Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9074

    • Updated:
    • 13 Mar 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9074      March 13, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before March 13, 2018.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2018-0787 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0808 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0811 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0813 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0814 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0815 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0816 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-081730687 
CVE-2018-0868 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-087230553 
CVE-2018-0873 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-087430555 
CVE-2018-0875 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0876 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-087730689 
CVE-2018-0878 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0879 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-088030690 
CVE-2018-0881 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-088230691 
CVE-2018-0883 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0884 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0885 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0886 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0888 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-088930514 
CVE-2018-0891 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-089330517 
CVE-2018-0894 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0895 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0896 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0897 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0898 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0899 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0900 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0901 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0902 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-090330688 
CVE-2018-0904 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0907 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0909 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0910 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0911 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0912 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0913 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0914 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0915 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0916 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0917 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0919 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0921 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-092230554 
CVE-2018-0923 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0924 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0925 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0926 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0927 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0929 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-093030547 
CVE-2018-0931 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0932 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-093330508 
CVE-2018-093430509 
CVE-2018-093530552 
CVE-2018-0936 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0937 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0939 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0940 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0941 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0942 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0944 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0947 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0977 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0983 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9074.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9074.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    30395: HTTP: Mozilla Firefox WebAssembly Table Integer Underflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer underflow vulnerability in Mozilla Firefox.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 102786
        - Common Vulnerabilities and Exposures: CVE-2018-5093

    30433: HTTP: EMC Unisphere For VMAX vApp Manager ORBServlet Authentication Bypass (ZDI-17-919)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in EMC Unisphere For VMAX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 101673
        - Common Vulnerabilities and Exposures: CVE-2017-14375 CVSS 10.0
        - Zero Day Initiative: ZDI-17-919

    30483: HTTP: Microsoft Edge DoLoopBodyStart Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 101138
        - Common Vulnerabilities and Exposures: CVE-2017-11811 CVSS 7.6

    30508: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0933

    30509: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0934

    30514: HTTP: Microsoft Internet Explorer VBScript Array Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0889

    30517: HTTP: Microsoft Edge lookupGetter Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0893

    30533: HTTP: Google Golang Get Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Google Golang.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-7187

    30542: ISAKMP: strongSwan RSASSA-PSS Signature Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in strongSwan.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-6459

    30543: BGP: Quagga BGP Daemon Notify Attribute Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Quagga.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-5378

    30545: SIP: Digium Asterisk res_pjsip_pubsub Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Digium Asterisk.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 103151
        - Common Vulnerabilities and Exposures: CVE-2018-7284 CVSS 7.5

    30546: HTTP: Wordpress UserPro Plugin Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Wordpress UserPro Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-16562 CVSS 7.5

    30547: HTTP: Microsoft Edge Chakra Scripting Engine Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0930

    30549: ZDI-CAN-5499: Zero Day Initiative Vulnerability (Microsoft Chakra)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Chakra.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    30552: HTTP: Microsoft Internet Explorer CollectGarbage Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0935

    30553: HTTP: Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0872

    30554: HTTP: Microsoft Office rtf File Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Office.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0922

    30555: HTTP: Microsoft Edge Chakra Scripting Engine Uninitialized Memory Use Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a uninitialized memory use vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0874

    30687: HTTP: Microsoft Windows Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0817

    30688: HTTP: Microsoft Access Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Access.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0903

    30689: HTTP: Windows Desktop Bridge VFS Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows 10.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0877

    30690: HTTP: Windows Desktop Bridge Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows 10.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0880

    30691: HTTP: Windows Desktop Bridge  Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows 10.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-0882

    30692: ZDI-CAN-5518: Zero Day Initiative Vulnerability (GE MDS PulseNET)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting GE MDS PulseNET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    30693: ZDI-CAN-5519: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    30696: SMTP: Exim b64decode function Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Exim mail server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 103049
        - Common Vulnerabilities and Exposures: CVE-2018-6789

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    0089: IP: Short Time To Live (1)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 0290: Invalid TCP Traffic: Possible Recon Scan (SYN FIN)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after.
      - Requires: Only IPS models or TPS in IPS Persona
      - Detection logic updated.

