Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9509

    • Updated:
    • 3 Mar 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9509      March 2, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
 The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9509.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9509.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 19
 Modified Filters (logic changes) - 7
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38921: HTTP: Webmin Command-Shell index.cgi Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Webmin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8821 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    38930: HTTP: Nagios XI Deploy Dashboards Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27989 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    38951: HTTP: Microsoft SharePoint Permissions.GetPermissionCollection Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Permissions.GetPermissionCollection request to Microsoft SharePoint.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: March 02, 2021

    38953: LDAP: OpenLDAP slapd Search ParsingissuerAndThisUpdateCheck Integer Underflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in OpenLDAP.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-36228 CVSS 5.0
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: LDAP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    38954: HTTP: Trend Micro InterScan Web Security VA ManageVLANSettings Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28580 CVSS 9.0, CVE-2020-28581 CVSS 9.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: March 02, 2021

    38998: HTTP: SolarWinds Serv-U FTP Server Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in SolarWinds Serv-U FTP Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28001
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    38999: DNS: DNSmasq sort_rrset Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in DNSmasq.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-25687
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: DNS
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: March 02, 2021

    39000: FTP: SolarWinds Serv-U FTP Server Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in SolarWinds Serv-U FTP Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28001
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: FTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39025: HTTP: Accellion File Transfer Appliance Host Header SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Accellion File Transfer Appliance.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-27101
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39042: HTTP: Oracle Application Server Multiple Vulnerabilities
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit multiple vulnerabilities in Oracle Application Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39043: HTTP: Oracle Application Server OWA_UTIL PL/SQL Package Access
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects procedure calls through OWA_UTIL PL/SQL Package.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39044: HTTPS: Zoom POST logfiles Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Zoom POST request to the zoom.logfiles.us server.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39045: HTTPS: Zoom WebSocket Upgrade Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Zoom upgrade WebSocket request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39046: HTTP: Python PyCArg_repr Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Python.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-3177
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: March 02, 2021

    39047: LDAP: OpenLDAP slapd Proxy Authorization Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in OpenLDAP.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-36222 CVSS 5.0
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: LDAP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39048: HTTP: WordPress Code Snippets Plugin CSRF Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a CSRF vulnerability in the WordPress Code Snippets Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8417
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: March 02, 2021

    39074: HTTP: GitLab import_url CRLF Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a CRLF injection vulnerability in Gitlab.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-19585
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: March 02, 2021

    39077: TCP: VMware vSphere Client vropspluginui Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in VMware vSphere Client.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21972
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Client Application
      - Release Date: March 02, 2021

    39078: TCP: VMware vSphere Client Suspicious statsreport Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a suspicious statsreport request in VMware vSphere Client.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21972
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Client Application
      - Release Date: March 02, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    34932: HTTP: Micro Focus Operations Bridge Manager Deserialization Vulnerability (Multiple ZDI Cases)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34932: ZDI-CAN-11200,11381-9,11390-9,11400-11417: Zero Day Initiative Vulnerability (Micro Focus)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 07, 2020
      - Last Modified Date: March 02, 2021

    38159: HTTP: Schneider Electric EcoStruxure Power Build SSD File Use-After-Free Vulnerability (ZDI-21-186)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38159: ZDI-CAN-11849: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: March 02, 2021

    38160: HTTP: Schneider Electric EcoStruxure Power Build SSD File Buffer Overflow Vulnerability (ZDI-21-187)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38160: ZDI-CAN-11850: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: March 02, 2021

    38527: HTTP: Advantech iView UserServlet SQL Injection Vulnerability (ZDI-21-188)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38527: ZDI-CAN-12095: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 08, 2020
      - Last Modified Date: March 02, 2021

    38528: HTTP: Advantech iView CommandServlet Directory Traversal Vulnerability (ZDI-21-189)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38528: ZDI-CAN-12096: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 08, 2020
      - Last Modified Date: March 02, 2021

    38587: HTTP: Advantech iView NetworkServlet ztp_config_name SQL Injection Vulnerability (ZDI-21-190)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38587: ZDI-CAN-12343: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: March 02, 2021

    38588: HTTP: Advantech iView UserServlet SQL Injection Vulnerability (ZDI-21-191)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38588: ZDI-CAN-12344: Zero Day Initiative Vulnerability (Advantech iView)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: March 02, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    38833: HTTP: SAP Solution Manager stopScript SOAP Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38833: HTTP: SAP Solution Manager stopScript SOAP Request (ATT&CK T1070.004)".
      - Vulnerability references updated.
      - Release Date: February 09, 2021
      - Last Modified Date: March 02, 2021

  Removed Filters: None
      
 Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000285841
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.