New Filters:
7155: UDP: Overlong Length (IPv6)
- IPS Version: Not available.
- TPS Version: 5.5.5 only.
- vTPS Version: 5.5.5 only.
- Requires: TOS Version 5.5.5 only
- Category: Traffic Normalization
- Severity: Low
- Description: Traffic normalization filters enforce valid packet processing within the Threat Suppression Engine. They protect the engine by detecting invalid or abnormal packets.
- Deployments:
- Deployment: Default (Block / --)
- Classification: Application / Protocol Anomaly - Protocol Anomaly
- Protocol: UDP (Generic)
- Platform: Other Server Application or Service
- Release Date: October 17, 2023
43305: HTTP: VISAM VBASE Automation Base LayerSettings File Parsing External Entity Injection (ZDI-23-1039)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an external entity processing vulnerability in VISAM VBASE Automation Base.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-45468 CVSS 5.7
- Zero Day Initiative: ZDI-23-1039
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Windows Server Application or Service
- Release Date: October 17, 2023
43333: HTTP: Progress IPSwitch WS_FTP Server Reflected Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Progress Ipswitch WS_FTP Server.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-27665
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 17, 2023
43335: HTTP: HTTP Redirect with Invalid Host Name
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an HTTP redirect response with an invalid host name.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2023-38545
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 17, 2023
43336: HTTP: Qlik Sense Enterprise HTTP Request Tunneling Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an http request tunneling vulnerability in Qlik Sense Enterprise for Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-41265 CVSS 9.9
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Server Application or Service
- Release Date: October 17, 2023
43337: HTTP: Qlik Sense Enterprise Directory Traversal Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Moderate
- Description: This filter detects an attempt to exploit a directory traversal authentication bypass vulnerability in Qlik Sense Enterprise for Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-41266 CVSS 6.5
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 17, 2023
43338: HTTP: WordPress tagDiv Composer Plugin Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in the tagDiv Composer plugin for WordPress.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-3169 CVSS 6.1
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 17, 2023
43339: ZDI-CAN-21710: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 17, 2023
43340: ZDI-CAN-22051: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 17, 2023
43341: ZDI-CAN-22055: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 17, 2023
43342: ZDI-CAN-22059: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 17, 2023
43343: ZDI-CAN-22060: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 17, 2023
43344: HTTP: Atlassian Confluence Server and Data Center Broken Access Control Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a broken access control vulnerability in Atlassian Confluence Server and Confluence Data Center.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-22515
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: October 17, 2023
Modified Filters (logic changes):
* = Enabled in Default deployments
* 7154: UDP: Overlong Length (IPv4)
- IPS Version: Not available.
- TPS Version: 5.5.5 only.
- vTPS Version: 5.5.5 only.
- Requires: TOS Version 5.5.5 only
- Name changed from "7154: UDP: Overlong Length".
- Description updated.
- Detection logic updated.
- Release Date: May 16, 2023
- Last Modified Date: October 17, 2023
13515: HTTP: Attempt to invoke JMXInvokerServlet or EJBInvokerServlet (ZDI-13-229)
- IPS Version: 3.1.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 04, 2014
- Last Modified Date: October 17, 2023
* 16858: HTTP: Microsoft .NET Framework Integer Underflow Vulnerability
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 14, 2014
- Last Modified Date: October 17, 2023
17116: HTTP: Sophos Web Protection Appliance Command Injection Vulnerability
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: February 24, 2015
- Last Modified Date: October 17, 2023
25441: TLS: OpenSSL tls_get_message_body Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Release Date: November 01, 2016
- Last Modified Date: October 17, 2023
* 25625: TLS: IBM Cognos TM1 Admin Server and Cognos Express tm1admsd.exe Buffer Overflow (ZDI-12-101)
- IPS Version: 3.1.3 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Release Date: November 15, 2016
- Last Modified Date: October 17, 2023
* 28287: HTTP: HPE Intelligent Management Center Insecure Deserialization (ZDI-17-831-33,ZDI-17-850-55)
- IPS Version: 3.1.3 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: May 23, 2017
- Last Modified Date: October 17, 2023
36882: UDP: Microsoft Remote Desktop Gateway Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: January 14, 2020
- Last Modified Date: October 17, 2023
41240: TCP: Redis Lua Remote Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: May 03, 2022
- Last Modified Date: October 17, 2023
43052: HTTP: Delta Electronics CNCSoft-B DPA Buffer Overflow Vulnerability (ZDI-23-1400)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43052: ZDI-CAN-21390: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft-B)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: October 17, 2023
