Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9442

    • Updated:
    • 2 Sep 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9442      September 1, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9442.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9442.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 15
 Modified Filters (logic changes) - 21
 Modified Filters (metadata changes only) - 38
 Removed Filters - 0

Filters
----------------
 New Filters:
    38051: HTTP: Cisco UCS Director saveWindowsNetworkConfig Directory Traversal Vulnerability (ZDI-20-544)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco UCS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3249 CVSS 7.8
        - Zero Day Initiative: ZDI-20-544
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 01, 2020

    38057: HTTP: OCS Inventory NG CommandLine.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in OCS Inventory NG.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-14947
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 01, 2020

    38058: HTTP: Cisco UCS Director saveStaticConfig Directory Traversal Vulnerability (ZDI-20-543)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cisco UCS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-3248 CVSS 10.0
        - Zero Day Initiative: ZDI-20-543
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 01, 2020

    38059: ZDI-CAN-10932: Zero Day Initiative Vulnerability (D-Link DAP-2020)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting D-Link DAP-2020.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38060: ZDI-CAN-11355: Zero Day Initiative Vulnerability (Multiple NETGEAR Routers)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Multiple NETGEAR Routers.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38063: ZDI-CAN-11591: Zero Day Initiative Vulnerability (Oracle WebLogic Server)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Oracle WebLogic Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38064: ZDI-CAN-11602: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38065: ZDI-CAN-11632: Zero Day Initiative Vulnerability (FreeBSD FTPD)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting FreeBSD FTPD.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38066: ZDI-CAN-11635,11685: Zero Day Initiative Vulnerability (Trend Micro Multiple Products)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting multiple Trend Micro products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38067: ZDI-CAN-11653: Zero Day Initiative Vulnerability (Multiple NETGEAR Routers)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Multiple NETGEAR Routers.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38068: ZDI-CAN-11657: Zero Day Initiative Vulnerability (Foxit Reader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38069: ZDI-CAN-11788: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 01, 2020

    38076: HTTP: Large Content-Type Response Header Detection
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects large Content-Type response headers.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-17638
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 01, 2020

    38079: TCP: Oracle WebLogic Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Oracle WebLogic.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-14644
      - Classification: Vulnerability - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 01, 2020

    38080: HTTP: Apache OFBiz XMLRPC Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Apache OFBiz.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-9496 CVSS 9.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 01, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 0117: Stacheldraht: Agent Outbound Spoofability Test (General)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    0585: RPC: Portmap yppasswd Request (tcp)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    0586: RPC: Portmap yppasswd Request (udp)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    * 0911: HTTP: Armada search.cgi Vulnerability
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    4971: DNP3: Cold Restart from Un/Authorized Client
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 03, 2007
      - Last Modified Date: September 01, 2020

    34088: TCP: AgentX++ receive_agentx Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: January 29, 2019
      - Last Modified Date: September 01, 2020

    34674: HTTP: Apple Safari GraphicsContext Use-After-Free Vulnerability (ZDI-19-288)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34674: ZDI-CAN-7865: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 05, 2019
      - Last Modified Date: September 01, 2020

    34786: HTTP: Microsoft Windows PowerShell Script File Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: April 02, 2019
      - Last Modified Date: September 01, 2020

    * 34794: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-333)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34794: ZDI-CAN-8205: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 19, 2019
      - Last Modified Date: September 01, 2020

    * 34824: HTTP: Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Write Vulnerability (ZDI-19-628)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34824: ZDI-CAN-8018: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 02, 2019
      - Last Modified Date: September 01, 2020

    36913: HTTP: IBM Spectrum Protect Plus hfpackage Command Injection Vulnerability (ZDI-20-272)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 21, 2020
      - Last Modified Date: September 01, 2020

    36938: HTTP: Cisco UCS Director saveStaticConfig Directory Traversal Vulnerability (ZDI-20-543)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36938: ZDI-CAN-9596: Zero Day Initiative Vulnerability (Cisco UCS)".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 04, 2020
      - Last Modified Date: September 01, 2020

    36940: HTTP: Cisco UCS Director saveWindowsNetworkConfig Directory Traversal Vulnerability (ZDI-20-544)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36940: ZDI-CAN-9604: Zero Day Initiative Vulnerability (Cisco UCS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 04, 2020
      - Last Modified Date: September 01, 2020

