Summary
Digital Vaccine #9202 December 11, 2018
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Adobe Security Bulletins This DV includes coverage for the Adobe vulnerabilities released on or before December 05, 2018. The following table maps TippingPoint filters to the Adobe CVEs. | |||
Bulletin # | CVE # | TippingPoint Filter # | Status |
APSB18-42 | CVE-2018-15982 | 33711 | |
APSB18-42 | CVE-2018-15983 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before December 11, 2018. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE # | TippingPoint Filter # | Status |
CVE-2018-8477 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8514 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8517 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8540 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8580 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8583 | 33685 | |
CVE-2018-8587 | 33518 | |
CVE-2018-8590 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8595 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8596 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8597 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8598 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8604 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8611 | 33820 | |
CVE-2018-8612 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8617 | 33686 | |
CVE-2018-8618 | 33687 | |
CVE-2018-8619 | 33708 | |
CVE-2018-8621 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8622 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8624 | 33688 | |
CVE-2018-8625 | 33819 | |
CVE-2018-8626 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8627 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8628 | 33818 | |
CVE-2018-8629 | 33689 | |
CVE-2018-8631 | 33690 | |
CVE-2018-8634 | 33691 | |
CVE-2018-8635 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8636 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8637 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8638 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8639 | 33822 | |
CVE-2018-8641 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8643 | *33482 | |
CVE-2018-8649 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8651 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8652 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9202.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9202.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
29476: HTTP: HTTP on Non-Standard Ports - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects an attempt when a communication using HTTP protocol happens through a port other than standard HTTP port(80 or 8080). - Deployment: Not enabled by default in any deployment. 33605: HTTP: Apple Safari KWQListIteratorImpl() HTML Tag Handling DoS Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an KWQListIteratorImpl() HTML tag handling denial-of-service vulnerability in Apple Safari. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 17634 - Common Vulnerabilities and Exposures: CVE-2006-1986 CVSS 7.5 33650: ZDI-CAN-7168: Zero Day Initiative Vulnerability (Apache HTTPD Server 2.x) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models. - Category: Vulnerabilities - Severity: High - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apache HTTPD Server 2.x. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33674: ZDI-CAN-7251: Zero Day Initiative Vulnerability (Microsoft Visual Studio) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Visual Studio. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33685: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8583 33686: HTTP: Microsoft Edge Chakra InlineArrayPush Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8617 33687: HTTP: Microsoft Edge Chakra defineSetter Type Confusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8618 33688: HTTP: Microsoft Edge Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-8624 33689: HTTP: Microsoft Edge ArrayBuffer Out-of-Bounds Write Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8629 33690: HTTP: Microsoft Internet Explorer Array Prototype Out-of-Bounds Write Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a out-of-bounds vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8631 33691: HTTP: Microsoft Edge SpeechSynthesis Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Edge. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8634 33692: ZDI-CAN-7262: Zero Day Initiative Vulnerability (Microsoft SharePoint) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft SharePoint. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33693: ZDI-CAN-7261: Zero Day Initiative Vulnerability (Microsoft SharePoint) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft SharePoint. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33694: ZDI-CAN-7382: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33695: ZDI-CAN-7412: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33696: ZDI-CAN-7427: Zero Day Initiative Vulnerability (Microsoft Windows) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) 33697: ZDI-CAN-7409: Zero Day Initiative Vulnerability (Microsoft Chakra) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Chakra. - Deployments: - Deployment: Security-Optimized (Block / Notify) 33700: HTTP: Synology Photo Station Arbitrary File Upload Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Synology Photo Station. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2017-11151 CVSS 7.5 33701: HTTP: MDaemon WorldClient XML Injection Vulnerability (EasyBee) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an XML injection vulnerability in MDaemon. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Bugtraq ID: 103039 - Common Vulnerabilities and Exposures: CVE-2018-1216 33703: TCP: IBM Tivoli Storage Manager FastBack Server Opcode 4754 Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 84166 - Common Vulnerabilities and Exposures: CVE-2015-8520 CVSS 7.5 33704: TCP: IBM Tivoli Storage Manager FastBack Server Opcode 1796 Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 84161 - Common Vulnerabilities and Exposures: CVE-2015-8519 CVSS 7.5 33705: TCP: IBM Tivoli Storage Manager FastBack Server Opcode 1799 Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 84163 - Common Vulnerabilities and Exposures: CVE-2015-8522 CVSS 7.5 33706: TCP: Flexense Diskboss Enterprise Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Flexense Diskboss Enterprise. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-5262 33707: HTTP: Apache Camel XML CamelXsltResourceUri Java Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an injection vulnerability in Apache Camel. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Bugtraq ID: 65902 - Common Vulnerabilities and Exposures: CVE-2014-0003 CVSS 7.5 33708: HTTP: Microsoft XML XSL VBScript Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of VBScript in MSXML XSL files. