Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9469

    • Updated:
    • 28 Oct 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9469      October 27, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9469.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9469.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 9
 Modified Filters (logic changes) - 23
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38267: HTTP: JBOSS Seam Framework Nuxeo ACL Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an ACL bypass vulnerability in JBOSS Seam Framework.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 27, 2020

    38281: HTTP: Pandora FMS Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Pandora FMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-11749
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 27, 2020

    38288: HTTP: Atlassian Crowd and Crowd Data Center Arbitrary File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Atlassian Crowd and Crowd Data Center.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-11580
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 27, 2020

    38289: HTTP: ATutor LMS File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to upload a file to ATutor LMS.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-12169
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 27, 2020

    38290: HTTP: Joomla GMapFP File Upload
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to upload a file to Joomla GMapFP.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-23972
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 27, 2020

    38297: HTTP: Atlassian Crowd and Crowd Data Center Plugin File Upload Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of uploadplugin in Atlassian Crowd and Crowd Data Center.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-11580
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 27, 2020

    38298: HTTP: Google Chrome V8 Type Confusion Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6468
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: October 27, 2020

    38299: HTTP: Google Chrome usrsctp Memory Corruption Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6514
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: October 27, 2020

    38302: HTTP: Google Chrome FreeType Library Font File Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the Google Chrome FreeType Library.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-15999
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: October 27, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    30548: TCP: CloudMe Sync Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: March 20, 2018
      - Last Modified Date: October 27, 2020

    * 35638: HTTP: Webmin Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 09, 2019
      - Last Modified Date: October 27, 2020

    36751: HTTP: Advantech WebAccess/NMS SupportDeviceaddAction Arbitrary File Upload (ZDI-20-397)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 03, 2019
      - Last Modified Date: October 27, 2020

    * 37046: HTTP: Microsoft 3D Viewer FBX File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-1246)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37046: ZDI-CAN-11032: Zero Day Initiative Vulnerability (Microsoft 3D Viewer)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 23, 2020
      - Last Modified Date: October 27, 2020

    * 37264: HTTP: Google Chrome JSCreate Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 27, 2020

    37394: HTTP: Horde Groupware Webmail Mnemo display_notepads Deserialization Vulnerability (ZDI-20-1028)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37394: ZDI-CAN-10446-47: Zero Day Initiative Vulnerability (Horde Groupware Webmail Edition)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 27, 2020

    37423: HTTP: Horde Group Webmail sortpref Insecure Deserialization Vulnerability (ZDI-20-1040-46,49-51)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37423: ZDI-CAN-10425-31,34-36: Zero Day Initiative Vulnerability (Horde Groupware Webmail Edition)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: October 27, 2020

    37429: HTTP: Microsoft Windows hevcdecoder_store HEIC Out-Of-Bounds Write Vulnerability (ZDI-20-819)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37429: ZDI-CAN-10765: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 31, 2020
      - Last Modified Date: October 27, 2020

    37470: HTTP: Advantech iView TaskEditDeviceTable SQL Injection Vulnerability (ZDI-20-858)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37470: ZDI-CAN-10672,10673: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: October 27, 2020

    37471: HTTP: Advantech iView ZTPConfigTable findConfiguration SQL Injection Vulnerability (ZDI-20-854,30)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37471: ZDI-CAN-10637,10670: Zero Day Initiative Vulnerability (Advantech iView)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: October 27, 2020

    37473: HTTP: Advantech iView NetworkServlet SQL Injection Vulnerability (ZDI-20-848)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37473: ZDI-CAN-10631: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: October 27, 2020

    37573: HTTP: Marvell QConvergeConsole decryptFile Directory Traversal Vulnerability (ZDI-20-967)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37573: ZDI-CAN-10496: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 27, 2020

    37574: HTTP: Marvell QConvergeConsole getFileUploadBytes Directory Traversal Vulnerability (ZDI-20-969)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37574: ZDI-CAN-10497-99: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 27, 2020

    37575: HTTP: Marvell QConvergeConsole isHPSmartComponent Command Injection Vulnerability (ZDI-20-970)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37575: ZDI-CAN-10501: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Storage)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 14, 2020
      - Last Modified Date: October 27, 2020

    37661: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-941)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37661: ZDI-CAN-10886: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: October 27, 2020

    37662: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-20-940)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37662: ZDI-CAN-10889: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: October 27, 2020

    37792: HTTP: Microsoft 3D Builder GLB File Parsing Buffer Overflow Vulnerability (ZDI-20-1247)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37792: ZDI-CAN-11174: Zero Day Initiative Vulnerability (Microsoft 3D Builder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 30, 2020
      - Last Modified Date: October 27, 2020

    37821: HTTP: Microsoft Windows Camera Codec Pack Image Out-Of-Bounds Write Vulnerability (ZDI-20-1245)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37821: ZDI-CAN-11241: Zero Day Initiative Vulnerability (Microsoft Windows Camera Codec)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 07, 2020
      - Last Modified Date: October 27, 2020

    37950: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-20-1251)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37950: ZDI-CAN-11516: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: October 27, 2020

    37952: HTTP: Microsoft Excel XLS File Parsing Memory Corruption Vulnerability (ZDI-20-1253)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37952: ZDI-CAN-11529: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: October 27, 2020

    38019: HTTP: Microsoft Excel XLS File Parsing Memory Corruption Vulnerability (ZDI-20-1255)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38019: ZDI-CAN-11613: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: October 27, 2020

    38064: HTTP: Microsoft Excel XLS File Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-1256)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38064: ZDI-CAN-11602: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 01, 2020
      - Last Modified Date: October 27, 2020

    38192: HTTP: Microsoft Windows Media Player HEVC Out-Of-Bounds Write Vulnerability (ZDI-20-1257)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38192: ZDI-CAN-11980: Zero Day Initiative Vulnerability (Microsoft Windows Media Player)".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 29, 2020
      - Last Modified Date: October 27, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 5141: HTTP: Sqlmap HTTP Request (T1190)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5141: HTTP: Sqlmap HTTP Request".
      - Description updated.
      - Release Date: February 26, 2007
      - Last Modified Date: October 27, 2020

    37342: HTTP: Microsoft Windows hevcdecoder_store File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-906)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 27, 2020

    38275: HTTP: StackStorm API CORS Security Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: October 20, 2020
      - Last Modified Date: October 27, 2020

  Removed Filters: None
    
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000280061
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.