Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9251

    • Updated:
    • 19 Mar 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9251      March 19, 2019
Details
Public
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9251.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9251.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 33
 Modified Filters (logic changes) - 20
 Modified Filters (metadata changes only) - 16
 Removed Filters - 0

Filters
----------------
    New Filters:
    33389: ZDI-CAN-6742: Zero Day Initiative Vulnerability (Microsoft Office Word)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Word.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    33493: HTTP: Adobe Reader DC JavaScript AnnotsString Security Bypass Vulnerability (ZDI-18-1417)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Adobe Reader DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-16018
        - Zero Day Initiative: ZDI-18-1417

    33495: HTTP: Bitdefender SafePay openFile Arbitrary File Write Vulnerability (ZDI-19-158)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file write vulnerability in Bitdefender SafePay.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-6737
        - Zero Day Initiative: ZDI-19-158

    34080: ZDI-CAN-7226: Zero Day Initiative Vulnerability (Oracle Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Oracle Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34484: RFB: LibVNCServer File Transfer Extension Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the LibVNCServer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-15127 CVSS 7.5

    34563: RFB: LibVNCServer File Transfer Extension Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in the LibVNCServer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-6307 CVSS 6.8

    34565: RFB: LibVNCClient CoRRE Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in the LibVNCServer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-20020 CVSS 7.5

    34711: HTTP: Foxit Quick PDF Library Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Foxit Quick PDF Library.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 106306
        - Common Vulnerabilities and Exposures: CVE-2018-20247 CVSS 6.8

    34719: NTP: NTPsec ntpd ctl_getitem Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bound read vulnerability in NTPsec ntpd.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-6443 CVSS 6.4

    34720: NTP: NTPsec ntpd write_variables Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in NTPsec ntpd.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-6445 CVSS 4.0

    34722: HTTP: Grafana Labs Grafana Arbitrary File Read Vulnerability
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an arbitrary file read vulnerability in Grafana Labs Grafana.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 105994
        - Common Vulnerabilities and Exposures: CVE-2018-19039 CVSS 4.0

    34743: HTTP: Adobe ColdFusion JavaAdapter Object Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to upload an object to Adobe ColdFusion JavaAdapter.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 106968
        - Common Vulnerabilities and Exposures: CVE-2019-7091

    34745: ZMTP: ZeroMQ libzmq v2_decoder Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in ZeroMQ libzmq.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-6250 CVSS 9.0

    34756: HTTP: HPE Intelligent Management Center PrimeFaces Expression Language Injection (ZDI-19-161)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an expression language injection vulnerability in HPE Intelligent Management Center.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Zero Day Initiative: ZDI-19-161

    34769: SMTP: SMTP Connection Establishment
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the server sending information about itself to the client in a "220" message.
      - Deployment: Not enabled by default in any deployment.

    34770: POP3: POP3 Server Response Message
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a message from the server to the client which indicates the current status of the service in the form of "+OK" or "-ERR".
      - Deployment: Not enabled by default in any deployment.

    34771: IMAP: IMAP Server Greeting
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the greeting an IMAP server sends to the client with a message containing either "OK" or "PREAUTH".
      - Deployment: Not enabled by default in any deployment.

    34772: HTTP: Foxit Reader JavaScript getPageNumWords Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-3964 CVSS 6.8

    34773: HTTP: RARLAB WinRAR ACE Directory Traversal Vulnerability
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in RARLAB WinRAR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 106948
        - Common Vulnerabilities and Exposures: CVE-2018-20251 CVSS 4.3

    34778: HTTP: Microsoft BizTalk Server SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Microsoft BizTalk Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2003-0118

    34782: SMTP: SMTP "HELO"/"EHLO" Client Response
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the client sending a "HELO" or "EHLO" response after receiving a "220" message in order to establish a connection.
      - Deployment: Not enabled by default in any deployment.

    34787: DNS: ISC BIND EDNS Option Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in ISC BIND.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 107125
        - Common Vulnerabilities and Exposures: CVE-2018-5744

    34788: HTTP: Apache Solr Java Unserialize Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to use a command execution exploit against Apache Solr.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0192

    34789: ZDI-CAN-7678: Zero Day Initiative Vulnerability (Microsoft Office)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34790: ZDI-CAN-7887: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34791: ZDI-CAN-7891: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    34792: ZDI-CAN-8051: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34793: ZDI-CAN-8054: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34794: ZDI-CAN-8205: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34795: ZDI-CAN-8049: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    34796: HTTP: Docker Version API Check Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.1.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the version of Docker that is running as requested by the REST API.
      - Deployment: Not enabled by default in any deployment.

    34805: HTTP/2: Microsoft IIS SETTINGS Frame Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows Internet Information Services (IIS).
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    34823: HTTP: Telerik UI DialogHandler Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to make an HTTP GET request to a default Telerik dialog handler.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 99965
        - Common Vulnerabilities and Exposures: CVE-2017-9248

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    3831: DNS: Possible Phishing Subdomain Name Request
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3831: DNS: Phishing Subdomain Name Request".
      - Description updated.
      - Detection logic updated.

