| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before November 13, 2018. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE # | TippingPoint Filter # | Status |
| CVE-2018-8256 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8407 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8408 | 33415 | |
| CVE-2018-8415 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8416 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8417 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8450 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8454 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8471 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8476 | 33416 | |
| CVE-2018-8485 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8522 | 33417 | |
| CVE-2018-8524 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8539 | 33419 | |
| CVE-2018-8541 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8542 | 33420 | |
| CVE-2018-8543 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8544 | *33407 | |
| CVE-2018-8545 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8546 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8547 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8549 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8550 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8551 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8552 | 33422 | |
| CVE-2018-8553 | 33423 | |
| CVE-2018-8554 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8555 | 33425 | |
| CVE-2018-8556 | 33426 | |
| CVE-2018-8557 | 33427 | |
| CVE-2018-8558 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8561 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8562 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8563 | 33429 | |
| CVE-2018-8564 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8565 | 33430 | |
| CVE-2018-8566 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8567 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8568 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8570 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8572 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8573 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8574 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8575 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8576 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8577 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8578 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8579 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8581 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8582 | 33431 | |
| CVE-2018-8584 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8588 | 33433 | |
| CVE-2018-8589 | 33434 | |
| CVE-2018-8592 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8600 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8602 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8605 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8606 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8607 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8608 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8609 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
33372: HTTP: ISPConfig Hosting Control Panel user_settings.php Arbitrary File Inclusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an arbitrary file inclusion vulnerability in ISPConfig Hosting Control Panel.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17984
33415: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8408
33416: TFTP: Microsoft Windows Deployment Services Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows Deployment Services.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8476
33417: HTTP: Microsoft Outlook Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Outlook.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8522
33419: HTTP: Microsoft Office Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8539
33420: HTTP: Microsoft Edge MergeWithObject Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8542
33422: HTTP: Microsoft VBScript Engine VbsFilter Out-Of-Bounds Write Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a out-of-bounds write vulnerability in Microsoft VBScript Engine.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8552
33423: HTTP: Microsoft Windows Win32k Out-Of-Bounds Write Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8553
33425: HTTP: Microsoft Edge JIT Engine Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8555
33426: HTTP: Microsoft Edge TypedArray Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8556
33427: HTTP: Microsoft Edge JIT getPrototypeOf Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8557
33429: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8563
33430: HTTP: Microsoft API SetWindowPos Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an information disclosure in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8565
33431: HTTP: Microsoft Outlook Rule Import Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Outlook.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8582
33433: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8588
33434: HTTP: Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8589
33435: HTTP: Apache Hadoop YARN ResourceManager Command Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command execution vulnerability in Apache Hadoop YARN ResourceManager.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33442: ZDI-CAN-6762: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33443: ZDI-CAN-6763,6764,6767: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33460: HTTP: Microsoft Windows Shell Object Creation Detection
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: The filter detects the instantiation of a Shell object in Windows Shell Component Object Model (COM).
- Deployments:
- Deployment: Performance-Optimized (Block / Notify)
33462: ZDI-CAN-7115: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33463: ZDI-CAN-6918: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33464: ZDI-CAN-7256: Zero Day Initiative Vulnerability (Microsoft Office Excel)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33465: HTTP: Responsive FileManager upload.php Zip Directory Traversal Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Responsive FileManager.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-15536
33466: HTTP: VBScript chr() and Clng() Suspicious Functions Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter attempts to detect the usage of the chr() and Clng() methods in the Microsoft VBScript Engine.
- Deployments:
- Deployment: Performance-Optimized (Block / Notify)
33468: ZDI-CAN-7136: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33470: ZDI-CAN-6772: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33471: ZDI-CAN-6774: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33472: ZDI-CAN-7133: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33473: ZDI-CAN-7135: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33475: HTTP: LibTIFF JBIGDecode Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in LibTIFF.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 105749
- Common Vulnerabilities and Exposures: CVE-2018-18557
33476: TCP: QNX Neutrino QCONN Connection Attempt
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to establish a connection to QNX Neutrino QCONN.
- Deployment: Not enabled by default in any deployment.
33477: ZDI-CAN-7148: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33479: SIP: Session Initiation Protocol Invalid Sent-by Address Header Value (UDP)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Session Initiation Protocol traffic, which is generally associated with Voice over IP (VoIP), via UDP.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 105768
- Common Vulnerabilities and Exposures: CVE-2018-15454
33481: SIP: Session Initiation Protocol Invalid Sent-by Address Header Value (TCP)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Session Initiation Protocol traffic, which is generally associated with Voice over IP (VoIP), via TCP.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 105768
- Common Vulnerabilities and Exposures: CVE-2018-15454
33482: ZDI-CAN-7156: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33483: HTTP: Microsoft .NET Framework FromBase64String Method Detection
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the usage of the FromBase64String method in Microsoft's .NET Framework.
- Deployments:
- Deployment: Performance-Optimized (Block / Notify)
33484: HTTP: Microsoft Windows Shell.ShellExecute Method Detection
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the Shell.ShellExecute Method in the Microsoft Windows Shell SDK.
