Summary
Digital Vaccine #9106 May 22, 2018
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9106.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9106.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
29454: HTTP: File Download Request from a Suspicious Top-Level Domain - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to download a .exe file from a suspicious top-level domain. - Deployment: Not enabled by default in any deployment. 29455: HTTP: File Download Request from a Specific Top-Level Domain (.af) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Afghanistan top-level domain. - Deployment: Not enabled by default in any deployment. 29456: HTTP: File Download Request from a Specific Top-Level Domain (.cn) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the People's Republic of China top-level domain. - Deployment: Not enabled by default in any deployment. 29457: HTTP: File Download Request from a Specific Top-Level Domain (.de) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Federal Republic of Germany top-level domain. - Deployment: Not enabled by default in any deployment. 29458: HTTP: File Download Request from a Specific Top-Level Domain (.eu) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the European Union top-level domain. - Deployment: Not enabled by default in any deployment. 29459: HTTP: File Download Request from a Specific Top-Level Domain (.fr) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the France top-level domain. - Deployment: Not enabled by default in any deployment. 29460: HTTP: File Download Request from a Specific Top-Level Domain (.hk) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Hong Kong top-level domain. - Deployment: Not enabled by default in any deployment. 29461: HTTP: File Download Request From a Specific Top-Level Domain (.kg) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Kyrgyzstan top-level domain. - Deployment: Not enabled by default in any deployment. 29462: HTTP: File Download Request from a Specific Top-Level Domain (.kp) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Democratic People's Republic of Korea top-level domain. - Deployment: Not enabled by default in any deployment. 29463: HTTP: File Download Request from a Specific Top-Level Domain (.kr) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Republic of Korea top-level domain. - Deployment: Not enabled by default in any deployment. 29464: HTTP: File Download Request from a Specific Top-Level Domain (.kz) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Kazakhstan top-level domain. - Deployment: Not enabled by default in any deployment. 29465: HTTP: File Download Request from a Specific Top-Level Domain (.pk) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Pakistan top-level domain. - Deployment: Not enabled by default in any deployment. 29466: HTTP: File Download Request from a Specific Top-Level Domain (.pw) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Palau top-level domain. - Deployment: Not enabled by default in any deployment. 29467: HTTP: File Download Request from a Specific Top-Level Domain (.ru) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Russian Federation top-level domain. - Deployment: Not enabled by default in any deployment. 29468: HTTP: File Download Request from a Specific Top-Level Domain (.su) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Soviet Union top-level domain. - Deployment: Not enabled by default in any deployment. 29469: HTTP: File Download Request from a Specific Top-Level Domain (.sy) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Syria top-level domain. - Deployment: Not enabled by default in any deployment. 29470: HTTP: File Download Request from a Specific Top-Level Domain (.tj) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Tajikistan top-level domain. - Deployment: Not enabled by default in any deployment. 29471: HTTP: File Download Request from a Specific Top-Level Domain (.tm) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Turkmenistan top-level domain. - Deployment: Not enabled by default in any deployment. 29472: HTTP: File Download Request from a Specific Top-Level Domain (.uz) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Uzbekistan top-level domain. - Deployment: Not enabled by default in any deployment. 29473: HTTP: File Download Request from a Specific Top-Level Domain (.ml) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Mali top-level domain. - Deployment: Not enabled by default in any deployment. 29474: HTTP: File Download Request from a Specific Top-Level Domain (.gq) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter will detect the download of a .exe file from the Equatorial Guinea top-level domain. - Deployment: Not enabled by default in any deployment. 31368: SMTP: SpamAssassin Spam Test String Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt to use SpamAssassin Spam Test String in an email. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 10957 - Common Vulnerabilities and Exposures: CVE-2004-0796 CVSS 5.0 31688: HTTP: Adobe Acrobat Reader Javascript Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-4947 31735: UDP: Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Check Point FireWall-1 and VPN-1. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 9582 - Common Vulnerabilities and Exposures: CVE-2004-0040 CVSS 10.0 31736: HTTP: InterWoven WorkDocs Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in InterWoven WorkDocs. - Deployment: Not enabled by default in any deployment. 31737: UDP: KAME IKE Racoon HASH Arbitrary File Deletion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file deletion vulnerability in KAME Project racoon. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 9416, 9417 - Common Vulnerabilities and Exposures: CVE-2004-0164 CVSS 5.0 31738: HTTP: Foxit Reader BMP biWidth Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Foxit Reader. