Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9446

    • Updated:
    • 9 Sep 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9446      September 8, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before September 8, 2020. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-0648 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-066438094 
CVE-2020-0718 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0761 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0766 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0782 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0790 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0805 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0836 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0837 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0838 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0839 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-085638106 
CVE-2020-0870 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0873 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0875 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0878 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0886 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0890 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0904 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0908*37043 
CVE-2020-0911 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0912 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0914 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0921 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0922 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0928 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0941 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0951 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0989 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-0997*37798 
CVE-2020-0998 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1012 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1013 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1030 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1031 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1033 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1034 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1038 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1039*35158 
CVE-2020-1044 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1045 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1052 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1053 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1057 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1074*35440 
CVE-2020-1083 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1091 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1097 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1098 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1115 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1119 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1122 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1129*37796 
CVE-2020-1130 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1133 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1146 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1152 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1159 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1169 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1172 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1180 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1193 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1198 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1200 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1205 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1210 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1218 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1224 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1227 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1228 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1245 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1250 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1252 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1256 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1285 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1303 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1308 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1319 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1332 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1335 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1338 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1345 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1376 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1440 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1452 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1453 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1460 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1471 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1482 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1491 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1506 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1507 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1508 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1514 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1523 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1532 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1559 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1575 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1576 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1589 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1590 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1592 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1593 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1594 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1595 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1596 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1598 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16851 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16852 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16854 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16855 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16856*37795 
CVE-2020-16857 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16858 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16859 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16860 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16861 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16862 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16864 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16871 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16872 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16873 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16874*37047, *37055, *37793 
CVE-2020-16875 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16878 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16879 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16881 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16884 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9446.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9446.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 6
 Modified Filters (logic changes) - 20
 Modified Filters (metadata changes only) - 14
 Removed Filters - 1

Filters
----------------
 New Filters:
    38082: HTTP: Artica Proxy cyrus.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Artica Proxy.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17505
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: September 08, 2020

    38083: HTTP: Microsoft .NET Framework Code Execution Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft .NET frameworks.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-0646 CVSS 10.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: September 08, 2020

    38094: LDAP: Microsoft Windows Active Directory Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows Active Directory.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-0664
      - Classification: Vulnerability - Other
      - Protocol: LDAP
      - Platform: Windows Server Application or Service
      - Release Date: September 08, 2020

    38098: TCP: Oracle Database Server XML External Entity Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a XML external entity injection vulnerability in Oracle Database Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2014-6577
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: Oracle (sqlnet, etc.)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 08, 2020

    38099: HTTP: Spring Framework ContentDisposition.Builder Code Execution Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Pivotal Spring Framework.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-5398
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: September 08, 2020

    38106: LDAP: Microsoft Windows Active Directory addRequest Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows Active Directory.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-0856
      - Classification: Vulnerability - Other
      - Protocol: LDAP
      - Platform: Windows Server Application or Service
      - Release Date: September 08, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 12315: HTTP: Interactive Data eSignal Stack Buffer Overflow Vulnerability 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: May 15, 2012
      - Last Modified Date: September 08, 2020

    * 12448: HTTP: HP OpenView Performance Agent Buffer Overflow Vulnerability (ZDI-12-114, ZDI-12-115)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 17, 2012
      - Last Modified Date: September 08, 2020

    13027: HTTP: Cross-Site Scripting (Onload Tag Attribute)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: July 09, 2013
      - Last Modified Date: September 08, 2020

    13069: HTTP: Opera SVG Clippath Use-After-Free Vulnerability 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: July 30, 2013
      - Last Modified Date: September 08, 2020

    13998: HTTP: RealNetworks RealPlayer RMP Location Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: June 03, 2014
      - Last Modified Date: September 08, 2020

    16541: HTTP: D-Link HNAP Request Buffer Overflow Vulnerability
      - IPS Version: 3.6.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 04, 2014
      - Last Modified Date: September 08, 2020

    17129: RADIUS: Internet Authentication Service Denial-of-Service Vulnerability
      - IPS Version: 3.1.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: January 13, 2015
      - Last Modified Date: September 08, 2020

    34950: HTTP: PHP Diescan Detection
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: April 16, 2019
      - Last Modified Date: September 08, 2020

    35809: HTTP: Microsoft Internet Explorer and Edge Classid Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 06, 2019
      - Last Modified Date: September 08, 2020

    35819: TCP: Adobe Photoshop Collada File Format Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 06, 2019
      - Last Modified Date: September 08, 2020

    35820: TCP: Adobe Photoshop Collada File Format Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 06, 2019
      - Last Modified Date: September 08, 2020

