Rule Update

19-040 (July 30, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009801 - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)


DHCPv6 Client - Incoming
1009798* - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0698)


Web Application Common
1009711* - GraphicsMagick Heap Buffer Overflow Vulnerability (CVE-2019-11505) - 1
1009580* - Jenkins CI Server Forced Migration Of User Records Vulnerability (CVE-2018-1000863)
1009701* - Jenkins Metaprogramming Remote Code Execution Vulnerability (CVE-2018-1000408)


Web Client Common
1009532* - Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537)
1009800* - Microsoft Windows SymCrypt Denial-of-Service Vulnerability (CVE-2019-0865)


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request


Web Server Miscellaneous
1009804 - Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Vulnerability (CVE-2018-12545)


Web Server Oracle
1009831* - Oracle WebLogic Arbitrary File Read Vulnerability (CVE-2019-2615)


Integrity Monitoring Rules:

1009628* - AppInit DLLs (ATT&CK: T1103)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050, T1036)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories