Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9468

    • Updated:
    • 21 Oct 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9468      October 20, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9468.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9468.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 7
 Modified Filters (logic changes) - 12
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38230: HTTP: Palo Alto GlobalProtect SSLVPN Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Palo Alto Network's GlobalProtect SSLVPN.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1579 CVSS 8.1
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 20, 2020

    38252: HTTP: Apache Tapestry ContextAssetRequestHandler Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Apache Tapestry.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13953
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 20, 2020

    38262: HTTP: Apache Airflow trigger origin Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Apache Airflow.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13944
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 20, 2020

    38269: ZDI-CAN-11752: Zero Day Initiative Vulnerability (Microsoft Office Excel)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Excel.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 20, 2020

    38274: NTP: NTP Null Pointer Dereference Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a null pointer dereference vulnerability in NTP servers.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-8936
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: NTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 20, 2020

    38275: HTTP: StackStorm API CORS Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in StackStorm API.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8590
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 20, 2020

    38278: HTTP: Microsoft SharePoint web.config Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Sharepoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-16952
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: October 20, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    37384: HTTP: Horde Groupware Webmail remote_unsubscribe Code Execution Vulnerability (ZDI-20-1021,1054)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37384: ZDI-CAN-10432-33,37-41,42,44-45,48,58: Zero Day Initiative Vulnerability (Horde Groupware)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 20, 2020

    37437: HTTP: Advantech iView MenuServlet Directory Traversal Vulnerability (ZDI-20-840)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37437: ZDI-CAN-10622: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: October 20, 2020

    37438: HTTP: Advantech iView UserServlet SQL Injection Vulnerability (ZDI-20-839)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37438: ZDI-CAN-10621: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: October 20, 2020

    37480: HTTP: Advantech iView NetworkServlet SQL Injection Vulnerability (ZDI-20-842)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37480: ZDI-CAN-10625: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: October 20, 2020

    37591: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Buffer Overflow Vulnerability (ZDI-20-1109)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37591: ZDI-CAN-10695: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 20, 2020

    37592: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Out-Of-Bounds Write Vulnerability(ZDI-20-1110)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37592: ZDI-CAN-10696: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 20, 2020

    37593: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Buffer Overflow (ZDI-20-1111)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37593: ZDI-CAN-10697: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 20, 2020

    37594: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Buffer Overflow Vulnerability (ZDI-20-1112)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37594: ZDI-CAN-10698: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 20, 2020

    37599: HTTP: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Buffer Overflow (ZDI-20-1113)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37599: ZDI-CAN-10705: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 20, 2020

    37701: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Buffer Overflow (ZDI-20-1187)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37701: ZDI-CAN-10930: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 05, 2020
      - Last Modified Date: October 20, 2020

    37737: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Buffer Overflow (ZDI-20-1190)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37737: ZDI-CAN-10927: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 12, 2020
      - Last Modified Date: October 20, 2020

    37817: HTTP: Microsoft Windows CAB File Parsing Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 07, 2020
      - Last Modified Date: October 20, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: July 05, 2016
      - Last Modified Date: October 20, 2020

  Removed Filters: None
    
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000279052
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.