Deep Security Center

Page 1 of 24:
1
2
3
4
5
6
7
8
9
10
...
24

RULE UPDATE: 19-046 (September 10, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk RTP Protocol
1009953 - Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service (CVE-2019-12827)

DCERPC Services
1003292* - Block Conficker.B Worm Incoming Named Pipe Connection

DCERPC Services - Client
1003293* - Block Conficker.B Worm Outgoing Named Pipe Connection

DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol

HP Intelligent Management Center (IMC)
1009962 - HPE Intelligent Management Center 'IctTableExportToCSVBean' Expression Language Injection Vulnerability (CVE-2019-5370)
1009956 - HPE Intelligent Management Center 'PlatNavigationToBean' URL Expression Language Injection Vulnerability (CVE-2019-5387)
1009902 - HPE Intelligent Management Center 'perfSelectTask' Expression Language Injection Vulnerability (CVE-2019-5385)
1009947* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities (CVE-2019-11941 and CVE-2019-11943)

HP Intelligent Management Center Dbman
1009959 - HPE Intelligent Management Center 'dbman' Opcode Denial Of Service Vulnerability (CVE-2018-7123)

MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)

Redis Server
1009949* - Redis Integer Overflow Vulnerability (CVE-2018-11219)

Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt

SSL Client
1007384* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Client

SSL/TLS Server
1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server

Suspicious Server Application Activity
1008492* - Identified SambaShell C&C Traffic
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack

Web Application Common
1009594* - Apache httpd 'mod_md' Null Pointer Dereference Vulnerability (CVE-2018-8011)
1009946* - Atlassian JIRA Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)
1006823* - Identified Suspicious Command Injection Attack - 1
1009966 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714) - 1
1002684* - Mass Hack Script Insertion Attack
1002433* - Mass SQL Injection Script Insertion Attack
1002743* - Mass SQL Injection Script Insertion Attack 2

Web Client Common
1009972 - Adobe Flash Player Same Origin Bypass Vulnerability (CVE-2019-8069)
1009973 - Adobe Flash Player Use After Free Vulnerability (CVE-2019-8070)
1004315* - Identified Malicious PDF Document - 3
1004305* - Identified Suspicious Compiled HTML(chm) File
1009965 - ImageMagick Out-Of-Bounds Access Vulnerability (CVE-2019-10714)
1002144* - JavaScript IFRAME Redirect Script Insertion Vulnerability
1002048* - JavaScript Redirect Script Insertion Vulnerability
1003693* - Mass Compromise Using Malicious iFrame
1002519* - Storm Botnet Redirect Script Insertion Vulnerability

Web Server Adobe ColdFusion
1009893* - Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability (CVE-2019-7816)

Web Server Apache
1009963 - Apache httpd 'mod_remoteip' Buffer Overflow Vulnerability (CVE-2019-10097)

Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1007872* - HTTP Proxy Header Injection Vulnerabilities
1000193* - Null Byte Path Traversal Vulnerability

Web Server HTTPS
1009944* - Microsoft Windows HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)

Web Server SharePoint
1009971 - Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019)

Web Server Squid
1009943* - Squid Proxy HttpHeader 'getAuth' Heap Buffer Overflow Vulnerability (CVE-2019-12527)

Windows Services RPC Server DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)

Zoho ManageEngine
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-045 (September 3, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1009951 - HPE Intelligent Management Center TopoMsgServlet 'className' Expression Language Injection Vulnerability (CVE-2019-11942)

Redis Server
1009954 - Redis Stack Buffer Overflow Vulnerability (CVE-2018-11218)

Remote Desktop Protocol Server
1009958 - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961 - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)

Web Server Adobe ColdFusion
1009897 - Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability (CVE-2019-7838)

Webmin
1009948 - Webmin Remote Command Execution Vulnerability (CVE-2019-9624)

Zoho ManageEngine
1009957 - Zoho ManageEngine Application Manager Remote Command Execution Vulnerability (CVE-2019-15105)
1009960 - Zoho ManageEngine OpManager Remote Command Execution Vulnerability (CVE-2019-15104)
1009955 - Zoho ManageEngine OpManager Unauthenticated Remote Command Execution Vulnerability (CVE-2019-15106)

