Update Details

Update #2642 (02/09/2016)

85 new signatures:

HIGH	HTTP:STC:ADOBE:CVE-2016-0941-CE	HTTP: Adobe PDF CVE-2016-0941 Remote Code Execution
HIGH	HTTP:STC:IE:CVE-2016-0063-CE	HTTP: Microsoft Internet Explorer CVE-2016-0063 Remote Code Execution
HIGH	HTTP:STC:ACTIVEX:VLOG-OPLC-ACTX	HTTP: Unitronics VisiLogic OPLC IDE TeePreviewer ChartLink Unsafe ActiveX Control
HIGH	HTTP:STC:AUTODESK-GIF-BO	HTTP: Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow
HIGH	HTTP:STC:CVE-2016-0033-DOS	HTTP: Microsoft .NET Framework Denial of Service
HIGH	HTTP:STC:IE:CVE-2016-0072-RCE	HTTP: Microsoft Internet Explorer CVE-2016-0072 Remote Code Execution
HIGH	HTTP:STC:CVE-2016-0061-CE	HTTP: Microsoft Internet Explorer CVE-2016-0061 Remote Code Execution
HIGH	HTTP:STC:IE:CVE-2016-0071-CE	HTTP: Microsoft Internet Explorer CVE-2016-0071 Remote Code Execution
HIGH	HTTP:STC:DL:CVE-2016-0041-CE	HTTP: Microsoft Windows CVE-2016-0041 Remote Code Execution
MEDIUM	HTTP:MISC:MS-IIS-DOS	HTTP: Microsoft IIS Denial of Service
HIGH	NTP:CRYPTO-NAK-AUTH-BYPASS	NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass
HIGH	SSL:SQUID-SSL-BUMP-DOS	SSL: Squid SSL-Bump Denial of Service
HIGH	DNS:ISC-BIND-PACKAGE-DOS	DNS: ISC BIND buffer.c REQUIRE Assertion Failure Denial of Service
HIGH	HTTP:STC:DL:CVE-2016-0022-RCE	HTTP: Microsoft Office Word CVE-2016-0022 Remote Code Execution
HIGH	HTTP:STC:IE:IE-2016-0067-RCE	HTTP: Microsoft Internet Explorer CVE-2016-0067 Remote Code Execution
HIGH	HTTP:EFS-FILE-SERVER-BO	HTTP: EFS Software Easy File Sharing Web Server Stack Buffer Overflow
HIGH	HTTP:STC:IE:IE-2016-0062-RCE	HTTP: Microsoft Internet Explorer CVE-2016-0062 Remote Code Execution
HIGH	APP:IBM:OPCODE-1330-CMD-INJ	APP: IBM Tivoli Storage Manager FastBack Server Opcode 1330 Command Injection
HIGH	HTTP:STC:IE:CVE-2016-0068-CE	HTTP: Microsoft Internet Explorer CVE-2016-0068 Remote Code Execution
HIGH	HTTP:STC:DL:CVE-2016-0015-CE-1	HTTP: Microsoft Windows CVE-2016-0015 Remote Code Execution 1
HIGH	HTTP:LIBREOFFICE-INTEGR-UNDRFLW	HTTP: LibreOffice and OpenOffice ODF Document PrinterSetup Integer Underflow
HIGH	DNS:NGINX-RESOLVER-DOS	DNS: Nginx DNS Resolver Denial of Service
HIGH	HTTP:STC:DL:CVE-2016-0055-MC	HTTP: Microsoft Office PowerPoint CVE-2016-0055 Memory Corruption
HIGH	HTTP:STC:DL:IMAGIC-GIF-BO	HTTP: ImageMagick GIF Comment Processing Buffer Overflow
HIGH	HTTP:STC:NTP-DECODENETNUM-AF	HTTP: Network Time Protocol Daemon decodenetnum Assertion Failure
HIGH	SSL:SSL-V3-TRAFFIC-CBS-ENC-ID	SSL: SSLv3 Traffic CBS Encryption Information Disclosure
MEDIUM	SSH:KBDINT-NEXT-DEV-POL-BYPASS	SSH: OpenSSH kbdint_next_device Policy Bypass
HIGH	HTTP:INVALID:HTTP-RESPONSE-CODE	HTTP: Squid Proxy Invalid HTTP Response Status Code Denial of Service
MEDIUM	SSH:KBDINT-NEXT-DEV-POL-BYPAS-1	SSH: OpenSSH kbdint_next_device Policy Bypass1
CRITICAL	DNS:OVERFLOW:EXIM-DECODE-BO2	DNS: Exim DKIM DNS Decoding Buffer Overflow 2
HIGH	HTTP:MISC:SONICWALL-AUTH-BYPASS	HTTP: SonicWALL Multiple Products Authentication Bypass
HIGH	HTTP:XSS:NOVELL-GW-WEB-ACCESS	HTTP: Novell GroupWise WebAccess Cross-Site Scripting 1
MEDIUM	DNS:SQUID-DNS-DOS	DNS: Squid DNS Denial of Service
HIGH	SMB:SAMBA-SMB-PKT-PARS-BO	SMB: Samba SMB Packets Parsing Buffer Overflow
HIGH	SMTP:MS-WIN-SMTP-DOS	SMTP: Microsoft Windows SMTP Denial Of Service
HIGH	SMTP:MS-OUTLOOK-EMAIL-RCE-1	SMTP: Microsoft Outlook Email Parsing Remote Code Execution 1
HIGH	SMB:MS-WIN-SMB-PARS-MC	SMB: Microsoft Windows SMB Parsing Memory Corruption
HIGH	SMB:MS-WIN-SMB-PATH-BO	SMB: Microsoft Windows SMB Pathname Remote Buffer Overflow
HIGH	SMB:SAMBA-SID-PARS-BO-1	SMB: Samba SID Parsing Stack Buffer Overflow 1
HIGH	APP:MISC:NOVELL-NETWARE-FUNC-OF	APP: Novell Netware Function Datagram Parsing Remote Overflow
HIGH	APP:MISC:MS-WIN-SMB-SER-DOS-1	APP: Microsoft Windows SMB Server Remote Denial of Service 1
HIGH	APP:MISC:MS-WIN-SMB-RENAME-DOS	APP: Microsoft Windows SMB Rename Remote Denial of Service
