Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9509.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9509.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 19
Modified Filters (logic changes) - 7
Modified Filters (metadata changes only) - 1
Removed Filters - 0
Filters
----------------
New Filters: 38921: HTTP: Webmin Command-Shell index.cgi Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Webmin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-8821 CVSS 3.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 38930: HTTP: Nagios XI Deploy Dashboards Stored Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-27989 CVSS 3.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 38951: HTTP: Microsoft SharePoint Permissions.GetPermissionCollection Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a Permissions.GetPermissionCollection request to Microsoft SharePoint. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: March 02, 2021 38953: LDAP: OpenLDAP slapd Search ParsingissuerAndThisUpdateCheck Integer Underflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an integer overflow vulnerability in OpenLDAP. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-36228 CVSS 5.0 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: LDAP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 38954: HTTP: Trend Micro InterScan Web Security VA ManageVLANSettings Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2020-28580 CVSS 9.0, CVE-2020-28581 CVSS 9.0 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: March 02, 2021 38998: HTTP: SolarWinds Serv-U FTP Server Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in SolarWinds Serv-U FTP Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-28001 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 38999: DNS: DNSmasq sort_rrset Out-Of-Bounds Write Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in DNSmasq. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-25687 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: DNS - Platform: UNIX/Linux Server Application or Service - Release Date: March 02, 2021 39000: FTP: SolarWinds Serv-U FTP Server Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in SolarWinds Serv-U FTP Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-28001 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: FTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39025: HTTP: Accellion File Transfer Appliance Host Header SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Accellion File Transfer Appliance. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-27101 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39042: HTTP: Oracle Application Server Multiple Vulnerabilities - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit multiple vulnerabilities in Oracle Application Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39043: HTTP: Oracle Application Server OWA_UTIL PL/SQL Package Access - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects procedure calls through OWA_UTIL PL/SQL Package. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39044: HTTPS: Zoom POST logfiles Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a Zoom POST request to the zoom.logfiles.us server. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39045: HTTPS: Zoom WebSocket Upgrade Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a Zoom upgrade WebSocket request. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39046: HTTP: Python PyCArg_repr Buffer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Python. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2021-3177 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 02, 2021 39047: LDAP: OpenLDAP slapd Proxy Authorization Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in OpenLDAP. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-36222 CVSS 5.0 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: LDAP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39048: HTTP: WordPress Code Snippets Plugin CSRF Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a CSRF vulnerability in the WordPress Code Snippets Plugin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-8417 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 02, 2021 39074: HTTP: GitLab import_url CRLF Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a CRLF injection vulnerability in Gitlab. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2018-19585 - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 02, 2021 39077: TCP: VMware vSphere Client vropspluginui Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in VMware vSphere Client. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-21972 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: TCP (Generic) - Platform: Multi-Platform Client Application - Release Date: March 02, 2021 39078: TCP: VMware vSphere Client Suspicious statsreport Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects a suspicious statsreport request in VMware vSphere Client. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-21972 - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: TCP (Generic) - Platform: Multi-Platform Client Application - Release Date: March 02, 2021 Modified Filters (logic changes): * = Enabled in Default deployments 34932: HTTP: Micro Focus Operations Bridge Manager Deserialization Vulnerability (Multiple ZDI Cases) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34932: ZDI-CAN-11200,11381-9,11390-9,11400-11417: Zero Day Initiative Vulnerability (Micro Focus)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 07, 2020 - Last Modified Date: March 02, 2021 38159: HTTP: Schneider Electric EcoStruxure Power Build SSD File Use-After-Free Vulnerability (ZDI-21-186) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38159: ZDI-CAN-11849: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: March 02, 2021 38160: HTTP: Schneider Electric EcoStruxure Power Build SSD File Buffer Overflow Vulnerability (ZDI-21-187) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38160: ZDI-CAN-11850: Zero Day Initiative Vulnerability (Schneider Electric EcoStruxure)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: March 02, 2021 38527: HTTP: Advantech iView UserServlet SQL Injection Vulnerability (ZDI-21-188) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38527: ZDI-CAN-12095: Zero Day Initiative Vulnerability (Advantech iView)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 08, 2020 - Last Modified Date: March 02, 2021 38528: HTTP: Advantech iView CommandServlet Directory Traversal Vulnerability (ZDI-21-189) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38528: ZDI-CAN-12096: Zero Day Initiative Vulnerability (Advantech iView)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 08, 2020 - Last Modified Date: March 02, 2021 38587: HTTP: Advantech iView NetworkServlet ztp_config_name SQL Injection Vulnerability (ZDI-21-190) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38587: ZDI-CAN-12343: Zero Day Initiative Vulnerability (Advantech iView)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 02, 2021 38588: HTTP: Advantech iView UserServlet SQL Injection Vulnerability (ZDI-21-191) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38588: ZDI-CAN-12344: Zero Day Initiative Vulnerability (Advantech iView)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 02, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments 38833: HTTP: SAP Solution Manager stopScript SOAP Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38833: HTTP: SAP Solution Manager stopScript SOAP Request (ATT&CK T1070.004)". - Vulnerability references updated. - Release Date: February 09, 2021 - Last Modified Date: March 02, 2021 Removed Filters: NoneTop of the Page