    0291: Invalid TCP Traffic: Possible Recon Scan (FIN no ACK)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after.
      - Requires: Only IPS models or TPS in IPS Persona
      - Detection logic updated.

    * 0292: Invalid TCP Traffic: Possible Recon Scan (No Flags Set)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after.
      - Requires: Only IPS models or TPS in IPS Persona
      - Detection logic updated.

    * 0317: Nmap scanner: NULL OS Fingerprinting Probe
      - IPS Version: 1.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after.
      - Requires: Only IPS models or TPS in IPS Persona
      - Detection logic updated.

    4567: IMAP: Mercury IMAP Multiple Command Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4567: IMAP: Mercury IMAP RENAME Buffer Overflow".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    * 5103: BRIGHTSTOR: Computer Associates BrightStor LGSERVER.EXE Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8249: TCP: TCP Persist Timer
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    8673: TCP: TCP Persist Timer
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    9350: Backdoor: Buzus Trojan Command and Control Channel Initial Contact
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    9975: DNS: Malformed DNS Request
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    16558: UDP: Skype Login Attempt (Non-Proxied)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    16896: Telnet: Telnet Session Negotiation
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    17008: DNS: PowerDNS Recursor and Tftpd32 DNS Denial-of-Service Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    17154: UDP: RSYSLOG PRI Value Parsing Denial-of-Service Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24661: HTTP: Qualys Scanner Usage
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    25843: HTTP: IBHsoftec S7-SoftPLC CPX43 Large Data Packet (ZDI-16-604)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    26815: HTTP: HPE Operations Orchestration Backwards Compatibility Deserialization Vulnerability(ZDI-17-001)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    28028: RPC: Oracle Solaris XDR Buffer Overflow Vulnerability (EbbisLand)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    28380: HTTP: Jenkins CI Server Cross-Site Request Forgery Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 29728: HTTP: Apache Tomcat HTTP PUT Windows Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 30032: HTTP: Adobe Acrobat TIFF Parse Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30060: HTTP: Apache HTTPD mod_http2 Null Pointer Dereference Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    30062: HTTP: Red Hat JBoss doFilter Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 30237: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability (ZDI-18-164)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30239: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability (ZDI-18-196)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30239: HTTP:  Microsoft Windows Font Embedding Information Disclosure Vulnerability (ZDI-18-196)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30369: HTTP: Cisco Adaptive Security Appliance (ASA) WebVPN Host Scan Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30369: HTTP: Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30534: HTTP: Adobe Acrobat Reader Document ID Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 29903: HTTP: Apple Safari MutationObserver Use-After-Free Vulnerability (Pwn2Own, ZDI-18-146)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29903: PWN2OWN ZDI-CAN-5340: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Vulnerability references updated.

    29904: HTTP: Apple Safari FTL JIT Integer Overflow Vulnerability (Pwn2Own, ZDI-18-150)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29904: PWN2OWN ZDI-CAN-5344: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Vulnerability references updated.

    29910: HTTP: Apple Safari HTMLButtonElement Use-After-Free Vulnerability (Pwn2Own, ZDI-18-152)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29910: PWN2OWN ZDI-CAN-5352: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Vulnerability references updated.

    * 29911: HTTP: Apple Safari DFG JIT Type Confusion Vulnerability (Pwn2Own, ZDI-18-153)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29911: PWN2OWN ZDI-CAN-5353: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Vulnerability references updated.

    30411: HTTP: Cisco Adaptive Security Appliance (ASA) host-scan-reply XML Element Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30411: HTTP: Cisco Adaptive Security Appliance Webvpn XML Parser Memory Corruption Vulnerability".
      - Category changed from "Vulnerabilities" to "Security Policy".
      - Severity changed from "Critical" to "Moderate".
      - Description updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - No Enabled Deployments.

    * 30428: HTTPS: Cisco Adaptive Security Appliance (ASA) Webvpn XML Parser Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "30428: HTTPS: Cisco Adaptive Security Appliance Webvpn XML Parser Memory Corruption Vulnerability".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000103197
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.