Integrity Monitoring Rules:

1003138* - Microsoft Windows - Active Directory

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-044 (August 27, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Failover Protocol Server
1009887* - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0785)

HP Intelligent Management Center (IMC)
1008969* - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities
1009947 - HPE Intelligent Management Center Multiple Expression Language Injection Vulnerabilities (CVE-2019-11941 and CVE-2019-11943)
1009456* - HPE Intelligent Management Center Remote Code Execution Vulnerability (CVE-2017-12525)

Redis Server
1009949 - Redis Integer Overflow Vulnerability (CVE-2018-11219)

Suspicious Client Application Activity
1009952 - Identified WhatsApp Communication Attempt (ATT&CK T1102)

Web Application Common
1009594 - Apache httpd 'mod_md' Null Pointer Dereference Vulnerability (CVE-2018-8011)
1009946 - Atlassian JIRA Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)

Web Server Adobe ColdFusion
1009893 - Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability (CVE-2019-7816)

Web Server Common
1009889 - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1000763* - URI Length Restriction

Web Server HTTPS
1009944 - Microsoft Windows HTTP/2 Server Denial Of Service Vulnerability (CVE-2019-9512)

Web Server Miscellaneous
1009804* - Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Vulnerability (CVE-2018-12545)
1009942 - GNOME 'libsoup' HTTP Chunked Encoding Remote Code Execution Vulnerability (CVE-2017-2885)

Web Server Oracle
1009345* - Oracle WebLogic Server Java Deserialization Remote Code Execution Vulnerability
1009845* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2650)

Web Server Squid
1009943 - Squid Proxy HttpHeader 'getAuth' Heap Buffer Overflow Vulnerability (CVE-2019-12527)

Windows SMB Server
1009910 - Identified Remote Service Creation Over DCE/RPC Protocol (Invoke-SMBexec Tool)

Zoho ManageEngine
1009950 - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability

Integrity Monitoring Rules:

1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-043 (August 20, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk Server IAX2
1003583* - Asterisk IAX2 Resource Exhaustion Denial Of Service
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service

DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)

DHCP Failover Protocol Server
1009939 - Microsoft Windows DHCP Server Failover Denial Of Service Vulnerability (CVE-2019-1206)

DNS Client
1003329* - DNS Server Response Validation Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1002596* - Generic Malicious DNS Server Detection
1002657* - Identified Too Many DNS Responses

Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)

Database Oracle
1004997* - Detected Too Many Oracle TNS Service Register Requests
1001832* - Oracle Database Server Possible Brute Force Attempt (ATT&CK T1110)

Database PostgreSQL
1000481* - PostgreSQL Encoded String Handling SQL Command Injection

FTP Server Common
1002413* - FTP Server Possible Brute Force Attempt (ATT&CK T1110)

Instant Messenger Applications
1002159* - Skype

Ipswitch WS_FTP Logging Server Daemon
1003789* - Ipswitch FTP Log Server Denial Of Service Vulnerability

MS-RDPEUDP2
1009940 - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941 - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)

Mail Client Miscellaneous
1001206* - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows
1001174* - IPSwitch IMail Client MIME Type Boundary Variable Buffer Overflow
1004314* - Identified LNK/PIF File Over SMTP
1000207* - Mozilla Thunderbird WYSIWYG Engine Filtering IFRAME JavaScript Execution

Mail Client Outlook
1000482* - Microsoft Outlook Rich Text TNEF Decoding Buffer Overflow
1000904* - Microsoft Outlook VEVENT Remote Code Execution
1000777* - Microsoft Outlook VML Rect Fill Method Buffer Overflow

Mail Client Outlook Express
1003148* - Microsoft Outlook Express Malformed MIME Message Denial Of Service
1003149* - Microsoft Outlook Express Malformed MIME Message DoS

