Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9095

    • Updated:
    • 1 May 2018
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9095      May 1, 2018
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9095.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9095.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:
    30841: HTTP: WibuKey Runtime for Windows ActiveX Control Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in WibuKey.
      - Deployment: Not enabled by default in any deployment.

    30842: HTTP: IBM Java com.ibm.rmi.util.ProxyUtil Sandbox Breach Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in IBM Java.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 55495
        - Common Vulnerabilities and Exposures: CVE-2012-4820 CVSS 9.3

    31277: HTTP: Adobe RoboHelp Server SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Adobe RoboHelp.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 30137
        - Common Vulnerabilities and Exposures: CVE-2008-2991 CVSS 4.3

    31285: HTTP: Roundcube Webmail archive.php IMAP Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Roundcube Webmail.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-9846

    31341: HTTP: Symantec Scan Engine Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Symantec Scan Engine.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 17637
        - Common Vulnerabilities and Exposures: CVE-2006-0230 CVSS 10.0

    31342: SSH: Novell CASA PAM Module Stack Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Novell Common Authentication Service Adapter (CASA).
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 16779
        - Common Vulnerabilities and Exposures: CVE-2006-0736 CVSS 10.0

    31343: UDP: Memcached Traffic Amplification UDP Packet Spoofing Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Memcached.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1000115

    31344: HTTP: Check Point FireWall-1 HTTP Parsing Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Check Point FireWall-1.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 9581
        - Common Vulnerabilities and Exposures: CVE-2004-0039 CVSS 10.0

    31345: TIP: Microsoft Distributed Transaction Controller TIP Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC) component of Microsoft Windows.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 15058
        - Common Vulnerabilities and Exposures: CVE-2005-1979 CVSS 5.0
        - Microsoft Security Bulletin: MS05-051

    31346: HTTP: Novell ZENworks Patch Management SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Novell ZENworks.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 15220
        - Common Vulnerabilities and Exposures: CVE-2005-3315 CVSS 7.5

    31348: SMB: Microsoft Windows Server Driver Crafted SMB Data Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows Server Driver.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 19215
        - Common Vulnerabilities and Exposures: CVE-2006-3942 CVSS 7.8
        - Microsoft Security Bulletin: MS06-063

    31349: HTTP: Apple QuickTime PictureViewer GIF Rendering Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a Buffer Overflow vulnerability in Apple QuickTime.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 90136
        - Common Vulnerabilities and Exposures: CVE-2005-1106 CVSS 5.0

    31351: HTTP: McAfee Multiple Products LHA File Handling Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in McAfee Antivirus Library.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10243
        - Common Vulnerabilities and Exposures: CVE-2005-0643 CVSS 7.5

    31352: HTTP: ClamAV UPX File Handling Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in ClamAV AntiVirus.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 14866
        - Common Vulnerabilities and Exposures: CVE-2005-2920 CVSS 7.5

    31353: SSL: Novell iManager ASN.1 Parsing Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Novell iManager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 8732
        - Common Vulnerabilities and Exposures: CVE-2003-0543 CVSS 5.0

    31355: HTTP: Mozilla Suite DOM Property Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Mozilla Suite.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 13645, 15495
        - Common Vulnerabilities and Exposures: CVE-2005-1532 CVSS 7.5

    31357: HTTP: Microsoft WinHlp32 Compressed Phrase Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft WinHlp32.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 12092
        - Common Vulnerabilities and Exposures: CVE-2004-1306 CVSS 5.1

    31358: HTTP: Microsoft Winhlp32 Compressed Phrase Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 12091
        - Common Vulnerabilities and Exposures: CVE-2004-1361 CVSS 5.0

    31360: HTTP: Microsoft Internet Explorer FTP Client Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Microsoft Internet Explorer.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 12160
        - Common Vulnerabilities and Exposures: CVE-2004-1376 CVSS 5.0

    31361: HTTP: Norton AntiVirus ActiveX Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Norton AntiVirus.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10392
        - Common Vulnerabilities and Exposures: CVE-2004-0487 CVSS 10.0

