Summary
Digital Vaccine #8974 (July 11, 2017)
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 2.5.2 DV will run on IPS with TOS 2.5.2 to TOS 3.1.x. The 3.2.0 DV will run on IPS with TOS 3.2.0 to TOS 3.9.x, all NGFW and TPS v4.0.0 to 4.2.0. The 4.0.0 DV only supports the Virtual Threat Protection System (vTPS) platform. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before July 11, 2017. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE # | TippingPoint Filter # | Status |
| CVE-2017-0170 | No Vendor Intelligence Provided | |
| CVE-2017-0243 | 29051 | |
| CVE-2017-8463 | No Vendor Intelligence Provided | |
| CVE-2017-8467 | No Vendor Intelligence Provided | |
| CVE-2017-8486 | No Vendor Intelligence Provided | |
| CVE-2017-8495 | No Vendor Intelligence Provided | |
| CVE-2017-8501 | No Vendor Intelligence Provided | |
| CVE-2017-8502 | No Vendor Intelligence Provided | |
| CVE-2017-8556 | No Vendor Intelligence Provided | |
| CVE-2017-8557 | No Vendor Intelligence Provided | |
| CVE-2017-8559 | No Vendor Intelligence Provided | |
| CVE-2017-8560 | No Vendor Intelligence Provided | |
| CVE-2017-8561 | No Vendor Intelligence Provided | |
| CVE-2017-8562 | No Vendor Intelligence Provided | |
| CVE-2017-8563 | No Vendor Intelligence Provided | |
| CVE-2017-8564 | No Vendor Intelligence Provided | |
| CVE-2017-8565 | No Vendor Intelligence Provided | |
| CVE-2017-8566 | No Vendor Intelligence Provided | |
| CVE-2017-8569 | No Vendor Intelligence Provided | |
| CVE-2017-8570 | No Vendor Intelligence Provided | |
| CVE-2017-8573 | No Vendor Intelligence Provided | |
| CVE-2017-8574 | No Vendor Intelligence Provided | |
| CVE-2017-8577 | 29054 | |
| CVE-2017-8578 | 29055 | |
| CVE-2017-8580 | Insufficient Vendor Information | |
| CVE-2017-8581 | No Vendor Intelligence Provided | |
| CVE-2017-8582 | No Vendor Intelligence Provided | |
| CVE-2017-8584 | No Vendor Intelligence Provided | |
| CVE-2017-8585 | No Vendor Intelligence Provided | |
| CVE-2017-8587 | No Vendor Intelligence Provided | |
| CVE-2017-8588 | No Vendor Intelligence Provided | |
| CVE-2017-8589 | No Vendor Intelligence Provided | |
| CVE-2017-8590 | No Vendor Intelligence Provided | |
| CVE-2017-8592 | 29048 | |
| CVE-2017-8594 | 29046 | |
| CVE-2017-8595 | No Vendor Intelligence Provided | |
| CVE-2017-8596 | No Vendor Intelligence Provided | |
| CVE-2017-8598 | 29050 | |
| CVE-2017-8599 | No Vendor Intelligence Provided | |
| CVE-2017-8601 | 29047 | |
| CVE-2017-8602 | No Vendor Intelligence Provided | |
| CVE-2017-8603 | No Vendor Intelligence Provided | |
| CVE-2017-8604 | No Vendor Intelligence Provided | |
| CVE-2017-8605 | 29049 | |
| CVE-2017-8606 | No Vendor Intelligence Provided | |
| CVE-2017-8607 | No Vendor Intelligence Provided | |
| CVE-2017-8608 | No Vendor Intelligence Provided | |
| CVE-2017-8609 | No Vendor Intelligence Provided | |
| CVE-2017-8610 | No Vendor Intelligence Provided | |
| CVE-2017-8611 | No Vendor Intelligence Provided | |
| CVE-2017-8617 | 29056 | |
| CVE-2017-8618 | 29045 | |
| CVE-2017-8619 | 29057 | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
29045: HTTP: Internet Explorer VarType Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8618
29046: HTTP: Microsoft Internet Explorer SVG foreignObject Type Confusion Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8594
29047: HTTP: Microsoft Edge Uint8ClampedArray Type Confusion Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8601
29048: HTTP: Internet Explorer CORS Header Policy Bypass Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a policy bypass vulnerability in Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8592
29049: HTTP: Microsoft Edge DataView Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8605
29050: HTTP: Microsoft Edge constructor Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8598
29051: HTTP: Microsoft Word Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Word.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-0243
29054: HTTP: Microsoft Windows gdi32 Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8577
29055: HTTP: Microsoft Windows gdi32 Privilege Escalation Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8578
29056: HTTP: Microsoft Edge Lang Use-After-Free Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8617
29057: HTTP: Microsoft Edge ArrayBuffer Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-8619
29060: ZDI-CAN-4892: Zero Day Initiative Vulnerability (Linksys WVBR0)
- IPS Version: 3.2.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Linksys WVBR0.
- Deployment: Not enabled by default in any deployment.
29068: HTTP: Apache Struts 2 Struts 1 Plugin Command Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Struts 2.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 99484
- Common Vulnerabilities and Exposures: CVE-2017-9791
29070: HTTP: Apache Struts 2 Struts 1 SaveGangster.action Showcase Site Access
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an HTTP POST attempt to the SaveGangster.action showcase page.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 99484
- Common Vulnerabilities and Exposures: CVE-2017-9791
29072: HTTP: Apache Struts 2 Suspicious opensymphony Actions
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects use of the opensymphony addHeader and setContentType actions.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 99484
- Common Vulnerabilities and Exposures: CVE-2017-9791
29073: HTTP: Apache Struts 2 Echo Command Usage in OGNL Values
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the usage of an echo command within a Struts OGNL value.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 99484
- Common Vulnerabilities and Exposures: CVE-2017-9791
Modified Filters (logic changes):
* = Enabled in Default deployments
5370: VPN: SoftEther VPN Connection Attempt
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
5371: VPN: SoftEther VPN Connection Attempt
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
* 22514: TCP: Redis Lua Scripting Component getnum Integer Overflow Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
28380: HTTP: Jenkins CI Server Cross-Site Request Forgery Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
Removed Filters: None
Top of the Page