Mail Client Windows
1003319* - Adobe Acrobat And Reader PDF File Handling Remote Code Execution Vulnerability.
1001311* - Adobe Acrobat Mailto PDF File Command Execution Vulnerability.
1001320* - CA Product AV Engine CAB Header Parsing Stack Overflow.
1001204* - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows.
1001310* - Microsoft DirectX WAV File Parsing Code Execution Vulnerability.
1000949* - Microsoft OLE Dialog Code Execution.
1001201* - Microsoft Office Jet DataBase Engine MDB File Parsing Buffer Overflow.
1001268* - Microsoft Outlook VML Buffer Overflow.
1001207* - Microsoft PowerPoint Malformed Data Record Code Execution.
1001231* - Microsoft PowerPoint Unspecified Code Execution.
1001232* - Microsoft Publisher Font Parsing Buffer Overflow.
1001004* - Microsoft Windows ANI File Remote Code Execution.
1000244* - Microsoft Windows EOT File Remote code execution vulnerability Client
1001190* - Microsoft Windows Explorer WMF File Denial Of Service.
1001269* - Microsoft Windows Media Format ASF Parsing Remote Code Execution (CVE-2007-0064)
1001270* - Microsoft Windows Media Player MP4 File Stack Overflow.
1000215* - Microsoft Windows PPT File Routing Slip Code Execution
1000973* - Microsoft Windows Vista Windows Mail Local File Execution
1000243* - Microsoft Windows WMF "SETABORTPROC" Code Execution.
1000240* - Microsoft Windows WMF ExtEscape and ExtCreateRegion DoS.
1001227* - Microsoft Word 2000 Unspecified Code Execution.
1001233* - Microsoft Word Code Execution Vulnerability.
1001234* - Microsoft Word Memory Corruption Remote Code Execution.
1001193* - Microsoft Word RTF Documents Parsing Remote Code Execution.
1001376* - Multiple Browser QuickTime Command Execution.
1002444* - Novell GroupWise Client mailto: Scheme Buffer Overflow

Mail Server Common
1000161* - Microsoft Windows EOT File Remote Code Execution Vulnerability
1000162* - Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution

Mail Server Exim
1004549* - Exim Crafted Header Remote Code Execution Vulnerability

Mail Server Microsoft Exchange
1000456* - Calendar Remote Code Execution Vulnerability.
1000993* - Microsoft Exchange Malformed iCal Denial of Service
1000614* - Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability
1000467* - Microsoft Exchange TNEF Decoding Buffer Overflow
1002946* - Microsoft Outlook Web Access For Exchange Server 'redir.asp' URI Redirection Vulnerability

Mail Server Miscellaneous
1000429* - E-Post SMTP "AUTH PLAIN" And "AUTH LOGIN" Command Vulnerability
1003512* - Multiple XSS Vulnerabilities In Sun Communications Express

Media Streaming Server RealServer
1003632* - Detected Too Many Malicious Outbound RealNetworks Helix Server RTSP Requests

Microsoft Office
1009854* - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111)
1000213* - Microsoft Excel rtSERIES, rtSIINDEX, BOOLERR Record Chart Parsing Code Execution
1009023* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028)
1000258* - Microsoft Office XLW File Array Index Out Of Bounds DOS Vulnerability
1009909* - Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201)

NFS Server
1003401* - Disallow Device Node Creation Over NFS

Novell GroupWise Internet Agent
1003525* - Novell GroupWise Internet Agent SMTP Command Remote Buffer Overflow

Pidgin Instant Messenger
1004013* - Pidgin Multiple Denial Of Service Vulnerabilities

Protocol MSN
1004361* - Windows Live Messenger Animation Remote Denial Of Service

SSL Client
1009915 - Identified WhatsApp Registration (ATT&CK T1102)
1009932 - Telegram Bot API Usage (Used by Telecrypt) (ATT&CK T1102)

SSL Client Applications
1009914 - Identified Github Authentication (ATT&CK T1102)

Unix Telnet
1002414* - Telnet Server Possible Brute Force Attempt (ATT&CK T1110)

VoIP Smart
1000350* - No Content in INVITE Request
1000366* - OPTIONS Method Information Disclosure
1000384* - Unauthorized INVITE and REGISTER Requests

