|
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before February 11, 2020. The following table maps TippingPoint filters to the Microsoft CVEs. |
||
| CVE | Filter | Status |
| CVE-2020-0618 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0655 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0657 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0658 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0659 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0660 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0661 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0662 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0663 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0665 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0666 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0667 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0668 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0669 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0670 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0671 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0672 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0673 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0674 | 36973 | |
| CVE-2020-0675 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0676 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0677 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0678 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0679 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0680 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0681 | 37093 | |
| CVE-2020-0682 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0683 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0685 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0686 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0688 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0689 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0691 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0692 | 37063 | |
| CVE-2020-0693 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0694 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0695 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0696 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0697 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0698 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0701 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0702 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0703 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0704 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0705 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0706 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0707 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0708 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0709 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0710 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0711 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0712 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0713 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0714 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0715 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0716 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0717 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0719 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0720 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0721 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0722 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0723 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0724 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0725 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0726 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0727 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0728 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0729 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0730 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0731 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0732 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0733 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0734 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0735 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0736 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0737 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0738 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0739 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0740 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0741 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0742 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0743 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0744 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0745 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0746 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0747 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0748 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0749 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0750 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0751 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0752 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0753 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0754 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0755 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0756 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0759 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0767 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2020-0792 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
|
Adobe Security Bulletins This DV includes coverage for the Adobe vulnerabilities released on or before February 11, 2020. The following table maps TippingPoint filters to the Adobe CVEs. |
||
| Bulletin | CVE | Filter |
| APSB20-05 | CVE-2020-3741 | 37078 |
| APSB20-05 | CVE-2020-3742 | 37079 |
| APSB20-05 | CVE-2020-3743 | 37080 |
| APSB20-05 | CVE-2020-3744 | 37081 |
| APSB20-05 | CVE-2020-3745 | 37082 |
| APSB20-05 | CVE-2020-3746 | 37083 |
| APSB20-05 | CVE-2020-3747 | 37084 |
| APSB20-05 | CVE-2020-3748 | 36943 |
| APSB20-05 | CVE-2020-3749 | 37086 |
| APSB20-05 | CVE-2020-3750 | 37087 |
| APSB20-05 | CVE-2020-3751 | 37088 |
| APSB20-05 | CVE-2020-3752 | 37089 |
| APSB20-05 | CVE-2020-3754 | 37090 |
| APSB20-05 | CVE-2020-3755 | 37091 |
| APSB20-06 | CVE-2020-3757 | 37092 |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
Table of Contents
--------------------------
Filters
New Filters - 36
Modified Filters (logic changes) - 13
Modified Filters (metadata changes only) - 46
Removed Filters - 0
Filters
----------------
New Filters:
36892: ZDI-CAN-9471: Zero Day Initiative Vulnerability (DLink DIR-882)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: High
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting DLink DIR-882.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
36943: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3748
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37019: ZDI-CAN-9997: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37020: MQTT: Cesanta Mongoose parse_mqtt Server Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cesanta Mongoose.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-19307
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
37021: MQTT: Cesanta Mongoose parse_mqtt Client Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cesanta Mongoose.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-19307
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: TCP (Generic)
- Platform: Multi-Platform Client Application
37023: HTTP: Nagios XI nocscreenapi.php Cross-Site Scripting Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios XI.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-20139 CVSS 3.5
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37024: ZDI-CAN-10402: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37025: ZDI-CAN-10378: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37033: HTTP: Cacti Group Cacti graphs.php SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL Injection vulnerability in Cacti.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-17357 CVSS 4.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37034: ZDI-CAN-10376: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37036: ZDI-CAN-10120: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server Lite.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37037: ZDI-CAN-10119: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server Lite.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37049: ZDI-CAN-10073: Zero Day Initiative Vulnerability (Trend Micro Worry-Free Business Security)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Worry-Free Business Security.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37050: ZDI-CAN-10054: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37051: ZDI-CAN-10039: Zero Day Initiative Vulnerability (Microsoft JET Database)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37063: HTTP: HTTP X-JsonProxySecurityContext Header Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the use of the X-JsonProxySecurityContext HTTP header in an HTTP request.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2020-0692
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37067: ZDI-CAN-9692: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37068: ZDI-CAN-9693: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37069: ZDI-CAN-9699: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37070: HTTP: ELOG Project ELOG retrieve_url Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in the ELOG Server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-3993 CVSS 5.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
37071: ZDI-CAN-9700: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
37078: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3741
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37079: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3742
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37080: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3743
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37081: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3744
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37082: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3745
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37083: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3746
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37084: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a out-of-bounds read vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3747
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37086: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3749
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37087: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3750
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37088: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3751
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37089: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3752
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37090: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3754
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37091: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3755
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37092: HTTP: Adobe Flash Player Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Adobe Flash Player.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-3757
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
37093: RDP: Microsoft Remote Desktop Services serverMultiTransportData Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to use serverMultiTransportData during a remote desktop session.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2020-0681
- Classification: Security Policy - Other
- Protocol: TCP (Generic)
- Platform: Windows Client Application
Modified Filters (logic changes):
* = Enabled in Default deployments
4560: HTTP: HTTP Request Smuggling
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4560: HTTP: Apache Request Smuggling".
