20-027 (June 9, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1010317 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)


DCERPC Services - Client
1010319 - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)


Directory Server LDAP
1010321 - OpenLDAP slapd Nested Filter Stack Overflow Vulnerability (CVE-2020-12243)
1010301* - Samba LDAP Server Denial Of Service Vulnerability (CVE-2020-10704)


HP Intelligent Management Center (IMC)
1010248 - HPE Intelligent Management Center 'ForwardRedirect' Expression Language Injection Vulnerability (CVE-2019-11969)


SSL/TLS Server
1010312 - Identified Suspicious TLS Request
1010316 - Identified Suspicious TLS Request - 1
1010258* - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server


Suspicious Client Application Activity
1010307 - Identified Reverse Shell Communication Over HTTPS
1010306 - Identified Reverse Shell Communication Over HTTPS - 1


Web Application Common
1010175 - Cross-Site Scripting (XSS) Decoder
1010222* - Jenkins Authenticated Remote Command Execution Vulnerability (CVE-2019-10392)
1010218 - SolarWinds Serv-U FTP Server Web UI Stored Cross-Site Scripting Vulnerability (CVE-2019-13182) - 1


Web Application Tomcat
1010320 - Apache Tomcat Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2020-9484)


Web Client Internet Explorer/Edge
1010318 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2020-1219)
1010309 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1213)
1010310 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1214)
1010313 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1215)
1010314 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1216)
1010315 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1230)
1010311 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1260)
1002708* - Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow


Web Server Common
1010302* - Apache OFBiz Cross-Site Request Forgery Vulnerability (CVE-2019-0235)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)


Web Server HTTPS
1010134* - rConfig Remote Command Execution Vulnerability (CVE-2019-19509)


Web Server Oracle
1010292 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-2884)


Zoho ManageEngine DataSecurity Plus XNode server
1010297* - Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability (CVE-2020-11532)
1010298* - Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability (CVE-2020-11531)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.