Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9508

    • Updated:
    • 24 Feb 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9508      February 23, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9508.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9508.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 63
 Modified Filters (logic changes) - 21
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38366: HTTP: Adobe Acrobat Reader DC Annotation getAnnots Usage (ZDI-21-173)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the use of suspicious JavaScript involving the .getAnnots() method in Adobe Acrobat Reader.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21021
        - Zero Day Initiative: ZDI-21-173
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38847: HTTP: Kubernetes API Server loadBalancer Status Patch Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to set the PATCH status of loadBalancer in Kubernetes API server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8554
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38849: HTTP: Joomla CMS mod_breadcrumbs Title Stored Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Joomla CMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-23124 CVSS 4.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38876: HTTP: Twitter TwitterServer HistogramQueryHandler Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Twitter TwitterServer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-35774 CVSS 4.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38883: HTTP: PRTG Network Monitor Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a remote command execution vulnerability in PRTG Network Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-9276
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38884: HTTP: Adobe Acrobat Reader Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21057
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38885: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21058
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38886: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21059
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38887: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21061
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38888: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21062
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38889: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21063
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38890: HTTP: Trend Micro Apex One cgiRqHotfix.exe Usage (ZDI-21-112)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the cgiRqHotfix.exe endpoint in Trend Micro Apex One.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25239
        - Zero Day Initiative: ZDI-21-112
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38891: HTTP: Trend Micro Apex One Configuration Download File Call(ZDI-21-108)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects download calls to various configuration files.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25233
        - Zero Day Initiative: ZDI-21-108
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38892: HTTP: Kubernetes API Admission Control Create Mutating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to create a mutating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38893: HTTP: Kubernetes API Admission Control Create Validating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to create a validating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38894: HTTP: Trend Micro Worry-Free Business Security cgiRqSetting.exe Usage (ZDI-21-122)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the cgiRqSetting.exe endpoint within Trend Micro Worry-Free Business Security.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25245
        - Zero Day Initiative: ZDI-21-122
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38895: HTTP: Trend Micro Worry-Free Business Security cgiRqINI Request (ZDI-21-123)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a request to the cgiRqINI.exe endpoint in Trend Micro Worry-Free Business Security.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25244
        - Zero Day Initiative: ZDI-21-123
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38896: HTTP: Kubernetes API Admission Control Resources Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an admission control API resources request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38897: HTTP: Trend Micro Apex One isapiClient.dll Access (ZDI-21-117)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects access to isapiClient.dll in Trend Micro Apex One.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25246
        - Zero Day Initiative: ZDI-21-117
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38898: HTTP: Kubernetes API Admission Control List Mutating Webhook Configurations Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to list mutating admission webhook configurations through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38899: HTTP: Kubernetes API Admission Control List Validating Webhook Configurations Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to list validating admission webhooks configurations through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38901: HTTP: Kubernetes API Admission Control Delete Validating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to delete a validating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38902: HTTP: Kubernetes API Admission Control Delete Mutating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to delete a mutating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38903: HTTP: Kubernetes API Admission Control Update Validating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to update a validating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38904: HTTP: Kubernetes API Admission Control Update Mutating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to update a mutating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38905: HTTP: Kubernetes API Admission Control Read Mutating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to read a mutating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38906: HTTP: Kubernetes API Admission Control Read Validating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to read a validating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38907: HTTP: Kubernetes API Admission Control Replace Mutating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to replace a mutating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38908: HTTP: Kubernetes API Admission Control Replace Validating Webhook Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a request to replace a validating admission webhook configuration through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38909: HTTP: Kubernetes API CustomResourceDefinition Resources Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a CustomResourceDefinition (CRD) resources request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38910: HTTP: Kubernetes API Create CustomResourceDefinition Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a CustomResourceDefinition (CRD) creation request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38911: HTTP: Apache Flink Upload Jar Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Apache Flink.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17518
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38912: HTTP: Apache Flink jobmanager Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Apache Flink.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17519
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38913: HTTP: Adobe Acrobat Reader JP2K Image Parsing Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21060
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38914: HTTP: Trend Micro Multiple Products cgiOnQueryClientBindPort Request (ZDI-21-111,ZDI-21-121)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a request to the cgiOnQueryClientBindPort.exe endpoint in multiple Trend Micro products.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25237, CVE-2021-25238
        - Zero Day Initiative: ZDI-21-111, ZDI-21-121
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38915: HTTP: Trend Micro Apex One cgiCheckIP Request (ZDI-21-114)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a request to the cgiCheckIP.exe endpoint in Trend Micro Apex One.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25241
        - Zero Day Initiative: ZDI-21-114
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 23, 2021

