Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9317

    • Updated:
    • 14 Aug 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9317      August 13, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before August 13, 2019. The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2019-0714 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0715 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0716 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0717 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0718 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0720 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0723 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0736 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0965 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1030 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1057 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1078 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1131 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1133 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-113935842 
CVE-2019-114035841 
CVE-2019-114135840 
CVE-2019-1143*34218 
CVE-2019-1144*34223 
CVE-2019-1145*34224 
CVE-2019-1146*35287 
CVE-2019-1147*35286 
CVE-2019-114834221 
CVE-2019-1149 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1150 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1151 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1152 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1153 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1154 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1155*35293 
CVE-2019-1156*35294 
CVE-2019-1157*35355 
CVE-2019-1158*35356 
CVE-2019-1159 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1160 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1161 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1162 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1163 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1164 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1168 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1169 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1170 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1171 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1172 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1173 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1174 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1175 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1176 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1177 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1178 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1179 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1180 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1181 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1182 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1183 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1184 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1185 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1186 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1187*35370 
CVE-2019-1188 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1190 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1192 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1193 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1194 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-119535832 
CVE-2019-119635831 
CVE-2019-119735830 
CVE-2019-1198 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1199 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1200 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1201*35438 
CVE-2019-1202 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1203 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1204 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1205 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1206 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1211 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1212 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1213 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1218 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1222 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1223 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1224 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1225 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1226 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1227 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1228 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1229 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-9506 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-9511 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-9512 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-9513 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-9514 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-9518 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9317.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9317.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 20
 Modified Filters (logic changes) - 27
 Modified Filters (metadata changes only) - 6
 Removed Filters - 0

Filters
----------------
 New Filters:
    35706: ZDI-CAN-8923: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35755: TCP: JavaScript eval() Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to use the JavaScript eval() method.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service

    35790: ZDI-CAN-8825: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35791: ZDI-CAN-8692: Zero Day Initiative Vulnerability (Foxit PhantomPDF)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit PhantomPDF.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35799: HTTP: Kubernetes Overlength json-patch Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the usage of an overlong json-patch request to a Kubernetes API server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1002100
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    35801: HTTP: Jenkins Core FileParameterValue Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 109299
        - Common Vulnerabilities and Exposures: CVE-2019-10352 CVSS 4.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    35818: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-1266 CVSS 9.3
        - Microsoft Security Bulletin: MS11-052
        - Zero Day Initiative: ZDI-11-197
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Windows Client Application

    35821: ZDI-CAN-8739: Zero Day Initiative Vulnerability (Apple Safari)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35822: ZDI-CAN-8806: Zero Day Initiative Vulnerability (Apple macOS)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple macOS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    35823: HTTP: Opera SVG Clippath Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in the Opera web browser.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2013-1638 CVSS 9.3
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35825: HTTP: RealNetworks RealPlayer RMP Location Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in RealNetworks RealPlayer.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 64398
        - Common Vulnerabilities and Exposures: CVE-2013-6877 CVSS 9.3
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    35827: HTTP: LibreOffice LibreLogo Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in LibreOffice.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 109374
        - Common Vulnerabilities and Exposures: CVE-2019-9848 CVSS 7.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    35830: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1197
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35831: HTTP: Microsoft Edge Array Object Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1196
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35832: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1195
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35840: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1141
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35841: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1140
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35842: HTTP: Microsoft Edge Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1139
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    35847: HTTP: HAProxy Client and Server Cookie Parsing Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in HAProxy.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 109352
        - Common Vulnerabilities and Exposures: CVE-2019-14241 CVSS 5.0
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    35924: HTTP: Interactive Data eSignal Stack Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects a buffer overflow attack against Interactive Data eSignal.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2011-3494 CVSS 10.0
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 3990: Exploit: Shellcode Payload
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 12315: HTTP: Interactive Data eSignal Stack Buffer Overflow Vulnerability 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "12315: HTTP: Interactive Data eSignal Stack Buffer Overflow".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    12820: HTTP: Intel Network Interface Card Packet of Death
      - IPS Version: 3.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after in IPS Persona mode.
      - Requires: Only IPS models or TPS in IPS Persona
      - Detection logic updated.
      - Vulnerability references updated.

    12849: RSH: Cisco Prime LAN Management Solution Remote Shell
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    13498: HTTP: Cisco Prime Data Center Network Manager Arbitrary File Upload Vulnerability (ZDI-13-255)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    13998: HTTP: RealNetworks RealPlayer RMP Location Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    27519: HTTP: Google Chrome Array indexOf Memory Corruption Vulnerability (PWN2OWN ZDI-17-462)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27519: ZDI-CAN-4587: Zero Day Initiative Vulnerability (Google Chrome)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    27929: SMB: Microsoft Windows SMB Remote Code Execution Vulnerabilities (EternalChampion)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33451: HTTP: WECON LeviStudioU SysParameter Buffer Overflow Vulnerability (ZDI-19-151, ZDI-19-153-155)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33451: ZDI-CAN-7025,7027-7029: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33572: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-240) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33572: ZDI-CAN-6907: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33642: HTTP: Nagios XI Magpie cURL Argument Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33668: HTTP: HPE Intelligent Management Center select Expression Language Injection (ZDI-19-263) 
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33668: ZDI-CAN-6870: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33879: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-342) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33879: ZDI-CAN-7016: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    33880: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-343) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33880: ZDI-CAN-7017: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34218: HTTP: Microsoft Windows EMF Graphic Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34218: ZDI-CAN-7671: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34223: HTTP: Microsoft Windows Font Subsetting Library Double Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34223: ZDI-CAN-7790: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34224: HTTP: Microsoft Windows Font Subsetting Library Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34224: ZDI-CAN-7792: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35173: RPC: Advantech WebAccess SCADA BwPAlarm IOCTL 70605 Buffer Overflow Vulnerability (ZDI-19-588)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35173: ZDI-CAN-8063: Zero Day Initiative Vulnerability (Advantech WebAccess)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35286: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35286: ZDI-CAN-8277: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35287: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35287: ZDI-CAN-8278: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35293: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35293: ZDI-CAN-8121: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35294: HTTP: Microsoft JET Database Engine Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35294: ZDI-CAN-8131: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35355: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35355: ZDI-CAN-8351: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35356: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35356: ZDI-CAN-8353: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35370: HTTP: Microsoft Windows XmlLite xml:space Attribute Denial-Of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35370: ZDI-CAN-8494: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35438: HTTP: Microsoft Word File Parsing Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35438: ZDI-CAN-8599: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 35618: HTTP: Microsoft Windows ActiveX Data Objects(ADO) Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    0050: IP Options: Unknown Code
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    * 0054: IP: Source IP Address Spoofed (Multicast)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.0.0 and after in IPS Persona mode.
      - vTPS Version: 4.0.1 and after in IPS Persona mode.
      - Requires: Only IPS models or TPS in IPS Persona
      - Vulnerability references updated.

    * 0558: IP: Invalid IP Traffic (Destination IP Address set to Loopback)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    * 34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    35809: HTTP: Microsoft Internet Explorer and Edge Classid Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

  Removed Filters: None
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000144141
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.