Rule Update
19-001 (January 8, 2019)
Publish date: January 08, 2019
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
Memcached
1009459 - Memcached 'process_bin_append_prepend' Integer Overflow Vulnerability (CVE-2016-8704)
1009458 - Memcached 'process_bin_update' Function And 'body_len' Parameter Integer Overflow Vulnerability (CVE-2016-8705)
Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
Web Application Common
1009202* - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities - 1
1009425* - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323) - 1
Web Application PHP Based
1009445* - WordPress Authenticated Phar Insecure Deserialization Vulnerability
Web Client Common
1009460 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-02)
1009452 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
1009461 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 1
1009466 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 2
Web Client Internet Explorer/Edge
1009463 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
1009468 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
1009469 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
1009462 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
1009465 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
1009464 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
Web Server Oracle
1009417 - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
Memcached
1009459 - Memcached 'process_bin_append_prepend' Integer Overflow Vulnerability (CVE-2016-8704)
1009458 - Memcached 'process_bin_update' Function And 'body_len' Parameter Integer Overflow Vulnerability (CVE-2016-8705)
Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
Web Application Common
1009202* - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities - 1
1009425* - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323) - 1
Web Application PHP Based
1009445* - WordPress Authenticated Phar Insecure Deserialization Vulnerability
Web Client Common
1009460 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-02)
1009452 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
1009461 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 1
1009466 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 2
Web Client Internet Explorer/Edge
1009463 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
1009468 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
1009469 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
1009462 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
1009465 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
1009464 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
Web Server Oracle
1009417 - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
- Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more