HIGH	APP:MISC:APPLE-CUPS-PNG-OF-1	APP: Apple CUPS PNG Filter Overly Large Image Height Integer Overflow 1
HIGH	HTTP:MISC:REDR-ACROFORM-MC-1	HTTP: Adobe Reader AcroForm.api Memory Corruption 1
MEDIUM	DOS:IP:LINUX-CHUNKINIT-DOS-1	DOS: Linux Kernel sctp_process_unk_param SCTPChunkInit Denial-of-Service 1
HIGH	HTTP:STC:CVE-2016-0051-DOS	HTTP: Microsoft Windows CVE-2016-0051 Denial Of Service
MEDIUM	SMTP:DOS:OPENSSL-TLSRECORD-1	SMTP: OpenSSL TLS Record Tampering Denial of Service 1
MEDIUM	HTTP:DOMINO:INFO-LEAK-1	HTTP: Lotus Domino Information Disclosure (1)
HIGH	HTTP:STC:DL:CVE-2016-0056-RCE	HTTP: Microsoft Word CVE-2016-0056 Remote Code Execution
HIGH	HTTP:MISC:SQUID-PROXY-GOPHER-RP	HTTP: Squid Proxy Gopher Response Processing Buffer Overflow
MEDIUM	HTTP:STC:SSL:MD5-SIGNATURE-1	HTTP: SSL Certificate Signed With MD5 Hash(1)
MEDIUM	HTTP:STC:DL:CVE-2016-0059-ID	HTTP: Microsoft Office CVE-2016-0059 Information Disclosure
HIGH	HTTP:STC:IE:CVE-2016-0064-RCE	HTTP: Microsoft Internet Explorer CVE-2016-0064 Remote Code Execution
HIGH	HTTP:STC:CVE-2016-0058-RCE	HTTP: Microsoft Windows CVE-2016-0058 Remote Code Execution
HIGH	HTTP:STC:DL:CVE-2016-0042-RCE	HTTP: Microsoft Windows CVE-2016-0042 Remote Code Execution
HIGH	HTTP:STC:CVE-2016-0038-RCE	HTTP: Microsoft Windows CVE-2016-0038 Remote Code Execution
HIGH	HTTP:STC:M3U-VLC-SMB-LINK-1	HTTP: VideoLAN VLC Media Player SMB Link Buffer Overflow (1)
HIGH	HTTP:STC:ADOBE:PDF-BITDEF-OF-1	HTTP: BitDefender Antivirus PDF Processing Memory Corruption (1)
HIGH	HTTP:STC:DL:ORACLE-JPEG-QCD-OF2	HTTP: Oracle Outside In JPEG 2000 QCD Segment Processing Heap Buffer Overflow 2
HIGH	HTTP:CLAMAV-ENCRYPT-PDF-MC2	HTTP: ClamAV Encrypted PDF File Handling Memory Corruption 2
HIGH	HTTP:ORACLE:OUTSIDE-PRDOX-BO2	HTTP: Oracle Outside In Paradox Database Handling Buffer Overflow 2
HIGH	DNS:OVERFLOW:TXTRECORD-1	DNS: DNS TXT Record Handling Remote Buffer Overflow (1)
HIGH	DNS:OVERFLOW:TRANSPOOF-3	DNS: Transaction Spoofing (3)
HIGH	HTTP:STC:CVE-2016-0046-RCE	HTTP: Microsoft Windows CVE-2016-0046 Remote Code Execution
HIGH	SSL:OPENSSL-AES-NI-INTUDF2	SSL: OpenSSL AES-NI Integer Underflow 2
HIGH	HTTP:STC:DL:CVE-2016-0052-RCE	HTTP: Microsoft Office CVE-2016-0052 Remote Code Execution
HIGH	HTTP:STC:DL:CVE-2016-0054-RCE	HTTP: Microsoft Office Excel CVE-2016-0054 Remote Code Execution
HIGH	HTTP:STC:DL:MSHTML-HELP-1	HTTP: Microsoft HTML Help '.chm' File Stack Buffer Overflow
HIGH	HTTP:STC:DL:CVE-2016-0053-RCE	HTTP: Microsoft Office CVE-2016-0053 Remote Code Execution
HIGH	HTTP:STC:IE:CVE-2016-0060-RCE	HTTP: Microsoft Internet Explorer CVE-2016-0060 Remote Code Execution
HIGH	HTTP:MISC:ENDIAN-PRX-CMDEXEC	HTTP: Endian Firewall Proxy Password Change Command Execution
HIGH	LDAP:IMAIL-BOF-1	LDAP: Imail Buffer Overflow1
HIGH	APP:MISC:ENDIAN-PRX-CMDEXEC2	HTTP: Endian Firewall Proxy Password Change Command Execution 2
HIGH	DB:ORACLE:TNS:INTERMEDIA-DOS-1	DB: Oracle Database InterMedia Denial of Service (1)
HIGH	DNS:MUL-VEND-TXT-BOF	DNS: Multiple Vendors DNS TXT Record Parsing Buffer Overflow
HIGH	DHCP:SERVER:ISC-DHCLIENT-BOF-1	DHCP: ISC DHCP dhclient script_write_params Stack Buffer Overflow (1)
MEDIUM	NFS:MS-WINDOWS-NFS-NULL-DOS2	NFS: Microsoft Windows NFS Server NULL Pointer Dereference Denial of Service 2
HIGH	DNS:SYMANTEC-CACHE-POIS	DNS: Symantec Gateway DNS Cache Poisoning
HIGH	FTP:WS-FTP:WS-FTP-COMM-OF-1	FTP: Ipswitch WS_FTP Server FTP Commands Buffer Overflow (1)
HIGH	APP:CA:ARCSRV:PORTMAPPER-1	APP: Computer Associates BrightStor ARCserve Backup Portmapper (1)
MEDIUM	NETBIOS:WINS:ISATAP-INFO-DIS-1	NETBIOS: WPAD WINS Server Registration Information Disclosure (1)
HIGH	APP:SAP:3DM-FILE-BOF	APP: SAP 3D Visual Enterprise Viewer 3DM File Buffer Overflow
HIGH	HTTP:STC:ADOBE:CVE-2016-0932-CE	HTTP: Adobe PDF CVE-2016-0932 Remote Code Execution
HIGH	APP:CA:ARCSRV:PORTMAPPER-2	APP: Computer Associates BrightStor ARCserve Backup Portmapper (2)
HIGH	HTTP:STC:ADOBE:CVE-2016-0937-CE	HTTP: Adobe PDF CVE-2016-0937 Remote Code Execution

