Rule Update

21-009 (March 2, 2021)

Publish date: March 02, 2021

  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1010744* - DNS Request To Ngrok Domain Detected


Directory Server LDAP
1010820 - OpenLDAP Slapd SASL Proxy Authorization Denial Of Service Vulnerability (CVE-2020-36222)
1010799* - OpenLDAP Slapd Search Parsing Integer Underflow Vulnerability (CVE-2020-36228)


FTP Server IIS
1010797* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over FTP (CVE-2020-28001)


SAP NetWeaver Java Application Server
1010816 - Identified SAP Solution Manager Security Software Discovery Over HTTP (ATT&CK T1518.001)
1010822 - Identified SAP Solution Manager Tool Transfer Over HTTP (ATT&CK T1105, T1570)


SSL Client
1010410* - OpenSSL Large DH Parameter Denial Of Service Vulnerability (CVE-2018-0732)


SolarWinds Orion Platform
1010810 - SolarWinds Orion Platform Insecure Deserialization Vulnerability (CVE-2021-25274)


Trend Micro OfficeScan
1010780 - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities
1010709* - Trend Micro Apex One Multiple Information Disclosure Vulnerabilities (CVE-2020-28573 and CVE-2020-28576)


Web Application Common
1010818 - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)


Web Client Common
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1001933* - Identified Suspicious Usage Of Shellcode For Client


Web Server Common
1010796* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-25646)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
1010801 - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2009-2265)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header
1010761* - PRTG Network Monitor Command Injection Vulnerability (CVE-2018-9276)
1010804* - SolarWinds Serv-U FTP Server Stored Cross-Site Scripting Vulnerability Over HTTP (CVE-2020-28001)


Web Server HTTPS
1010850 - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)


Zoho ManageEngine
1010811 - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1003613* - DHCP Server - Microsoft Windows
1003447* - Web Server - Apache

Featured Stories