Deep Security Center

Page 1 of 15:
1
2
3
4
5
6
7
8
9
10
...
15

RULE UPDATE: 18-023 (April 24, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCPv6 Server
1008668* - Dnsmasq Information Leak Vulnerability (CVE-2017-14494)

DNS Client
1008666* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)

Database Microsoft SQL
1008759* - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability

EMC Data Protector Advisor
1008827 - EMC Data Protection Advisor 'ScheduledReportResource' Directory Traversal Information Disclosure Vulnerability (CVE-2017-8003)
1008813* - EMC Data Protection Advisor 'ScheduledReportResource' Remote Command Injection Vulnerability (CVE-2017-10955)

HP Intelligent Management Center (IMC)
1008718* - HPE Intelligent Management Center 'userSelectPagingContent' Expression Language Injection Vulnerability (CVE-2017-12521)

HP Intelligent Management Center Dbman
1008795 - HPE Intelligent Management Center Multiple 'dbman' Opcode Command Injection Vulnerabilities

HP Network Automation
1008677* - HPE Network Automation PermissionFilter Authentication Bypass Vulnerability (CVE-2017-5812)

HP OpenView Network Node Manager Web
1004322* - HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow

Microsoft Office
1008872* - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)

OpenSSL
1008268* - OpenSSL ChaCha20/Poly1305 Buffer Overflow Vulnerability (CVE-2017-3731)
1008810* - OpenSSL Invalid PSS Parameters Segmentation Fault Vulnerability (CVE-2015-0208)

RADIUS Server
1008816* - FreeRADIUS 'rad_coalesce' Out Of Bounds Read Vulnerability (CVE-2017-10979)

SSL/TLS Server
1008662* - Microsoft Windows SChannel Spoofing Vulnerability (CVE-2009-0085)

Trend Micro OfficeScan
1008811* - Trend Micro OfficeScan Memory Corruption Vulnerability (CVE-2017-14089)
1008907 - Trend Micro OfficeScan Multiple Security Vulnerabilities
1008659 - Trend Micro Smart Protection Server 'wcs_bwlists_handler' Command Injection Remote Code Execution Vulnerability

VoIP Smart
1008844* - Asterisk 'cdr_object_update_party_b_userfield_cb' Buffer Overflow Vulnerability (CVE-2017-16671)

VoIP Soft Phones
1008654* - Digium Asterisk app_minivm Caller-ID Command Execution Vulnerability (CVE-2017-14100)

Web Application Common
1009040 - Identified Directory Traversal Sequence In URI
1005934* - Identified Suspicious Command Injection Attack
1008888* - ImageMagick ReadOneMNGImage Denial Of Service Vulnerability (CVE-2017-17887) - 1
1008997 - Oracle WebLogic Remote Diagnosis Assistant Information Disclosure Vulnerability (CVE-2018-2617)

Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1008848 - PHP 'gdImageCreateFromGifCtx' Denial Of Service Vulnerability (CVE-2018-5711)
1008665* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12932)
1008663* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12934)
1008863* - PHP Openssl Extension PEM Sealing Denial Of Service Vulnerability (CVE-2017-11144)
1008904* - PHP Unserialize Use After Free Vulnerability (CVE-2016-9138)
1008893* - PHP ZIP Signature Verification Out Of Bound Memory Access Vulnerability (CVE-2016-7414)

Web Client Common
1008886* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1008878* - Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2018-4877)
1008855* - Foxit Reader And PhantonPDF XFA 'gotoURL' Command Injection Vulnerability (CVE-2017-10953)
1008981* - Trend Micro User-Mode Hooking (UMH) Module DLL Hijacking Vulnerability (CVE-2018-6218)

Web Client Internet Explorer/Edge
1009049 - Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0766)
1009048 - Microsoft Edge Memory Corruption Vulnerability (CVE-2018-1023)

Web Client SSL
1008528* - Squid Proxy Incorrect X509 Server Certificate Validation Vulnerability (CVE-2015-3455)

Web Server Common
1008725* - Trend Micro SafeSync For Enterprise Rollback Command Injection Remote Code Execution Vulnerability

Web Server Miscellaneous
1008944 - Novell ZenWorks Configuration Management Remote Code Execution Vulnerability (CVE-2015-0779)

Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
1009046 - Oracle WebLogic Server Elevation Of Privilege Vulnerability (CVE-2018-2628)
1002645* - Oracle mod_wl HTTP Request Method Remote Buffer Overflow

Web Server SAP
1008950 - SAP NetWeaver AS JAVA CRM Remote Command Execution Vulnerability (CVE-2018-2380)

Integrity Monitoring Rules:

1003019* - Trend Micro Deep Security Agent / Relay

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-022 (April 17, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1003928* - Oracle Secure Backup observiced.exe Buffer Overflow