51 updated signatures:

HIGH	APP:ORACLE:OUTSIDE-IN-FLASHPIX	APP: Oracle Outside In FlashPix Image Processing Heap Buffer Overflow
MEDIUM	DNS:TUNNEL:SHORT-TTL	DNS: Short Time To Live Response
HIGH	HTTP:ORACLE:OUTSIDEIN-MET-BOF	HTTP: Oracle Outside In OS 2 Metafile Parser Stack Buffer Overflow
HIGH	DNS:REPERR:NAPRT-IOF	DNS: Name Authority Pointer Integer Overflow
HIGH	VNC:OVERFLOW:SER-WRT-SCALNG-RCE	VNC: LibVNCServer Scaling Use After Free
MEDIUM	HTTP:STC:ACTIVEX:PROCLIMA-F1BV	HTTP: Schneider Electric ProClima F1BookView Unsafe ActiveX Control
HIGH	HTTP:STC:SAP-SQL-ALIAS-BOF	HTTP: SAP SQL Anywhere Data Provider Column Alias Remote Stack Buffer Overflow
HIGH	DNS:ISC-INSIST-DOS	DNS: ISC BIND apl_42.c INSIST Assertion Failure Denial of Service
MEDIUM	HTTP:APACHE:MOD-CACHE-DOS	HTTP: Apache HTTP Server Mod_Cache Caching Forward Proxy Configuration NULL Pointer Dereference Remote Denial of Service
HIGH	APP:ORACLE:OUTSIDEIN-MET-HOVF	APP: Oracle Outside In OS 2 Metafile Parser Heap Buffer Overflow
HIGH	DNS:SAMBA-DNS-REPLY-FLAG-DOS	DNS: Samba DNS Reply Flag Denial of Service
HIGH	SCADA:CODESYS-CONTROL-SERVICE	SCADA: Smart Software Solutions CoDeSys ControlService Stack Buffer Overflow
HIGH	HTTP:ORACLE:OUTSIDE-IN-MSACCESS	HTTP: Oracle Outside In Microsoft Access 1.x Parser Buffer Overflow
HIGH	HTTP:STC:DL:CLAMAV-UPX-BO	HTTP: ClamAV UPX File Handling Heap Overflow
HIGH	HTTP:ORACLE:COREL-DRAW-BO	HTTP: Oracle Outside In CorelDRAW File Parser Buffer Overflow
HIGH	HTTP:STC:ADOBE:WRITE-CONFUSION	HTTP: Adobe Flash Player writeExternal Type Confusion Remote Code Execution
HIGH	HTTP:ORACLE:OS-2-METAFILE-BOF	HTTP: Oracle Outside In OS 2 Metafile Parser Stack Buffer Overflow (2)
HIGH	APP:NOVELL-EDIR-LEN-DOS	APP: Novell eDirectory Unchecked Length Denial of Service
HIGH	APP:CUPS:GIF-READ-LZW-OF	APP: Apple CUPS gif_read_lzw Heap Buffer Overflow
HIGH	HTTP:OVERFLOW:LIBYAML-SCANNER	HTTP: LibYAML Scanner yaml_parser_scan_uri_escapes Heap Buffer Overflow
HIGH	HTTP:STC:DL:CVE-2016-0015-RCE	HTTP: Microsoft Windows CVE-2016-0015 Remote Code Execution
CRITICAL	SSL:SERVER-HELLO-SESSION-ID-OF	SSL: Server Hello Session ID Overflow
HIGH	DNS:OVERFLOW:GNU-C-GLIBC	DNS: GNU C Library glibc getanswer_r Buffer Overflow
HIGH	APP:ORACLE:OOXML-TAG	APP: Oracle Outside In OOXML Relationship Tag Parsing Stack Buffer Overflow
MEDIUM	DNS:CRAFTED-MX	DNS: Microsoft Exchange Crafted MX Record
HIGH	MS-RPC:LSASS:NTLM-DOS	MS-RPC: Microsoft Windows LSASS NTLM Remote Denial of Service
HIGH	SMB:OF:MS-BROWSER-ELECT	SMB: Microsoft Windows BROWSER ELECTION Buffer Overflow
MEDIUM	HTTP:STC:SCRIPT:APACHE-XML-DOS	HTTP: Apache Santuario XML Security for Java DTD Denial of Service
HIGH	DNS:ISC-BIND-REGEX-DOS	DNS: ISC BIND Regular Expression Handling Denial of Service
HIGH	DB:ORACLE:METAFILE-PARSER-DOS	DB: Oracle Outside In OS 2 Metafile Parser Denial of Service
HIGH	HTTP:STC:DL:CVE-2015-1642-RCE	HTTP: Microsoft Office Word CVE-2015-1642 Remote Code Execution
HIGH	DB:ORACLE:OUTSIDE-IN-XPM-IMG-BO	DB: Oracle Outside In XPM Image Processing Stack Buffer Overflow
MEDIUM	APP:MISC:ZIMBRA-COLLAB-INFODISC	APP: Zimbra Collaboration Server Local File Inclusion Information Disclosure
MEDIUM	HTTP:STC:TOMCAT-CHUNKED-REQ-DOS	HTTP: Apache Tomcat Chunked Request Handling Denial of Service
HIGH	HTTP:STC:DL:CAB-VULNS	HTTP: Cab File Multiple Vulnerabilities
HIGH	APP:ORACLE:OUTSIDE-JPEG2-CODCOC	APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow
HIGH	HTTP:NOVELL:DHOST-URI-BOF	HTTP: Novell eDirectory dhost URI Parsing Buffer Overflow
HIGH	HTTP:STC:DL:ORACLE-LOTUS-123	HTTP: Oracle Outside In Lotus 1-2-3 Heap Buffer Overflow
MEDIUM	HTTP:APACHE:SERVER-MOD-STATS-BO	HTTP: Apache Server Mod Status Race Condition Buffer Overflow
HIGH	HTTP:STC:DL:CVE-2016-0010-RCE	HTTP: Microsoft Office CVE-2016-0010 Remote Code Execution
HIGH	HTTP:STC:DL:SOPHOS-PDF-FILE-OF	HTTP: Sophos Anti-Virus PDF Handling Stack Buffer Overflow
HIGH	HTTP:STC:PHP-DATE-TIME-OBJ-RCE	HTTP: PHP DateTimeZone Object Remote Code Execution
HIGH	HTTP:STC:CVE-2016-0024-RCE	HTTP: Microsoft Edge CVE-2016-0021 Remote Code Execution
HIGH	SSH:OPENSSH:NOVEL-NETWARE	SSH: Novell NetWare OpenSSH Buffer Overflow
HIGH	SMTP:MAL:EXIM4-HEADER	SMTP: Exim4 Malformed Header
HIGH	HTTP:PHP:FTP-GENLIST-IO	HTTP: PHP FTP Genlist Method Integer Overflow
MEDIUM	HTTP:INFO-LEAK:MS-PKCS-INFODISC	HTTP: Microsoft ASP.NET PKCS Padding Information Disclosure
HIGH	APP:ORACLE:OUTSIDE-JPEG2-CRG	APP: Oracle Outside In JPEG 2000 CRG Segment Processing Heap Buffer Overflow
MEDIUM	HTTP:APACHE:MODPROXY-AJP-DOS	HTTP: Apache HTTPD mod_proxy_ajp Denial Of Service
MEDIUM	HTTP:ORACLE:PARADOX-DB-DOS	HTTP: Oracle Outside In Paradox Database Stream Filter Denial of Service
HIGH	APP:VMAUTH-FS	APP: VMware Authorization Service User Credential Parsing Denial of Service

1 renamed signature:

DB:ORACLE:TNS:INTERMEDIA-DOS-1

DB:ORACLE:TNS:INTERMEDIA-DOS

Details of the signatures included within this bulletin:

APP:ORACLE:OUTSIDE-IN-FLASHPIX - APP: Oracle Outside In FlashPix Image Processing Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Outside-In. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

cve: CVE-2012-1744
bugtraq: 54552

Affected Products:

Oracle Oracle Outside In Technology 8.3.5
Oracle Oracle Outside In Technology 8.3.7

HTTP:ORACLE:OUTSIDEIN-MET-BOF - HTTP: Oracle Outside In OS 2 Metafile Parser Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle Outside-In. The vulnerability is due to a boundary error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed files. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

cve: CVE-2013-5763

HTTP:STC:DL:CLAMAV-UPX-BO - HTTP: ClamAV UPX File Handling Heap Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the ClamAV AntiVirus product. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application. Version 0.88.1 and 0.88.4, and other versions before 0.88.5 are affected by this vulnerability.

