Views:
Table of Contents
--------------------------
  New Filters - 13
  Modified Filters (logic changes) - 2
  Modified Filters (metadata changes only) - 0
  Removed Filters - 0
  New Filters: 

    43627: TLS: ProtonVPN in Client Hello SNI Extension
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to use ProtonVPN.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: SSL/TLS
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43628: SMB: Linux Kernel ksmbd Compounded Session Setup Information Disclosure Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in the Linux kernel KSMBD.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-3867
      - Classification: Vulnerability - Access Validation
      - Protocol: SMB
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: January 09, 2024

    43629: QUIC: quic-go CRYPTO ACK Nil Pointer Dereference Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a nil pointer dereference in quic-go CRYPTO ACK traffic.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-46239
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: UDP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43630: HTTP: ProtonVPN User Authentication Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to use ProtonVPN.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43631: UDP: ProtonVPN OpenVPN Certificate Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to use ProtonVPN.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: UDP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43632: TLS: ProtonVPN OpenVPN Certificate Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to use ProtonVPN.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: SSL/TLS
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43636: HTTP: F5 BIG-IP dbquery.jsp SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in F5 BIG-IP.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-46748 CVSS 6.4
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43637: HTTP: Netgate pfSense Interfaces GIF GRE Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Netgate pfSense.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-42326 CVSS 8.6
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: January 09, 2024

    43639: HTTP: Apache OFBiz Authentication Bypass Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Apache OFBiz.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-51467
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43640: HTTP: Craft CMS Arbitrary File Upload Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Craft CMS.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-41892
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43641: SSH: Insecure Key Exchange Cipher Usage (Server)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the usage of insecure ciphers in SSH. The specific ciphers being detected are ChaCha20-Poly1305 and CBC-EtM.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-48795
      - Classification: Security Policy - Other
      - Protocol: SSH
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43642: HTTP: Apache OFBiz Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Apache OFBiz.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-51467
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

    43643: SSH: Insecure Key Exchange Cipher Usage (Client)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the usage of insecure ciphers in SSH. The specific ciphers being detected are ChaCha20-Poly1305 and CBC-EtM.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-48795
      - Classification: Security Policy - Other
      - Protocol: SSH
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 09, 2024

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38608: HTTP: Trend Micro IWSVA Console CSRF Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: January 09, 2024

    * 43563: HTTP: Apache Struts 2 Code Execution Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: December 19, 2023
      - Last Modified Date: January 09, 2024

  Modified Filters (metadata changes only): None

  Removed Filters: None
Keywords: Digital Vaccine #9863