Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9610

    • Updated:
    • 17 Nov 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9610      November 16. 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9610.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9610.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 3
 Modified Filters (logic changes) - 11
 Modified Filters (metadata changes only) - 0
 Removed Filters - 0

Filters
----------------
  New Filters: 

    40515: HTTP: Micro Focus Operation Bridge Reporter userName Command Injection Vulnerability (ZDI-21-153)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Micro Focus Operations Bridge Reporter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-22502
        - Zero Day Initiative: ZDI-21-153
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: November 16, 2021

    40517: HTTP: Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Sonatype Nexus Repository Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-37152
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 16, 2021

    40519: HTTP: Siemens SINEC NMS Export Firmware Container Directory Traversal Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal in Siemens SINEC NMS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-33722 CVSS 4.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: November 16, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    22622: HTTP: ThinkPHP Framework Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: February 02, 2016
      - Last Modified Date: November 16, 2021

    * 27410: HTTP: Apache Struts Multipart Encoding Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: March 14, 2017
      - Last Modified Date: November 16, 2021

    37308: HTTP: Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization (ZDI-20-505)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: March 10, 2020
      - Last Modified Date: November 16, 2021

    38334: HTTP: Fatek Automation FvDesigner FPJ File Parsing Use-After-Free Vulnerability (ZDI-21-257)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38334: ZDI-CAN-11996: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: November 16, 2021

    38336: HTTP: Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Vulnerability (ZDI-21-259)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38336: ZDI-CAN-11998: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: November 16, 2021

    38337: HTTP: Fatek Automation FvDesigner FPJ File Parsing Buffer Overflow Vulnerability (ZDI-21-260)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38337: ZDI-CAN-11999: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: November 16, 2021

    39405: HTTP: Microsoft SharePoint Insecure Deserialization Vulnerability (ZDI-21-828,1225)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39405: HTTP: Microsoft SharePoint SetVariableActivity Insecure Deserialization Vulnerability (ZDI-21-828)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: November 16, 2021

    39832: HTTP: Autodesk Design Review RLC File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-1125)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39832: ZDI-CAN-13913: Zero Day Initiative Vulnerability (AutoDesk Design Review)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: November 16, 2021

    39940: RPC: Microsoft Windows AddPrinterDriverEx Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 01, 2021
      - Last Modified Date: November 16, 2021

    39954: RPC: Microsoft Windows AsyncEnumPrinterDrivers/AsyncAddPrinterDriver Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 06, 2021
      - Last Modified Date: November 16, 2021

    40490: ZDI-CAN-15167: Zero Day Initiative Vulnerability (Foxit PDF Reader)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Detection logic updated.
      - Release Date: November 09, 2021
      - Last Modified Date: November 16, 2021
      
  Modified Filters (metadata changes only): None

  Removed Filters: None

Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000289624
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.