Supported On:

References:

cve: CVE-2006-4018
bugtraq: 19381

Affected Products:

clamav 0.84 (rc1)
clamav 0.86 (rc1)
clamav 0.86.2
clamav 0.85
clamav 0.87.1
clamav 0.88.3
clamav 0.85.1
clamav 0.86.1
clamav 0.84 (rc2)
clamav 0.88.2
clamav 0.83
clamav 0.81 (rc1)
clamav 0.87
clamav 0.82
clamav 0.88.1
clamav 0.88

HTTP:STC:SAP-SQL-ALIAS-BOF - HTTP: SAP SQL Anywhere Data Provider Column Alias Remote Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against SAP. A successful exploit can result in a buffer overflow and arbitrary code execution.

Supported On:

srx-branch-11.4, srx-branch-12.1, srx-10.0, srx-branch-10.0, srx-12.1, idp-5.1.0, idp-5.1.110151004, idp-5.1.110151117, srx-11.4

References:

cve: CVE-2014-9264

HTTP:STC:PHP-DATE-TIME-OBJ-RCE - HTTP: PHP DateTimeZone Object Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against PHP. A successful exploit can lead to remote code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

HTTP:NOVELL:DHOST-URI-BOF - HTTP: Novell eDirectory dhost URI Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Novell eDirectory. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

References:

cve: CVE-2009-4653
bugtraq: 36815

Affected Products:

novell edirectory 8.8 (sp5)

APP:ORACLE:OUTSIDEIN-MET-HOVF - APP: Oracle Outside In OS 2 Metafile Parser Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Outside-in Technology. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

url: http://www.oracle.com/us/technologies/embedded/025613.htm

DNS:SAMBA-DNS-REPLY-FLAG-DOS - DNS: Samba DNS Reply Flag Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Samba DNS Reply Flag. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. An attacker could exploit this vulnerability by sending a DNS query to a vulnerable server with a spoofed source IP address of another vulnerable server. Successful exploitation could result in excessive consumption of resources on both vulnerable servers, possibly causing a denial of service condition.

Supported On:

References:

cve: CVE-2014-0239

SCADA:CODESYS-CONTROL-SERVICE - SCADA: Smart Software Solutions CoDeSys ControlService Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Smart Software Solutions CoDeSys. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 50849
cve: CVE-2011-5007

Affected Products:

3S - Smart Software Solutions GmbH CoDeSys 2.3
3S - Smart Software Solutions GmbH CoDeSys 3.4 SP4 Patch 2
3S - Smart Software Solutions GmbH CoDeSys 3.4

DB:ORACLE:OUTSIDE-IN-XPM-IMG-BO - DB: Oracle Outside In XPM Image Processing Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in XPM Image Processing of Oracle Outside-In. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

DI-Base, DI-Client, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

url: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

DNS:REPERR:NAPRT-IOF - DNS: Name Authority Pointer Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft DNS server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

cve: CVE-2011-1966
bugtraq: 49012

Affected Products:

Microsoft Windows Server 2008 R2 Itanium SP1
Microsoft Windows Server 2008 R2 x64 SP1
Microsoft Windows Server 2008 R2 Datacenter
Microsoft Windows Server 2008 Standard Edition - Sp2 Web
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 R2 Standard Edition
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 Standard Edition - Gold Hpc
Microsoft Windows Server 2008 Standard Edition - Gold Datacenter
Microsoft Windows Server 2008 Standard Edition - Gold
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 R2 Enterprise Edition
Microsoft Windows Server 2008 Standard Edition Itanium
Microsoft Windows Server 2008 Standard Edition - Gold Enterprise
Microsoft Windows Server 2008 Standard Edition - Gold Itanium
Microsoft Windows Server 2008 Standard Edition R2
Microsoft Windows Server 2008 Standard Edition R2 SP1
Microsoft Windows Server 2008 - Sp2 Enterprise X64
Microsoft Windows Server 2008 Standard Edition - Gold Standard
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition Release Candidate
Microsoft Windows Server 2008 Datacenter Edition Release Candidate
Microsoft Windows Server 2008 Standard Edition - Gold Web
Microsoft Windows Server 2008 Standard Edition Release Candidate
Microsoft Windows Server 2008 Standard Edition - Sp2 Storage
Microsoft Windows Server 2008 Standard Edition - Gold Storage
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc
Microsoft Windows Server 2008 SP2 Beta
Microsoft Windows Server 2008 R2 Datacenter SP1

HTTP:STC:ADOBE:WRITE-CONFUSION - HTTP: Adobe Flash Player writeExternal Type Confusion Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-11.4, DI-Client, idp-4.1.110110719, DI-Worm, idp-4.0.0, mx-11.4, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

cve: CVE-2015-7645

HTTP:OVERFLOW:LIBYAML-SCANNER - HTTP: LibYAML Scanner yaml_parser_scan_uri_escapes Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the LibYAML Scanner. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2014-2525

HTTP:ORACLE:OS-2-METAFILE-BOF - HTTP: Oracle Outside In OS 2 Metafile Parser Stack Buffer Overflow (2)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle Outside In OS 2. The vulnerability is due to an error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed file. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.

Supported On:

References:

bugtraq: 64825
cve: CVE-2013-5879

APP:NOVELL-EDIR-LEN-DOS - APP: Novell eDirectory Unchecked Length Denial of Service

Severity: HIGH

Description:

A denial of service vulnerability exists for Novell eDirectory. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable server. This can cause the service to consume an excessive amount of memory, creating a denial of service condition in the process.