43151: HTTP: Visualware MyConnection Server doPostUploadfiles Directory Traversal (ZDI-23-1396)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43151: ZDI-CAN-21612: Zero Day Initiative Vulnerability (Visualware MyConnection Server)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 22, 2023
- Last Modified Date: October 17, 2023
43152: HTTP: Visualware MyConnection Server doIForward XML External Entity Vulnerability (ZDI-23-1397)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43152: ZDI-CAN-21774: Zero Day Initiative Vulnerability (Visualware MyConnection Server)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 22, 2023
- Last Modified Date: October 17, 2023
43303: HTTP: Progress WS_FTP Server Ad Hoc Transfer Insecure Deserialization Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43303: HTTP: Progress WS_FTP Insecure Deserialization Vulnerability".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Deployments updated and are now:
- Deployment: Security-Optimized (Block / Notify)
- Release Date: October 03, 2023
- Last Modified Date: October 17, 2023
Modified Filters (metadata changes only):
* = Enabled in Default deployments
13761: HTTP: HP OpenView Performance Agent Multiple Opcodes Communication
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Release Date: April 01, 2014
- Last Modified Date: October 17, 2023
41677: HTTP: D-Link Multiple Products SetSysEmailSettings Command Injection Vulnerability (ZDI-22-1500)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "41677: HTTP: D-Link DIR-1935 SetSysEmailSettings Command Injection Vulnerability (ZDI-22-1500)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 30, 2022
- Last Modified Date: October 17, 2023
42666: HTTP: D-Link Routers Authentication Algorithm Authentication Bypass Vulnerability (ZDI-23-627,628)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42666: HTTP: D-Link DIR-2150 Authentication Algorithm Authentication Bypass Vulnerability (ZDI-23-627,628)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 09, 2023
- Last Modified Date: October 17, 2023
42667: HTTP: D-Link Multiple Products SetNTPServerSettings Command Injection Vulnerability(ZDI-23-631,1522)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42667: HTTP: D-Link DIR-2150 SetNTPServerSettings Command Injection Vulnerability (ZDI-23-631)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 09, 2023
- Last Modified Date: October 17, 2023
42670: HTTP: D-Link Routers SetSysEmailSettings Command Injection Vulnerability (ZDI-23-625,626,629)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42670: HTTP: D-Link DIR-2150 SetSysEmailSettings Command Injection Vulnerability (ZDI-23-625,626,629)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 09, 2023
- Last Modified Date: October 17, 2023
42671: HTTP: D-Link Routers SetTriggerPPPoEValidate Username Command Injection Vulnerability (ZDI-23-632)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42671: HTTP: D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Vulnerability (ZDI-23-632)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 09, 2023
- Last Modified Date: October 17, 2023
* 43003: HTTP: Microsoft Exchange ProjectInstance Deserialization of Data Vulnerability(ZDI-23-1418)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43003: ZDI-CAN-21490: Zero Day Initiative Vulnerability (Microsoft Exchange)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: July 25, 2023
- Last Modified Date: October 17, 2023
* 43004: HTTP: Microsoft Exchange ApprovedApplicationCollection Deserialization Vulnerability (ZDI-23-1419)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43004: ZDI-CAN-21498: Zero Day Initiative Vulnerability (Microsoft Exchange)".
- Description updated.
- Vulnerability references updated.
- Release Date: July 25, 2023
- Last Modified Date: October 17, 2023
* 43028: HTTP: Microsoft Exchange SharedTypeResolver Insecure Deserialization Vulnerability (ZDI-23-1448)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43028: ZDI-CAN-21488: Zero Day Initiative Vulnerability (Microsoft Exchange)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: October 17, 2023
43080: HTTP: Foxit PDF Reader Doc Object Use-After-Free Vulnerability (ZDI-23-1425)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43080: ZDI-CAN-21676: Zero Day Initiative Vulnerability (Foxit PDF Reader)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: October 17, 2023
43181: HTTP: Foxit PDF Reader Annotation Use-After-Free Vulnerability (ZDI-23-1426)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43181: ZDI-CAN-21869: Zero Day Initiative Vulnerability (Foxit PDF Reader)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: August 29, 2023
- Last Modified Date: October 17, 2023
43211: TCP: Rockwell Automation ThinManager ThinServer Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Release Date: September 12, 2023
- Last Modified Date: October 17, 2023
43233: HTTP: WordPress Kadence Blocks Plugin Advanced Form Unrestricted File Upload Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Release Date: September 19, 2023
- Last Modified Date: October 17, 2023
Removed Filters: None
|
Welcome to the future of Business Support! I'm Trend Companion, your
AI assistant ready to streamline your experience.
Log in for your personalized support!
Chat with Trend Companion for quick answers, or submit a case for
detailed troubleshooting.