Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9081

    • Updated:
    • 5 Apr 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9081      April 3, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9081.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9081.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    30704: HTTP: Microsoft Internet Explorer Content-Location Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Internet Explorer.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11686
        - Common Vulnerabilities and Exposures: CVE-2004-1331 CVSS 2.6

    30705: MS-RPC: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 21221
        - Common Vulnerabilities and Exposures: CVE-2006-6076 CVSS 10.0

    30734: HTTP: ImageMagick Ephemeral Protocol Arbitrary File Deletion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an arbitrary file deletion vulnerability in ImageMagick.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 89852
        - Common Vulnerabilities and Exposures: CVE-2016-3715 CVSS 5.8

    30906: HTTP: Advantech WebAccess SCADA webvact.ocx UserName Buffer Overflow Vulnerability (ZDI-14-075)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 66733
        - Common Vulnerabilities and Exposures: CVE-2014-0770 CVSS 7.5
        - Zero Day Initiative: ZDI-14-075

    30916: HTTPS: Trend Micro InterScan Cross-site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Trend Micro InterScan Messaging Security Suite.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 55542
        - Common Vulnerabilities and Exposures: CVE-2012-2995 CVSS 4.3

    30917: HTTP: HP Application Lifecycle Management ActiveX Arbitrary File Overwrite Vulnerability(ZDI-12-170)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an insecure method exposure vulnerability in HP Application Lifecycle Management.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Zero Day Initiative: ZDI-12-170

    30918: HTTP: HP SiteScope loadFileContent SOAP Request Information Disclosure (ZDI-12-177)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in HP SiteScope.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Zero Day Initiative: ZDI-12-177

    30921: MS-RPC: Microsoft Windows Message Queuing Service RPC Query Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 31637
        - Common Vulnerabilities and Exposures: CVE-2008-3479 CVSS 10.0
        - Microsoft Security Bulletin: MS08-065

    30922: SMB: UMPlayer DLL Sideloading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in UMPlayer.
      - Deployment: Not enabled by default in any deployment.

    30923: HTTP: UMPlayer DLL Sideloading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in UMPlayer.
      - Deployment: Not enabled by default in any deployment.

    30924: HTTP: Symantec Messaging Gateway Cross Site Request Forgery Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross site request forgery vulnerability in Symantec Messaging Gateway.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 55137
        - Common Vulnerabilities and Exposures: CVE-2012-0308 CVSS 6.8

    30925: SMB: Microsoft Expression Design Insecure Library Loading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure library loading vulnerability in Microsoft Expression Design.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 52375, 56354, 61160
        - Common Vulnerabilities and Exposures: CVE-2012-0016 CVSS 9.3
        - Microsoft Security Bulletin: MS12-022

    30926: SIP: Digium Asterisk INVITE TCP Connection Close Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Digium Asterisk.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 103129
        - Common Vulnerabilities and Exposures: CVE-2018-7286

    30927: HTTP: Microsoft Internet Explorer Copy And Paste Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2012-0010 CVSS 4.3
        - Microsoft Security Bulletin: MS12-010

    30928: HTTP: Visual Mining NetCharts Server File Upload (ZDI-14-372)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects attempts to upload a file in Visual Mining NetCharts Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 71761
        - Common Vulnerabilities and Exposures: CVE-2014-8516, CVE-2014-9295 CVSS 7.5
        - Zero Day Initiative: ZDI-14-372

    30929: HTTP: Microsoft ASP.NET Forms Authentication Insecure Redirect Information Disclosure Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft ASP.NET Forms.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 51202
        - Common Vulnerabilities and Exposures: CVE-2011-3415 CVSS 6.8
        - Microsoft Security Bulletin: MS11-100

    30930: ZDI-CAN-5520: Zero Day Initiative Vulnerability (GE MDS PulseNET)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting GE MDS PulseNET.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    30931: HTTP: Google Chrome and Apple Safari Floating Styles Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Google Chrome and Apple Safari.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-2790 CVSS 7.5

    30932: ZDI-CAN-5524: Zero Day Initiative Vulnerability (Apple Safari)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    30933: ZDI-CAN-5523: Zero Day Initiative Vulnerability (Slack Technologies Slack)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Slack Technologies Slack.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    30934: SMB: Microsoft Windows Media Center Insecure Library Loading Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows Media Center.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-2009 CVSS 9.3
        - Microsoft Security Bulletin: MS11-076

    30936: HTTP: Oracle Java True Type Font IDEF Opcode Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Oracle Java's handling of True Type Fonts.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 52016
        - Common Vulnerabilities and Exposures: CVE-2012-0499 CVSS 10.0

    30937: HTTP: CA Total Defense Suite UNCWS getDBConfigSettings Credential Information Disclosure(ZDI-11-127)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Computer Associates Total Defense Suite.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 47356
        - Common Vulnerabilities and Exposures: CVE-2011-1655 CVSS 7.5
        - Zero Day Initiative: ZDI-11-127

    30938: HTTP: Microsoft Embedded OpenType Font Parsing Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 47179
        - Common Vulnerabilities and Exposures: CVE-2011-0034 CVSS 9.3
        - Microsoft Security Bulletin: MS11-032

    30940: HTTP: Oracle WebLogic Server Session Fixation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a server fixation vulnerability in Oracle WebLogic.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 45852
        - Common Vulnerabilities and Exposures: CVE-2010-4437 CVSS 5.8

    30941: HTTP: Microsoft .NET Framework Proxy Auto-Discovery Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft .NET Framework.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 56463
        - Common Vulnerabilities and Exposures: CVE-2012-4776 CVSS 9.3
        - Microsoft Security Bulletin: MS12-074

    30942: HTTP: Microsoft Remote Desktop Connection Insecure Library Loading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure library loading vulnerability in Microsoft Remote Desktop.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 46678
        - Common Vulnerabilities and Exposures: CVE-2011-0029 CVSS 9.3
        - Microsoft Security Bulletin: MS11-017

    30943: HTTP: Microsoft Office Word RTF Parsing Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit multiple remote code execution vulnerabilities in Microsoft Office Word.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 42132, 42133
        - Common Vulnerabilities and Exposures: CVE-2010-1901 CVSS 9.3, CVE-2010-1902 CVSS 9.3
        - Microsoft Security Bulletin: MS10-056

    30945: HTTP: Network Weathermap Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Network Weathermap.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 60434
        - Common Vulnerabilities and Exposures: CVE-2013-3739 CVSS 5.0

    30946: HTTP: Network Weathermap Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting (XSS) vulnerability in Network Weathermap.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 58793
        - Common Vulnerabilities and Exposures: CVE-2013-2618 CVSS 4.3

    30947: HTTP: Oracle Java MixerSequencer Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Oracle Java MixerSequencer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 50220
        - Common Vulnerabilities and Exposures: CVE-2011-3545 CVSS 10.0

    30948: TCP: Novell File Reporter Agent XML Parsing Buffer Overflow Vulnerability (ZDI-11-116)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability within Novell's File Reporter Agent.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-0994 CVSS 10.0
        - Zero Day Initiative: ZDI-11-116

    30951: DNS: Squid Proxy DNS Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Squid Proxy.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-4096 CVSS 5.0

    30955: HTTP: Oracle Java Applet Rhino Script Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Rhino Script engine.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 50218
        - Common Vulnerabilities and Exposures: CVE-2011-3544 CVSS 10.0

    30956: HTTP: Novell File Reporter Engine RECORD Tag Buffer Overflow Vulnerability (ZDI-11-227)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow condition within vulnerable installations of Novell File Reporter Engine.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-2220 CVSS 10.0
        - Zero Day Initiative: ZDI-11-227

    30957: HTTP: Apple Safari Form Element Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Apple Safari.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 50066
        - Common Vulnerabilities and Exposures: CVE-2011-2813 CVSS 7.6

    30958: UDP: Microsoft Forefront Threat Management Gateway Buffer Overflow Vulnerability
      - Name (vTPS): 30958: UDP: Microsoft Forefront Threat Management Gateway Buffer Overflow
      - Name (TPS): 30958: UDP: Microsoft Forefront Threat Management Gateway Buffer Overflow
      - Name (NGFW): 30958: UDP: Microsoft Forefront Threat Management Gateway Buffer Overflow
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Forefront Threat Management Gateway 2010 Client.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 48181
        - Common Vulnerabilities and Exposures: CVE-2011-1889 CVSS 10.0
        - Microsoft Security Bulletin: MS11-040

    30959: HTTP: Oracle Java RMI Services Default Configuration Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Oracle Java RMI Services.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 50231
        - Common Vulnerabilities and Exposures: CVE-2011-3556 CVSS 7.5

    30960: UDP: MIT Kerberos KDC Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in MIT Kerberos KDC.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-1527 CVSS 7.8

    30961: HTTP: Microsoft Multiple Products TrueType Font Parsing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in multiple Microsoft products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-3402 CVSS 9.3
        - Microsoft Security Bulletin: MS11-087, MS12-034, MS12-039

    30962: SMB: MFC71 DLL Sideloading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in Microsoft Visio.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-3148 CVSS 4.6
        - Microsoft Security Bulletin: MS11-055

    30963: TLS/SSL: OpenSSL ECDH Use-After-Free Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in OpenSSL ECDH.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-3210 CVSS 5.0

    31020: HTTP: MFC71 DLL Sideloading Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a DLL sideloading vulnerability in Microsoft Visio.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-3148 CVSS 4.6
        - Microsoft Security Bulletin: MS11-055

    31021: HTTP: Red Hat JBoss HTTPServerILServlet.java Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Red Hat JBoss HTTP Invocation Layer Java Servlet.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 98595
        - Common Vulnerabilities and Exposures: CVE-2017-7504 CVSS 7.5

    31024: HTTP: CA ARCserve D2D GWT RPC Request Credentials Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Computer Associates ARCserve D2D.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 48897
        - Common Vulnerabilities and Exposures: CVE-2011-3011 CVSS 5.0

    31031: HTTP: Drupal Core Multiple Subsystems Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an input validation vulnerability in Drupal Core.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 103534
        - Common Vulnerabilities and Exposures: CVE-2018-7600

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    6144: HTTP: Hidden HTML IFrame
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8749: SMTP: Novell GroupWise Internet Agent Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8749: SMTP: Novell GroupWise Internet Agent Buffer Overflow".
      - Category changed from "Security Policy" to "Exploits".
      - Severity changed from "Low" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    8842: HTTP: HP LoadRunner ActiveX Control Arbitrary File Download Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8842: HTTP: HP LoadRunner ActiveX Control Arbitrary File Download".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 10074: HTTP: Excel File Format Anomaly
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 11701: HTTP: HP Easy Printer Care XMLCacheMgr Arbitrary File Creation (ZDI-12-013)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 11937: HTTP: Microsoft Windows OLE32 Memory Corruption 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Vulnerabilities" to "Exploits".
      - Detection logic updated.
      - Vulnerability references updated.

    12042: HTTP: IBM Rational Rhapsody ActiveX Vulnerabilities (ZDI-12-028)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "12042: HTTP:  IBM Rational Rhapsody ActiveX Vulnerabilities (ZDI-12-028)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    12144: TOR: Certificate Exchange
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 12194: TCP: Microsoft Forefront Threat Management Gateway Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "12194: TCP: Microsoft Forefront Threat Management Gateway Buffer Overflow".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    12282: HTTP: HP Easy Printer Care XMLCacheMgr Arbitrary File Creation (ZDI-12-013)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    12636: TCP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    13019: DNS: DNS ANY Response
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    13215: HTTP: ABB RobotStudio Tools CWGraph3D ActiveX Directory Traversal Vulnerability (ZDI-13-253)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    13216: HTTP: Oracle Data Quality ActiveX Control Memory Corruption Vulnerability (ZDI-14-107)
      - IPS Version: 3.1.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    13755: HTTP: Visual Mining NetCharts Server File Upload Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "13755: HTTP: Visual Mining NetCharts Server File Upload (ZDI-14-372)".
      - Category changed from "Security Policy" to "Vulnerabilities".
      - Severity changed from "Moderate" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 16456: HTTPS: Cisco Security Agent File Upload Vulnerability (ZDI-11-088)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    19319: HTTP: Symantec ConsoleUtilities ActiveX Control Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    30184: HTTP: Quest NetVault Backup NVBUEventHistory Get Method SQL Injection Vulnerability (ZDI-17-974)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30349: HTTP: Microsoft Chakra JavaScript Array sort JIT Optimization Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    8247: HTTP: Cisco Secure Desktop ActiveX Control Instantiation (ZDI-10-072,ZDI-11-091,ZDI-11-092)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    8270: HTTP: Symantec AppStream ActiveX Control Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    10702: SMB: Wab32res.dll or Msoeres32.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10704: HTTP: Wab32res.dll or Msoeres32.dll File Access from WebDAV
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10759: SMB: Fveapi.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10760: HTTP: Fveapi.dll File Access from WebDAV (MS11-001)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10880: SMB: .dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10881: HTTP: .dll File Access from WebDAV 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10886: SMB: Ehtrace.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    10887: HTTP: Ehtrace.dll File Access from WebDAV
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 11457: DHCP: ISC DHCP dhclient Network Configuration Script Command Injection
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Network Equipment" to "Vulnerabilities".
      - Description updated.
      - Vulnerability references updated.

    11473: SCADA: InduSoft WebStudio Unauthenticated Remote Operations Vulnerability (ZDI-11-330)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11538: SMB: Telnet.exe File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11539: HTTP: Telnet.exe File Access via HTTP
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11544: SMB: Bidlab.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11640: SMB: Sensor.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11641: HTTP: Sensor.dll File Access from WebDAV
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11973: SMB: Packager.exe File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11974: HTTP: Packager.exe File Access from WebDAV 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12063: SMB: STI.dll File Access via SMB
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12153: SMB: WINTAB32.dll File Access via SMB 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    12242: DB2: IBM solidDB Redundant WHERE Clause Denial Of Service
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12349: HTTP: IBM SPSS VsVIEW6.ocx ActiveX Instantiation (ZDI-12-020)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12359: HTTP: Console.lua File Access from WebDAV 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12360: SMB: Console.lua File Access via SMB 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    12540: HTTP: HP Application Lifecycle Management ActiveX Suspicious Method Call (ZDI-12-170)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    13615: HTTP: HP Easy Printer Care ActiveX Control Instantiation
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

  Removed Filters: None
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000103833
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.