    12522: ICMP: Source Quench
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30116: DNS: Systemd resolved dns_packet_read_type_window Denial-of-Service Vulnerability (ZDI-17-923)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 32955: HTTP: Adobe Acrobat Pro Out-of-Bounds Read Vulnerability (ZDI-18-1074,ZDI-18-1423)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "32955: HTTP: Adobe Acrobat Pro Out-of-Bounds Read Vulnerability (ZDI-18-1074)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33144: HTTP: LAquis SCADA relatorioindividual Command Injection (ZDI-19-064, ZDI-19-065, ZDI-19-066)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33144: ZDI-CAN-6674-6676: Zero Day Initiative Vulnerability (LAquis SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33334: HTTP: Wecon LeviStudioU addresslib PLC Driver Buffer Overflow Vulnerability (ZDI-19-147)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33334: ZDI-CAN-6554: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33337: HTTP: OMRON CX-One CX-Protocol CObject Type Confusion Vulnerability (ZDI-19-018)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33337: ZDI-CAN-6566: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33351: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-19-114)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33351: ZDI-CAN-6688: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33352: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-19-115)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33352: ZDI-CAN-6689: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33413: HTTP: HPE Intelligent Management Center addVsiInterfaceInfo EL Injection Vulnerability (ZDI-19-163)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33413: ZDI-CAN-6758: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33442: HTTP: HPE Intelligent Management Center ventInfo_content Expression Language Injection (ZDI-19-170)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33442: ZDI-CAN-6762: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33443: HTTP: HPE Intelligent Management Center Expression Language Injection (ZDI-19-166, ZDI-19-171,172)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33443: ZDI-CAN-6763,6764,6767: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33444: HTTP: HPE Intelligent Management Center devGroupSelect Expression Language Injection (ZDI-19-164)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33444: ZDI-CAN-6765: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33445: HTTP: HPE Intelligent Management Center actionSelectContent EL Injection Vulnerability (ZDI-19-165)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33445: ZDI-CAN-6766: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33446: HTTP: HPE Intelligent Management Center legend Expression Language Injection (ZDI-19-167)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33446: ZDI-CAN-6768: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 33449: HTTP: HPE Intelligent Management Center UrlAccessController Authentication Bypass (ZDI-19-169)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33449: ZDI-CAN-6769: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33719: HTTP: Docker Daemon "create/exec" API with "Cmd" Key Set to Execute Shell Commands
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33719: HTTP: Docker Daemon API Command Injection Vulnerability".
      - Category changed from "Vulnerabilities" to "Security Policy".
      - Severity changed from "Critical" to "Moderate".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33806: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33902: HTTP: Microsoft Windows GDI Out-Of-Bounds Read Vulnerability (ZDI-19-190)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33902: HTTP: Microsoft Windows GDI Out-Of-Bounds Read Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34219: HTTP: Microsoft Windows gdiplus DoStretchBlt Out-Of-Bounds Read Vulnerability (ZDI-19-201)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34219: HTTP: Microsoft Windows gdiplus DoStretchBlt Out-Of-Bounds Read Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    28896: HTTP: Quest NetVault Backup Server checksession Authentication Bypass Vulnerability (ZDI-18-006)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 30534: HTTP: Adobe Acrobat Reader Document ID Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Severity changed from "High" to "Critical".

    31630: HTTP: Telerik UI RadAsyncUpload Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    31739: HTTP: osCommerce Installer Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 31756: HTTP: Zoho ManageEngine Applications Manager Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "31756: HTTP: ManageEngine Applications Manager Code Injection Vulnerability".

    32320: HTTP: Dell EMC VMAX Virtual Appliance Manager Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    * 32321: HTTPS: Dell EMC VMAX Virtual Appliance Manager Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    32667: FTP: FTPShell Client Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    32895: HTTP: Unrestricted PHP File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    32919: HTTP: SonicWall Global Management System XMLRPC set_time_zone Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    33380: HTTP: jQuery Unrestricted PHP File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    33706: TCP: Flexense Diskboss Enterprise Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    33818: HTTP: Microsoft PowerPoint Use-After-Free Vulnerability (ZDI-18-1406)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33818: HTTP: Microsoft PowerPoint Use-After-Free Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    * 33955: HTTP: Microsoft Windows CreateDIBitmap Out-Of-Bounds Read Vulnerability (ZDI-19-195)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33955: HTTP: Microsoft Windows CreateDIBitmap Out-Of-Bounds Read Vulnerability".
      - Description updated.
      - Vulnerability references updated.

    34256: HTTP: Adobe Acrobat Reader Document ID Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Severity changed from "High" to "Critical".

  Removed Filters: None
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000127797
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.