Remote Desktop Protocol Client
1009031 - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)

Suspicious Client Ransomware Activity
1007576* - Ransomware Cryptesla

Trend Micro Control Manager
1008799* - Trend Micro Control Manager 'cmdHandlerFileHandling' Directory Traversal Remote Code Execution Vulnerability (CVE-2017-11389)

Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)

Web Client Common
1008745* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
1008735* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
1009039 - Adobe Flash Player Multiple Security Vulnerabilities (APSB18-08)
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)

Web Client Internet Explorer/Edge
1008820* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0776)
1008335* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
1008928* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0889)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-021 (April 10, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1008666 - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)

EMC Data Protector Advisor
1008813 - EMC Data Protection Advisor 'ScheduledReportResource' Remote Command Injection Vulnerability (CVE-2017-10955)

Microsoft Office
1009000 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-0920)
1009015 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1011)
1009022 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1027)
1009024 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1029)
1009023 - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028)
1008839* - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802)
1008899 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
1009021 - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-1026)
1009025 - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-1030)

Trend Micro Control Manager
1008799 - Trend Micro Control Manager cmdHandlerFileHandling Directory Traversal Remote Code Execution Vulnerability (CVE-2017-11389)

Web Application Common
1008888 - ImageMagick ReadOneMNGImage Denial Of Service Vulnerability (CVE-2017-17887) - 1

Web Application PHP Based
1008663 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12934)

Web Client Common
1008887 - ImageMagick ReadOneMNGImage Denial Of Service Vulnerability (CVE-2017-17887)
1009012 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-1003)
1009002 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2018-0986)
1009014 - Microsoft Windows Graphics Multiple Security Vulnerabilities (Apr-2018)
1008961 - Microsoft Windows Remote Assistance Information Disclosure Vulnerability (CVE-2018-0878)
1008927* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-0883)
1009013 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-1004)
1008981 - Trend Micro User-Mode Hooking (UMH) Module DLL Hijacking Vulnerability (CVE-2018-6218)

Web Client Internet Explorer/Edge
1009011 - Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0998)
1008900* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0770)
1009001 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0980)
1009004 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0990)
1009006 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0993)
1009007 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0994)
1009008 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0995)
1008999 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0870)
1009005 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0991)
1009010 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0997)
1009020 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-1018)
1009003 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0988)
1009009 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0996)
1009027 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-1001)

Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
1008725 - Trend Micro SafeSync For Enterprise Rollback Command Injection Remote Code Execution Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-020 (April 3, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

There are no new or updated Deep Packet Inspection Rules in this Security Update.

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-019 (April 3, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)

Database Microsoft SQL
1008759 - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability

HP Intelligent Management Center (IMC)
1008905 - HPE Intelligent Management Center 'UrlAccessController' Authentication Bypass Vulnerability (CVE-2017-8982)

HP Intelligent Management Center Dbman
1008909 - HPE Intelligent Management Center 'dbman' Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2017-8981)

Mail Client Windows
1002444* - Novell GroupWise Client mailto: Scheme Buffer Overflow

OpenSSL
1008268 - OpenSSL ChaCha20/Poly1305 Buffer Overflow Vulnerability (CVE-2017-3731)
1008810 - OpenSSL Invalid PSS Parameters Segmentation Fault Vulnerability (CVE-2015-0208)

SSL/TLS Server
1008662 - Microsoft Windows SChannel Spoofing Vulnerability (CVE-2009-0085)

Trend Micro OfficeScan
1008811 - Trend Micro OfficeScan Memory Corruption Vulnerability (CVE-2017-14089)

VoIP Smart
1008844 - Asterisk 'cdr_object_update_party_b_userfield_cb' Buffer Overflow Vulnerability (CVE-2017-16671)

VoIP Soft Phones
1008654 - Digium Asterisk app_minivm Caller-ID Command Execution Vulnerability (CVE-2017-14100)

Web Application Common
1005934* - Identified Suspicious Command Injection Attack

Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1008919 - PHP 'var_unserializer.c' Buffer Overflow Vulnerability (CVE-2016-10161)
1008665 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12932)
1008904 - PHP Unserialize Use After Free Vulnerability (CVE-2016-9138)

Web Client Common
1008883* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008885* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1008809 - Google Chrome V8 Crankshaft Type Confusion Vulnerability (CVE-2017-5070)
1008908 - Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0755)
1008633 - Microsoft Windows GDI+ Information Disclosure Vulnerability (CVE-2017-8676)

Web Client Internet Explorer/Edge
1008807 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11839)
1008868* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1005284* - Microsoft Internet Explorer Mouse Tracking Vulnerability

Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)

Web Server Miscellaneous
1008674* - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3

RULE UPDATE: 18-018 (March 29, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application PHP Based
1008970 - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-017 (March 27, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1008915* - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)