Web Administrator Websense Email Security
1003811* - Websense Email Security And Email Manager 'STEMWADM.EXE' Remote Denial Of Service

Web Application Common
1009911 - Identified Twitter Command & Control Communication (ATT&CK T1102)

Web Application PHP Based
1006607* - Identified Drupal Password Reset Request

Web Application Tomcat
1000638* - Apache Tomcat "Tomcat Manager" Cross-Site Scripting
1000697* - Directory Listing in Apache Tomcat 5.x.x

Web Client Common
1008739* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
1009916 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 1
1009917 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 2
1009918 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 3
1009919 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1009920 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 5
1009921 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6
1009922 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 7
1009923 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 8
1009924 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 9
1000943* - Detect UPX Packed Executable Download (ATT&CK T1045)
1004596* - Detected Night Dragon Network Communication
1009912 - Detected Vkontakte Site Access Over HTTP (ATT&CK T1102)
1009913 - Identified Pastebin Communication (ATT&CK T1102)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1009851* - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1093)
1009852* - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1097)
1009933 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1155)
1009934 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1156)
1009936 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1157)
1009938 - Microsoft Windows 'gdiplus' Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1154)
1009927 - Microsoft Windows EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1143)
1009929 - Microsoft Windows Font Subsetting Library Double Free Remote Code Execution Vulnerability (CVE-2019-1144)
1009928 - Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1148)
1009930 - Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability (CVE-2019-1145)
1009765* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8472)
1009856* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1094)
1009857* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1095)
1009858* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1098)
1009859* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1099)
1009860* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1100)
1009861* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1101)
1009862* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1116)
1009935 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1158)
1009926 - Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2019-1146)
1009925 - Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2019-1147)
1009937 - Microsoft XmlLite Runtime Denial of Service Vulnerability (CVE-2019-1187)

Web Client Internet Explorer/Edge
1005202* - Microsoft Internet Explorer 'cloneNode' Use After Free Vulnerability (CVE-2012-2557)

Web Server HTTPS
1009931 - Identified HTTP/2 Traffic

Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
1000532* - Microsoft IIS 4.0/5.0 Malformed .htr Request Vulnerability
1000439* - Microsoft IIS Source Code Disclosure Vulnerability
1000390* - WEB-IIS .bat/.cmd remote command execution

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-042 (August 13, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database PostgreSQL
1009865 - PostgreSQL Database Password Change Stack Buffer Overflow Vulnerability (CVE-2019-10164)

Microsoft Office
1009909 - Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201)

Web Client Internet Explorer/Edge
1009904 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1139)
1009905 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1140)
1009906 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1141)
1009907 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1195)
1009903 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1196)
1009908 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1197)

Web Server Oracle
1009345 - Oracle WebLogic Server Java Deserialization Remote Code Execution Vulnerability

Windows SMB Server
1009511* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)

Integrity Monitoring Rules:

1009622* - .bash_profile and .bashrc (ATT&CK T1156)
1009629* - AppCert DLLs (ATT&CK T1182)
1009628* - AppInit DLLs (ATT&CK T1103)
1009639* - Application Shimming (ATT&CK T1138)
1009643* - Clear Command History (ATT&CK T1146)
1009895 - Component Object Model Hijacking (ATT&CK T1122, T1112)
1009710* - Install Root Certificate (ATT&CK T1130)
1009745* - Linux - Removable Devices Detected (ATT&CK T1092)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK T1131,T1174)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050,T1036)
1005645* - Microsoft Windows - AutoRun Registry Entries Modified (ATT&CK T1013)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1013)
1008257* - Microsoft Windows - USB Storage Device Detected (ATT&CK T1092)
1009638* - NetSh Helper DLL (ATT&CK T1128)
1009704* - Port Monitor (ATT&CK T1013)
1009618* - PowerShell & CommandLine (ATT&CK T1086,T1059)
1009670* - Service Registry Permissions Weakness (ATT&CK T1058)
1006076* - Task Scheduler Entries Modified (ATT&CK T1168)
1009672* - Time Providers (ATT&CK T1209)
1009626* - Windows Accessibility Features - ImageFileExecution (ATT&CK T1015,T1183)

