Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9384

    • Updated:
    • 12 Feb 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9384      February 11, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before February 11, 2020.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-0618 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0655 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0657 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0658 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0659 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0660 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0661 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0662 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0663 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0665 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0666 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0667 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0668 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0669 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0670 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0671 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0672 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0673 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-067436973 
CVE-2020-0675 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0676 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0677 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0678 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0679 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0680 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-068137093 
CVE-2020-0682 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0683 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0685 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0686 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0688 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0689 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0691 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-069237063 
CVE-2020-0693 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0694 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0695 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0696 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0697 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0698 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0701 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0702 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0703 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0704 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0705 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0706 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0707 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0708 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0709 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0710 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0711 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0712 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0713 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0714 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0715 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0716 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0717 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0719 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0720 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0721 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0722 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0723 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0724 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0725 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0726 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0727 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0728 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0729 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0730 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0731 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0732 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0733 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0734 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0735 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0736 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0737 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0738 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0739 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0740 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0741 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0742 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0743 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0744 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0745 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0746 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0747 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0748 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0749 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0750 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0751 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0752 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0753 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0754 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0755 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0756 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0759 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0767 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0792 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before February 11, 2020.
The following table maps TippingPoint filters to the Adobe CVEs.
BulletinCVEFilter
APSB20-05CVE-2020-374137078
APSB20-05CVE-2020-374237079
APSB20-05CVE-2020-374337080
APSB20-05CVE-2020-374437081
APSB20-05CVE-2020-374537082
APSB20-05CVE-2020-374637083
APSB20-05CVE-2020-374737084
APSB20-05CVE-2020-374836943
APSB20-05CVE-2020-374937086
APSB20-05CVE-2020-375037087
APSB20-05CVE-2020-375137088
APSB20-05CVE-2020-375237089
APSB20-05CVE-2020-375437090
APSB20-05CVE-2020-375537091
APSB20-06CVE-2020-375737092
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9384.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9384.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 36
 Modified Filters (logic changes) - 13
 Modified Filters (metadata changes only) - 46
 Removed Filters - 0

Filters
----------------
 New Filters:
    36892: ZDI-CAN-9471: Zero Day Initiative Vulnerability (DLink DIR-882)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting DLink DIR-882.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    36943: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3748
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37019: ZDI-CAN-9997: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37020: MQTT: Cesanta Mongoose parse_mqtt Server Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cesanta Mongoose.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-19307
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service

    37021: MQTT: Cesanta Mongoose parse_mqtt Client Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Cesanta Mongoose.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-19307
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Client Application

    37023: HTTP: Nagios XI nocscreenapi.php Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-20139 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37024: ZDI-CAN-10402: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37025: ZDI-CAN-10378: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37033: HTTP: Cacti Group Cacti graphs.php SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL Injection vulnerability in Cacti.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-17357 CVSS 4.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37034: ZDI-CAN-10376: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37036: ZDI-CAN-10120: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37037: ZDI-CAN-10119: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric V-Server Lite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37049: ZDI-CAN-10073: Zero Day Initiative Vulnerability (Trend Micro Worry-Free Business Security)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Trend Micro Worry-Free Business Security.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37050: ZDI-CAN-10054: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37051: ZDI-CAN-10039: Zero Day Initiative Vulnerability (Microsoft JET Database)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft JET Database.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37063: HTTP: HTTP X-JsonProxySecurityContext Header Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the use of the X-JsonProxySecurityContext HTTP header in an HTTP request.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-0692
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37067: ZDI-CAN-9692: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37068: ZDI-CAN-9693: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37069: ZDI-CAN-9699: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37070: HTTP: ELOG Project ELOG retrieve_url Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in the ELOG Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3993 CVSS 5.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service

    37071: ZDI-CAN-9700: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess/SCADA.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service

    37078: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3741
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37079: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3742
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37080: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3743
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37081: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3744
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37082: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3745
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37083: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3746
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37084: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a out-of-bounds read vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3747
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37086: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3749
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37087: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3750
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37088: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3751
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37089: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3752
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37090: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3754
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37091: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3755
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37092: HTTP: Adobe Flash Player Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Adobe Flash Player.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3757
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application

    37093: RDP: Microsoft Remote Desktop Services serverMultiTransportData Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to use serverMultiTransportData during a remote desktop session.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-0681
      - Classification: Security Policy - Other
      - Protocol: TCP (Generic)
      - Platform: Windows Client Application

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    4560: HTTP: HTTP Request Smuggling
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4560: HTTP: Apache Request Smuggling".
      - Description updated.
      - Detection logic updated.