    38916: HTTP: Kubernetes API List CustomResourceDefinition Resources Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a CustomResourceDefinition (CRD) creation request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38917: HTTP: Kubernetes API Update CustomResourceDefinition Resources Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a CustomResourceDefinition (CRD) update request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38918: HTTP: Kubernetes API Update Status CustomResourceDefinition Resources Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a CustomResourceDefinition (CRD) update status request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38919: HTTP: Kubernetes API Read CustomResourceDefinition Resources Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a CustomResourceDefinition (CRD) read request through the Kubernetes API.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 23, 2021

    38920: HTTP: Apache Flink Delete .jar Resource Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an attempt to delete a .jar resource in Apache Flink.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 23, 2021

    38922: HTTP: Microsoft Exchange New-TransportRule Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a remote code vulnerability in Microsoft Exchange.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-17132
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: February 23, 2021

    38928: ZDI-CAN-13087: Zero Day Initiative Vulnerability (Microsoft 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft 3D Builder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38929: ZDI-CAN-13086: Zero Day Initiative Vulnerability (Microsoft 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft 3D Builder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38931: ZDI-CAN-12586: Zero Day Initiative Vulnerability (Schneider Electric C-Bus Toolkit)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric C-Bus Toolkit.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38932: ZDI-CAN-12590: Zero Day Initiative Vulnerability (Schneider Electric C-Bus Toolkit)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric C-Bus Toolkit.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38933: ZDI-CAN-12604: Zero Day Initiative Vulnerability (Schneider Electric C-Bus Toolkit)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric C-Bus Toolkit.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38934: ZDI-CAN-12806: Zero Day Initiative Vulnerability (Microsoft Windows Groove Music)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Groove Music.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38935: ZDI-CAN-12872: Zero Day Initiative Vulnerability (Microsoft Windows Paint 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Paint 3D.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38936: ZDI-CAN-12873: Zero Day Initiative Vulnerability (Microsoft Windows Paint 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Paint 3D.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38937: ZDI-CAN-12876: Zero Day Initiative Vulnerability (Microsoft Windows Paint 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Paint 3D.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38938: ZDI-CAN-13037: Zero Day Initiative Vulnerability (AutoDesk Design Review)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38939: ZDI-CAN-13047: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Builder.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38940: ZDI-CAN-13048: Zero Day Initiative Vulnerability (Microsoft Windows Print 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Print 3D.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38942: ZDI-CAN-13050: Zero Day Initiative Vulnerability (Microsoft Windows Print 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Print 3D.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38943: ZDI-CAN-13051: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Builder.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38944: ZDI-CAN-13052: Zero Day Initiative Vulnerability (Microsoft Windows Print 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Print 3D.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38945: ZDI-CAN-13078: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Builder.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38946: ZDI-CAN-13079: Zero Day Initiative Vulnerability (Microsoft Windows Print 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Print 3D.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38947: ZDI-CAN-13080: Zero Day Initiative Vulnerability (Microsoft Windows Print 3D)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows Print 3D.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38948: ZDI-CAN-13081: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Builder.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38949: ZDI-CAN-13085: Zero Day Initiative Vulnerability (Microsoft Windows 3D Viewer)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows 3D Viewer.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: February 23, 2021

    38955: HTTP: Apache Druid Indexer Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Apache Druid.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25646
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: February 23, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38093: HTTP: Horner Automation Cscape CSP File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-158)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38093: ZDI-CAN-11111: Zero Day Initiative Vulnerability (Horner Automation Cscape)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 23, 2021