Supported On:

References:

bugtraq: 46263
cve: CVE-2010-4327

Affected Products:

Novell eDirectory 8.8 SP3
Novell eDirectory 8.8 SP5 Patch 4
Novell eDirectory 8.8 SP4
Novell eDirectory 8.8 SP1
Novell eDirectory 8.8 SP2
Novell eDirectory 8.8 SP5
Novell eDirectory 8.8 SP5 FTF1
Novell eDirectory 8.8.5.2
Novell eDirectory 8.8.5 Ftf1
Novell eDirectory 8.8
Novell eDirectory 8.8.5 FTF3
Novell eDirectory 8.8.1
Novell eDirectory 8.8.5
Novell eDirectory 8.8.5.3
Novell eDirectory 8.8.2 Ftf2
Novell eDirectory 8.8 SP3 FTF3
Novell eDirectory 8.8.2
Novell eDirectory 8.8 SP4 FTF1

SMTP:MAL:EXIM4-HEADER - SMTP: Exim4 Malformed Header

Severity: HIGH

Description:

This signature detects attempts to exploit a known remote code-execution vulnerability in Exim4. Attackers can exploit this issue to execute code as the"exim" user and can leverage this issue to launch further attacks. Versions prior to Exim 4.70 are vulnerable.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

Affected Products:

Debian Linux 5.0 Hppa
Debian Linux 5.0 Ia-32
Debian Linux 5.0 Ia-64
Debian Linux 5.0 M68k
University of Cambridge Exim 4.66
University of Cambridge Exim 4.69
Debian Linux 5.0 Powerpc
University of Cambridge Exim 4.20.0
University of Cambridge Exim 4.21.0
Red Hat Enterprise Linux 5.4.Z Server
Red Hat Enterprise Linux Desktop 5 Client
Debian Linux 5.0 Armel
University of Cambridge Exim 3.3.0
University of Cambridge Exim 3.35.0
Debian Linux 5.0 Mips
University of Cambridge Exim 4.10.0
Debian Linux 5.0 Mipsel
University of Cambridge Exim 3.36.0
Debian Linux 5.0 Amd64
University of Cambridge Exim 2.0.0 X
Red Hat Enterprise Linux AS 4
University of Cambridge Exim 4.32.0
Red Hat Enterprise Linux WS 4
Red Hat Enterprise Linux Desktop Version 4
University of Cambridge Exim 3.0.0 X
Debian Linux 5.0 S/390
Red Hat Enterprise Linux 5 Server
University of Cambridge Exim 1.6.51
Debian Linux 5.0 Sparc
University of Cambridge Exim 4.43.0
University of Cambridge Exim 4.42.0
University of Cambridge Exim 4.41.0
cPanel
University of Cambridge Exim 4.34.0
University of Cambridge Exim 4.33.0
University of Cambridge Exim 3.0.0
University of Cambridge Exim 3.33.0
University of Cambridge Exim 3.952.0
University of Cambridge Exim 3.34.0
University of Cambridge Exim 3.32.0
University of Cambridge Exim 3.3.0 2
University of Cambridge Exim 3.19.0
University of Cambridge Exim 3.31.0
University of Cambridge Exim 3.21.0
University of Cambridge Exim 3.20.0
University of Cambridge Exim 3.22.0
University of Cambridge Exim 3.18.0
Red Hat Enterprise Linux AS 4.7.Z
University of Cambridge Exim 3.16.0
University of Cambridge Exim 3.17.0
University of Cambridge Exim 3.14.0
University of Cambridge Exim 3.13.0
University of Cambridge Exim 3.12.0
University of Cambridge Exim 3.11.0
Red Hat Enterprise Linux ES 4.7.Z
SuSE openSUSE 11.3
University of Cambridge Exim 1.6.2
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.3
SuSE openSUSE 11.2
Red Hat Enterprise Linux 5.3.Z Server
University of Cambridge Exim 3.30.0
University of Cambridge Exim 4.52.0
Red Hat Enterprise Linux ES 4
University of Cambridge Exim 4.40.0
Avaya Aura System Manager 6.1 Sp1
Avaya Aura System Manager 6.1 SP2
Avaya Aura System Manager 6.1.1
University of Cambridge Exim 3.3.0 1
University of Cambridge Exim 3.15.0
SuSE openSUSE 11.1
University of Cambridge Exim 4.60.0
Debian Linux 5.0
Debian Linux 5.0 Alpha
Avaya Aura System Manager 6.1
Debian Linux 5.0 Arm

HTTP:STC:NTP-DECODENETNUM-AF - HTTP: Network Time Protocol Daemon decodenetnum Assertion Failure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Network Time Protocol daemon (NTPD). A successful attack can lead to denial-of-service.

Supported On:

References:

SSL:SERVER-HELLO-SESSION-ID-OF - SSL: Server Hello Session ID Overflow

Severity: CRITICAL

Description:

This signature detects overlarge Session ID's in a Server Hello message. A successful attack could result in arbitrary code execution with the privileges of the receiving client process, possibly root.

Supported On:

References:

url: http://securitytracker.com/id?1030314
bugtraq: 67741
url: http://www.gnutls.org/security.html#GNUTLS-SA-2014-3
url: https://bugzilla.redhat.com/show_bug.cgi?id=1101932
cve: CVE-2014-3466

HTTP:INFO-LEAK:MS-PKCS-INFODISC - HTTP: Microsoft ASP.NET PKCS Padding Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft .NET Framework ASP.NET. A successful attack can lead to unauthorized information disclosure.

Supported On:

References:

bugtraq: 43316
cve: CVE-2010-3332

Affected Products:

Microsoft .NET Framework 2.0
Microsoft .NET Framework 1.1 SP2
Microsoft .NET Framework 4.0
Microsoft .NET Framework 1.1 SP3
Avaya Aura Conferencing 6.0
Avaya Messaging Application Server
Microsoft .NET Framework 2.0 SP2
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Microsoft SharePoint Server 2007
Microsoft .NET Framework 3.0
Avaya CallPilot Unified Messaging
Microsoft .NET Framework 3.5
Microsoft .NET Framework 1.1
Microsoft SharePoint Services 3.0 SP1
Microsoft SharePoint Services 3.0 SP2
Avaya Messaging Application Server MM 1.1
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Microsoft SharePoint Server 2007 12.0.0.6421
Microsoft SharePoint Server 2007 SP1
Microsoft SharePoint Services 64-bit 2.0
Avaya Messaging Application Server MM 2.0
Microsoft .NET Framework 2.0 SP1
Microsoft .NET Framework 1.0 SP2
Microsoft SharePoint Server 2007 x64 SP1
Microsoft .NET Framework 1.0 SP3
Microsoft SharePoint Server 2007 x64
Avaya Communication Server 1000 Telephony Manager
Gentoo Linux
Avaya Aura Conferencing 6.0 Standard
Microsoft .NET Framework 1.1 SP1
Microsoft SharePoint Server 2007 12.0.0.6318
Microsoft .NET Framework 1.0 SP1
Microsoft .NET Framework 1.0
Microsoft SharePoint Server 2007 Enterprise Edition
Microsoft SharePoint Server 2007 SP2
Microsoft SharePoint Server 2007 x64 SP2
Microsoft .NET Framework 3.5 SP1
Microsoft SharePoint Server 2007 Standard Edition
Microsoft SharePoint Server 2010 Enterprise Edition
Microsoft SharePoint Server 2010 Standard Edition

