Summary
Digital Vaccine #9441 August 25, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9441.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9441.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 3
Modified Filters (logic changes) - 17
Modified Filters (metadata changes only) - 12
Removed Filters - 2
Filters
----------------
New Filters:
26204: HTTP: Microsoft Windows PFB Font File Buffer Overflow Vulnerability (ZDI-20-998) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-1520 - Zero Day Initiative: ZDI-20-998 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Windows Client Application - Release Date: August 25, 2020 38050: HTTP: ZTE web_shell_cmd.gch Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of the web_shell_cmd.gch script. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2014-2321 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: August 25, 2020 38053: HTTP: Microsoft Windows File Validation Spoofing Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: High - Description: This filter detects an attempt to exploit a spoofing vulnerability in Microsoft Windows. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-1464 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Client Application - Release Date: August 25, 2020 Modified Filters (logic changes): * = Enabled in Default deployments 26517: HTTP: Microsoft Windows QuickTime Video Parsing Use-After-Free Vulnerability (ZDI-20-1004) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "26517: ZDI-CAN-10937: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 19, 2020 - Last Modified Date: August 25, 2020 * 29068: HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 11, 2017 - Last Modified Date: August 25, 2020 * 33293: HTTP: Microsoft Windows gd132full PlayEnhMetaFile Out-Of-Bounds Read Vulnerability (ZDI-18-1404) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: October 23, 2018 - Last Modified Date: August 25, 2020 37106: HTTP: CentOS Web Panel ajax_crons line Command Injection Vulnerability (ZDI-20-745) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37108: HTTP: CentOS Web Panel ajax_crons user Command Injection Vulnerability (ZDI-20-746) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37108: ZDI-CAN-9716: Zero Day Initiative Vulnerability (CentOS Web Panel)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37109: HTTP: CentOS Web Panel ajax_list_accounts username SQL Injection Vulnerability (ZDI-20-765) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37109: ZDI-CAN-9717: Zero Day Initiative Vulnerability (CentOS Web Panel)". - Category changed from "Exploits" to "Vulnerabilities". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37110: HTTP: CentOS Web Panel ajax_php_pecl cha Command Injection Vulnerability (ZDI-20-761) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37110: ZDI-CAN-9718: Zero Day Initiative Vulnerability (CentOS Web Panel)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37111: HTTP: CentOS Web Panel ajax_dashboard service_start Command Injection Vulnerability (ZDI-20-752) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37111: ZDI-CAN-9719: Zero Day Initiative Vulnerability (CentOS Web Panel)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37112: HTTP: CentOS Web Panel ajax_admin_apis Command Injection Vulnerability (ZDI-20-753) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37112: ZDI-CAN-9720: Zero Day Initiative Vulnerability (CentOS Web Panel)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37114: HTTP: CentOS Web Panel ajax_list_accounts type SQL Injection Vulnerability (ZDI-20-766) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37114: ZDI-CAN-9723: Zero Day Initiative Vulnerability (CentOS Web Panel)". - Category changed from "Exploits" to "Vulnerabilities". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: February 18, 2020 - Last Modified Date: August 25, 2020 37256: HTTP: IBM Informix bts_tracefile Directory Traversal Vulnerability (ZDI-20-925) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37256: ZDI-CAN-10332: Zero Day Initiative Vulnerability (IBM Informix)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: August 25, 2020 37407: HTTP: Veeam ONE Reporter_ImportLicense/SSRSReport External Entity Injection (ZDI-20-821,822) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37407: ZDI-CAN-10709,ZDI-CAN-10710: Zero Day Initiative Vulnerability (VEEM One Agent)". - Category changed from "Exploits" to "Vulnerabilities". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 26, 2020 - Last Modified Date: August 25, 2020 37572: HTTP: Phoenix Contact Automationworx PLCOpen XML Buffer Overflow Vulnerability (ZDI-20-825) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37572: ZDI-CAN-10147: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)". - Category changed from "Exploits" to "Vulnerabilities". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: August 25, 2020 37583: HTTP: Advantech iView NetworkServlet SQL Injection Vulnerability (ZDI-20-828) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37583: ZDI-CAN-10635: Zero Day Initiative Vulnerability (Advantech iView)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 14, 2020 - Last Modified Date: August 25, 2020 37739: HTTP: Microsoft Windows MP4 File Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-1002) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37739: ZDI-CAN-11006: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: May 12, 2020 - Last Modified Date: August 25, 2020 37785: HTTP: Microsoft Chakra Inline Cache Out-Of-Bounds Read Vulnerability (ZDI-20-1001) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37785: ZDI-CAN-10925: Zero Day Initiative Vulnerability (Microsoft Chakra)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 23, 2020 - Last Modified Date: August 25, 2020 38044: TCP: Oracle WebLogic Server Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: August 18, 2020 - Last Modified Date: August 25, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 6924: DNS: NXDOMAIN Response - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: March 30, 2009 - Last Modified Date: August 25, 2020 13054: HTTP: Microsoft .NET Framework XML Spoofed Digital Signature - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: July 30, 2013 - Last Modified Date: August 25, 2020 13296: HTTP: Oracle Java SE XML Spoofed Digital Signature - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: November 06, 2013 - Last Modified Date: August 25, 2020 19619: HTTP: Apple OS X Cross-Site Scripting Sandbox Bypass Vulnerability (Pwn2Own ZDI-15-258) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: March 21, 2015 - Last Modified Date: August 25, 2020 25436: HTTP: Symantec Web Gateway Command Injection Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: November 01, 2016 - Last Modified Date: August 25, 2020 * 25437: HTTPS: Symantec Web Gateway Command Injection Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: November 01, 2016 - Last Modified Date: August 25, 2020 * 29905: HTTP: Huawei App Market Safelist Bypass Privilege Escalation Vulnerability (Pwn2Own ZDI-18-879) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "29905: HTTP: Huawei App Market Whitelist Bypass Privilege Escalation Vulnerability (Pwn2Own ZDI-18-879)". - Description updated. - Release Date: November 07, 2017 - Last Modified Date: August 25, 2020 31368: SMTP: SpamAssassin Spam Test String Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: May 22, 2018 - Last Modified Date: August 25, 2020 * 32705: HTTP: phpMyAdmin Local File Inclusion Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: July 24, 2018 - Last Modified Date: August 25, 2020 34136: HTTP: Suspicious Scriptlet File Transfer - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: August 30, 2016 - Last Modified Date: August 25, 2020 35343: HTTP: Adobe Acrobat Pro DC addFeed Out-of-Bounds Read Vulnerability (ZDI-20-985,986,987,988,989) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35343: HTTP: Adobe Acrobat Pro DC addFeed Out-of-Bounds Read Vulnerability (ZDI-20-985)". - Description updated. - Vulnerability references updated. - Release Date: June 23, 2020 - Last Modified Date: August 25, 2020 39139: HTTP: Ruby on Rails Web Console Safelist Bypass Vulnerability - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "39139: HTTP: Ruby on Rails Web Console Whitelist Bypass Vulnerability". - Description updated. - Release Date: September 20, 2016 - Last Modified Date: August 25, 2020 Removed Filters: 2057: Backdoor: Master of Paradise - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Release Date: December 31, 2005 - Last Modified Date: August 26, 2014 17150: TCP: Wipall Malware Download Attempt - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Release Date: December 16, 2014 - Last Modified Date: October 04, 2016Top of the Page