New Filters:
43569: HTTP: Splunk Enterprise getJobAsset Arbitrary File Write Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an arbitrary file write vulnerability in Splunk Enterprise.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-46214 CVSS 8.9
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 02, 2024
43583: ZDI-CAN-22835: Zero Day Initiative Vulnerability (Ivanti Avalanche)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Avalanche.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: January 02, 2024
43584: ZDI-CAN-22836: Zero Day Initiative Vulnerability (Ivanti Avalanche)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Avalanche.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: January 02, 2024
43585: ZDI-CAN-22854: Zero Day Initiative Vulnerability (Ivanti Avalanche)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Avalanche.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: January 02, 2024
43586: ZDI-CAN-22865: Zero Day Initiative Vulnerability (Ivanti Avalanche)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Avalanche.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: January 02, 2024
43601: HTTP: Apache OFBiz XMLRPC Insecure Deserialization Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Apache OFBiz.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-49070 CVSS 8.8
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 02, 2024
43602: HTTP: Squid Proxy Digest nc Buffer Overflow Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Squid Proxy.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-46847 CVSS 7.7
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 02, 2024
43606: HTTP: Nagios XI OS Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an OS command injection vulnerability in Nagios XI.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-5792
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 02, 2024
43624: HTTP: Netgate pfSense diag_packet_capture.php Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Netgate pfSense.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-48123
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: January 02, 2024
43625: TCP: Portable Executable Magic Bytes
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects a Portable Executable file transfer over TCP.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: TCP (Generic)
- Platform: Windows Client Application
- Release Date: January 02, 2024
43626: HTTP: LightCMS Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in LightCMS.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2021-3355
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 02, 2024
Modified Filters (logic changes):
* = Enabled in Default deployments
37813: TCP: XMRig Miner JSON Requests
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37813: TCP: XMRig Miner - (Login Request)".
- Description updated.
- Detection logic updated.
- Release Date: June 30, 2020
- Last Modified Date: January 02, 2024
Modified Filters (metadata changes only):
* = Enabled in Default deployments
42533: HTTP: LG LED Assistant upload Directory Traversal Vulnerability (ZDI-23-1221)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Vulnerability references updated.
- Release Date: April 04, 2023
- Last Modified Date: January 02, 2024
Removed Filters: None
|
Welcome to the future of Business Support! I'm Trend Companion, your
AI assistant ready to streamline your experience.
Log in for your personalized support!
Chat with Trend Companion for quick answers, or submit a case for
detailed troubleshooting.