DNS:CRAFTED-MX - DNS: Microsoft Exchange Crafted MX Record

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the way that Microsoft Windows Simple Mail Transfer Protocol (SMTP) component handles specially crafted DNS Mail Exchanger (MX) resource records. Because authentication is not required, an attacker can exploit this flaw by sending a specially crafted network message to a computer running the SMTP service. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2010-0024
url: http://www.microsoft.com/technet/security/Bulletin/MS10-024.aspx
bugtraq: 39308

Affected Products:

Microsoft Windows Server 2008 R2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Exchange Server 2003
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows 2000 Professional
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Advanced Server SP1
Avaya Messaging Application Server MM 3.1
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows 2000 Datacenter Server SP2
Avaya Messaging Application Server MM 1.1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 Standard Edition
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Microsoft Windows 2000 Advanced Server
Avaya Meeting Exchange - Webportal
Microsoft Windows Server 2003 Standard Edition SP2
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Exchange Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows Server 2008 Datacenter Edition
Avaya Meeting Exchange - Client Registration Server
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows 2000 Professional SP2
Avaya Meeting Exchange - Web Conferencing Server
Avaya Messaging Application Server
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Windows Server 2008 R2 Datacenter
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems
Avaya Messaging Application Server MM 2.0
Microsoft Windows Server 2008 SP2 Beta
Avaya Messaging Application Server MM 3.0

DNS:OVERFLOW:GNU-C-GLIBC - DNS: GNU C Library glibc getanswer_r Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a code execution vulnerability in GNU C Library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.

Supported On:

References:

cve: CVE-2015-1781

HTTP:PHP:FTP-GENLIST-IO - HTTP: PHP FTP Genlist Method Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the PHP's ftp_genlist Method. Successful exploitation could lead to arbitrary code execution

Supported On:

References:

url: http://php.net/changelog-5.php#5.6.9
cve: CVE-2015-4022
url: http://securitytracker.com/id?1032433

DB:ORACLE:METAFILE-PARSER-DOS - DB: Oracle Outside In OS 2 Metafile Parser Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Outside In OS 2 Metafile. It is due to improper boundary checking and can be exploited to cause a buffer overflow prior to authentication. A remote unauthenticated attacker can exploit this vulnerability to terminate the application, causing a denial-of-service condition.

Supported On:

APP:MISC:ZIMBRA-COLLAB-INFODISC - APP: Zimbra Collaboration Server Local File Inclusion Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known local file inclusion vulnerability in Zimbra Collaboration Server. It is due to insufficient validation of user-supplied input. A successful attack can result in loss of sensitive information.

Supported On:

References:

bugtraq: 64149
cve: CVE-2013-7091

Affected Products:

zimbra zimbra_collaboration_suite 6.0.2
zimbra zimbra_collaboration_suite 6.0.3
zimbra zimbra_collaboration_suite 6.0.4
zimbra zimbra_collaboration_suite 6.0.13
zimbra zimbra_collaboration_suite 6.0.10
zimbra zimbra_collaboration_suite 6.0.6
zimbra zimbra_collaboration_suite 6.0.5
zimbra zimbra_collaboration_suite 6.0.14
zimbra zimbra_collaboration_suite 6.0.1
zimbra zimbra_collaboration_suite 6.0.8
zimbra zimbra_collaboration_suite 6.0.16
zimbra zimbra_collaboration_suite 6.0
zimbra zimbra_collaboration_suite 6.0.12
zimbra zimbra_collaboration_suite 6.0.9
zimbra zimbra_collaboration_suite 6.0.7
zimbra zimbra_collaboration_suite 6.0.15

HTTP:STC:TOMCAT-CHUNKED-REQ-DOS - HTTP: Apache Tomcat Chunked Request Handling Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful exploit can lead to denial of service.

Supported On:

References:

cve: CVE-2014-0227

HTTP:STC:DL:ORACLE-LOTUS-123 - HTTP: Oracle Outside In Lotus 1-2-3 Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle's Outside In SDK. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2012-0110
url: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
bugtraq: 51452

Affected Products:

NewSoft Presto! PageManager 9
Oracle Outside In 8.3.5.0
windream windream server
Novell Groupwise 8.0 HP2
Oracle Outside In 8.3.7
AccessData FTK 3.2
Kroll Ontrack EasyRecovery
Kroll Ontrack PowerControls
McAfee Host Data Loss Prevention 9.0
ACD Systems Inc ACDSee Canvas 12
Avantstar Inc. Quick View Plus 11
X1 Technologies X1 Professional Client 6.7.2
HP Trim
Kamel Software Fastlook 2009
Novell Groupwise 8.02 HP1
AccessData Group FTK 3.3
AccessData Group FTK 3.4
Guidance Software Forensics 6.19.2
Guidance Software Encase Forensics 7.02.02
Guidance Software Encase Forensics 6.19.2
kCura Relativity
Lucion FileCenter 7.1.0.35
MarkLogic Server 4.0
MarkLogic Server 4.1
MarkLogic Server 4.2
McAfee GroupShield 7.0.716.101
Perlustro ILook
Novell Groupwise 8.01X
Novell Groupwise 8.0 SP2
Novell Groupwise 8.02 HP2
Symantec Enterprise Vault 10.0
Symantec Enterprise Vault 9.0
Symantec Enterprise Vault 8.0 SP5
Symantec Enterprise Vault 8.0 SP4
Symantec Enterprise Vault 9.0.1
Symantec Enterprise Vault 9.0.2
IBM OmniFind 8.5
IBM OmniFind 9.0
Novell Groupwise 8.0 SP1
IBM OmniFind 9.1
IBM OmniFind 8.5 Fixpack 6
Novell Groupwise 8.0
Novell Groupwise 8.0 HP1
Symantec Enterprise Vault 7.5
Symantec Enterprise Vault 8.0
Novell Groupwise 8.02 HP3
Novell Groupwise 8.0 HP3
Novell Groupwise 8.02

MS-RPC:LSASS:NTLM-DOS - MS-RPC: Microsoft Windows LSASS NTLM Remote Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the Microsoft Windows Local Security Authority Subsystem Service (LSASS). A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-11.4, idp-4.1.110110719, mx-11.4, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

bugtraq: 36593
cve: CVE-2009-2524

Affected Products:

Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows 7 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista SP2
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2003 x64 SP2
Avaya Meeting Exchange 5.0.0.0.52
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows Vista x64 Edition
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003 Itanium
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Avaya Meeting Exchange 5.2
Microsoft Windows Server 2008 R2 Datacenter
Avaya Messaging Application Server
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.1 SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Tablet PC Edition
Avaya Messaging Application Server MM 1.1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP Home SP1
Microsoft Windows XP Professional SP1
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Professional x64 Edition SP3
Microsoft Windows XP Professional SP3
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Home SP3
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition Itanium
Avaya Meeting Exchange 5.1
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows Vista
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Avaya Messaging Application Server MM 2.0
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows Vista SP1
Avaya Meeting Exchange 5.0
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Vista Business 64-bit edition
Microsoft Windows Vista Enterprise 64-bit edition
Microsoft Windows Vista Home Premium 64-bit edition
Microsoft Windows Vista Ultimate 64-bit edition
Avaya Meeting Exchange - Enterprise Edition
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems

HTTP:APACHE:SERVER-MOD-STATS-BO - HTTP: Apache Server Mod Status Race Condition Buffer Overflow

Severity: MEDIUM

Description:

A race condition flaw, leading to heap-based buffer overflows, was found in the aache server. A remote attacker could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user.

