Summary
Digital Vaccine #9317 August 13, 2019
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before August 13, 2019. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE # | TippingPoint Filter # | Status |
| CVE-2019-0714 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0715 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0716 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0717 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0718 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0720 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0723 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0736 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-0965 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1030 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1057 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1078 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1131 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1133 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1139 | 35842 | |
| CVE-2019-1140 | 35841 | |
| CVE-2019-1141 | 35840 | |
| CVE-2019-1143 | *34218 | |
| CVE-2019-1144 | *34223 | |
| CVE-2019-1145 | *34224 | |
| CVE-2019-1146 | *35287 | |
| CVE-2019-1147 | *35286 | |
| CVE-2019-1148 | 34221 | |
| CVE-2019-1149 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1150 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1151 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1152 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1153 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1154 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1155 | *35293 | |
| CVE-2019-1156 | *35294 | |
| CVE-2019-1157 | *35355 | |
| CVE-2019-1158 | *35356 | |
| CVE-2019-1159 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1160 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1161 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1162 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1163 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1164 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1168 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1169 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1170 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1171 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1172 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1173 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1174 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1175 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1176 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1177 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1178 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1179 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1180 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1181 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1182 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1183 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1184 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1185 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1186 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1187 | *35370 | |
| CVE-2019-1188 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1190 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1192 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1193 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1194 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1195 | 35832 | |
| CVE-2019-1196 | 35831 | |
| CVE-2019-1197 | 35830 | |
| CVE-2019-1198 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1199 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1200 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1201 | *35438 | |
| CVE-2019-1202 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1203 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1204 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1205 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1206 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1211 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1212 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1213 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1218 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1222 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1223 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1224 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1225 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1226 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1227 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1228 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-1229 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-9506 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-9511 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-9512 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-9513 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-9514 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2019-9518 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9317.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9317.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 20
Modified Filters (logic changes) - 27
Modified Filters (metadata changes only) - 6
Removed Filters - 0
Filters
----------------
New Filters:
35706: ZDI-CAN-8923: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35755: TCP: JavaScript eval() Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects an attempt to use the JavaScript eval() method.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
35790: ZDI-CAN-8825: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35791: ZDI-CAN-8692: Zero Day Initiative Vulnerability (Foxit PhantomPDF)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit PhantomPDF.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35799: HTTP: Kubernetes Overlength json-patch Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the usage of an overlong json-patch request to a Kubernetes API server.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1002100
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
35801: HTTP: Jenkins Core FileParameterValue Directory Traversal Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Advantech WebAccess.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 109299
- Common Vulnerabilities and Exposures: CVE-2019-10352 CVSS 4.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
35818: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2011-1266 CVSS 9.3
- Microsoft Security Bulletin: MS11-052
- Zero Day Initiative: ZDI-11-197
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Windows Client Application
35821: ZDI-CAN-8739: Zero Day Initiative Vulnerability (Apple Safari)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple Safari.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35822: ZDI-CAN-8806: Zero Day Initiative Vulnerability (Apple macOS)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Apple macOS.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
35823: HTTP: Opera SVG Clippath Use-After-Free Vulnerability (Upload)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in the Opera web browser.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2013-1638 CVSS 9.3
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35825: HTTP: RealNetworks RealPlayer RMP Location Buffer Overflow Vulnerability (Upload)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in RealNetworks RealPlayer.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 64398
- Common Vulnerabilities and Exposures: CVE-2013-6877 CVSS 9.3
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Client Application
35827: HTTP: LibreOffice LibreLogo Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a code execution vulnerability in LibreOffice.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 109374
- Common Vulnerabilities and Exposures: CVE-2019-9848 CVSS 7.5
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Client Application
35830: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1197
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35831: HTTP: Microsoft Edge Array Object Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1196
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35832: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1195
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35840: HTTP: Microsoft Edge Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1141
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35841: HTTP: Microsoft Edge Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1140
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35842: HTTP: Microsoft Edge Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2019-1139
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
35847: HTTP: HAProxy Client and Server Cookie Parsing Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in HAProxy.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 109352
- Common Vulnerabilities and Exposures: CVE-2019-14241 CVSS 5.0
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
35924: HTTP: Interactive Data eSignal Stack Buffer Overflow Vulnerability (Upload)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects a buffer overflow attack against Interactive Data eSignal.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2011-3494 CVSS 10.0
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
Modified Filters (logic changes):
* = Enabled in Default deployments
* 3990: Exploit: Shellcode Payload
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 12315: HTTP: Interactive Data eSignal Stack Buffer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "12315: HTTP: Interactive Data eSignal Stack Buffer Overflow".