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 103999 - Common Vulnerabilities and Exposures: CVE-2017-17557 CVSS 6.8 31739: HTTP: osCommerce Installer Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code injection vulnerability in osCommerce. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31740: SMTP: Dovecot rfc822_parse_domain Out-of-Bounds Read Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an out-of-bounds vulnerability in Dovecot server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 103201 - Common Vulnerabilities and Exposures: CVE-2017-14461 31744: HTTPS: Dell EMC VMAX Virtual Appliance Manager Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Dell EMC VMAX Virtual Appliance. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1215 31745: BGP: Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Quagga. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-5381 31746: HTTP: PlaySMS Filename Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code injection vulnerability in PlaySMS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2017-9080 CVSS 7.5 31747: HTTP: PlaySMS Phonebook Import Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code injection vulnerability in PlaySMS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2017-9101 CVSS 7.5 31748: BGP: Quagga BGP Daemon bgp_update_receive Double Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a double free vulnerability in Quagga. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 103105 - Common Vulnerabilities and Exposures: CVE-2018-5379 31754: HTTP: GNU Wget Cookie Injection Policy Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a policy bypass vulnerability in GNU Wget. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 104129 - Common Vulnerabilities and Exposures: CVE-2018-0494 31755: HTTP: Mantis Bug Tracker manage_proj_page Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code injection vulnerability in Mantis Bug Tracker. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 31789 - Common Vulnerabilities and Exposures: CVE-2008-4687 CVSS 9.0 31756: HTTP: ManageEngine Applications Manager Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code injection vulnerability in ManageEngine Applications Manager. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 103358 - Common Vulnerabilities and Exposures: CVE-2018-7890 31757: HTTP: Apache Tika Chmparser Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Apache Tika. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1339 31758: HTTP: ClipBucket beats_uploader PHP File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a PHP file upload vulnerability in ClipBucket. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31759: ZDI-CAN-5605: Zero Day Initiative Vulnerability (Microsoft Edge) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 31760: HTTP: HL7 C-CDA CDA.xsl nonXMLBody JavaScript Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to use JavaScript inside the nonXMLBody element of the CDA.xsl in HL7 C-CDA. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2014-3861 CVSS 4.3 31761: HTTP: Xpdf Splash DrawImage Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Xpdf. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2009-3604 31762: TCP: Suricata TCP Handshake Content Detection Policy Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a policy bypass vulnerability in Suricata. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-6794 31763: HTTP: ClipBucket file_name Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a code injection vulnerability in ClipBucket. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31764: TCP: NetGain Systems Enterprise Manager RMI Registry Insecure Deserialization (ZDI-17-953) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in NetGain Systems Enterprise Manager. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 102247 - Common Vulnerabilities and Exposures: CVE-2017-17406 - Zero Day Initiative: ZDI-17-953 31765: HTTP: Squid Reverse Proxy sslBumpAccessCheck Denial-of-Service Vulnerability (ZDI-18-309) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Squid Proxy. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-1172 - Zero Day Initiative: ZDI-18-309 31766: HTTP: GNU Emacs Enriched text x-display Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in GNU Emacs. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 100873 - Common Vulnerabilities and Exposures: CVE-2017-14482 CVSS 6.8 31771: DHCP: Microsoft Windows DHCP Logging Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows DHCP. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2004-0899 CVSS 5.0 - Microsoft Security Bulletin: MS04-042 31772: UDP: Cisco Secure ACS EAP-TLS Authentication Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Cisco Secure Access Control Server (ACS). - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 11577 - Common Vulnerabilities and Exposures: CVE-2004-1099 CVSS 10.0 31773: HTTP: Apache httpd FilesMatch Directive Security Restriction Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a security policy bypass vulnerability in Apache httpd. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 103525 - Common Vulnerabilities and Exposures: CVE-2017-15715 31774: HTTP: Apple ImageIO GIF Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Apple OSX. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 22630 - Common Vulnerabilities and Exposures: CVE-2007-1071 31775: HTTP: Microsoft ISA Server DNS Spoofing Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a DNS spoofing vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Proxy Server. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 11605 - Common Vulnerabilities and Exposures: CVE-2004-0892 CVSS 7.5 - Microsoft Security Bulletin: MS04-039 31776: ZDI-CAN-5608,5612: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31777: ZDI-CAN-5609: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31778: ZDI-CAN-5610,5649: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31783: HTTP: Citrix Presentation Server Client ActiveX Control Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Citrix Presentation Server Client. - Deployment: Not enabled by default in any deployment. 