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-041 (August 6, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1004293* - Identified Microsoft Windows Shortcut File Over Network Share

DHCP Failover Protocol Server
1009887 - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0785)

Database Oracle
1000840* - Oracle Database Server Generic SQL Injection Detection

HP Intelligent Management Center (IMC)
1009456 - HPE Intelligent Management Center Remote Code Execution Vulnerability (CVE-2017-12525)

RRAS Service
1008769* - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)

Web Application Common
1009900 - FASTJSON Deserialization Remote Code Execution Vulnerability
1000552* - Generic Cross Site Scripting(XSS) Prevention

Web Application Tomcat
1009713 - Apache Tomcat HTTP/2 Denial Of Service Vulnerability (CVE-2019-0199)

Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability

Web Server IIS HTTPS
1004472* - TLSv1 Denial Of Service Vulnerability

Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008378* - Oracle WebLogic Server Untrusted Data Deserialization Vulnerability (CVE-2017-3248)
1009806 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2647)
1009898 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2648)
1009845 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2650)

Integrity Monitoring Rules:

1006798* - TMTR-0005: Suspicious Files Detected In Application Directories

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-040 (July 30, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009801 - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)

DHCPv6 Client - Incoming
1009798* - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0698)

Web Application Common
1009711* - GraphicsMagick Heap Buffer Overflow Vulnerability (CVE-2019-11505) - 1
1009580* - Jenkins CI Server Forced Migration Of User Records Vulnerability (CVE-2018-1000863)
1009701* - Jenkins Metaprogramming Remote Code Execution Vulnerability (CVE-2018-1000408)

Web Client Common
1009532* - Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537)
1009800* - Microsoft Windows SymCrypt Denial-of-Service Vulnerability (CVE-2019-0865)

Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request

Web Server Miscellaneous
1009804 - Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Vulnerability (CVE-2018-12545)

Web Server Oracle
1009831* - Oracle WebLogic Arbitrary File Read Vulnerability (CVE-2019-2615)

Integrity Monitoring Rules:

1009628* - AppInit DLLs (ATT&CK: T1103)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050, T1036)

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-039 (July 23, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008647* - Microsoft Windows Search Information Disclosure Vulnerability (CVE-2017-8544)

Microsoft Office
1009853* - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1110)

SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1032, T1043, T1071)

Web Application Common
1009711 - GraphicsMagick Heap Buffer Overflow Vulnerability (CVE-2019-11505) - 1
1009391 - Identified Redirect Sequence In URI

Web Application PHP Based
1006141* - PHP Fileinfo Denial Of Service Vulnerability (CVE-2014-1943)

Web Client Common
1009748 - Cisco Webex Teams URI Handler Remote Code Execution Vulnerability (CVE-2019-1636)
1009846 - Google Chrome AudioWorkletGlobalScope::Process Use-After-Free Vulnerability
1009712 - GraphicsMagick Heap Buffer Overflow Vulnerability (CVE-2019-11505)
1009823* - Microsoft Windows ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888)
1009760* - Microsoft Windows Jet Database Engine Multiple Remote Code Execution Vulnerabilities (May-2019)

Web Server Apache
1009609* - Apache Subversion 'mod_dav_svn' Denial Of Service Vulnerability (CVE-2018-11803)

Web Server Oracle
1009471* - Oracle WebLogic Server SAML Authentication Bypass Vulnerability (CVE-2018-2998)
1009830* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2649)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-038 (July 16, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008647 - Microsoft Windows Search Information Disclosure Vulnerability (CVE-2017-8544)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)

DCERPC Services - Client
1009585 - Microsoft Windows Address Book Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3147)
1009581 - Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3144)
1009587 - Microsoft Windows Media Encoder DLL Loading Arbitrary Code Execution Over Network Share (CVE-2010-3965)

DNS Server
1008658 - Dnsmasq Integer Underflow Vulnerability (CVE-2017-14496)

Microsoft Office
1009853 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1110)
1009854 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111)

Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1105)

SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1032)

Web Application Common
1009761* - Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)

