Summary
Digital Vaccine #9187 November 6, 2018
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9187.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9187.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
33186: TCP: Adobe ColdFusion DataServicesCFProxy Commons BeanUtils Insecure Deserialization Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Adobe ColdFusion.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Bugtraq ID: 105313
- Common Vulnerabilities and Exposures: CVE-2018-15959
33327: HTTP: Foxit Reader array Use-After-Free Vulnerability (ZDI-18-1159)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17672 CVSS 7.8
- Zero Day Initiative: ZDI-18-1159
33378: HTTP: WordPress Arigato Plugin SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in the Arigato plugin in WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1002000
33381: TCP: Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Oracle WebLogic Server.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 105613
- Common Vulnerabilities and Exposures: CVE-2018-3245
33397: HTTP: Foxit PhantomPDF exportValues Use-After-Free Vulnerability (ZDI-18-1169)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit PhantomPDF.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17687
- Zero Day Initiative: ZDI-18-1169
33399: HTTP: Foxit PhantomPDF fillColor Use-After-Free Vulnerability (ZDI-18-1205)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit PhantomPDF.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17689
- Zero Day Initiative: ZDI-18-1205
33400: HTTP: Foxit Reader Collab dataObjects Use-After-Free Vulnerability (ZDI-18-1223)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17696
- Zero Day Initiative: ZDI-18-1223
33401: HTTP: Digium Asterisk res_http_websocket HTTP Upgrade Requests Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Digium Asterisk.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 105389
- Common Vulnerabilities and Exposures: CVE-2018-17281
33402: TFTP: JSP File Upload
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the upload of .jsp and .jspx files via TFTP.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2018-15379
33403: HTTP: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Zoho ManageEngine OpManager.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17283
33407: ZDI-CAN-6749: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Category (3.2 DV): Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33408: HTTP: Foxit Reader defaultStyle Use-After-Free Vulnerability (ZDI-18-1162)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17703
- Zero Day Initiative: ZDI-18-1162
33409: HTTP: Foxit Reader getPageBox Use-After-Free Vulnerability (ZDI-18-1196)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-17681
- Zero Day Initiative: ZDI-18-1196
33410: ZDI-CAN-6750: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33411: ZDI-CAN-6751: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33412: ZDI-CAN-6752: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33413: ZDI-CAN-6758: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting HPE Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33414: ZDI-CAN-7005: Zero Day Initiative Vulnerability (Adobe Reader DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33444: ZDI-CAN-6765: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33445: ZDI-CAN-6766: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33446: ZDI-CAN-6768: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33447: HTTP: Primetek PrimeFaces Stream Content Request Detected
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter attempts to detect a stream content request made by the PrimeFaces.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-1000486
33448: ZDI-CAN-7006: Zero Day Initiative Vulnerability (Adobe Reader DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33449: ZDI-CAN-6769: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Hewlett Packard Enterprise Intelligent Management Center.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33450: ZDI-CAN-7020: Zero Day Initiative Vulnerability (Adobe Reader DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33451: ZDI-CAN-7025,7027-7029: Zero Day Initiative Vulnerability (WECON LeviStudioU)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33452: ZDI-CAN-7026,7030: Zero Day Initiative Vulnerability (WECON LeviStudioU)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WECON LeviStudioU.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33453: ZDI-CAN-7038: Zero Day Initiative Vulnerability (Adobe Reader DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
33454: ZDI-CAN-7039: Zero Day Initiative Vulnerability (Adobe Reader DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Reader DC.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33455: ZDI-CAN-7072: Zero Day Initiative Vulnerability (Schneider Electric Vijeo Designer)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric Vijeo Designer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33456: ZDI-CAN-7099: Zero Day Initiative Vulnerability (Schneider Electric ZelioSoft2)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric ZelioSoft2.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33457: ZDI-CAN-7100: Zero Day Initiative Vulnerability (Schneider Electric ZelioSoft2)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric ZelioSoft2.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
33458: ZDI-CAN-7110: Zero Day Initiative Vulnerability (LAquis SCADA)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Requires: N/NX-Platform, NGFW, and TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting LAquis SCADA.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
Modified Filters (logic changes):
* = Enabled in Default deployments
* 31858: HTTP: Adobe Acrobat Pro DC ImageConversion EMF EMR_ALPHABLEND Out-of-Bounds Read (ZDI-18-679)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "31858: ZDI-CAN-5967: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 32804: HTTP: Adobe Acrobat Pro DC XSLT Parsing Out-of-Bounds Vulnerability (ZDI-18-672)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32804: ZDI-CAN-6305: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32805: HTTP: Foxit Reader Annotations opacity Use-After-Free Vulnerability (ZDI-18-775)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32805: ZDI-CAN-6328: Zero Day Initiative Vulnerability (Foxit Reader)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32818: HTTP: LAquis SCADA lqs File Parsing Out-of-Bounds Vulnerability (ZDI-18-1260)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32818: ZDI-CAN-6451: Zero Day Initiative Vulnerability (LAquis SCADA)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
32819: HTTP: LAquis SCADA lqs File Parsing Out-of-Bounds Vulnerability (ZDI-18-1256)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "32819: ZDI-CAN-6450: Zero Day Initiative Vulnerability (LAquis SCADA)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only) None
Removed Filters:
32618: HTTP: Adobe Acrobat Reader XSLT Pool String Concatenation Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
Top of the Page