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-8619 33709: HTTP: Raptr AMD Gaming Evolved "execute_installer" Command Function Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Raptr AMD Gaming Evolved software. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-6546 33710: HTTP: IBM Tivoli Storage Manager FastBack Server Opcode 1798 Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in IBM Tivoli Storage Manager FastBack. - Deployment: Not enabled by default in any deployment. - References: - Bugtraq ID: 84167 - Common Vulnerabilities and Exposures: CVE-2015-8521 33711: HTTP: Adobe Flash Player SWF Parsing Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Flash. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-15982 33713: UDP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Hewlett Packard Enterprise Intelligent Management Center. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2017-5805 33714: TCP: DEWESoft X3 Command Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a command execution vulnerability in DEWESoft X3. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2018-7756 33719: HTTP: Docker Daemon API Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Docker Daemon API. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 33721: FTP: Cisco IOS Firewall Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Cisco Smart Install Devices. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2005-2841 33722: SMB: MsFteWds Named Pipe Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of the MsFteWds named pipe in SMB traffic. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2017-11771, CVE-2017-8620 33728: SMB: Suspicious SMB_COM_OPEN_ANDX/SMB_COM_NT_CREATE_ANDX Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a suspicious SMB_COM_OPEN_ANDX or SMB_COM_NT_CREATE_ANDX Request. - Deployment: Not enabled by default in any deployment. 33818: HTTP: Microsoft PowerPoint Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft PowerPoint. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-8628 33819: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8625 33820: HTTP: Microsoft Windows Kernel Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8611 33822: HTTP: Microsoft Windows win32kfull.sys Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2018-8639 Modified Filters (logic changes): * = Enabled in Default deployments * 9268: HTTP: HP OpenView NNM snmpviewer.exe Stack Buffer Overflow Vulnerability (ZDI-10-083) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 10529: HTTP: HP OpenView Network Node Manager Buffer Overflow Vulnerability (ZDI-11-010/ZDI-11-348) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 10682: HTTP: HP OpenView Network Node Manager Buffer Overflow (ZDI-11-007, ZDI-11-011) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 12664: HTTP: Oracle Outside In XPM Image Processing Stack Buffer Overflow (ZDI-12-150) - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 16892: HTTP: Drupal Core SQL Injection Vulnerability - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 20800: HTTP: Adobe Flash Oversized MP3 ID3 Frame Header - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 23783: UDP: Cisco ASA Fragment Reassembly Buffer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. 24928: NTP: Network Time Protocol Daemon crypto-NAK Denial-of-Service Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. * 26021: TCP: Memcached process_bin_update body_len Integer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 26111: TCP: Memcached process_bin_append_prepend Integer Overflow Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 26703: LDAP: Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow Vulnerability (ZDI-17-053) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 29749: TCP: HPE Intelligent Management Center imcwlandm UserName Buffer Overflow Vulnerability (ZDI-17-317) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 30052: HTTP: Supervisor XML-RPC Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 30548: TCP: CloudMe Sync Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 30941: HTTP: Microsoft .NET Framework Proxy Auto-Discovery Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. 30957: HTTP: Apple Safari Form Element Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 31155: NTP: Network Time Protocol ntpq decodearr Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 31851: DHCP: Red Hat Fedora DHCP Client NetworkManager Input Validation Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 32667: FTP: FTPShell Client Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. 32820: HTTP: INVT Electric VT-Designer PM3 Untrusted Data Deserialization Vulnerability (ZDI-18-1361) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32820: ZDI-CAN-6428: Zero Day Initiative Vulnerability (INVT VT-Designer)". - Description updated. - Detection logic updated. - Vulnerability references updated. 32823: HTTP: INVT Electric VT-Designer File Parsing Buffer Overflow Vulnerability (ZDI-18-1360) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32823: ZDI-CAN-6414: Zero Day Initiative Vulnerability (INVT VT-Designer)". - Description updated. - Detection logic updated. - Vulnerability references updated. 32826: HTTP: Apple Safari WebCrypto Race Condition Remote Code Execution Vulnerability (ZDI-18-1323) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "32826: ZDI-CAN-6388: Zero Day Initiative Vulnerability (Apple Safari)". - Description updated. - Detection logic updated. - Vulnerability references updated. 32919: HTTP: SonicWall Global Management System XMLRPC set_time_zone Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 33285: HTTP: Microsoft Windows Win32k Kernel Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 33482: HTTP: Microsoft Windows JScript Array concat Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33482: ZDI-CAN-7156: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33518: HTTP: Microsoft Outlook Rule Import Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. 33614: HTTP: Non-Standard URI Path Within Host Header Field - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. * 33634: HTTP: Apache Solr RunExecutableListener Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 9944: SSH: SSH Login Attempt On FTP Port - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 9950: SSH: SSH Login Attempt On VNC Port - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. * 30523: HTTP: Adobe Reader DC TTF Text Layout Information Disclosure Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. 33631: HTTP: Advantech WebAccess SCADA WADashboard writeFile Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33631: Advantech WebAccess SCADA WADashboard writeFile Directory Traversal Vulnerability". Removed Filters: None
Top of the Page