Rule Update
18-009 (February 6, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
DCERPC Services - Client
1008577 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2016-3235)
Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
HP Intelligent Management Center (IMC)
1008764 - HPE Intelligent Management Center Directory Traversal Vulnerabilities
Trend Micro OfficeScan
1001050* - Trend Micro OfficeScan Server CGI Module Authentication Bypass
Web Application PHP Based
1008858 - Identified Access To 'wp-admin' Directory
1005725* - PHP 'phar_parse_tarfile' Function Integer Overflow
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability
Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004596* - Detected Night Dragon Network Communication
1005001* - Disallow Packed Executable Download Over HTTP
1003834* - FFmpeg 'lavf_demux' Animated GIF Processing Remote Denial Of Service Vulnerability
1005269* - Identified Download Of DLL File Over WebDAV
1004242* - Media Player Classic '.mpcpl' File Remote Denial Of Service Vulnerability
1008573 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2016-3235)
1008838 - Microsoft Windows ITS Protocol Information Disclosure Vulnerability (CVE-2017-11927)
1004665* - Multiple Browser "res://mshtml.dll" Remote Code Execution
1008457* - Ransomware Erebus
1005395* - Restrict Serialized Java Applet
1002519* - Storm Botnet Redirect Script Insertion Vulnerability
Web Client Internet Explorer/Edge
1004021* - IE DHTML Object Memory Corruption Vulnerability
1005301* - Identified Suspicious JavaScript Encoded Window Location Object
1003931* - Microsoft Windows Script Host wshom.ocx ActiveX RegWrite Code Execution
1004626* - Restrict Cisco Secure Desktop ActiveX Control
1004743* - Restrict Citrix Access Gateway ActiveX Control
1005822* - Restrict IBM iNotes UploadControl ActiveX Controls
1005152* - Restrict Microsoft Windows TabStrip ActiveX Control
Web Client Mozilla Firefox
1004371* - Mozilla Firefox Obfuscated URLs Within Iframes Vulnerability
Web Server Common
1005013* - Restrict Microsoft .Net Executable File Upload
Web Server Miscellaneous
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Web Server Oracle
1003439* - Oracle Application Server 10g OPMN Service Format String Vulnerability
Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
DCERPC Services - Client
1008577 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2016-3235)
Database MySQL
1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
HP Intelligent Management Center (IMC)
1008764 - HPE Intelligent Management Center Directory Traversal Vulnerabilities
Trend Micro OfficeScan
1001050* - Trend Micro OfficeScan Server CGI Module Authentication Bypass
Web Application PHP Based
1008858 - Identified Access To 'wp-admin' Directory
1005725* - PHP 'phar_parse_tarfile' Function Integer Overflow
1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
Web Application Tomcat
1001108* - Apache Tomcat Cookie Handling Single Quotes Vulnerability
Web Client Common
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004596* - Detected Night Dragon Network Communication
1005001* - Disallow Packed Executable Download Over HTTP
1003834* - FFmpeg 'lavf_demux' Animated GIF Processing Remote Denial Of Service Vulnerability
1005269* - Identified Download Of DLL File Over WebDAV
1004242* - Media Player Classic '.mpcpl' File Remote Denial Of Service Vulnerability
1008573 - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2016-3235)
1008838 - Microsoft Windows ITS Protocol Information Disclosure Vulnerability (CVE-2017-11927)
1004665* - Multiple Browser "res://mshtml.dll" Remote Code Execution
1008457* - Ransomware Erebus
1005395* - Restrict Serialized Java Applet
1002519* - Storm Botnet Redirect Script Insertion Vulnerability
Web Client Internet Explorer/Edge
1004021* - IE DHTML Object Memory Corruption Vulnerability
1005301* - Identified Suspicious JavaScript Encoded Window Location Object
1003931* - Microsoft Windows Script Host wshom.ocx ActiveX RegWrite Code Execution
1004626* - Restrict Cisco Secure Desktop ActiveX Control
1004743* - Restrict Citrix Access Gateway ActiveX Control
1005822* - Restrict IBM iNotes UploadControl ActiveX Controls
1005152* - Restrict Microsoft Windows TabStrip ActiveX Control
Web Client Mozilla Firefox
1004371* - Mozilla Firefox Obfuscated URLs Within Iframes Vulnerability
Web Server Common
1005013* - Restrict Microsoft .Net Executable File Upload
Web Server Miscellaneous
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Web Server Oracle
1003439* - Oracle Application Server 10g OPMN Service Format String Vulnerability
Web Service HP SiteScope
1005837* - HP SiteScope "issueSiebelCmd" SOAP Request Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more