Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9437

    • Updated:
    • 5 Aug 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9437      August 4, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9437.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9437.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 4
 Modified Filters (logic changes) - 15
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
 New Filters:
    37917: HTTP: Apache OFBiz stream contentId Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Apache OFBiz.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-1943 CVSS 4.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 04, 2020

    37918: HTTP: Cisco Adaptive Security Appliance / Firepower Threat Defense Path Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a path traversal vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3452
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 04, 2020

    37924: HTTP: Google Chrome ClipboardHost Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6462
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: August 04, 2020

    37925: HTTP: Zeroshell Kerbynet Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Zeroshell.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2009-0545, CVE-2019-12725
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 04, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    36941: HTTP: NEC ESMPRO Manager GetEuaLogDownloadAction Directory Traversal Vulnerability (ZDI-20-736)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36941: ZDI-CAN-9607: Zero Day Initiative Vulnerability (NEC ESMPRO)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 04, 2020
      - Last Modified Date: August 04, 2020

    37107: HTTP: CentOS Web Panel ajax_php_pecl phpversion Command Injection Vulnerability (ZDI-20-750)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37107: ZDI-CAN-9715: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: August 04, 2020

    37145: HTTP: CentOS Web Panel ajax_mail_autoreply user SQL Injection Vulnerability (ZDI-20-775)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37145: ZDI-CAN-9710: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: August 04, 2020

    37147: HTTP: CentOS Web Panel ajax_mail_autoreply search SQL Injection Vulnerability (ZDI-20-769)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37147: ZDI-CAN-9712: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: August 04, 2020

    37199: HTTP: CentOS Web Panel loader_ajax line Command Injection Vulnerability (ZDI-20-737)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37199: ZDI-CAN-9259: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: August 04, 2020

    37430: HTTP: Advantech iView UpdateTable insertUpdateItem SQL Injection Vulnerability (ZDI-20-855)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37430: ZDI-CAN-10671: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: August 04, 2020

    37432: HTTP: Advantech iView DeviceTreeTable updateSegmentInfo SQL Injection Vulnerability (ZDI-20-852)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37432: ZDI-CAN-10668: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: August 04, 2020

    37434: HTTP: Advantech iView ZTPConfigTable findConfiguration SQL Injection Vulnerability (ZDI-20-851)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37434: ZDI-CAN-10661: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: August 04, 2020

    37435: HTTP: Advantech iView TaskMgrTable getExportData SQL Injection Vulnerability (ZDI-20-849)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37435: ZDI-CAN-10659: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: August 04, 2020

    37436: HTTP: Advantech iView NetworkServlet Directory Traversal Vulnerability (ZDI-20-841)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37436: ZDI-CAN-10623: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: August 04, 2020

    37469: HTTP: Advantech iView User checkForDuplicateUserName SQL Injection Vulnerability (ZDI-20-860)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37469: ZDI-CAN-10700: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: August 04, 2020

    37582: HTTP: Advantech iView NetworkServlet SQL Injection Vulnerability (ZDI-20-832)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37582: ZDI-CAN-10632: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: August 04, 2020

    37596: HTTP: Advantech iView User addUser SQL Injection Vulnerability (ZDI-20-861)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37596: ZDI-CAN-10702: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: August 04, 2020

    37597: HTTP: Advantech iView User setUserAccountInfo SQL Injection Vulnerability (ZDI-20-862)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37597: ZDI-CAN-10703: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: August 04, 2020

    37690: HTTP: Advantech iView ConfigurationTable setConfigurationItem SQL Injection (ZDI-20-843)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37690: ZDI-CAN-10626: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: August 04, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    35156: HTTP: Microsoft JET Database Integer Underflow Vulnerability (ZDI-20-924)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35156: HTTP: Microsoft JET Database Integer Underflow Vulnerability".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: August 04, 2020

  Removed Filters: None
  
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000261040
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.