    31362: HTTP: Sophos Anti-Virus Reserved Device Name Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Sophos Anti-Virus.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11236
        - Common Vulnerabilities and Exposures: CVE-2004-0552 CVSS 7.5

    31363: HTTP: Microsoft Windows Media Player ActiveX Script Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a script injection vulnerability in Microsoft Windows Media Player.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 12031
        - Common Vulnerabilities and Exposures: CVE-2004-1324 CVSS 2.6

    31365: SMB: Samba Security Descriptor Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Samba server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11973
        - Common Vulnerabilities and Exposures: CVE-2004-1154 CVSS 10.0

    31367: HTTP: Microsoft WordPad Font Conversion Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft WordPad.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2004-0901 CVSS 10.0
        - Microsoft Security Bulletin: MS04-041

    31370: HTTP: Microsoft WebDAV XML Message Handler Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft WebDAV XML message handler.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2003-0718 CVSS 5.0
        - Microsoft Security Bulletin: MS04-030

    31371: HTTP: Microsoft Excel Cell Length Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Excel.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11373
        - Common Vulnerabilities and Exposures: CVE-2004-0846 CVSS 7.5
        - Microsoft Security Bulletin: MS04-033

    31372: SMTP: Microsoft Outlook Word Object Tag Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Outlook.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10683
        - Common Vulnerabilities and Exposures: CVE-2004-2482 CVSS 5.0

    31373: POP3: Microsoft Outlook Word Object Tag Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Outlook.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10683
        - Common Vulnerabilities and Exposures: CVE-2004-2482 CVSS 5.0

    31374: Oracle: Oracle Database Server ctxsys.driload Access Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an access validation vulnerability in Oracle Database Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11099
        - Common Vulnerabilities and Exposures: CVE-2004-0637 CVSS 6.5

    31375: UDP: KAME Project racoon X509 Certificate Verification Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a certificate verification bypass vulnerability in KAME Project racoon.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10546
        - Common Vulnerabilities and Exposures: CVE-2004-0607 CVSS 10.0

    31377: HTTP: Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Digium Asterisk.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-7287

    31378: HTTP: Adobe Acrobat File Extension Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10696
        - Common Vulnerabilities and Exposures: CVE-2004-0632 CVSS 7.5

    31379: HTTP: WebSocket Connection Upgrade
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to upgrade an HTTP connection to a WebSocket connection.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1270, CVE-2018-1275

    31380: HTTP: Microsoft Internet Explorer execCommand File Type Spoofing Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a file type spoofing vulnerability in Microsoft Internet Explorer.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11686
        - Common Vulnerabilities and Exposures: CVE-2004-1331 CVSS 2.6

    31385: HTTP: Multiple Web Browsers Window Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a window injection vulnerability in multiple browsers.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11855
        - Common Vulnerabilities and Exposures: CVE-2004-1155 CVSS 7.5

    31387: CVS: Max-dotdot Protocol Command Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in CVS server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2004-0417 CVSS 5.0

    31388: STOMP: Pivotal Spring Framework spring-messaging Module STOMP Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an Input Validation vulnerability in Pivotal Spring Framework's STOMP protocol module.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1270, CVE-2018-1275

    31390: HTTP: Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Micro Focus GroupWise.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 92646
        - Common Vulnerabilities and Exposures: CVE-2016-5760 CVSS 4.3

    31392: HTTP: Trend Micro Mobile Security eas_agent_sync_client_info slink_id SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Trend Micro Mobile Security Enterprise.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 100966
        - Common Vulnerabilities and Exposures: CVE-2017-14078 CVSS 10.0

    31393: HTTP: VanDyke SecureCRT Configuration Folder Memory Corruption Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in VanDyke SecureCRT.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 11731
        - Common Vulnerabilities and Exposures: CVE-2004-1541 CVSS 7.5

    31450: HTTP: McAfee FreeScan GetSpecialFolderLocation Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in McAfee FreeScan.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10077
        - Common Vulnerabilities and Exposures: CVE-2004-1908 CVSS 5.0

    31451: HTTP: Microsoft VBScript Engine Sub Class_Terminate Class Event Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the VBScript Sub Class_Terminate Class Event.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1004
        - Zero Day Initiative: ZDI-18-291

