|
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC). |
| |
|
System Requirements |
The 3.2.0 DV is supported on devices running TOS 5.x and earlier.
The 4.0.0 DV is supported on devices running TOS 6.x or higher, as
well as vTPS. Please note that vTPS does not currently support pre-disclosed ZDI filters.
|
| |
|
The Digital Vaccine can be manually downloaded from the following URLs:
|
New Filters:
46530: ZDI-CAN-28150: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Endpoint Manager.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Evaluation (Permit / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: November 25, 2025
46674: ZDI-CAN-27591,27593-27596: Zero Day Initiative Vulnerability (Progress Software Kemp LoadMaster)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Progress Software Kemp LoadMaster.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Evaluation (Permit / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46678: HTTP: Suspicious TIFF File Upload with Large ImageLength
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the upload of TIFF image files with abnormally large ImageLength tag values.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2025-9900
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46679: HTTP: Netgate pfSense suricata_filecheck.php filehash Reflected Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a reflected cross-site scripting vulnerability in Netgate pfSense.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-34175 CVSS 6.2
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46680: HTTP: Linksys Router apply.cgi Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Linksys Router.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: November 25, 2025
46681: HTTP: Argo Project Argo CD Azure DevOps Webhook Denial-of-Service Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Argo Project Argo CD.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-59538 CVSS 7.5
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46682: HTTP: Siemens SINEC NMS System Monitoring SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Siemens SINEC NMS.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-40755 CVSS 7.7
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46687: HTTP: Linksys E-Series Router tmUnblock.cgi Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Linksys E-Series Routers.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-34037
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: November 25, 2025
46688: HTTP: BYTEVALUE Intelligent Flow Router webRead Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in BYTEVALUE Intelligent Flow Router.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: November 25, 2025
46690: HTTP: Oracle PeopleSoft Enterprise PeopleTools Arbitrary File Read Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an arbitrary file read vulnerability in Oracle PeopleSoft Enterprise.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-22047
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46691: HTTP: React Native Metro Development Server OS Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in React Native Metro Development Server.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-11953
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: November 25, 2025
46692: HTTP: Apache Tomcat Relative Path Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a path traversal vulnerability in Apache Tomcat.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-55752
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
46702: HTTP: Oracle Identity Manager Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a code execution vulnerability in Oracle Identity Manager.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-61757 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: November 25, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
45008: HTTP: Delta Electronics CNCSoft-G2 DPAX File Parsing Buffer Overflow Vulnerability (ZDI-25-967)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45008: ZDI-CAN-25407: Zero Day Initiative Vulnerability (Delta Electronics CNCSoft-G2)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 19, 2024
- Last Modified Date: November 25, 2025
* 46159: HTTP: Fortinet FortiWeb policy_scripting_post_handler Command Injection Vulnerability (ZDI-25-1014)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "46159: ZDI-CAN-27383: Zero Day Initiative Vulnerability (Fortinet FortiWeb)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: July 15, 2025
- Last Modified Date: November 25, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
13855: TCP: XML External Entity (XXE) Usage
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
- Release Date: April 28, 2014
- Last Modified Date: November 25, 2025
* 44385: HTTP: Ivanti Endpoint Manager DBDR SQL Injection Vulnerability(ZDI-24-1498,1499,1500,25-937,943,944)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: June 18, 2024
- Last Modified Date: November 25, 2025
45859: HTTP: Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-25-955)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45859: ZDI-CAN-26628: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 13, 2025
- Last Modified Date: November 25, 2025
* 46115: HTTP: Ivanti Endpoint Manager MP_QueryDetail SQL Injection Vulnerability (ZDI-25-940)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: July 01, 2025
- Last Modified Date: November 25, 2025
46122: HTTP: Delta Electronics ASDA-Soft PAR File Parsing Buffer Overflow Vulnerability (ZDI-25-977)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "46122: ZDI-CAN-27086: Zero Day Initiative Vulnerability (Delta Electronics ASDA-Soft)".
- Description updated.
- Vulnerability references updated.
- Release Date: July 08, 2025
- Last Modified Date: November 25, 2025
Removed Filters: None
|