    * 21913: TCP: Oracle Java Apache Commons Collection Library Command Execution Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    35414: HTTP: Apple Safari FrameDestructionObserver Use-After-Free Vulnerability (ZDI-19-920)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35414: ZDI-CAN-8574: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35822: HTTP: Apple macOS AudioToolbox MP4 Parsing Integer Overflow Vulnerability (ZDI-19-1027)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35822: ZDI-CAN-8806: Zero Day Initiative Vulnerability (Apple macOS)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 36020: HTTP: Adobe Media Encoder CC MP4 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-907)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36020: ZDI-CAN-8804: Zero Day Initiative Vulnerability (Adobe Media Encoder CC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36186: HTTP: Cisco Data Center Network Manager SQL Injection Vulnerability (ZDI-20-055)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36186: ZDI-CAN-9134: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36273: HTTP: Cisco Data Center Network Manager getHostEnclList SQL Injection Vulnerability (ZDI-20-034)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36273: ZDI-CAN-9067,9072: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36519: HTTP: Cisco Data Center Network Manager createSite SQL Injection Vulnerability (ZDI-20-095)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36519: ZDI-CAN-9267: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36585: HTTP: Cisco Data Center Network Manager getSanIslStatJoinList SQL Injection (ZDI-20-072)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36585: ZDI-CAN-9192: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36609: HTTP: Cisco Data Center Network Manager getPortGroupStatList SQL Injection (ZDI-20-078)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36609: ZDI-CAN-9198: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36691: HTTP: Cisco Data Center Network Manager createSite getIp SQL Injection Vulnerability (ZDI-20-094)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36691: ZDI-CAN-9266: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    36876: HTTP: Citrix Application Delivery Controller (ADC) Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 36973: HTTP: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    2349: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2349: MS-RPC: DCOM ISystemActivator Request".

    2350: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2350: MS-RPC: DCOM IRemoteActivation Request".

    2351: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2351: MS-RPC: DCOM IRemoteActivation Request".

    2352: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2352: MS-RPC: DCOM ISystemActivator Request".

    2353: MS-RPC: DCOM ISystemActivator Request (ATT&CK T1175)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2353: MS-RPC: DCOM ISystemActivator Request".

    2354: MS-RPC: DCOM IRemoteActivation Request (ATT&CK T1175)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2354: MS-RPC: DCOM IRemoteActivation Request".

    2460: SMTP: Zip Attachment Containing .scr File (ATT&CK T1180)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2460: SMTP: Zip Attachment Containing .scr File".

    2462: POP/IMAP: Zip Attachment Containing .scr File (ATT&CK T1180)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2462: POP/IMAP: Zip Attachment Containing .scr File".

    2558: HTTP: HTTP CONNECT TCP Tunnel to other than http ports (ATT&CK T1071)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2558: HTTP: HTTP CONNECT TCP Tunnel to other than http ports".

    2559: HTTP: HTTP CONNECT TCP Tunnel (ATT&CK T1071)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2559: HTTP: HTTP CONNECT TCP Tunnel".

    2620: SMTP: Zip Attachment (ATT&CK T1002)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2620: SMTP: Zip Attachment".

    2714: SMTP: Rar Attachment Containing .scr File (ATT&CK T1180)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2714: SMTP: Rar Attachment Containing .scr File".

    2715: POP/IMAP: Rar Attachment Containing .scr File (ATT&CK T1180)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2715: POP/IMAP: Rar Attachment Containing .scr File".

    2796: SMB: Windows Repeated Logon Failure (Possible Brute Force) (ATT&CK T1110)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "2796: SMB: Windows Repeated Logon Failure (Possible Brute Force)".

    3039: HTTP: Suspicious UNC HREF (ATT&CK T1129)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3039: HTTP: Suspicious UNC HREF".

    3040: SMTP: Suspicious UNC HREF (ATT&CK T1129)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3040: SMTP: Suspicious UNC HREF".

    3041: POP/IMAP: Suspicious UNC HREF (ATT&CK T1129)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3041: POP/IMAP: Suspicious UNC HREF".