DHCPv6 Server
1008668 - Dnsmasq Information Leak Vulnerability (CVE-2017-14494)

HP Intelligent Management Center (IMC)
1008709* - HPE Intelligent Management Center 'getSelInsBean' Expression Language Injection Vulnerability (CVE-2017-12490)
1008718 - HPE Intelligent Management Center 'userSelectPagingContent' Expression Language Injection Vulnerability (CVE-2017-12521)
1008797* - HPE Operations Orchestration Backwards-Compatibility Beanutils Deserialization Vulnerability (CVE-2017-8994)
1008687* - HPE Operations Orchestration Central-Remoting Insecure Deserialization Vulnerability (CVE-2017-8994)
1008765* - Hewlett Packard Enterprise Intelligent Management Center Language Injection Remote Code Execution Vulnerabilities

HP Network Automation
1008677 - HPE Network Automation PermissionFilter Authentication Bypass Vulnerability (CVE-2017-5812)

HP OpenView
1004786* - HP Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability

Mail Client Windows
1001190* - Microsoft Windows Explorer WMF File Denial Of Service.
1001269* - Microsoft Windows Media Format ASF Parsing Remote Code Execution (CVE-2007-0064)

Mail Server Exim
1008940* - Exim Buffer Overflow Remote Code Execution Vulnerability (CVE-2018-6789)

RADIUS Server
1008816 - FreeRADIUS 'rad_coalesce' Out Of Bounds Read Vulnerability (CVE-2017-10979)

Remote Desktop Protocol Server
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt

Suspicious Client Application Activity
1008946 - Heuristic Detection Of Suspicious Digital Certificate

Suspicious Client Ransomware Activity
1007706* - Ransomware Network Traffic - 3

Symantec Messaging Gateway
1008575* - Symantec Messaging Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2017-6327)

VoIP Smart
1008846* - Digium Asterisk PJSIP Contact Header Denial Of Service Vulnerability (CVE-2017-17850)

VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability

Web Application Common
1005936* - Identified Local File Inclusion (LFI) Over HTTP

Web Application PHP Based
1008041* - Drupal Coder Module Remote Code Execution Vulnerability
1006386* - PHP 'unserialize()' Integer Overflow Vulnerability (CVE-2014-3669)
1008863 - PHP Openssl Extension PEM Sealing Denial Of Service Vulnerability (CVE-2017-11144)
1008893 - PHP ZIP Signature Verification Out Of Bound Memory Access Vulnerability (CVE-2016-7414)
1008664* - PHP finish_nested_data Function Heap Buffer Overflow Vulnerability (CVE-2017-12933)

Web Client Common
1008886* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 3
1008889* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4
1007515* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1001)
1008854* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2018-4878)
1007507* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0988)
1007014* - Adobe Reader And Acrobat Heap Based Buffer Overflow Vulnerability (CVE-2015-5105)
1008719 - Foxit Reader PDF Parsing Multiple Out Of Bounds Read Information Disclosure Vulnerabilities
1008410* - Microsoft .NET Framework Pointer Verification Vulnerability (CVE-2009-0090)
1008903 - Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0761)
1008172* - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-0050)
1001248* - Microsoft Windows Media Format ASF Parsing Remote Code Execution
1008448* - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (June-2017)
1008341* - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)
1008892 - PHP ZIP Signature Verification Out Of Bound Memory Access Vulnerability (CVE-2016-7414) - 1

Web Client Internet Explorer/Edge
1004986* - Dell Webcam Central CrazyTalk4 ActiveX Control Buffer Overflow Vulnerability
1007470* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0105)
1005784* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908)
1006749* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006750* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1733)
1006751* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1008881* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0866)
1008796* - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-11906)

Web Client Mozilla Firefox
1008579* - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)

Web Client SSL
1008528 - Squid Proxy Incorrect X509 Server Certificate Validation Vulnerability (CVE-2015-3455)

Web Server Common
1005434* - Disallow Upload Of A PHP File
1007185* - Java Unserialize Remote Code Execution Vulnerability

Web Server Miscellaneous
1008840* - Apache CouchDB '_config' Command Execution Vulnerability (CVE-2017-12636)
1008751* - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1008843* - FasterXML Jackson JSON Library Deserializer Multiple Remote Code Execution Vulnerabilities
1007522* - JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability
1002947* - Mambo CMS File Inclusion Vulnerability Scan (CVE-2005-3738)
1008527* - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)
1007060* - Red Hat JBoss RichFaces Remote Code Execution Vulnerability (CVE-2015-0279)

Windows Media Service
1004097* - Media Services Stack-based Buffer Overflow Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1003802* - Directory Server – Microsoft Windows Active Directory

