Rule Update
15-028 (August 25, 2015)
Publish date: August 26, 2015
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
Backup Server EMC Legato
1001104* - EMC Legato Networker Remote Exec Service Stack Overflow
DNS Client
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
1000159* - Microsoft SMTP Server DNS Handling Buffer Overflow
DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS
Database Oracle
1000251* - Oracle Database Server Buffer Overflow In Procedure START_LOG of CTX_OUTPUT Package
Microsoft Office
1005346* - Identified Suspicious Microsoft Word RTF File
1004978* - MSCOMCTL.OCX RCE Vulnerability For Office Binary File (CVE-2012-0158)
1006625* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)
Novell Configuration Management Preboot Policy Service
1006792 - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability
1006791 - Novell ZENworks Preboot Service Dynamic Port Decoder
Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected
OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
OpenSSL Client
1006920 - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
Web Application PHP Based
1006021* - Joomla JCE Extension Multiple Vulnerabilities
Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability
Web Client Common
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006972* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006958* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006968 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5126)
1006984* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006987* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006967* - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006865* - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006974 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5554)
1006975* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1007012 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5562)
1006969 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5127)
1006988* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006989 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5551)
1006976* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006981* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1007016 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5564)
1006965* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5565)
1006966* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5566)
1007014 - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1007010 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2015-5089)
1007015 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5108)
1007007 - Adobe Reader And Acrobat Multiple Integer Overflow And Information Disclosure Vulnerabilities
1007001 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4443)
1007002 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4444)
1007009 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4435)
1007011 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4438)
1007000 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4441)
1007003 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4445)
1006886* - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1007004 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4449)
1007005 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4451)
1006998 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4452)
1006999 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5085)
1006996 - Identified Suspicious Microsoft Word RTF File - 1
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006944* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006945* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1004834* - Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow
1006699 - libpng Heap Based Buffer Overflow Vulnerability (CVE-2015-0973)
Web Client Internet Explorer
1006957* - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability (CVE-2015-2502)
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006932* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1004977* - Restrict Microsoft Windows Common ListView And TreeView ActiveX Controls
Web Server IIS
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
Web Server Miscellaneous
1005597* - Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
1005994* - Apache Struts Multiple Directory Traversal Vulnerabilities
1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
1006155* - Apache Struts ParameterInterceptor Class OGNL Security Bypass Vulnerability
1004982* - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
1006908 - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities
Web Server Squid
1000388* - Restrict Squid Cache Manager Access
Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected
Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
Log Inspection Rules:
1002795* - Microsoft Windows Events
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
Backup Server EMC Legato
1001104* - EMC Legato Networker Remote Exec Service Stack Overflow
DNS Client
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
1000159* - Microsoft SMTP Server DNS Handling Buffer Overflow
DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS
Database Oracle
1000251* - Oracle Database Server Buffer Overflow In Procedure START_LOG of CTX_OUTPUT Package
Microsoft Office
1005346* - Identified Suspicious Microsoft Word RTF File
1004978* - MSCOMCTL.OCX RCE Vulnerability For Office Binary File (CVE-2012-0158)
1006625* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)
Novell Configuration Management Preboot Policy Service
1006792 - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability
1006791 - Novell ZENworks Preboot Service Dynamic Port Decoder
Novell File Reporter (NFR) Agent
1005260* - Novell File Reporter SRS XML Server Request With Path Element Detected
OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
OpenSSL Client
1006920 - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
Web Application PHP Based
1006021* - Joomla JCE Extension Multiple Vulnerabilities
Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability
Web Client Common
1003186* - Adobe Flash Player For Linux ActionScript ASnative Command Execution
1006972* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5131)
1006958* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5133)
1006968 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5126)
1006984* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5546)
1006987* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5549)
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006967* - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5125)
1006865* - Adobe Flash Player SharedObject Use After Free Vulnerabilities
1006974 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5554)
1006975* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5555)
1006978* - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5558)
1007012 - Adobe Flash Player Type Confusion Memory Corruption Vulnerability (CVE-2015-5562)
1006969 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5127)
1006988* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5550)
1006989 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5551)
1006976* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5556)
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1006981* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5561)
1007016 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5564)
1006965* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5565)
1006966* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5566)
1007014 - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1007010 - Adobe Reader And Acrobat Information Disclosure Vulnerability (CVE-2015-5089)
1007015 - Adobe Reader And Acrobat Integer Overflow Vulnerability (CVE-2015-5108)
1007007 - Adobe Reader And Acrobat Multiple Integer Overflow And Information Disclosure Vulnerabilities
1007001 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4443)
1007002 - Adobe Reader And Acrobat Null Pointer Dereference Vulnerability (CVE-2015-4444)
1007009 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4435)
1007011 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4438)
1007000 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4441)
1007003 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4445)
1006886* - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4447)
1007004 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4449)
1007005 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4451)
1006998 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-4452)
1006999 - Adobe Reader And Acrobat Security Bypass Vulnerability (CVE-2015-5085)
1006996 - Identified Suspicious Microsoft Word RTF File - 1
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1006944* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
1006946* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006948* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
1006945* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
1004834* - Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow
1006699 - libpng Heap Based Buffer Overflow Vulnerability (CVE-2015-0973)
Web Client Internet Explorer
1006957* - Microsoft Internet Explorer Arbitrary Remote Code Execution Vulnerability (CVE-2015-2502)
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
1006930* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
1006932* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
1004977* - Restrict Microsoft Windows Common ListView And TreeView ActiveX Controls
Web Server IIS
1005622* - Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
Web Server Miscellaneous
1005597* - Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
1005994* - Apache Struts Multiple Directory Traversal Vulnerabilities
1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
1006155* - Apache Struts ParameterInterceptor Class OGNL Security Bypass Vulnerability
1004982* - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
1006908 - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities
Web Server Squid
1000388* - Restrict Squid Cache Manager Access
Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected
Windows Services RPC Server
1000735* - Microsoft Windows Server Service Remote Code Execution
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
Log Inspection Rules:
1002795* - Microsoft Windows Events
Featured Stories
- Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
- Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more