Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9608

    • Updated:
    • 10 Nov 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9608     November 9, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before November 9, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-3711 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26443 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26444 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-36957 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-38631 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-38665 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-38666 Under Investigation
CVE-2021-40442 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41349 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41351 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41356 Under Investigation
CVE-2021-41366 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41367 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41368 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41370 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41371 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41372 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41373 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41374 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41375 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41376 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41377 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41378 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-41379 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42274 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42275 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42276 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42277 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42278 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42279 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42280 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42282 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42283 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42284 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42285 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42286 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42287 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42288 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42291 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42292 Under Investigation
CVE-2021-42296 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42298 Under Investigation
CVE-2021-42300 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42301 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42302 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42303 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42304 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42305 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42316 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42319 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42322 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-42323 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-43208 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-43209 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9608.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9608.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 15
 Modified Filters (logic changes) - 12
 Modified Filters (metadata changes only) - 6
 Removed Filters - 1

Filters
----------------
  New Filters: 

    40451: HTTP: Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in the Zoho Corporation ManageEngine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-40539
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 09, 2021

    40485: HTTP: Siemens SINEC NMS CVE-2021-33730 SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Siemens SINEC NMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-33730 CVSS 6.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40489: HTTP: Ruby Dragonfly Gem Arbitrary File Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an argument injection vulnerability in Ruby Dragonfly Gem.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-33564 CVSS 9.8
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 09, 2021

    40490: ZDI-CAN-15167: Zero Day Initiative Vulnerability (Foxit PDF Reader)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Foxit PDF Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40491: ZDI-CAN-15196: Zero Day Initiative Vulnerability (Adobe Reader DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Reader DC.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40492: ZDI-CAN-15201: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40493: ZDI-CAN-15202: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40494: HTTP: Delta Industrial Automation DIAEnergie AM_Handler.ashx SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Delta Electronics DIAEnergie.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-38391
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 09, 2021

    40498: ZDI-CAN-15626: Zero Day Initiative Vulnerability (Sante DICOM Viewer Pro)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Sante DICOM Viewer Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40499: ZDI-CAN-15627: Zero Day Initiative Vulnerability (Sante DICOM Viewer Pro)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Sante DICOM Viewer Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40500: ZDI-CAN-15628: Zero Day Initiative Vulnerability (Sante DICOM Viewer Pro)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Sante DICOM Viewer Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40501: ZDI-CAN-15629: Zero Day Initiative Vulnerability (Sante DICOM Viewer Pro)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Sante DICOM Viewer Pro.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40505: ZDI-CAN-15541: Zero Day Initiative Vulnerability (WordPress Core)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting WordPress Core.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

    40509: HTTP: Centreon generateImage.php SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Centreon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-37557
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 09, 2021

    40516: PWN2OWN ZDI-CAN-15800: Zero Day Initiative Vulnerability (Lexmark MC3224i)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Lexmark MC3224i.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: November 09, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38335: HTTP: Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Vulnerability (ZDI-21-258)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38335: ZDI-CAN-11997: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: November 09, 2021

    39750: HTTP: Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Vulnerability (ZDI-21-1121)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39750: ZDI-CAN-13789: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: November 09, 2021

    39829: HTTP: Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1173)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39829: ZDI-CAN-13852: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: November 09, 2021

    39830: HTTP: Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1175)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39830: ZDI-CAN-13904: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: November 09, 2021

    39831: HTTP: Fatek Automation WinProladder PDW Stack-based Buffer Overflow Vulnerability (ZDI-21-1177)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39831: ZDI-CAN-13906: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: November 09, 2021

    39888: HTTP: Fatek Automation WinProladder PDW Stack-based Buffer Overflow Vulnerability (ZDI-21-1178)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39888: ZDI-CAN-13884: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 29, 2021
      - Last Modified Date: November 09, 2021

    39889: HTTP: Fatek Automation WinProladder PDW Stack-based Buffer Overflow Vulnerability (ZDI-21-1165)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39889: ZDI-CAN-13933: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 29, 2021
      - Last Modified Date: November 09, 2021

    39891: HTTP: Fatek Automation WinProladder PDW File Parsing Memory Corruption Vulnerability (ZDI-21-1166)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39891: ZDI-CAN-13934: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 29, 2021
      - Last Modified Date: November 09, 2021

    39896: HTTP: Autodesk Design Review DWF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-1126)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39896: ZDI-CAN-13948: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 29, 2021
      - Last Modified Date: November 09, 2021

    39976: HTTP: Fatek Automation WinProladder PDW File Parsing Memory Corruption Vulnerability (ZDI-21-1167)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39976: ZDI-CAN-14072: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 24, 2021
      - Last Modified Date: November 09, 2021

    39980: HTTP: Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1169)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39980: ZDI-CAN-14039: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 27, 2021
      - Last Modified Date: November 09, 2021

    40392: ZDI-CAN-15314-15316,15318: Zero Day Initiative Vulnerability(SolarWinds Network Performance Monitor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 12, 2021
      - Last Modified Date: November 09, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    1125: HTTP: ../.. Directory Traversal
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: December 31, 2005
      - Last Modified Date: November 09, 2021

    39602: HTTP: Schneider Electric Struxureware Data Center Directory Traversal Vulnerability (ZDI-21-1071)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 27, 2021
      - Last Modified Date: November 09, 2021

    * 40073: HTTP: Microsoft Office Visio WMF File Parsing Use-After-Free Vulnerability (ZDI-21-1160)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: August 17, 2021
      - Last Modified Date: November 09, 2021

    40094: TCP: ExifTool DjVu Regular Expression Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 17, 2021
      - Last Modified Date: November 09, 2021

    40102: UDP: ExifTool DjVu Regular Expression Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 17, 2021
      - Last Modified Date: November 09, 2021

    40421: HTTP: Apache HTTP Server Long UDS Path Name Proxy Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: October 19, 2021
      - Last Modified Date: November 09, 2021

  Removed Filters:

    39887: ZDI-CAN-13802: Zero Day Initiative Vulnerability (SolarWinds Orion)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Release Date: June 29, 2021


Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000289590
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.