- Description updated.
- Detection logic updated.
* 21913: TCP: Oracle Java Apache Commons Collection Library Command Execution Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
35414: HTTP: Apple Safari FrameDestructionObserver Use-After-Free Vulnerability (ZDI-19-920)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35414: ZDI-CAN-8574: Zero Day Initiative Vulnerability (Apple Safari)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35822: HTTP: Apple macOS AudioToolbox MP4 Parsing Integer Overflow Vulnerability (ZDI-19-1027)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35822: ZDI-CAN-8806: Zero Day Initiative Vulnerability (Apple macOS)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 36020: HTTP: Adobe Media Encoder CC MP4 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-907)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36020: ZDI-CAN-8804: Zero Day Initiative Vulnerability (Adobe Media Encoder CC)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36186: HTTP: Cisco Data Center Network Manager SQL Injection Vulnerability (ZDI-20-055)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36186: ZDI-CAN-9134: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36273: HTTP: Cisco Data Center Network Manager getHostEnclList SQL Injection Vulnerability (ZDI-20-034)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36273: ZDI-CAN-9067,9072: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36519: HTTP: Cisco Data Center Network Manager createSite SQL Injection Vulnerability (ZDI-20-095)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36519: ZDI-CAN-9267: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36585: HTTP: Cisco Data Center Network Manager getSanIslStatJoinList SQL Injection (ZDI-20-072)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36585: ZDI-CAN-9192: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36609: HTTP: Cisco Data Center Network Manager getPortGroupStatList SQL Injection (ZDI-20-078)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36609: ZDI-CAN-9198: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36691: HTTP: Cisco Data Center Network Manager createSite getIp SQL Injection Vulnerability (ZDI-20-094)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36691: ZDI-CAN-9266: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
36876: HTTP: Citrix Application Delivery Controller (ADC) Directory Traversal Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 36973: HTTP: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
2349: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2349: MS-RPC: DCOM ISystemActivator Request".
2350: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2350: MS-RPC: DCOM IRemoteActivation Request".
2351: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2351: MS-RPC: DCOM IRemoteActivation Request".
2352: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2352: MS-RPC: DCOM ISystemActivator Request".
2353: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2353: MS-RPC: DCOM ISystemActivator Request".
2354: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2354: MS-RPC: DCOM IRemoteActivation Request".
2460: SMTP: Zip Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2460: SMTP: Zip Attachment Containing .scr File".
2462: POP/IMAP: Zip Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2462: POP/IMAP: Zip Attachment Containing .scr File".
2558: HTTP: HTTP CONNECT TCP Tunnel to other than http ports (ATT&CK T1071)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2558: HTTP: HTTP CONNECT TCP Tunnel to other than http ports".
2559: HTTP: HTTP CONNECT TCP Tunnel (ATT&CK T1071)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2559: HTTP: HTTP CONNECT TCP Tunnel".
2620: SMTP: Zip Attachment (ATT&CK T1002)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2620: SMTP: Zip Attachment".
2714: SMTP: Rar Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2714: SMTP: Rar Attachment Containing .scr File".
2715: POP/IMAP: Rar Attachment Containing .scr File (ATT&CK T1180)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2715: POP/IMAP: Rar Attachment Containing .scr File".
2796: SMB: Windows Repeated Logon Failure (Possible Brute Force) (ATT&CK T1110)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "2796: SMB: Windows Repeated Logon Failure (Possible Brute Force)".
3039: HTTP: Suspicious UNC HREF (ATT&CK T1129)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3039: HTTP: Suspicious UNC HREF".