Supported On:

References:

cve: CVE-2014-0226
bugtraq: 68678
url: http://httpd.apache.org/security/vulnerabilities_24.html

HTTP:STC:DL:CVE-2016-0010-RCE - HTTP: Microsoft Office CVE-2016-0010 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful exploit can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0010

APP:ORACLE:OUTSIDE-JPEG2-CRG - APP: Oracle Outside In JPEG 2000 CRG Segment Processing Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability exists in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability exists when handling the CRG marker segments in JPEG 2000 files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Supported On:

References:

cve: CVE-2011-4517
url: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
bugtraq: 50992

Affected Products:

Mandriva Linux Mandrake 2011 x86_64
Oracle Enterprise Linux 4
Red Hat Fedora 16
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 10.04 Amd64
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux HPC Node 6
JasPer 1.900
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Workstation Optional 6
Oracle Enterprise Linux 6
Ubuntu Ubuntu Linux 10.10 i386
Avaya Aura Experience Portal 6.0
Debian Linux 6.0 powerpc
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 8.04 LTS Sparc
Red Hat Enterprise Linux AS 4
Ubuntu Ubuntu Linux 11.04 ARM
Red Hat Enterprise Linux WS 4
Red Hat Enterprise Linux Desktop Version 4
Oracle Outside In 8.3.5.0
Mandriva Linux Mandrake 2010.1 X86 64
Mandriva Linux Mandrake 2010.1
Debian Linux 6.0 amd64
Ubuntu Ubuntu Linux 8.04 LTS Amd64
Ubuntu Ubuntu Linux 8.04 LTS I386
Ubuntu Ubuntu Linux 8.04 LTS Lpia
Red Hat Enterprise Linux Desktop Workstation 5 Client
Red Hat Enterprise Linux 5 Server
Oracle Enterprise Linux 6.2
Symantec Enterprise Vault 9.0.2
Mandriva Enterprise Server 5
SuSE SUSE Linux Enterprise Server for VMware 11 SP1
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Debian Linux 6.0 arm
Red Hat Fedora 15
Debian Linux 6.0 sparc
Debian Linux 6.0 ia-64
Debian Linux 6.0 mips
Debian Linux 6.0 s/390
Oracle Outside In 8.3.5.0
SuSE SUSE Linux Enterprise Desktop 11 SP1
Ubuntu Ubuntu Linux 8.04 LTS Powerpc
JasPer 1.900.1
Gentoo Linux
SuSE openSUSE 11.3
Ubuntu Ubuntu Linux 11.04 i386
Mandriva Enterprise Server 5 X86 64
Symantec Enterprise Vault 10.0
Symantec Enterprise Vault 9.0
Ubuntu Ubuntu Linux 10.04 Sparc
Symantec Enterprise Vault 9.0.1
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux Desktop 5 Client
JasPer 1.701
Mandriva Linux Mandrake 2011
Ubuntu Ubuntu Linux 10.10 ARM
Oracle Outside In 8.3.7
SuSE SUSE Linux Enterprise Server 11 SP1
Ubuntu Ubuntu Linux 10.04 I386
SuSE SUSE Linux Enterprise SDK 11 SP1
Oracle Enterprise Linux 5
Debian Linux 6.0 ia-32
Red Hat Enterprise Linux HPC Node Optional 6
SuSE openSUSE 11.4
Ubuntu Ubuntu Linux 10.04 Powerpc

HTTP:STC:DL:SOPHOS-PDF-FILE-OF - HTTP: Sophos Anti-Virus PDF Handling Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Sophos Anti-Virus and Endpoint Protection. A successful attack can lead to a buffer overflow and arbitrary remote code execution with elevated privileges.

Supported On:

srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

bugtraq: 56401

HTTP:STC:CVE-2016-0024-RCE - HTTP: Microsoft Edge CVE-2016-0021 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful exploit can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0024

HTTP:STC:DL:CVE-2016-0015-RCE - HTTP: Microsoft Windows CVE-2016-0015 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0015

HTTP:APACHE:MOD-CACHE-DOS - HTTP: Apache HTTP Server Mod_Cache Caching Forward Proxy Configuration NULL Pointer Dereference Remote Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache httpd proxy server. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 68863
cve: CVE-2013-4352

SSH:OPENSSH:NOVEL-NETWARE - SSH: Novell NetWare OpenSSH Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell Netware. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

bugtraq: 42875

Affected Products:

Novell Netware 6.5.0

DB:ORACLE:TNS:INTERMEDIA-DOS - TNS: Oracle Database InterMedia Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Database Server's InterMedia system. This issue is caused by insufficient sanitization of user-supplied data in SQL statements. An attacker with limited privileges can exploit this vulnerability to create a denial-of-service condition on a vulnerable Oracle Database Server.

Supported On:

References:

Affected Products:

Oracle Oracle9i Personal Edition 9.2.0 .0.3
Oracle Oracle9i Standard Edition 9.2.0 .0.3
Oracle Oracle9i Enterprise Edition 9.2.0 .0.3
Oracle Oracle10g Standard Edition 10.1.0 .0.2
Oracle Oracle10g Personal Edition 10.1.0 .0.2
Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
Oracle Oracle10g Enterprise Edition 9.0.4 .0
Oracle Oracle10g Personal Edition 9.0.4 .0
Oracle Oracle10g Standard Edition 9.0.4 .0
Oracle Oracle9i Personal Edition 9.2.0
Oracle Oracle9i Standard Edition 9.2.0
Oracle Oracle9i Personal Edition 9.2.0 .0.1
Oracle Oracle9i Enterprise Edition 9.0.0 .2.4
Oracle Oracle9i Personal Edition 9.0.0 .2.4
Oracle Oracle9i Standard Edition 9.0.0 .2.4
Oracle Oracle9i Personal Edition 9.2.0 .0.5
Oracle Oracle9i Standard Edition 9.2.0 .0.5
Oracle Oracle9i Standard Edition 9.2.0 .0.2
Oracle Oracle9i Enterprise Edition 9.2.0 .0
Oracle Oracle9i Enterprise Edition 9.2.0.2
Oracle Oracle9i Personal Edition 9.2.0 .0.2
Oracle Oracle9i Enterprise Edition 9.2.0 .0.1
Oracle Oracle9i Standard Edition 9.2.0 .0.1

APP:ORACLE:OOXML-TAG - APP: Oracle Outside In OOXML Relationship Tag Parsing Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Oracle Outside. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open an OOXML document with an affected application. This can cause a stack buffer overflow, resulting in arbitrary code execution in the context of the affected application. If code execution is unsuccessful, the affected application may terminate unexpectedly.

