Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9474

    • Updated:
    • 11 Nov 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9474      November 10, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before November 10, 2020. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-1325 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1599 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16970 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16979 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16981 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16982 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16983 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16984 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16985 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16986 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16987 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16988 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16989 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16990 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16991 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16992 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16993 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16994 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16997 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16998 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-16999 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17000 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17001 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17004 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17005 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17006 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17007 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17010 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17011 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17012 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17013 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17014 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17015 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17016 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17017 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17018 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17019 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17020 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17021 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17024 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17025 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17026 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17027 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17028 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17029 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17030 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17031 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17032 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17033 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17034 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17035 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17036 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17037 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17038 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17040 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17041 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17042 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17043 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17044 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17045 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17046 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1704738454 
CVE-2020-17048 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17049 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1705138441 
CVE-2020-1705238413 
CVE-2020-1705338412 
CVE-2020-17054 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17055 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1705638439 
CVE-2020-17057 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17058 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17060 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1706138443 
CVE-2020-17062 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17063 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17064 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17065 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17066 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17067 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17068 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17069 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17070 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17071 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17073 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17074 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17075 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17076 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17077 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17078 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17079 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17081 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17082 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17083 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17084 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17085 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17086 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-1708738411 
CVE-2020-17088 Local Exploitation Required
CVE-2020-17090 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17091 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17100 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17101 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17102 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17104 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17105 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17106 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17107 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17108 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17109 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17110 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2020-17113 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9474.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9474.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 31
 Modified Filters (logic changes) - 4
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38401: HTTP: Nikto Random URI Encoding HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects a random URI encoded HTTP request issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38402: HTTP: Nikto Directory Self-Reference HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects a directory self-referenced HTTP request issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38403: HTTP: Nikto Premature URL Ending HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an HTTP request with a premature URL ending issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38404: HTTP: Nikto Prepended Long String HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects a directory self-referenced HTTP request issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38411: HTTP: Microsoft Windows Kernel cng.sys Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17087
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: November 10, 2020

    38412: HTTP: Microsoft Internet Explorer Worker Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17053
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: November 10, 2020

    38413: HTTP: Microsoft Internet Explorer Array Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stack overflow vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17052
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: November 10, 2020

    38414: HTTP: Nagios XI mibs.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-5791 CVSS 5.9
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 10, 2020

    38415: HTTP: Nitro Pro PDF Indexed ColorSpace Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Nitro Pro PDF.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6116
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: November 10, 2020

    38416: HTTP: Ruckus IoT Controller Web UI Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Ruckus IoT Controller Web UI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-26879
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: November 10, 2020

    38419: HTTP: Nikto Fake Parameter HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an HTTP request with a fake parameter issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38420: HTTP: Nikto Tab Spacer HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects a tab spaced HTTP request issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38421: HTTP: Nikto Case Changed HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects a case changed HTTP request issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38422: HTTP: Nikto Windows Directory Separator HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an HTTP request with a Windows directory separator issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38423: HTTP: Nikto Carriage Return Request Spaced HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an HTTP request with a carriage return request spacer issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38424: HTTP: Nikto Binary Value Request Spaced HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an HTTP request with a binary value request spacer issued by the Nikto tool.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Reconnaissance / Suspicious Access - Suspicious Application Access
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38425: HTTP: Zoho ManageEngine ServiceDesk SearchN.do Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Zoho ManageEngine ServiceDesk.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-12542
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 10, 2020

    38426: HTTP: Zoho ManageEngine ServiceDesk SiteLookup.do Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Zoho ManageEngine ServiceDesk.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-12538
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 10, 2020

    38427: HTTP: Zoho ManageEngine ServiceDesk PurchaseRequest.do Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Zoho ManageEngine ServiceDesk.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-12543
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 10, 2020

    38428: HTTP: Zoho ManageEngine ServiceDesk SearchN.do Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Zoho ManageEngine ServiceDesk.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-12189
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 10, 2020

    38437: HTTP: Adobe Acrobat Pro DC JavaScript submitForm URL Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-24435
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38438: HTTP: Spring Security OAuth Open Redirection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an open redirection vulnerability in Sprint Security OAuth.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-3778
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 10, 2020

    38439: NFS: Microsoft Windows NFSv3 Server Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows NFSv3 Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17056
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: NFS
      - Platform: Windows Server Application or Service
      - Release Date: November 10, 2020

    38441: NFS: Microsoft Windows Network File System Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows Network File System.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17051
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: NFS
      - Platform: Windows Client Application
      - Release Date: November 10, 2020

    38443: HTTP: Microsoft SharePoint Unsafe Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an unsafe deserialization vulnerability in Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17061
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 10, 2020

    38444: HTTP: Adobe Acrobat Pro DC FDF Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-24430
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38453: PWN2OWN ZDI-CAN-12060: Zero Day Initiative Vulnerability (Sony X800H Smart TV)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Sony X800H Smart TV.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 10, 2020

    38454: NFS: Microsoft Windows Network File System RPCSEC_GSS Handling Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17047
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: NFS
      - Platform: Windows Server Application or Service
      - Release Date: November 10, 2020

    38455: PWN2OWN ZDI-CAN-12216: Zero Day Initiative Vulnerability (Netgear Nighthawk R7800)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Netgear Nighthawk R7800.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 10, 2020

    38456: HTTP: Google Chrome JavaScript Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-13764
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: November 10, 2020

    38457: PWN2OWN ZDI-CAN-12057: Zero Day Initiative Vulnerability (Samsung Q60T TV Internet Browser)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Samsung Q60T TV Internet Browser.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 10, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 3643: HTTP: Nikto HTTP Request (ATT&CK T1592, T1595.002)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "3643: HTTP: Nikto HTTP Request".
      - Description updated.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: November 10, 2020

    33496: HTTP: TIScript Sciter.launch Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33496: ZDI-CAN-7250: Zero Day Initiative Vulnerability (Bitdefender SafePay)".
      - Category changed from "Vulnerabilities" to "Security Policy".
      - Severity changed from "Critical" to "Moderate".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 13, 2018
      - Last Modified Date: November 10, 2020

    33520: HTTP: CCTV-DVR Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: November 20, 2018
      - Last Modified Date: November 10, 2020

    37867: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability(ZDI-20-1275)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37867: ZDI-CAN-11305: Zero Day Initiative Vulnerability (Oracle WebLogic Server)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: November 10, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    34780: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability(ZDI-20-1273)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34780: ZDI-CAN-10968: Zero Day Initiative Vulnerability (Oracle WebLogic Server)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: November 10, 2020

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000281940
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.