    38122: HTTP: HPE Moonshot Provisioning Manager Directory Traversal Vulnerability (ZDI-21-150)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38122: ZDI-CAN-11707: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Moonshot)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 23, 2021

    38152: HTTP: Omron CX-One NCI File Parsing Untrusted Pointer Dereference Vulnerability (ZDI-21-182)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38152: ZDI-CAN-11807: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 23, 2021

    38153: HTTP: Omron CX-One PSW File Parsing Type Confusion Vulnerability (ZDI-21-184)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38153: ZDI-CAN-11809: Zero Day Initiative Vulnerability (OMRON CX-One)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 23, 2021

    * 38305: HTTP: Cisco Multiple Routers Accept Header Command Injection Vulnerability (ZDI-21-131)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38305:  ZDI-CAN-11689: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38310: HTTP: SolarWinds Orion Platform NCM SCM IPAM Improper Access Vulnerability (ZDI-21-192)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38310: ZDI-CAN-11903: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38344: HTTP: Adobe Acrobat Reader DC URI Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-166)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38344: ZDI-CAN-12067: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38345: HTTP: Adobe Acrobat Reader DC Annotation popupOpen Method Use-After-Free Vulnerability (ZDI-21-167)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38345: ZDI-CAN-12071: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38346: HTTP: Adobe Acrobat Reader DC Annotation setProps Method Use-After-Free Vulnerability (ZDI-21-168)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38346: ZDI-CAN-12072: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38347: HTTP: Adobe Acrobat Reader DC Annotation page Property Use-After-Free Vulnerability (ZDI-21-169)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38347: ZDI-CAN-12074: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38357: HTTP: Microsoft Windows wab32 WAB File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-176)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38357: ZDI-CAN-12162: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38358: HTTP: Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Vulnerability (ZDI-21-177)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38358: ZDI-CAN-12169: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 23, 2021

    38382: HTTP: Cisco Multiple Routers Cookie Header Stack-based Buffer Overflow Vulnerability (ZDI-21-136)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38382:  ZDI-CAN-11726: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 23, 2021

    38384: HTTP: Cisco Multiple Routers RESTCONF file-upload Command Injection Vulnerability (ZDI-21-137)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38384:  ZDI-CAN-11848: Zero Day Initiative Vulnerability (Cisco Multiple Routers)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 23, 2021

    38398: HTTP: Microsoft Windows Camera Codec Processing Out-Of-Bounds Write Vulnerability (ZDI-21-179)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38398: ZDI-CAN-12218: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 23, 2021

    38418: HTTP: Microsoft SharePoint Workflow Deserialization of Untrusted Data Vulnerability (ZDI-21-194)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38418: ZDI-CAN-12135: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 23, 2021

    38492: HTTP: Microsoft Excel XLSX File Parsing Use-After-Free Vulnerability (ZDI-21-180)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38492: ZDI-CAN-12223: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: February 23, 2021

    38573: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-21-181)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38573: ZDI-CAN-12114: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: February 23, 2021

    38593: HTTP: Adobe Acrobat Pro DC setAction Use-After-Free Vulnerability (ZDI-21-170)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38593: ZDI-CAN-12440: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: February 23, 2021

    38619: HTTP: Trend Micro IWSVA Password Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38619: HTTP: Trend Micro IWSVA Console Command Injection Vulnerability".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: February 23, 2021

    * 38722: HTTP: Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-172)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38722: ZDI-CAN-12546: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 19, 2021
      - Last Modified Date: February 23, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 25913: MS-SQL: Microsoft SQL RDBMS Engine UNC Path Injection Privilege Escalation Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: November 29, 2016
      - Last Modified Date: February 23, 2021

    38497: HTTP: Trend Micro InterScan MailNotification Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 23, 2021

    * 38498: HTTP: Trend Micro InterScan Web Security VA DecryptPasswd Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 23, 2021

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000285738
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.