Rule Update
18-011 (February 20, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
DCERPC Services
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1005293* - Prevent Windows Administrator User Login Over SMB
DCERPC Services - Client
1006784* - Identified Windows Group Policy Files Downloaded From Untrusted Sources
Directory Server LDAP
1000086* - CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow
FTP Server Common
1000914* - FTP Argument Check
Mail Server Microsoft Exchange
1002632* - Microsoft Outlook Web Access For Exchange Server HTML Validating Cross Site Scripting
Oracle Internet Directory
1003917* - Oracle Internet Directory 'oidldapd' Remote Memory Corruption Vulnerability
TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
1000515* - CVS Max-dotdot Command Integer Overflow
Unix Samba SWAT
1000525* - Samba SWAT HTTP Authentication Buffer Overflow
Unix Subversion
1000519* - Subversion svn Protocol String Parsing Vulnerability
Web Application PHP Based
1005664* - PHP 'ip2long' Function String Validation Weakness Vulnerability
Web Application Tomcat
1003954* - Apache Tomcat Directory Traversal Weakness
1003094* - Identified runtime.getRuntime().exec() In HTTP Request
Web Client Common
1008891 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 1
1008883 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008886 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008885 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1004010* - FFmpeg Version Multiple Remote Vulnerabilities
1004308* - Identified PIF File Over HTTP
1005290* - Identified Suspicious JavaScript iframe Object
1004301* - Microsoft Office Outlook Web Access For Exchange Server 2003 XSRF Vulnerability
1004760* - Restrict Web Client Telnet And Remote Login Handlers
Web Client Internet Explorer/Edge
1005190* - Identified GE Proficy Historian KeyHelp ActiveX Control With LaunchTriPane Function
1001250* - Microsoft Internet Explorer HP Compaq Notebooks ActiveX Remote Code Execution
1004832* - Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Web Server Apache
1004668* - Apache APR 'apr_fnmatch()' Denial Of Service Vulnerability
1004655* - Apache mod_perl 'path_info' Denial Of Service
Web Server HTTPS
1004351* - Detected Malicious HTTP Requests
Web Server IIS
1003508* - Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability
Web Server Miscellaneous
1008751* - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008843 - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities
Web Server Squid
1000388* - Restrict Squid Cache Manager Access
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
DCERPC Services
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1005293* - Prevent Windows Administrator User Login Over SMB
DCERPC Services - Client
1006784* - Identified Windows Group Policy Files Downloaded From Untrusted Sources
Directory Server LDAP
1000086* - CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow
FTP Server Common
1000914* - FTP Argument Check
Mail Server Microsoft Exchange
1002632* - Microsoft Outlook Web Access For Exchange Server HTML Validating Cross Site Scripting
Oracle Internet Directory
1003917* - Oracle Internet Directory 'oidldapd' Remote Memory Corruption Vulnerability
TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
1000515* - CVS Max-dotdot Command Integer Overflow
Unix Samba SWAT
1000525* - Samba SWAT HTTP Authentication Buffer Overflow
Unix Subversion
1000519* - Subversion svn Protocol String Parsing Vulnerability
Web Application PHP Based
1005664* - PHP 'ip2long' Function String Validation Weakness Vulnerability
Web Application Tomcat
1003954* - Apache Tomcat Directory Traversal Weakness
1003094* - Identified runtime.getRuntime().exec() In HTTP Request
Web Client Common
1008891 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 1
1008883 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008886 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008885 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1004010* - FFmpeg Version Multiple Remote Vulnerabilities
1004308* - Identified PIF File Over HTTP
1005290* - Identified Suspicious JavaScript iframe Object
1004301* - Microsoft Office Outlook Web Access For Exchange Server 2003 XSRF Vulnerability
1004760* - Restrict Web Client Telnet And Remote Login Handlers
Web Client Internet Explorer/Edge
1005190* - Identified GE Proficy Historian KeyHelp ActiveX Control With LaunchTriPane Function
1001250* - Microsoft Internet Explorer HP Compaq Notebooks ActiveX Remote Code Execution
1004832* - Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability
Web Server Apache
1004668* - Apache APR 'apr_fnmatch()' Denial Of Service Vulnerability
1004655* - Apache mod_perl 'path_info' Denial Of Service
Web Server HTTPS
1004351* - Detected Malicious HTTP Requests
Web Server IIS
1003508* - Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability
Web Server Miscellaneous
1008751* - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008843 - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities
Web Server Squid
1000388* - Restrict Squid Cache Manager Access
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
When AI Becomes a Zero-Day Machine: What Public Sector Organizations Need to KnowClaude Mythos Preview shows how AI can rapidly discover and weaponize zero-day vulnerabilities—transforming once human-scale threats into machine-speed attacks. As these capabilities spread, public sector organizations must rely on trusted, proactive defenders like TrendAI™ ZDI to stay ahead of an AI-driven threat landscape.Read more
Hunt Them All: An AI-Powered Vulnerability Sweep of 19,000 MCP ServersIn this research, we analyzed over 19,000 open-source MCP server repositories to uncover how much AI-generated code they contain and how many harbor exploitable vulnerabilities.Read more
Update on Exposed MCP Servers: The Threat Widens to the CloudExposed Model Context Protocol (MCP) servers have become powerful vectors for cloud attacks, enabling threat actors to not only access sensitive data but also take control of the cloud services themselves.Read more
Old Vulnerabilities, New AI Era, Amplified Risk: How Outdated Flaws Continue to Fuel the N-Day Exploit MarketEven as AI adoption accelerates, old exploits remain overlooked weaknesses. Underground trends show a renewed demand for exploits, with cybercriminals relying on aging but still effective vulnerabilities. We examine this blind spot and why long-standing issues need to be addressed.Read more