    36992: HTTP: Inductive Automation Ignition WebSocketControlServlet Authentication Bypass (ZDI-20-714)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36992: PWN2OWN ZDI-CAN-10277: Zero Day Initiative Vulnerability (Inductive Automation Ignition)".
      - Severity changed from "Critical" to "Moderate".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 01, 2020

    36993: HTTP: Inductive Automation Ignition ServerMessageHeader Insecure Deserialization (ZDI-20-687)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36993: PWN2OWN ZDI-CAN-10278: Zero Day Initiative Vulnerability (Inductive Automation Ignition)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 01, 2020

    37115: HTTP: CentOS Web Panel ajax_dashboard ai_service Command Injection Vulnerability (ZDI-20-755)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37115: ZDI-CAN-9724: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: September 01, 2020

    37116: HTTP: CentOS Web Panel ajax_dashboard service_stop Command Injection Vulnerability (ZDI-20-756)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37116: ZDI-CAN-9726: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: September 01, 2020

    37117: HTTP: CentOS Web Panel ajax_php_pecl modulo Command Injection Vulnerability (ZDI-20-757)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37117: ZDI-CAN-9728: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: September 01, 2020

    37119: HTTP: CentOS Web Panel ajax_mod_security dominio Command Injection Vulnerability (ZDI-20-740)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37119: ZDI-CAN-9732: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: September 01, 2020

    37120: HTTP: CentOS Web Panel ajax_dashboard service_restart Command Injection Vulnerability (ZDI-20-758)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37120: ZDI-CAN-9734: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 18, 2020
      - Last Modified Date: September 01, 2020

    37656: HTTP: Oracle WebLogic CVE-2020-14625 Insecure Deserialization Vulnerability (ZDI-20-885)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37656: ZDI-CAN-10741: Zero Day Initiative Vulnerability (Oracle WebLogic Server)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: September 01, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 0118: Stacheldraht: Primary Spoof Test Response (General)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "0118: Stacheldraht: Master Spoofability Test Response (General)".
      - Description updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    * 0120: Stacheldraht: Primary-to-Agent Pong (General)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "0120: Stacheldraht: Master-to-Agent Pong (General)".
      - Description updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    2319: POP/IMAP: Sobig-F Virus Propagation
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    * 2448: HTTPS: OpenSSLv2 Malformed Client Key
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020

    * 4505: VERITAS: NetBackup Long Request Buffer Overflow (ZDI-06-049)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: November 20, 2006
      - Last Modified Date: September 01, 2020

    * 4506: VERITAS: NetBackup CONNECT_OPTIONS Buffer Overflow (ZDI-06-050)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: November 20, 2006
      - Last Modified Date: September 01, 2020

    5286: TCP: Performance Manager Command Execution (ZDI-07-020)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5286: BMC: Performance Manager Command Execution (ZDI-07-020)".
      - Description updated.
      - Release Date: April 13, 2007
      - Last Modified Date: September 01, 2020

    8034: SSL: Icon Labs Iconfidant SSL Server Key Length Remote Code Execution Vulnerability (ZDI-11-021)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: January 25, 2011
      - Last Modified Date: September 01, 2020

    8483: TCP: EMC Control Center Remote File Retrieval Vulnerability (ZDI-08-076)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "8483: EMC: EMC Control Center Remote File Retrieval Vulnerability (ZDI-08-076)".
      - Description updated.
      - Release Date: January 28, 2010
      - Last Modified Date: September 01, 2020

    * 9277: TCP: EMC Control Center SST_CTGTRANS Buffer Overflow Vulnerability (ZDI-08-075)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "9277: EMC: EMC Control Center SST_CTGTRANS Buffer Overflow Vulnerability (ZDI-08-075)".
      - Description updated.
      - Release Date: November 19, 2009
      - Last Modified Date: September 01, 2020

    * 11260: TCP: AgentX++ receive_agentx Remote Code Execution Vulnerability
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 10, 2011
      - Last Modified Date: September 01, 2020

    * 11261: TCP: AgentX++ receive_agentx Remote Code Execution Vulnerability
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 10, 2011
      - Last Modified Date: September 01, 2020