- Severity changed from "High" to "Critical".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
12820: HTTP: Intel Network Interface Card Packet of Death
- IPS Version: 3.0.0 and after.
- NGFW Version: Not available.
- TPS Version: 4.0.0 and after in IPS Persona mode.
- vTPS Version: 4.0.1 and after in IPS Persona mode.
- Requires: Only IPS models or TPS in IPS Persona
- Detection logic updated.
- Vulnerability references updated.
12849: RSH: Cisco Prime LAN Management Solution Remote Shell
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
13498: HTTP: Cisco Prime Data Center Network Manager Arbitrary File Upload Vulnerability (ZDI-13-255)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
13998: HTTP: RealNetworks RealPlayer RMP Location Buffer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
27519: HTTP: Google Chrome Array indexOf Memory Corruption Vulnerability (PWN2OWN ZDI-17-462)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "27519: ZDI-CAN-4587: Zero Day Initiative Vulnerability (Google Chrome)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
27929: SMB: Microsoft Windows SMB Remote Code Execution Vulnerabilities (EternalChampion)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33451: HTTP: WECON LeviStudioU SysParameter Buffer Overflow Vulnerability (ZDI-19-151, ZDI-19-153-155)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33451: ZDI-CAN-7025,7027-7029: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33572: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-240)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33572: ZDI-CAN-6907: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33642: HTTP: Nagios XI Magpie cURL Argument Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
33668: HTTP: HPE Intelligent Management Center select Expression Language Injection (ZDI-19-263)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33668: ZDI-CAN-6870: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33879: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-342)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33879: ZDI-CAN-7016: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
33880: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-343)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "33880: ZDI-CAN-7017: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
34218: HTTP: Microsoft Windows EMF Graphic Out-Of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34218: ZDI-CAN-7671: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
34223: HTTP: Microsoft Windows Font Subsetting Library Double Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34223: ZDI-CAN-7790: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
34224: HTTP: Microsoft Windows Font Subsetting Library Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "34224: ZDI-CAN-7792: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35173: RPC: Advantech WebAccess SCADA BwPAlarm IOCTL 70605 Buffer Overflow Vulnerability (ZDI-19-588)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35173: ZDI-CAN-8063: Zero Day Initiative Vulnerability (Advantech WebAccess)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35286: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35286: ZDI-CAN-8277: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35287: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35287: ZDI-CAN-8278: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35293: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35293: ZDI-CAN-8121: Zero Day Initiative Vulnerability (Microsoft JET Database)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35294: HTTP: Microsoft JET Database Engine Out-Of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35294: ZDI-CAN-8131: Zero Day Initiative Vulnerability (Microsoft JET Database)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35355: HTTP: Microsoft JET Database Engine Out-Of-Bounds Write Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35355: ZDI-CAN-8351: Zero Day Initiative Vulnerability (Microsoft JET Database)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35356: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35356: ZDI-CAN-8353: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35370: HTTP: Microsoft Windows XmlLite xml:space Attribute Denial-Of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35370: ZDI-CAN-8494: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
35438: HTTP: Microsoft Word File Parsing Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "35438: ZDI-CAN-8599: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 35618: HTTP: Microsoft Windows ActiveX Data Objects(ADO) Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
0050: IP Options: Unknown Code
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
* 0054: IP: Source IP Address Spoofed (Multicast)
- IPS Version: 3.0.0 and after.
- NGFW Version: Not available.
- TPS Version: 4.0.0 and after in IPS Persona mode.
- vTPS Version: 4.0.1 and after in IPS Persona mode.
- Requires: Only IPS models or TPS in IPS Persona
- Vulnerability references updated.
* 0558: IP: Invalid IP Traffic (Destination IP Address set to Loopback)
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Deployments updated and are now:
- Deployment: Security-Optimized (Block / Notify)
* 34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
35809: HTTP: Microsoft Internet Explorer and Edge Classid Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Miscellaneous modification.
Removed Filters: None
Top of the Page
