Rule Update
20-040 (August 18, 2020)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
ActiveMQ OpenWire
1010428* - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Plex Media Server
1010434 - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)
SSL Client
1010437 - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)
Suspicious Server Application Activity
1003593* - Detected SSH Server Traffic (ATT&CK T1021)
1010462 - Malware Drovorub
Web Application Common
1010368 - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010391* - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Web Application Tomcat
1010457 - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)
1010444 - Identified Too Many Incoming HTTP/2 Requests
Web Client Common
1010456 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 1
1010452 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 2
1010451 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010460 - Google Chrome 'BlobRegistryImpl' Use-After-Free Vulnerability (CVE-2020-6461)
1010453 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1574)
1010454 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1585)
1010455 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2020-1577)
Web Server Apache
1010461 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1010418* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1147)
1010416 - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010443* - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
1010459 - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)
Web Server Miscellaneous
1010346* - Identified HTTP Request With HTTP/0.9 In Request Line
Web Server Oracle
1010447 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008852* - Auditd
Deep Packet Inspection Rules:
ActiveMQ OpenWire
1010428* - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
Plex Media Server
1010434 - Plex Media Server Remote Code Execution Vulnerability (CVE-2020-5741)
SSL Client
1010437 - Python SSL 'DistributionPoint Extension' NULL Pointer Dereference Vulnerability (CVE-2019-5010)
Suspicious Server Application Activity
1003593* - Detected SSH Server Traffic (ATT&CK T1021)
1010462 - Malware Drovorub
Web Application Common
1010368 - Dolibarr ERP And CRM Cross Site Scripting Vulnerability (CVE-2020-13094)
1010391* - Expat XML Parsing Buffer Overflow Vulnerability (CVE-2016-0718) - Server
Web Application Tomcat
1010457 - Apache Tomcat WebSocket Infinite Loop Denial Of Service Vulnerability (CVE-2020-13935)
1010444 - Identified Too Many Incoming HTTP/2 Requests
Web Client Common
1010456 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 1
1010452 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 2
1010451 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-48) - 3
1010460 - Google Chrome 'BlobRegistryImpl' Use-After-Free Vulnerability (CVE-2020-6461)
1010453 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1574)
1010454 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-1585)
1010455 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2020-1577)
Web Server Apache
1010461 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
1010418* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-1147)
1010416 - Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851)
1010443* - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
1010459 - vBulletin 'subwidgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2020-17496)
Web Server Miscellaneous
1010346* - Identified HTTP Request With HTTP/0.9 In Request Line
Web Server Oracle
1010447 - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008852* - Auditd
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more