    * 11262: TCP: AgentX++ receive_agentx Remote Code Execution Vulnerability
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 10, 2011
      - Last Modified Date: September 01, 2020

    * 11809: TCP: NetBackup Long Request Buffer Overflow (ZDI-06-049)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "11809: VERITAS: NetBackup Long Request Buffer Overflow (ZDI-06-049)".
      - Description updated.
      - Release Date: October 25, 2011
      - Last Modified Date: September 01, 2020

    12587: SMB: Microsoft Print Spooler Service Format String Remote Code Execution
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 16, 2012
      - Last Modified Date: September 01, 2020

    * 12923: RTSP: RealNetworks Helix Server Master Agent Open-PDU Processing Denial-of-Service Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: May 14, 2013
      - Last Modified Date: September 01, 2020

    17095: HTTP: Alcatel-Lucent OmniPCX Enterprise Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "17095: HTTP: Alcatel-Lucent OmniPCX Enterprise masterCGI Code Injection Vulnerability".
      - Description updated.
      - Release Date: March 21, 2015
      - Last Modified Date: September 01, 2020

    19421: HTTP: IBM Lotus Domino SSL2 Client Primary Key Buffer Overflow Vulnerability (ZDI-15-116)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "19421: HTTP: IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Vulnerability (ZDI-15-116)".
      - Description updated.
      - Release Date: February 10, 2015
      - Last Modified Date: September 01, 2020

    19624: HTTP: Graphite Project renderLocalView Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: March 31, 2015
      - Last Modified Date: September 01, 2020

    21319: HTTP: VideoCharge Watermark Master Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: October 27, 2015
      - Last Modified Date: September 01, 2020

    25752: HTTP: Bassmaster Batch Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: November 22, 2016
      - Last Modified Date: September 01, 2020

    26396: HTTP: PHPMailer / SwiftMailer / Zend-mail Logfile Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: January 03, 2017
      - Last Modified Date: September 01, 2020

    27128: HTTP: Billion 5200W-T adv_remotelog.asp Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: February 21, 2017
      - Last Modified Date: September 01, 2020

    27129: HTTP: Billion 5200W-T tools_time.asp Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: February 21, 2017
      - Last Modified Date: September 01, 2020

    27131: HTTP: TrueOnline/ZyXEL P660HN-T v1 Router Unauthenticated Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: February 21, 2017
      - Last Modified Date: September 01, 2020

    27132: HTTP: TrueOnline/ZyXEL P660HN-T v2 Router Authenticated Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: February 21, 2017
      - Last Modified Date: September 01, 2020

    27372: HTTP: PHPMailer / SwiftMailer / Zend-mail Logfile Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: March 14, 2017
      - Last Modified Date: September 01, 2020

    28627: HTTP: Microsoft Windows NTFS $MFT Denial-of-Service Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 20, 2017
      - Last Modified Date: September 01, 2020

    29992: TCP: NodeJS Debugger Usage Attempt
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: January 16, 2018
      - Last Modified Date: September 01, 2020

    * 30091: TCP: Quest One Identity Privilege Manager for Unix pmmasterd Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: January 16, 2018
      - Last Modified Date: September 01, 2020

    30540: UDP: Memcached Protocol Command Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: March 06, 2018
      - Last Modified Date: September 01, 2020

    30541: TCP: Memcached Protocol Command Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: March 06, 2018
      - Last Modified Date: September 01, 2020

    * 30543: BGP: Quagga BGP Daemon Notify Attribute Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: March 13, 2018
      - Last Modified Date: September 01, 2020

    31745: BGP: Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: May 22, 2018
      - Last Modified Date: September 01, 2020

    31748: BGP: Quagga BGP Daemon bgp_update_receive Double Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: May 22, 2018
      - Last Modified Date: September 01, 2020

    31852: TLS: OpenSSL ChangeCipherSpec Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 12, 2018
      - Last Modified Date: September 01, 2020

    34783: SMB: Microsoft Windows PowerShell Script File Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: April 02, 2019
      - Last Modified Date: September 01, 2020

    34784: HTTP: Microsoft Windows PowerShell Script File Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: April 02, 2019
      - Last Modified Date: September 01, 2020

  Removed Filters: None  
  
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000267265
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.