability
Web Application PHP Based
1005664* - PHP 'ip2long' Function String Validation Weakness Vulnerability
Web Application Tomcat
1003954* - Apache Tomcat Directory Traversal Weakness
1003094* - Identified runtime.getRuntime().exec() In HTTP Request
Web Client Common
1008891 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 1
1008883 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008886 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008885 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1004010* - FFmpeg Version Multiple Remote Vulnerabilities
1004308* - Identified PIF File Over HTTP
1005290* - Identified Suspicious JavaScript iframe Object
1004301* - Microsoft Office Outlook Web Access For Exchange Server 2003 XSRF Vulnerability
1004760* - Restrict Web Client Telnet And Remote Login Handlers
Web Client Internet Explorer/Edge
1005190* - Identified GE Proficy Historian KeyHelp ActiveX Control With LaunchTriPane Function
1001250* - Microsoft Internet Explorer HP Compaq Notebooks ActiveX Remote Code Execution
1004832* - Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Web Server Apache
1004668* - Apache APR 'apr_fnmatch()' Denial Of Service Vulnerability
1004655* - Apache mod_perl 'path_info' Denial Of Service
Web Server HTTPS
1004351* - Detected Malicious HTTP Requests
Web Server IIS
1003508* - Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability
Web Server Miscellaneous
1008751* - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008843 - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities
Web Server Squid
1000388* - Restrict Squid Cache Manager Access
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
DCERPC Services
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1005293* - Prevent Windows Administrator User Login Over SMB
DCERPC Services - Client
1006784* - Identified Windows Group Policy Files Downloaded From Untrusted Sources
Directory Server LDAP
1000086* - CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow
FTP Server Common
1000914* - FTP Argument Check
Mail Server Microsoft Exchange
1002632* - Microsoft Outlook Web Access For Exchange Server HTML Validating Cross Site Scripting
Oracle Internet Directory
1003917* - Oracle Internet Directory 'oidldapd' Remote Memory Corruption Vulnerability
TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
1000515* - CVS Max-dotdot Command Integer Overflow
Unix Samba SWAT
1000525* - Samba SWAT HTTP Authentication Buffer Overflow
Unix Subversion
1000519* - Subversion svn Protocol String Parsing Vulnerability
Web Application PHP Based
1005664* - PHP 'ip2long' Function String Validation Weakness Vulnerability
Web Application Tomcat
1003954* - Apache Tomcat Directory Traversal Weakness
1003094* - Identified runtime.getRuntime().exec() In HTTP Request
Web Client Common
1008891 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 1
1008883 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008886 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008885 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1004010* - FFmpeg Version Multiple Remote Vulnerabilities
1004308* - Identified PIF File Over HTTP
1005290* - Identified Suspicious JavaScript iframe Object
1004301* - Microsoft Office Outlook Web Access For Exchange Server 2003 XSRF Vulnerability
1004760* - Restrict Web Client Telnet And Remote Login Handlers
Web Client Internet Explorer/Edge
1005190* - Identified GE Proficy Historian KeyHelp ActiveX Control With LaunchTriPane Function
1001250* - Microsoft Internet Explorer HP Compaq Notebooks ActiveX Remote Code Execution
1004832* - Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Web Server Apache
1004668* - Apache APR 'apr_fnmatch()' Denial Of Service Vulnerability
1004655* - Apache mod_perl 'path_info' Denial Of Service
Web Server HTTPS
1004351* - Detected Malicious HTTP Requests
Web Server IIS
1003508* - Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability
Web Server Miscellaneous
1008751* - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008843 - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities
Web Server Squid
1000388* - Restrict Squid Cache Manager Access
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more