Views:
Table of Contents
--------------------------
  New Filters - 15
  Modified Filters (logic changes) - 3
  Modified Filters (metadata changes only) - 4
  Removed Filters - 0		 
  New Filters: 

    44955: HTTP: Ivanti Connect Secure OpenSSL CRLF Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a CRLF injection vulnerability in Ivanti Connect Secure.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-37404
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45009: HTTP: Ivanti Cloud Services Appliance setBrokerConfigValue SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL Injection vulnerability in Ivanti Cloud Services Appliance.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-9379 CVSS 6.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45018: HTTP: VMware Spring Cloud Data Flow Skipper Server YAML Insecure Array Deserialization Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in VMware Spring Cloud Data Flow.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-37084 CVSS 8.8
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45026: HTTP: WordPress The Events Calendar Plugin RSVP Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in the Events Calendar plugin for WordPress.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-6931 CVSS 6.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45027: HTTP: JetBrains TeamCity Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in JetBrains TeamCity.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-47949 CVSS 4.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45031: HTTP: Progress Kemp LoadMaster read_pass  Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Progress Kemp LoadMaster.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-7591 CVSS 8.7
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45032: TCP: Veeam Backup and Replication CProxyBinaryFormatter Insecure Deserialization Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Veeam Backup and Replication.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-40711 CVSS 9.8
      - Classification: Vulnerability - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45033: HTTP: Progress WhatsUp Gold TestController Information Disclosure Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Progress Software WhatsUp Gold.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-5010
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45034: TCP: Veeam Backup and Replication CProxyBinaryFormatter Background Op Deserialization Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Veeam Backup and Replication.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-40711 CVSS 9.8
      - Classification: Vulnerability - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45035: DCERPC: VMware vCenter Server Authentication Pointer Out-of-Range Pointer Offset Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-range pointer offset vulnerability in VMware vCenter Server Authentication.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-20894 CVSS 9.8
      - Classification: Vulnerability - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45037: HTTP: WordPress WP Brutal AI Cross Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross site scripting vulnerability in the WordPress WP Brutal AI plugin.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-2606
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45038: HTTP: Ivanti Cloud Services Appliance broker Authentication Bypass Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Ivanti Cloud Services Appliance.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-8963
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45039: HTTP: WordPress WP Brutal AI Admin+ Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in the WordPress WP Brutal AI plugin.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-2605
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

    45040: HTTP: Palo Alto Networks Expedition CHECKPOINT.php SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an SQL injection vulnerability in Palo Alto Networks Expedition.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-9465
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: November 05, 2024

    45041: HTTP: WordPress Plugin User Post Gallery Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in the WordPress plugin User Post Gallery.
      - Deployments:
        - Deployment: Default (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2022-4060
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 05, 2024

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    44337: HTTP: Microsoft SharePoint Server Business Data Connectivity Unsafe Reflection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 11, 2024
      - Last Modified Date: November 05, 2024

    44805: SMTP: Roundcube Webmail html4inline Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: September 24, 2024
      - Last Modified Date: November 05, 2024

    44844: ZDI-CAN-25373: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Detection logic updated.
      - Release Date: October 01, 2024
      - Last Modified Date: November 05, 2024

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    35721: TCP: IBM WebSphere Application Server Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: July 16, 2019
      - Last Modified Date: November 05, 2024

    42369: SSH: OpenSSH sshd SSH_OLD_DHGEX Usage
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Miscellaneous modification.
      - Release Date: February 28, 2023
      - Last Modified Date: November 05, 2024

    42685: MS-RPC: Windows Network File System Memory Corruption Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Miscellaneous modification.
      - Release Date: May 09, 2023
      - Last Modified Date: November 05, 2024

    44646: HTTP: SolarWinds Web Help Desk AjaxProxy Insecure Deserialization Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: November 05, 2024

  Removed Filters: None
Keywords: Digital Vaccine #9965