Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #2496 (05/18/2015)

7 new signatures:

MEDIUMHTTP:STC:SCRIPT:VB-REGX-IDHTTP: Microsoft Windows VBScript Regular Expression Information Disclosure
MEDIUMFTP:PROFTP:REMOTE-FILE-COPYFTP: ProFTPD SITE CPFR And CPTO Commands Unauthenticated Remote File Copying
MEDIUMVOIP:DIGIUM-ASTERISK-SECBYPASSVOIP: Digium Asterisk NULL Certificate Security Bypass
MEDIUMHTTP:FORTINET-HELLO-MSG-DOSHTTP: Fortinet Single Sign On Hello Message Denial Of Service
HIGHHTTP:STC:SCHNEIDER-CFG-FILE-BOHTTP: Schneider Electric VAMPSET CFG File Handling Buffer Overflow
HIGHAPP:MISC:OBJ-OBJDB-BOAPP: OBJECTIVE DB Buffer Overflow
HIGHAPP:MISC:NEC-EXPCLU-BOAPP: NEC EXPCLUSTER Buffer Overflow

3 updated signatures:

HIGHHTTP:STC:IE:CVE-2015-1705-UAFHTTP: Microsoft Internet Explorer CVE-2015-1705 Use After Free
HIGHHTTP:STC:DL:EMF-IMG-FILE-RCEHTTP: Microsoft Windows Graphic Component EMF Image File Processing Remote Code Execution
HIGHSCADA:CODESYS-BOSCADA: 3S Smart Software Solutions CoDeSys Gateway Server Stack Buffer Overflow

1 renamed signature:

HTTP:STC:IE:CVE-2015-1692-ID->HTTP:STC:IE:ACCESS-BYPASS-ID


Details of the signatures included within this bulletin:

HTTP:STC:IE:CVE-2015-1705-UAF - HTTP: Microsoft Internet Explorer CVE-2015-1705 Use After Free

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • cve: CVE-2015-1705

FTP:PROFTP:REMOTE-FILE-COPY - FTP: ProFTPD SITE CPFR And CPTO Commands Unauthenticated Remote File Copying

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against ProFTPD. A successful exploit can lead to remote file copying.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • cve: CVE-2015-3306

HTTP:STC:SCHNEIDER-CFG-FILE-BO - HTTP: Schneider Electric VAMPSET CFG File Handling Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Schneider. A successful exploit can lead to buffer overflow and remote code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • cve: CVE-2014-8390

HTTP:STC:DL:EMF-IMG-FILE-RCE - HTTP: Microsoft Windows Graphic Component EMF Image File Processing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful exploit can lead to remote code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • bugtraq: 74008
  • cve: CVE-2015-1645

APP:MISC:OBJ-OBJDB-BO - APP: OBJECTIVE DB Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in OBJECTIVITY'S OBJECTIVE DB product. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the the running application.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

APP:MISC:NEC-EXPCLU-BO - APP: NEC EXPCLUSTER Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in NEC EXPRESSCLUSTER application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the the running application.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

HTTP:STC:SCRIPT:VB-REGX-ID - HTTP: Microsoft Windows VBScript Regular Expression Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows VBScript handler. A successful exploit can lead to information disclosure.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • cve: CVE-2015-1684

VOIP:DIGIUM-ASTERISK-SECBYPASS - VOIP: Digium Asterisk NULL Certificate Security Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Digium Asterisk VoIP based application. Successful attacks could lead to security bypass and lead to further attacks.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • url: http://downloads.asterisk.org/pub/security/ast-2015-003.pdf
  • cve: CVE-2015-3008

HTTP:FORTINET-HELLO-MSG-DOS - HTTP: Fortinet Single Sign On Hello Message Denial Of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Fortinet. A successful exploit can lead to denial of service in the context of the application.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • bugtraq: 73206
  • cve: CVE-2015-2281

HTTP:STC:IE:ACCESS-BYPASS-ID - HTTP: Microsoft Internet Explorer Clipboard Access Restriction Bypass Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful exploit can lead to information disclosure.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • cve: CVE-2015-1692

SCADA:CODESYS-BO - SCADA: 3S Smart Software Solutions CoDeSys Gateway Server Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Smart Software Solutions CoDeSys. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140773, idp-5.1.110140626, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1

References:

  • bugtraq: 58032
  • cve: CVE-2012-4708

Affected Products:

  • 3s-software codesys_gateway-server up to 2.3.9.20
  • 3s-software codesys_gateway-server 2.3.5.2
  • 3s-software codesys_gateway-server 2.3.9.19
  • 3s-software codesys_gateway-server 2.3.8.2
  • 3s-software codesys_gateway-server 2.3.8.1
  • 3s-software codesys_gateway-server 2.3.9.1
  • 3s-software codesys_gateway-server 2.3.9.4
  • 3s-software codesys_gateway-server 2.3.5.1
  • 3s-software codesys_gateway-server 2.3.8.0
  • 3s-software codesys_gateway-server 2.3.7.0
  • 3s-software codesys_gateway-server 2.3.9.18
  • 3s-software codesys_gateway-server 2.3.9.5
  • 3s-software codesys_gateway-server 2.3.9.3
  • 3s-software codesys_gateway-server 2.3.5.3
  • 3s-software codesys_gateway-server 2.3.9.2
  • 3s-software codesys_gateway-server 2.3.6.0
  • 3s-software codesys_gateway-server 2.3.9
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out