Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9577

    • Updated:
    • 1 Sep 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9577      August 31, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9577.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9577.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 14
 Modified Filters (logic changes) - 4
 Modified Filters (metadata changes only) - 7
 Removed Filters - 1

Filters
----------------
  New Filters: 

    40103: ZDI-CAN-14527: Zero Day Initiative Vulnerability (BMC TrackIt!)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting BMC TrackIt!.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40107: ZDI-CAN-14634: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40108: ZDI-CAN-14568: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Fatek Automation WinProladder.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40118: ZDI-CAN-14614: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40119: ZDI-CAN-14596: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40120: ZDI-CAN-14597: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40121: ZDI-CAN-14606: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Reader DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: August 31, 2021

    40144: HTTP: Apache Solr masterURL or leaderURL Parameter Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the masterURL or leaderURL parameter in Apache Solr replication requests.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-27905
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

    40145: HTTP: Centreon csv_HostGroupLogs.php SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Centreon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-37556 CVSS 6.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

    40146: DNS: ISC BIND TKEY SPNEGO der_get_oid Out-of-Bounds Write Vulnerability (ZDI-21-195)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in ISC BIND.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8625
        - Zero Day Initiative: ZDI-21-195
      - Classification: Vulnerability - Other
      - Protocol: DNS
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

    40147: HTTP: WordPress LearnPress Plugin Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a LearnPress plugin request to allow a user to have 'Instructor' status.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-11511
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

    40148: HTTP: Micro Focus Secure Messaging Gateway Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Micro Focus Secure Messaging Gateway.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-11852 CVSS 8.8
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

    40151: HTTP: Squid Cache Corruption Request Smuggling Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Moderate
      - Description: This filter detects an attempt to exploit a request smuggling vulnerability in Squid.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-18678
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

    40164: TCP: Oracle WebLogic IIOP JNDI Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a JNDI injection vulnerability in Oracle WebLogic Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-14841 CVSS 9.8
      - Classification: Vulnerability - Other
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 31, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    16302: UDP: Digium Asterisk SIP Session Expiration Header Denial-of-Service Vulnerability
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: June 24, 2014
      - Last Modified Date: August 31, 2021

    37333: HTTP: D-Link DAP-1860 HNAP SOAPAction Command Injection Vulnerability (ZDI-20-879)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37333: ZDI-CAN-10084: Zero Day Initiative Vulnerability (D-Link DAP-1860 Router)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: August 31, 2021

    37645: HTTP: Apple Safari RenderWidget Use-After-Free Vulnerability (ZDI-20-907)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37645: ZDI-CAN-10111: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: August 31, 2021

    40133: HTTP: Oracle Business Intelligence SAXParser XXE Information Disclosure Vulnerability (ZDI-21-886)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "40133: HTTP:Oracle Business Intelligence SAXParser XXE Information Disclosure Vulnerability (ZDI-21-886)".
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 24, 2021
      - Last Modified Date: August 31, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    33904: HTTP: Horner Automation Cscape CSP File Parsing Out-of-Bounds Write Vulnerability (ZDI-19-227)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: January 01, 2019
      - Last Modified Date: August 31, 2021

    34756: HTTP: HPE Intelligent Management Center PrimeFaces Expression Language Injection (ZDI-19-161)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 19, 2019
      - Last Modified Date: August 31, 2021

    34837: HTTP: Bitdefender SafePay exec Command Injection Vulnerability (ZDI-19-157)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: March 26, 2019
      - Last Modified Date: August 31, 2021

    * 34874: HTTP: Mozilla Firefox IonMonkey Optimizer Type Confusion Vulnerability (Pwn2Own, ZDI-19-365)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: March 26, 2019
      - Last Modified Date: August 31, 2021

    35498: TCP: YSoSerial.Net Deserialization Tool Usage
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35498: HTTP: YSoSerial.Net Deserialization Tool Usage".
      - Vulnerability references updated.
      - Release Date: June 18, 2019
      - Last Modified Date: August 31, 2021

    38310: HTTP: SolarWinds Orion Platform NCM SCM IPAM Improper Access Vulnerability (ZDI-21-192)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: August 31, 2021

    40140: HTTP: Fortinet FortiWeb remoteserver Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 24, 2021
      - Last Modified Date: August 31, 2021

  Removed Filters:

    38417: ZDI-CAN-12086: Zero Day Initiative Vulnerability (Microsoft SharePoint)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Release Date: November 17, 2020

Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000288750
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.