3040: SMTP: Suspicious UNC HREF (ATT&CK T1129)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3040: SMTP: Suspicious UNC HREF".
3041: POP/IMAP: Suspicious UNC HREF (ATT&CK T1129)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3041: POP/IMAP: Suspicious UNC HREF".
3258: HTTP: Possible ASP.Net Authentication Bypass (ATT&CK T1212)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3258: HTTP: Possible ASP.Net Authentication Bypass".
3314: HTTP: Obfuscated JScript/VBScript Code (ATT&CK T1027)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3314: HTTP: Obfuscated JScript/VBScript Code".
3436: Tunneling: LogMeIn Remote Control SSL Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3436: Tunneling: LogMeIn Remote Control SSL Connection".
3573: PPTP: VPN Session Startup (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3573: PPTP: VPN Session Startup".
3576: ISAKMP: IPSec VPN Session Startup (TCP) (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3576: ISAKMP: IPSec VPN Session Startup (TCP)".
3584: ISAKMP: IPSec VPN Session Startup (UDP) (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3584: ISAKMP: IPSec VPN Session Startup (UDP)".
3892: SSL: SSLv2 Negotiation (ATT&CK T1032)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3892: SSL: SSLv2 Negotiation".
3975: SMTP: UPX Compressed Binary Attachment (ATT&CK T1045)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "3975: SMTP: UPX Compressed Binary Attachment".
4020: VPN: SoftEther VPN Connection Attempt (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4020: VPN: SoftEther VPN Connection Attempt".
4079: SMTP: gzip Compressed Attachment (ATT&CK T1002)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4079: SMTP: gzip Compressed Attachment".
4111: HTTP: UPX Compressed Binary Download (ATT&CK T1045)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4111: HTTP: UPX Compressed Binary Download".
4151: VPN: SoftEther VPN Connection Attempt (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4151: VPN: SoftEther VPN Connection Attempt".
4405: RADMIN: Famtech Remote Administrator (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4405: RADMIN: Famtech Remote Administrator".
4410: RFB: VNC NULL Authentication Method Request (ATT&CK T1133,T1076,T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4410: RFB: VNC NULL Authentication Method Request".
4652: HTTP: BBProxy Download (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4652: HTTP: BBProxy Download".
4658: VPN: Hamachi VPN Connection (ATT&CK T1133)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4658: VPN: Hamachi VPN Connection".
4704: ICMP: Ping Tunnel Proxy Reply (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4704: ICMP: Ping Tunnel Proxy Reply".
4815: Tunneling: RemotelyAnywhere SSL Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4815: Tunneling: RemotelyAnywhere SSL Connection".
4816: Tunneling: RemotelyAnywhere SSL Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4816: Tunneling: RemotelyAnywhere SSL Connection".
4817: Tunneling: RemotelyAnywhere Cleartext Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4817: Tunneling: RemotelyAnywhere Cleartext Connection".
4818: Tunneling: RemotelyAnywhere Cleartext Connection (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4818: Tunneling: RemotelyAnywhere Cleartext Connection".
4837: HTTP: GhostSurf Proxy HTTP Access (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4837: HTTP: GhostSurf Proxy HTTP Access".
4887: Tunneling: GetByMail SMTP Remote Control (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4887: Tunneling: GetByMail SMTP Remote Control".
4945: HTTP: JBoss jmx-console Remote Command Execution (ATT&CK T1210)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "4945: HTTP: JBoss jmx-console Remote Command Execution".
5097: Tunneling: GoToMyPC Software (ATT&CK T1219)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5097: Tunneling: GoToMyPC Software".
5195: HTTP: PHProxy Online Web Proxy Attempt (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5195: HTTP: PHProxy Online Web Proxy Attempt".
5199: HTTP: CGIProxy Online Web Proxy Request (ATT&CK T1090)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "5199: HTTP: CGIProxy Online Web Proxy Request".
9896: IP: IP Protocol 0 (IPv6 hop-by-hop option)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Deployments updated and are now:
- No Deployments.
36021: HTTP: Oracle ADF Faces Remote Regions Insecure Deserialization Vulnerability (ZDI-19-1024)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "36021: ZDI-CAN-8823: Zero Day Initiative Vulnerability (Oracle ADF Faces)".
- Description updated.
- Vulnerability references updated.
Removed Filters: None
Top of the Page