Web Client Common
1009851 - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1093)
1009852 - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1097)
1009855 - Microsoft GDI Remote Code Execution Vulnerability (CVE-2019-1102)
1009590 - Microsoft Windows Address Book Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3147)
1009847 - Microsoft Windows Event Viewer Information Disclosure Vulnerability (CVE-2019-0948)
1009856 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1094)
1009857 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1095)
1009858 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1098)
1009859 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1099)
1009860 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1100)
1009861 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1101)
1009862 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1116)
1009589 - Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3144)
1009592 - Microsoft Windows Media Encoder DLL Loading Arbitrary Code Execution Over WebDav (CVE-2010-3965)

Web Client VNC
1009494* - LibVNC LibVNCClient CoRRE Heap-based Buffer Overflow Vulnerability (CVE-2018-20020)

Web Server Apache
1009609 - Apache Subversion 'mod_dav_svn' Denial Of Service Vulnerability (CVE-2018-11803)

Web Server Oracle
1009471 - Oracle WebLogic Server SAML Authentication Bypass Vulnerability (CVE-2018-2998)
1009830 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2649)

Windows Services RPC Server DCERPC
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)

Integrity Monitoring Rules:

1009745 - Linux - Removable Devices Detected (ATT&CK: T1092)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050)
1005645 - Microsoft Windows - AutoRun Registry Entries Modified (ATT&CK: T1013)
1002776* - Microsoft Windows - Startup Programs Modified (ATT&CK T1112)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009618 - PowerShell & CommandLine (ATT&CK: T1086 & T1059)
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006684* - TMTR-0015: Suspicious Service Detected
1007216* - TMTR-0021: Suspicious Files Detected In System Drive
1008720* - Users and Groups - Create and Delete Activity (ATT&CK T1136)

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-037 (July 9, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1009586 - Microsoft Internet Explorer DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2011-0038)
1009588 - Microsoft Office Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3337)

DHCPv6 Client - Incoming
1009798 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0698)

HP Intelligent Management Center (IMC)
1009799* - HPE Intelligent Management Center 'AccessMgrServlet ClassName' Insecure Deserialization (CVE-2019-11945)

Microsoft Office
1009835 - Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1112)

Web Application Common
1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
1009580 - Jenkins CI Server Forced Migration Of User Records Vulnerability (CVE-2018-1000863)
1009701 - Jenkins Metaprogramming Remote Code Execution Vulnerability (CVE-2018-1000408)

Web Client Common
1009832 - Google Chrome JS Execution Use-After-Free Vulnerability
1009593 - Microsoft Internet Explorer DLL Loading Arbitrary Code Execution Vulnerability Over WebDav (CVE-2011-0038)
1009591 - Microsoft Office Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3337)
1009532 - Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537)

Web Client Internet Explorer/Edge
1009843 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1062)
1009842 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1092)
1009840 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1103)
1009841 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106)
1009834 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1107)
1009838 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2019-1104)
1009839 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-1001)
1009836 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-1063)
1009837 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1004)

Web Server Oracle
1009831 - Oracle WebLogic Arbitrary File Read Vulnerability (CVE-2019-2615)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories

View All

$Secure Complex IoT Environments$
Securing Smart Homes and Buildings: Threats and Risks to Complex IoT Environments
The evolution of smart homes and smart buildings into complex IoT environments reflects the continuing developments in home and industrial automation. Security should not be left behind as increased complexity also means new threats and risks.
Read more
$https://documents.trendmicro.com/images/TEx/articles/20180903221730972-24-yhxppax-800.jpg$
MQTT and CoAP: Security and Privacy Issues in IoT and IIoT Communication Protocols
We looked into MQTT brokers and CoAP servers around the world to assess IoT protocol security. Learn how to prevent risks and secure machine-to-machine (M2M) communications over MQTT and CoAP in our research.
Read more
$hacker machine interface$
The State of SCADA HMI Vulnerabilities
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.
Read more
Rogue Robots: Testing the Limits of an Industrial Robot’s Security
The modern world relies heavily on industrial robots. But is the current robotics ecosystem secure enough to withstand a cyber attack?
Read more