    31452: HTTP: IBM Lotus Domino Web Access Message Handling Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in the IBM Lotus Domino Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 10641
        - Common Vulnerabilities and Exposures: CVE-2004-0668 CVSS 5.0

    31453: HTTP: Spring Data Commons Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an input validation vulnerability in Spring Data Commons.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-1273

    31461: HTTP: Drupal Core Multiple Subsystems Hash Fragment Identifier Input Validation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an input validation vulnerability in Drupal Core.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 103985
        - Common Vulnerabilities and Exposures: CVE-2018-7602

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    3054: DNS: DNS Response Buffer Overflow
      - IPS Version: 1.4.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Security Policy" to "Vulnerabilities".
      - Severity changed from "Low" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    3192: DHCP: Microsoft DHCP Server Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3192: DHCP: Microsoft DHCP Server Buffer Overflow".
      - Category changed from "Network Equipment" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    3213: HTTP: Windows LoadImage API CUR File Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3213: HTTP: Windows LoadImage API Buffer Overflow .CUR file".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 3215: HTTP: Windows HTML Help ActiveX Control Script Injection
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 3706: NDMP: Veritas Backup Exec Agent Security Bypass vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3706: NDMP: Veritas Backup Exec Remote File Read".
      - Category changed from "Reconnaissance" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    4157: HTTP: Windows Media Player Bitmap Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4157: HTTP: Windows Media Player Bitmap Buffer Overflow".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 4731: HTTP: Java Applet/Script Access Control Violation Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4731: HTTP: Java Applet/Script Access Control Violation".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9008: HTTP: Microsoft Windows HLP File Handling Heap Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9008: HTTP: Microsoft Windows HLP File Handling Heap Buffer Overflow".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9013: HTTP: Microsoft Windows itss.dll CHM File Handling Heap Corruption Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9013: HTTP: Microsoft Windows itss.dll CHM File Handling Heap Corruption".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9023: HTTP: Microsoft Internet Explorer Script Engine Stack Exhaustion Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9023: HTTP: Microsoft Internet Explorer Script Engine Stack Exhaustion".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 9177: SMB: Windows Transact Response Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9177: SMB: Windows Transact Response Buffer Overflow".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    12502: HTTP: HP SiteScope Unauthenticated Credential Overwrite (ZDI-12-178)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    12522: ICMP: Source Quench
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    22199: HTTP: Microsoft IIS Source Code Disclosure Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 30309: HTTPS: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 31080: HTTP: Microsoft Windows VBScript Engine ReDim Use-after-Free Vulnerability (ZDI-18-291)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31080: HTTP: Microsoft Windows VBScript Engine ReDim Use-after-Free Vulnerability".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    31162: TCP: Cisco Smart Install Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Exploits" to "Vulnerabilities".
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    4228: HTTP: Local Zone Link Specified in Remote Page
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    5130: Oracle: Oracle (GRANT DBA) Near Vulnerable Package
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    9076: Kerberos: krb5_recvauth Double Free Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9076: Kerberos: krb5_recvauth Double Free".
      - Description updated.
      - Vulnerability references updated.

    9098: SYMANTEC: Symantec Antivirus Real Time Virus Scan Service Buffer Overflow
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Virus" to "Vulnerabilities".
      - Description updated.
      - Vulnerability references updated.

    9145: HTTP: Mozilla Firefox Suspicious Script Generated MouseEvent
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    9147: HTTP: Mozilla IFrame XSS
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    9148: HTTP: Suspicious Data URI
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    9153: HTTP: Suspicious ActiveX Instantiation
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    9359: HTTP: Microsoft IIS WebDAV Request Source Code Disclosure
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    11803: DNS: Squid Proxy DNS Response Spoofing Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    13990: TCP: HP Data Protector Multiple Opcodes Parsing Code Execution Vulnerability (ZDI-14-002)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    25348: HTTP: Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross-Site Scripting Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 30147: HTTP: Oracle WebLogic Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    30696: SMTP: Exim b64decode function Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

  Removed Filters: None
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000105637
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.