Summary
Digital Vaccine #9061 February 6, 2018
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Adobe Security Bulletins This DV includes coverage for the Adobe vulnerabilities released on or before February 06, 2018. The following table maps TippingPoint filters to the Adobe CVEs. | |||
Bulletin # | CVE # | TippingPoint Filter # | Status |
APSB18-03 | CVE-2018-4877 | 30346 | |
APSB18-03 | CVE-2018-4878 | 30343 | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9061.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9061.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
28124: HTTP: Quest NetVault Backup Multipart Request Header Buffer Overflow Vulnerability (ZDI-18-004)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Quest NetVault Backup.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1161 CVSS 10.0
- Zero Day Initiative: ZDI-18-004
30297: HTTP: Google Chrome V8 Crankshaft Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Google Chrome.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 98861
- Common Vulnerabilities and Exposures: CVE-2017-5070 CVSS 6.8
30308: HTTP: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in HPE Moonshot Provisioning Manager Appliance.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 102410
- Common Vulnerabilities and Exposures: CVE-2017-8976
- Zero Day Initiative: ZDI-18-001
30309: HTTPS: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in HPE Moonshot Provisioning Manager Appliance.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 102410
- Common Vulnerabilities and Exposures: CVE-2017-8976
- Zero Day Initiative: ZDI-18-001
30310: HTTP: Apache CouchDB _config Command Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command execution vulnerability in Apache CouchDB.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2017-12636 CVSS 9.0
30311: HTTPS: Trend Micro Mobile Security for Enterprise SQL Injection (ZDI-17-782)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Trend Micro Mobile Security for Enterprise.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 100966
- Common Vulnerabilities and Exposures: CVE-2017-14078 CVSS 10.0
- Zero Day Initiative: ZDI-17-782
30312: HTTP: ManageEngine ServiceDesk DownloadSnapshotServlet Directory Traversal Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in ManageEngine ServiceDesk.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 101789
- Common Vulnerabilities and Exposures: CVE-2017-11512 CVSS 5.0
30314: HTTP: ImageMagic phpThumb fltr Command Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a command injection vulnerability in phpThumb(), when ImageMagick is installed.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 39605
- Common Vulnerabilities and Exposures: CVE-2010-1598 CVSS 6.8
30318: ZDI-CAN-5312: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30319: ZDI-CAN-5370,5372: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30330: ZDI-CAN-5369: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: High
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
30333: ZDI-CAN-5371: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30335: ZDI-CAN-5373: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30337: ZDI-CAN-5374: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30338: ZDI-CAN-5375: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30343: HTTP: Adobe Flash SWF Primetime Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-4878
30346: HTTP: Adobe Flash Player Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash Player.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-4877
Modified Filters (logic changes):
* = Enabled in Default deployments
* 8527: HTTP: Adobe RoboHelp Server Arbitrary File Upload Vulnerability (ZDI-09-066)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
* 8998: HTTP: .NET Framework PE Loader Buffer Overflow
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
12102: HTTP: Microsoft Internet Explorer Use After Free Vulnerability (ZDI-12-036)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 13503: HTTP: Nagios Core Config Manager SQL Injection Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 28286: HTTP: Trend Micro Mobile Security for Enterprise SQL Injection (ZDI-17-737,739-741,743-744,747-748)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 29884: SMB: Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29899: HTTP: Apache httpd mod_auth_digest Memory Access Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 30076: HTTP: Microsoft Edge Chakra Math Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30076: HTTP: Microsoft Edge Math Type Confusion Vulnerability".
- Category changed from "Exploits" to "Vulnerabilities".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
30191: HTTP: Javascript JIT Information Disclosure Vulnerability (Spectre)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 24103: HTTP: Jenkins CI Server XStream Insecure Deserialization Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
24371: HTTP: Jenkins CI Server XStream Insecure Deserialization Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
30262: HTTP: Microsoft Windows Uniscribe Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30262: HTTP: Microsoft Windows Uniscribe Remote Memory Corruption Vulnerability".
Removed Filters:
5245: HTTP: Code Red Worm (Enhanced Hardware Detection)
- IPS Version: 2.5.2 up to version 3.0.0.
- NGFW Version: Not available.
- TPS Version: Not available.
- vTPS Version: Not available.
5246: MS-SQL: Slammer-Sapphire Worm (Enhanced Hardware Detection)
- IPS Version: 2.5.2 up to version 3.0.0.
- NGFW Version: Not available.
- TPS Version: Not available.
- vTPS Version: Not available.
Top of the Page