Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9519.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9519.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 14
Modified Filters (logic changes) - 2
Modified Filters (metadata changes only) - 2
Removed Filters - 0
Filters
----------------
New Filters: 39268: ZDI-CAN-12891: Zero Day Initiative Vulnerability (QNAP NAS) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting QNAP NAS. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 23, 2021 39269: HTTP: Foxit Reader Field Event Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-21040 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 23, 2021 39282: HTTP: phpGACL acl_admin.php Reflected Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in phpGACL. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-13562 CVSS 4.3 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39290: HTTP: OpenEMR Usergroup_admin.php Stored Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-side scripting vulnerability in OpenEMR. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39291: HTTP: OneDev Platform AttachmentUploadServet Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in OneDev Platform. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2021-21242 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39294: LDAP: OpenLDAP slapd cancelRequestHandling Infinite Loop Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in OpenLDAP. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-36227 CVSS 5.0 - Classification: Vulnerability - Denial of Service (Crash/Reboot) - Protocol: LDAP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39297: HTTP: Foxit Reader Text Field fileSelect Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-13548 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: March 23, 2021 39300: HTTP: Nagios XI windowswmi Command Injection Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-25296 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39301: HTTP: Nagios XI cloud-vm.inc Command Injection Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-25298 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39312: ZDI-CAN-12926: Zero Day Initiative Vulnerability (AutoDesk Design Review) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: March 23, 2021 39314: HTTP: Microsoft Exchange Server Arbitrary File Write Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file write in Microsoft Exchange Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-27065 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: March 23, 2021 39352: HTTP: F5 BIG-IP iControl REST Interface Login Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects login requests to F5 BIG-IP iControl REST Interface. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-22986 - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39360: HTTP: F5 BIG-IP iControl REST filePath Command Injection Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in F5 BIG-IP. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2021-22986 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 39364: HTTP: F5 BIG-IP bash Suspicious Command Execution Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects suspicious command execution requests to F5 BIG-IP. - Deployments: - Deployment: Default (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2021-22986 - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: March 23, 2021 Modified Filters (logic changes): * = Enabled in Default deployments 20005: HTTP: D-Link Multiple Devices HNAP Command Injection Vulnerability - IPS Version: 3.1.3 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: June 30, 2015 - Last Modified Date: March 23, 2021 38587: HTTP: Advantech iView ztp_config_name SQL Injection Vulnerability (ZDI-21-190) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38587: HTTP: Advantech iView NetworkServlet ztp_config_name SQL Injection Vulnerability (ZDI-21-190)". - Detection logic updated. - Vulnerability references updated. - Release Date: December 15, 2020 - Last Modified Date: March 23, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments 38418: HTTP: Microsoft SharePoint Workflow Deserialization of Untrusted Data Vulnerability (ZDI-21-194) - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: November 17, 2020 - Last Modified Date: March 23, 2021 39073: HTTP: SolarWinds Orion Platform MSMQ Insecure Deserialization Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: March 09, 2021 - Last Modified Date: March 23, 2021 Removed Filters: NoneTop of the Page