25-016 (April 22, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB


Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)


HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)


SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)


Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)


Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability


Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x


Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability


Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution


Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)


Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability


Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)


Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)


Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)


Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.