Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9341

    • Updated:
    • 9 Oct 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9341      October 8, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before October 8, 2019. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2019-0608 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-106036322 
CVE-2019-1070 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1166 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1230 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-123836323 
CVE-2019-123936321 
CVE-2019-130736324 
CVE-2019-130836320 
CVE-2019-1311 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1313 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1314 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1315 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1316 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1317 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1318 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1319 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1320 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1321 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1322 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1323 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1325 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1326 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1327 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1328 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1329 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1330 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1331 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1333 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1334 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1335*35832 
CVE-2019-1336 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1337 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1338 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1339 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1340 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1341 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1342 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1343 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1344 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1345 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1346 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1347 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1356 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1357 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1358 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1359 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1361*35689 
CVE-2019-1362 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1363 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-136436259 
CVE-2019-1365 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-136636319 
CVE-2019-1368 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1369 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1371 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1372 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1375 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1376 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1378 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9341.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9341.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 33
 Modified Filters (logic changes) - 19
 Modified Filters (metadata changes only) - 6
 Removed Filters - 0

Filters
----------------
 New Filters:
    36037: HTTP: Harbor Project Harbor user API Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Harbor Project Harbor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-16097
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36198: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 103597
        - Common Vulnerabilities and Exposures: CVE-2018-1012 CVSS 9.3
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36204: SMTP: Server Connection Attempt Response 535
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an unauthorized SMTP connection attempt.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: SMTP
      - Platform: Multi-Platform Server Application or Service

    36205: HTTP: Squid Proxy Digest Authentication Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Squid Proxy.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 109382
        - Common Vulnerabilities and Exposures: CVE-2019-12525
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36207: RPC: Advantech WebAccess SCADA BwPAlarm IOCTL 70603 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3975 CVSS 7.5
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: RPC Services
      - Platform: Multi-Platform Server Application or Service

    36241: HTTP: Pulse Secure Guacamole URI Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a information disclosure vulnerability in Pulse Secure Pulse Connect Secure.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 108073
        - Common Vulnerabilities and Exposures: CVE-2019-11510 CVSS 7.5
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    36245: HTTP: Adobe Flash Player Audio Codec Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-4432
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    36246: HTTP: Google Android libstagefright Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Google Android libstagefright.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-1538
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Other Client Application

    36248: HTTP: Google Android libstagefright Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Google Android libstagefright.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-1538
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Other Client Application

    36249: ZDI-CAN-9050: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36251: ZDI-CAN-9051: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36252: ZDI-CAN-9052: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36253: ZDI-CAN-9057: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36254: ZDI-CAN-9058,9059: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36255: ZDI-CAN-9060,9068: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36256: ZDI-CAN-9062: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36259: HTTP: Microsoft Windows Win32k tiff Processing Elevation of Privilege Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an elevation of privilege vulnerability in Microsoft Windows Win32k.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1364
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36260: HTTP: WordPress XML-RPC glibc Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in WordPress.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 72325
        - Common Vulnerabilities and Exposures: CVE-2015-0235 CVSS 10.0
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    36267: TCP: Redis SLAVEOF Command Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Critical
      - Description: This filter detects usage of a deprecated SLAVEOF command in Redis.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: TCP (Generic)
      - Platform: UNIX/Linux Server Application or Service

    36268: UDP: Novell ZENworks Configuration Management Preboot Policy Service Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Novell ZENworks Configuration Management.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-0786
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: UDP (Generic)
      - Platform: Multi-Platform Server Application or Service

    36270: HTTP: Pulse Secure Pulse Connect Secure Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Pulse Secure Pulse Connect Secure.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 108073
        - Common Vulnerabilities and Exposures: CVE-2019-11507
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Other Server Application or Service

    36274: ZDI-CAN-8458: Zero Day Initiative Vulnerability (D-Link DCS-960L)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting D-Link DCS-960L.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36276: ZDI-CAN-9400: Zero Day Initiative Vulnerability (Foxit PhantomPDF)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit PhantomPDF.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36277: ZDI-CAN-9378: Zero Day Initiative Vulnerability (Foxit PhantomPDF)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit PhantomPDF.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36278: ZDI-CAN-9374: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36279: ZDI-CAN-9373: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36283: SMTP: Exim Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Exim.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-16928
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: SMTP
      - Platform: Other Server Application or Service

    36319: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1366
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36320: HTTP: Microsoft Edge JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge JIT.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1308
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36321: HTTP: Microsoft Internet Explorer JScript Engine Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1239
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36322: HTTP: Microsoft Internet Explorer MSXML Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1060
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36323: HTTP: Microsoft Internet Explorer VBScript Libraries Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1238
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

    36324: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1307
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    5119: HTTP: Cross Site Scripting (HTML in HTTP Headers)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    5305: HTTP: Obfuscated Script (Eight Bit Encoding)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    16587: HTTP: ManageEngine Desktop Central MSP FileUploadServlet File Upload Vulnerability (ZDI-15-180)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    * 19902: TCP: HP LoadRunner launcher.dll Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 19954: UDP: Novell ZENworks Configuration Management Preboot Policy Service Buffer Overflow (ZDI-15-153)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    20736: HTTP: Advantech WebAccess Dashboard uploadImageCommon File Upload Vulnerability (ZDI-16-128)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23810: Tunnel: SoftEther VPN Connection Attempt
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    31072: HTTP: Microsoft Windows TrueType Font Memory Corruption Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33566: HTTP: HPE Intelligent Management Center tvxlanLegend Expression Language Injection (ZDI-19-262)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33572: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-240) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33851: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-302)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33857: HTTP: HPE Intelligent Management Center wmiConfigContent Code Execution Vulnerability (ZDI-19-337)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33976: RPC: Advantech WebAccess Node bwdraw Out-Of-Bounds Write Vulnerability (ZDI-19-584)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33976: ZDI-CAN-7438: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34087: HTTP: Advantech WebAccess HMI Designer MCR Out-Of-Bounds Write Vulnerability (ZDI-19-691)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34087: ZDI-CAN-7805: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34839: HTTP: Adobe Flash Player MovieClip lineStyle Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    34840: HTTP: Adobe Flash Player MovieClip lineStyle Use-After-Free Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    35314: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Read Vulnerability (ZDI-19-721)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35314: ZDI-CAN-8254: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35327: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Read Vulnerability (ZDI-19-722)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35327: ZDI-CAN-8282: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35689: HTTP: Microsoft Windows user32 Cursor Parsing Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35689: ZDI-CAN-8746: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    33842: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-297)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    33863: HTTP: HPE Intelligent Management Center perfSelectTask Language Injection Vulnerability (ZDI-19-335)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.

    35521: HTTP: Adobe ColdFusion CFFILE Upload Action Unrestricted File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    35631: HTTP: Google Android libstagefright MP4 tx3g Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    35634: HTTP: Google Android libstagefright MP4 tx3g Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Vulnerabilities" to "Exploits".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Vulnerability references updated.

    * 35832: HTTP: Microsoft Edge JIT Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35832: HTTP: Microsoft Edge JIT Type Confusion Vulnerability".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
  


Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000149488
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.