    35924: HTTP: Interactive Data eSignal Stack Buffer Overflow Vulnerability (Upload)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: August 13, 2019
      - Last Modified Date: September 08, 2020

    36181: HTTP: Cisco Data Center Network Manager getJobList SQL Injection Vulnerability (ZDI-20-058)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36181: ZDI-CAN-9124: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 01, 2019
      - Last Modified Date: September 08, 2020

    36182: HTTP: Cisco Data Center Network Manager getBackupStatusCount SQL Injection Vulnerability(ZDI-20-046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36182: ZDI-CAN-9125: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 01, 2019
      - Last Modified Date: September 08, 2020

    36902: RPC: Advantech WebAccess/SCADA DATACORE IOCTL 0x0000791e Directory Traversal (ZDI-20-589,ZDI-20-591)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36902: ZDI-CAN-9995,9996: Zero Day Initiative Vulnerability (Advantech WebAccess/SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 21, 2020
      - Last Modified Date: September 08, 2020

    36991: HTTP: Inductive Automation Ignition getDiffs Code Execution Vulnerability (Pwn2Own ZDI-20-686)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36991: PWN2OWN ZDI-CAN-10276: Zero Day Initiative Vulnerability (Inductive Automation Ignition)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 08, 2020

    37148: HTTP: CentOS Web Panel ajax_mod_security archivo Arbitrary File Write Vulnerability (ZDI-20-770)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37148: ZDI-CAN-9722: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: September 08, 2020

    37151: HTTP: CentOS Web Panel ajax_dashboard term SQL Injection Vulnerability (ZDI-20-773)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37151: ZDI-CAN-9730: Zero Day Initiative Vulnerability (CentOS Web Panel)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2020
      - Last Modified Date: September 08, 2020

    37694: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-944)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37694: ZDI-CAN-10883: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: September 08, 2020

    37697: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-946)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37697: ZDI-CAN-10887: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: September 08, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    9813: DNS: Suspicious Localhost DNS Reply
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: June 03, 2010
      - Last Modified Date: September 08, 2020

    11279: HTTP: Novell File Reporter Engine RECORD Tag Buffer Overflow (ZDI-11-227)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: July 06, 2011
      - Last Modified Date: September 08, 2020

    12360: SMB: Console.lua File Access via SMB 
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: May 22, 2012
      - Last Modified Date: September 08, 2020

    12502: HTTP: HP SiteScope Unauthenticated Credential Overwrite (ZDI-12-178)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: August 28, 2012
      - Last Modified Date: September 08, 2020

    * 19645: HTTP: Elasticsearch Groovy Script Sandbox Security Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: May 05, 2015
      - Last Modified Date: September 08, 2020

    20928: HTTPS: Phispon Connection Establishment
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: October 27, 2015
      - Last Modified Date: September 08, 2020

    23856: HTTP: Apache Struts Suspicious Parameter xslt.location Usage
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: May 17, 2016
      - Last Modified Date: September 08, 2020

    * 24084: HTTP: Adobe Reader Sandbox Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: April 05, 2016
      - Last Modified Date: September 08, 2020

    25751: HTTP: GetSimple CMS PHP File Upload Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: November 22, 2016
      - Last Modified Date: September 08, 2020

    27317: HTTP: Trend Micro InterScan Messaging Security Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: March 14, 2017
      - Last Modified Date: September 08, 2020

    29358: HTTP: Adobe Reader Blocklist Security Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "29358: HTTP: Adobe Reader Blacklist Security Bypass Vulnerability".
      - Release Date: August 15, 2017
      - Last Modified Date: September 08, 2020

    36186: HTTP: Cisco Data Center Network Manager searchId SQL Injection Vulnerability (ZDI-20-055)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "36186: HTTP: Cisco Data Center Network Manager SQL Injection Vulnerability (ZDI-20-055)".
      - Description updated.
      - Release Date: October 01, 2019
      - Last Modified Date: September 08, 2020

    36992: HTTP: Inductive Automation Ignition WebSocketControlServlet Authentication Bypass (ZDI-20-714)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Vulnerabilities" to "Security Policy".
      - Description updated.
      - Release Date: January 28, 2020
      - Last Modified Date: September 08, 2020

    38100: HTTP: WordPress File Manager File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: September 03, 2020
      - Last Modified Date: September 08, 2020

  Removed Filters:

    2319: POP/IMAP: Sobig-F Virus Propagation
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Release Date: December 31, 2005
      - Last Modified Date: September 01, 2020  
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000268896
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.