RULE UPDATE: 18-016 (March 20, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1008797 - HPE Operations Orchestration Backwards-Compatibility Beanutils Deserialization Vulnerability (CVE-2017-8994)
1008687 - HPE Operations Orchestration Central-Remoting Insecure Deserialization Vulnerability (CVE-2017-8994)

Symantec Messaging Gateway
1008575 - Symantec Messaging Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2017-6327)

Web Application Common
1005934* - Identified Suspicious Command Injection Attack

Web Application PHP Based
1008516* - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)

Web Client Common
1008855 - Foxit Reader And PhantonPDF XFA 'gotoURL' Command Injection Vulnerability (CVE-2017-10953)
1008832 - Foxit Reader Multiple Security Vulnerabilities
1008837 - Foxit Reader Multiple XFA Type Confusion Remote Code Execution Vulnerabilities
1008834 - Foxit Reader Remote Code Execution Vulnerabilities
1008835 - Foxit Reader Use-After-Free Remote Code Execution Vulnerabilities
1008755 - Google Chrome WebGL 2 ReadPixels Heap Buffer Overflow (CVE-2017-5112)
1004317* - Identified Malicious PDF Document - 5
1004933* - Identified Malicious PDF Document - 8
1008943 - Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0760)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)

Web Client Internet Explorer/Edge
1008851 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0772)
1008796 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-11906)
1008639* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)

Web Server Miscellaneous
1003927* - HP Power Manager formExportDataLogs Directory Traversal

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-015 (March 13, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1008709 - HPE Intelligent Management Center 'getSelInsBean' Expression Language Injection Vulnerability (CVE-2017-12490)
1008765 - Hewlett Packard Enterprise Intelligent Management Center Language Injection Remote Code Execution Vulnerabilities

HP Intelligent Management Center Dbman
1008790* - HPE Intelligent Management Center dbman Opcode 10012 Use-After-Free Remote Code Execution Vulnerability (CVE-2017-12561)

Instant Messenger Applications
1002163* - Yahoo! Messenger

Mail Server Exim
1008940 - Exim Buffer Overflow Remote Code Execution Vulnerability (CVE-2018-6789)

Microsoft Office
1008931 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0922)

OpenSSL
1006302* - OpenSSL TLS/DTLS SRTP Memory Leak Denial Of Service Vulnerability (CVE-2014-3513)

VoIP Smart
1008846 - Digium Asterisk PJSIP Contact Header Denial Of Service Vulnerability (CVE-2017-17850)

Web Application PHP Based
1008884* - PHP 'unserialize()' Function Denial Of Service Vulnerability (CVE-2015-4602)
1008890* - PHP 'unserialize()' Function Type Confusion Vulnerability (CVE-2015-4603)
1008664 - PHP finish_nested_data Function Heap Buffer Overflow Vulnerability (CVE-2017-12933)

Web Client Common
1008745* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
1008939 - Adobe Flash Player Multiple Security Vulnerabilities (APSB18-05)
1008829 - Foxit Reader Multiple Information Disclosure Vulnerabilities
1008762 - Git SSH URL Processing Command Execution Vulnerability (CVE-2017-1000117)
1004085* - Heuristic Detection Of Malicious PDF Documents - 3
1008930 - Microsoft Access Remote Code Execution Vulnerability (CVE-2018-0903)
1008897 - Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0855)
1008936 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (March-2018)

Web Client Internet Explorer/Edge
1008826* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0758)
1008900 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0770)
1008922 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0872)
1008923 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0874)
1008929 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0893)
1008932 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0930)
1008933 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0933)
1008934 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0934)
1008935 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0935)
1008928 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0889)

Web Server Common
1000131* - HTTP Header Length Restriction
1005728* - Parameter Value Length Restriction

Web Server Miscellaneous
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008527 - Nginx ngx_http_range_filter_module Integer Overflow Vulnerability (CVE-2017-7529)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-014 (March 6, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1008915 - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)

Web Client Common
1008889* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 4

Integrity Monitoring Rules:

1002999* - Database Server - Microsoft SQL Server

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories

View All

$hacker machine interface$
The State of SCADA HMI Vulnerabilities
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.
Read more
Rogue Robots: Testing the Limits of an Industrial Robot’s Security
The modern world relies heavily on industrial robots. But is the current robotics ecosystem secure enough to withstand a cyber attack?
Read more
$two years of pawn storm$
From Espionage to Cyber Propaganda: Pawn Storm's Activities over the Past Two Years
This paper takes a look at Pawn Storm's operations within the last two years, and how the group has expanded their activities from espionage to the use of cyber propaganda tactics.
Read more
$securing home routers$
Securing Your Routers Against Mirai and Other Home Network Attacks
Cybercriminals can turn unsecure home routers into slaves for their botnets or even abuse them to steal banking credentials. Know about your router’s hidden weaknesses and the many ways you can defend your homes and businesses against these threats.
Read more