31784: HTTP: Microsoft Edge Undo Information Disclosure Vulnerability (ZDI-18-428) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1021 - Zero Day Initiative: ZDI-18-428 31785: HTTP: Electron nodeIntegration Security Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a security bypass vulnerability in the Electron Framework. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-1000136 31786: DNS: DNS Response With NULL Record Type - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects DNS responses with NULL Record Type. - Deployment: Not enabled by default in any deployment. 31787: ZDI-CAN-5613: Zero Day Initiative Vulnerability (Microsoft Edge) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Edge. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31788: ZDI-CAN-5640: Zero Day Initiative Vulnerability (Trend Micro Endpoint Application Control) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Endpoint Application Control. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31789: ZDI-CAN-5643: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess HMI Designer. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31842: ZDI-CAN-5650: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31843: ZDI-CAN-5651: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31844: ZDI-CAN-5652: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31846: ZDI-CAN-5653: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 31847: ZDI-CAN-5654: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess Node. - Deployments: - Deployment: Security-Optimized (Block / Notify) 31851: DHCP: Red Hat Fedora DHCP Client NetworkManager Input Validation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an input validation vulnerability in Red Hat Fedora DHCP client NetworkManager. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 104195 - Common Vulnerabilities and Exposures: CVE-2018-1111 Modified Filters (logic changes): * = Enabled in Default deployments * 2772: MS-RPC: DCOM ISystemActivator Memory Leak/DOS - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. * 8213: MS-RPC: Invalid Enumeration Response - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 19690: HTTP: Microsoft IIS Integer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 29346: HTTP: Apache HTTP Server ap_find_token Denial-of-Service Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 29660: HTTP: Dell EMC Multiple Products Directory Traversal Vulnerability (ZDI-17-491) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29660: HTTP: EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Vulnerability (ZDI-17-491)". - Description updated. - Detection logic updated. - Vulnerability references updated. 30528: HTTP: Adobe Acrobat Pro XPS Vector Memory Corruption Vulnerability (ZDI-18-208) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 31070: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 31072: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. * 31136: HTTP: Microsoft Malware Protection Engine RAR VMSF_RGB Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31136: HTTP: Microsoft Malware Protection Engine Memory Corruption Vulnerability". - Description updated. - Detection logic updated. - Vulnerability references updated. 31629: ZDI-CAN-5597,5606,5607,5611: Zero Day Initiative Vulnerability (Advantech WebAccess Node) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Name changed from "31629: ZDI-CAN-5597: Zero Day Initiative Vulnerability (Advantech WebAccess Node)". - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments * 3706: NDMP: Veritas Backup Exec Agent Security Bypass Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "3706: NDMP: Veritas Backup Exec Agent Security Bypass vulnerability". 13004: TCP: ActFax LPD Server Buffer Overflow Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 19507: HTTP: ManageEngine Multiple Products Directory Traversal Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19507: HTTP: Manage Engine Multiple Products Directory Traversal Vulnerability". - Description updated. - Vulnerability references updated. 24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 30464: HTTP: Electron setAsDefaultProtocolClient Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "30464: HTTP: GitHub Electron setAsDefaultProtocolClient Command Injection Vulnerability". - Vulnerability references updated. * 31552: HTTP: Microsoft Edge CSS Use-After-Free Vulnerability (ZDI-18-433) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31552: HTTP: Microsoft Edge CSS Use-After-Free Vulnerability". - Description updated. - Vulnerability references updated. 31556: HTTP: Microsoft Office Buffer Overflow Vulnerability (ZDI-18-430) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31556: HTTP: Microsoft Office Buffer Overflow Vulnerability ". - Description updated. - Vulnerability references updated. 31558: HTTP: Microsoft Win32k Use-After-Free Vulnerability (ZDI-18-427) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31558: HTTP: Microsoft Win32k Use-After-Free Vulnerability ". - Description updated. - Vulnerability references updated. 31559: HTTP: Microsoft Excel Memory Corruption Vulnerability (ZDI-18-432) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31559: HTTP: Microsoft Excel Memory Corruption Vulnerability". - Description updated. - Vulnerability references updated. 31586: SMS: Microsoft Systems Management Server Remote Control Service Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 31623: HTTP: Microsoft Teams URL Command Injection Vulnerability (ZDI-18-426) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "31623: ZDI-CAN-5589: Zero Day Initiative Vulnerability (Microsoft Teams)". - Description updated. - Vulnerability references updated. Removed Filters: NoneTop of the Page