- Deployments:
- Deployment: Performance-Optimized (Block / Notify)
33485: ZDI-CAN-7120: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33486: ZDI-CAN-7165: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33487: ZDI-CAN-7121: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33488: ZDI-CAN-7122: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33489: ZDI-CAN-7123: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33490: ZDI-CAN-7124: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33491: ZDI-CAN-7125: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33492: ZDI-CAN-7126: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33494: ZDI-CAN-7127: Zero Day Initiative Vulnerability (Schneider Electric IIot Monitor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric IIot Monitor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33496: ZDI-CAN-7250: Zero Day Initiative Vulnerability (Bitdefender SafePay)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Bitdefender SafePay.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33499: ZDI-CAN-7272,7297,7298: Zero Day Initiative Vulnerability (Adobe Reader DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33500: ZDI-CAN-7114: Zero Day Initiative Vulnerability (LAquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33501: ZDI-CAN-7113: Zero Day Initiative Vulnerability (LAquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33513: ZDI-CAN-7232: Zero Day Initiative Vulnerability (Drupal 8)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Drupal 8.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33514: ZDI-CAN-7246: Zero Day Initiative Vulnerability (Drupal 8)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Drupal 8.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33515: ZDI-CAN-6492: Zero Day Initiative Vulnerability (LAquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33518: HTTP: Microsoft Outlook Rule Import Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Outlook.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8587
33527: HTTP: Adobe ColdFusion Arbitrary File Upload
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the upload of a file to the upload.cfm page.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-15961
Modified Filters (logic changes):
* = Enabled in Default deployments
32354: TCP: Advantech WebAccess Client bwwebd Buffer Overflow Vulnerability (ZDI-18-1313)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32354: ZDI-CAN-6301: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32356: RPC: Advantech WebAccess Client bwnodeip Buffer Overflow Vulnerability (ZDI-18-1314)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32356: ZDI-CAN-6302: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32709: TCP: Delta Industrial Automation TPEditor Memory Corruption Vulnerability (ZDI-18-1237)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32709: ZDI-CAN-6449: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32710: TCP: Delta Industrial Automation TPEditor Buffer Overflow Vulnerability (ZDI-18-1236)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32710: ZDI-CAN-6448: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32711: TCP: LAquis SCADA LQS File Parsing Information Disclosure Vulnerability (ZDI-18-1255)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32711: ZDI-CAN-6447: Zero Day Initiative Vulnerability (LAquis SCADA)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32712: TCP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-18-1279)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32712: ZDI-CAN-6446: Zero Day Initiative Vulnerability (OMRON CX-One)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32716: TCP: OMRON CX-Supervisor SCS File Information Disclosure Vulnerability (ZDI-18-1280)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32716: ZDI-CAN-6427: Zero Day Initiative Vulnerability (OMRON CX-One)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32734: RPC: Advantech Webaccess Client bwwebv Buffer Overflow Vulnerability (ZDI-18-1304)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32734: ZDI-CAN-6292: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32735: RPC: Advantech Webaccess Client upandpr Buffer Overflow Vulnerability (ZDI-18-1305)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32735: ZDI-CAN-6293: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32737: RPC: Advantech Webaccess Client bwclrptw Buffer Overflow Vulnerability (ZDI-18-1306)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32737: ZDI-CAN-6294: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32739: RPC: Advantech Webaccess Client bwclient Buffer Overflow Vulnerability (ZDI-18-1307)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32739: ZDI-CAN-6295: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32740: RPC: Advantech Webaccess Client bwprtscr Buffer Overflow Vulnerability (ZDI-18-1308)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32740: ZDI-CAN-6296: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32741: RPC: Advantech Webaccess Client bwsound Buffer Overflow Vulnerability (ZDI-18-1309)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32741: ZDI-CAN-6297: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32742: RPC: Advantech Webaccess Client bwsound2 Buffer Overflow Vulnerability (ZDI-18-1310)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32742: ZDI-CAN-6298: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32743: RPC: Advantech Webaccess Client bwrunmi Buffer Overflow Vulnerability (ZDI-18-1311)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32743: ZDI-CAN-6299: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32746: HTTP: Delta Industrial Automation TPEditor TPE File Buffer Overflow Vulnerability (ZDI-18-1238)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32746: ZDI-CAN-6442: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32747: HTTP: Delta Industrial Automation TPEditor CC3260MT Out-of-Bounds Write Vulnerability (ZDI-18-1239)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32747: ZDI-CAN-6443: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32762: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-18-1283)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32762: ZDI-CAN-6403: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 33304: HTTP: Foxit Reader XFA Form count Use-After-Free Vulnerability (ZDI-18-1217)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33304: ZDI-CAN-6477: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 33307: HTTP: Foxit Reader XFA TimeField deleteItem Use-After-Free Vulnerability (ZDI-18-1221)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33307: ZDI-CAN-6478: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 33308: HTTP: Foxit Reader XFA TimeField colSpan Use-After-Free Vulnerability (ZDI-18-1225)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33308: ZDI-CAN-6479: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 33309: HTTP: Foxit Reader XFA TimeField editValue Use-After-Free Vulnerability (ZDI-18-1229)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33309: ZDI-CAN-6480: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 33310: HTTP: Foxit Reader XFA TimeField addItem Use-After-Free Vulnerability (ZDI-18-1197)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33310: ZDI-CAN-6481: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33342: HTTP: LAquis SCADA editorldriver Buffer Overflow Vulnerability (ZDI-18-1259)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33342: ZDI-CAN-6546: Zero Day Initiative Vulnerability (LAquis SCADA)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33396: TCP: Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 33407: HTTP: Microsoft Internet Explorer Scripting.Dictionary Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33407: ZDI-CAN-6749: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
3593: HTTP: SQL Injection in URL Parameters (UNION)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3593: HTTP: SQL Injection (UNION)".
- Description updated.
5669: HTTP: SQL Injection in TCP Payload (UNION)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5669: HTTP: SQL Injection (UNION)".
- Description updated.
11171: HTTP: SQL Injection in URI Path (UNION)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "11171: HTTP: SQL Injection (UNION)".
- Description updated.
Removed Filters: None