    3258: HTTP: Possible ASP.Net Authentication Bypass (ATT&CK T1212)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3258: HTTP: Possible ASP.Net Authentication Bypass".

    3314: HTTP: Obfuscated JScript/VBScript Code (ATT&CK T1027)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3314: HTTP: Obfuscated JScript/VBScript Code".

    3436: Tunneling: LogMeIn Remote Control SSL Connection (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3436: Tunneling: LogMeIn Remote Control SSL Connection".

    3573: PPTP: VPN Session Startup (ATT&CK T1133)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3573: PPTP: VPN Session Startup".

    3576: ISAKMP: IPSec VPN Session Startup (TCP) (ATT&CK T1133)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3576: ISAKMP: IPSec VPN Session Startup (TCP)".

    3584: ISAKMP: IPSec VPN Session Startup (UDP) (ATT&CK T1133)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3584: ISAKMP: IPSec VPN Session Startup (UDP)".

    3892: SSL: SSLv2 Negotiation (ATT&CK T1032)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3892: SSL: SSLv2 Negotiation".

    3975: SMTP: UPX Compressed Binary Attachment (ATT&CK T1045)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3975: SMTP: UPX Compressed Binary Attachment".

    4020: VPN: SoftEther VPN Connection Attempt (ATT&CK T1133)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4020: VPN: SoftEther VPN Connection Attempt".

    4079: SMTP: gzip Compressed Attachment (ATT&CK T1002)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4079: SMTP: gzip Compressed Attachment".

    4111: HTTP: UPX Compressed Binary Download (ATT&CK T1045)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4111: HTTP: UPX Compressed Binary Download".

    4151: VPN: SoftEther VPN Connection Attempt (ATT&CK T1133)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4151: VPN: SoftEther VPN Connection Attempt".

    4405: RADMIN: Famtech Remote Administrator (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4405: RADMIN: Famtech Remote Administrator".

    4410: RFB: VNC NULL Authentication Method Request (ATT&CK T1133,T1076,T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4410: RFB: VNC NULL Authentication Method Request".

    4652: HTTP: BBProxy Download (ATT&CK T1090)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4652: HTTP: BBProxy Download".

    4658: VPN: Hamachi VPN Connection (ATT&CK T1133)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4658: VPN: Hamachi VPN Connection".

    4704: ICMP: Ping Tunnel Proxy Reply (ATT&CK T1090)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4704: ICMP: Ping Tunnel Proxy Reply".

    4815: Tunneling: RemotelyAnywhere SSL Connection (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4815: Tunneling: RemotelyAnywhere SSL Connection".

    4816: Tunneling: RemotelyAnywhere SSL Connection (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4816: Tunneling: RemotelyAnywhere SSL Connection".

    4817: Tunneling: RemotelyAnywhere Cleartext Connection (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4817: Tunneling: RemotelyAnywhere Cleartext Connection".

    4818: Tunneling: RemotelyAnywhere Cleartext Connection (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4818: Tunneling: RemotelyAnywhere Cleartext Connection".

    4837: HTTP: GhostSurf Proxy HTTP Access (ATT&CK T1090)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4837: HTTP: GhostSurf Proxy HTTP Access".

    4887: Tunneling: GetByMail SMTP Remote Control (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4887: Tunneling: GetByMail SMTP Remote Control".

    4945: HTTP: JBoss jmx-console Remote Command Execution (ATT&CK T1210)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "4945: HTTP: JBoss jmx-console Remote Command Execution".

    5097: Tunneling: GoToMyPC Software (ATT&CK T1219)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5097: Tunneling: GoToMyPC Software".

    5195: HTTP: PHProxy Online Web Proxy Attempt (ATT&CK T1090)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5195: HTTP: PHProxy Online Web Proxy Attempt".

    5199: HTTP: CGIProxy Online Web Proxy Request (ATT&CK T1090)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5199: HTTP: CGIProxy Online Web Proxy Request".

    9896: IP: IP Protocol 0 (IPv6 hop-by-hop option)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Deployments updated and are now:
        - No Deployments.

    36021: HTTP: Oracle ADF Faces Remote Regions Insecure Deserialization Vulnerability (ZDI-19-1024)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36021: ZDI-CAN-8823: Zero Day Initiative Vulnerability (Oracle ADF Faces)".
      - Description updated.
      - Vulnerability references updated.

  Removed Filters: None
  

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000241962
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.