Supported On:

References:

url: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

APP:SAP:3DM-FILE-BOF - APP: SAP 3D Visual Enterprise Viewer 3DM File Buffer Overflow

Severity: HIGH

Description:

A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Viewer. The vulnerability is caused by improper validation of the size value read from a Rhino 3D Model (3DM) file. By enticing a user to open a crafted 3DM file with the affected application, an attacker could possibly exploit this vulnerability to execute arbitrary code with the privileges with currently logged on user.

Supported On:

HTTP:STC:ADOBE:CVE-2016-0932-CE - HTTP: Adobe PDF CVE-2016-0932 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-0932

APP:ORACLE:OUTSIDE-JPEG2-CODCOC - APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability exists in Oracle Outside In, a set of libraries used to decode many file formats. The vulnerability is exposed when the product is used to handle JPEG 2000 files. Oracle Outside In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Supported On:

References:

cve: CVE-2011-4516
url: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
bugtraq: 50992

Affected Products:

Mandriva Linux Mandrake 2011 x86_64
Oracle Enterprise Linux 4
Red Hat Fedora 16
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 10.04 Amd64
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux HPC Node 6
JasPer 1.900
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Workstation Optional 6
Oracle Enterprise Linux 6
Ubuntu Ubuntu Linux 10.10 i386
Avaya Aura Experience Portal 6.0
Debian Linux 6.0 powerpc
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 8.04 LTS Sparc
Red Hat Enterprise Linux AS 4
Ubuntu Ubuntu Linux 11.04 ARM
Red Hat Enterprise Linux WS 4
Red Hat Enterprise Linux Desktop Version 4
Oracle Outside In 8.3.5.0
Mandriva Linux Mandrake 2010.1 X86 64
Mandriva Linux Mandrake 2010.1
Debian Linux 6.0 amd64
Ubuntu Ubuntu Linux 8.04 LTS Amd64
Ubuntu Ubuntu Linux 8.04 LTS I386
Ubuntu Ubuntu Linux 8.04 LTS Lpia
Red Hat Enterprise Linux Desktop Workstation 5 Client
Red Hat Enterprise Linux 5 Server
Oracle Enterprise Linux 6.2
Symantec Enterprise Vault 9.0.2
Mandriva Enterprise Server 5
SuSE SUSE Linux Enterprise Server for VMware 11 SP1
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Debian Linux 6.0 arm
Red Hat Fedora 15
Debian Linux 6.0 sparc
Debian Linux 6.0 ia-64
Debian Linux 6.0 mips
Debian Linux 6.0 s/390
Oracle Outside In 8.3.5.0
SuSE SUSE Linux Enterprise Desktop 11 SP1
Ubuntu Ubuntu Linux 8.04 LTS Powerpc
JasPer 1.900.1
Gentoo Linux
SuSE openSUSE 11.3
Ubuntu Ubuntu Linux 11.04 i386
Mandriva Enterprise Server 5 X86 64
Symantec Enterprise Vault 10.0
Symantec Enterprise Vault 9.0
Ubuntu Ubuntu Linux 10.04 Sparc
Symantec Enterprise Vault 9.0.1
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux Desktop 5 Client
JasPer 1.701
Mandriva Linux Mandrake 2011
Ubuntu Ubuntu Linux 10.10 ARM
Oracle Outside In 8.3.7
SuSE SUSE Linux Enterprise Server 11 SP1
Ubuntu Ubuntu Linux 10.04 I386
SuSE SUSE Linux Enterprise SDK 11 SP1
Oracle Enterprise Linux 5
Debian Linux 6.0 ia-32
Red Hat Enterprise Linux HPC Node Optional 6
SuSE openSUSE 11.4
Ubuntu Ubuntu Linux 10.04 Powerpc

HTTP:STC:ADOBE:CVE-2016-0937-CE - HTTP: Adobe PDF CVE-2016-0937 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-0937

APP:VMAUTH-FS - APP: VMware Authorization Service User Credential Parsing Denial of Service

Severity: HIGH

Description:

A denial of service vulnerability has been reported in the authorization service of some VMware products. The flaw is due to a design error when processing login requests. An attacker can exploit this vulnerability by supplying malicious USER or PASS strings to the target host. Successful exploitation would result on the termination of the "vmware-authd" process causing a denial of service condition.

Supported On:

References:

bugtraq: 36630

Affected Products:

VMWare Workstation 7.0
VMWare Player 3.0
VMWare ACE 2.6
VMWare Workstation 6.5.2 Build 156735
VMWare Player 2.5.2 Build 156735
VMWare ACE 2.5.2 build 156735
VMWare Player 2.5.1
VMWare Workstation 6.5.1
VMWare ACE 2.5.1
VMWare ACE 2.5.2
VMWare Player 2.5.2
VMWare Workstation 6.5.2
VMWare Player 2.5.4
VMWare Workstation 6.5.0 Build 118166
VMWare Player 2.5.0 Build 118166
VMWare ACE 2.5.0 build 118166
VMWare Workstation 6.5.3
VMWare Workstation 6.5.3 Build 185404
VMWare Player 2.5.3 Build 185404
VMWare Player 2.5.3
VMWare ACE 2.5.3 Build 185404

DNS:TUNNEL:SHORT-TTL - DNS: Short Time To Live Response

Severity: MEDIUM

Description:

This signature detects DNS responses with very short Time To Live (TTL) values. This is not normal for DNS and is indicative of DNS tunneling. Dropping these packets will usually block the tunnel.

Supported On:

References:

cve: CVE-2014-3214
url: http://hsc.fr/ressources/outils/dns2tcp/
url: http://code.kryo.se/iodine/
url: http://dankaminsky.com/2004/07/29/51/

HTTP:STC:ADOBE:CVE-2016-0941-CE - HTTP: Adobe PDF CVE-2016-0941 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-0941

VNC:OVERFLOW:SER-WRT-SCALNG-RCE - VNC: LibVNCServer Scaling Use After Free

Severity: HIGH

Description:

This signature detects an attempts to exploit a known vulnerability against LibVNCServer. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:ACTIVEX:PROCLIMA-F1BV - HTTP: Schneider Electric ProClima F1BookView Unsafe ActiveX Control

Severity: MEDIUM

Description:

This signature detects attempts to use unsafe ActiveX control in Schneider Electric ProClima. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client application.

Supported On:

DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

cve: CVE-2015-7918

DNS:ISC-INSIST-DOS - DNS: ISC BIND apl_42.c INSIST Assertion Failure Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against BIND DNS package bind9. Successful exploitation could lead to denial-of-service.

Supported On:

DI-Base, DI-Client, DI-Server, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

cve: CVE-2015-8704

HTTP:ORACLE:OUTSIDE-IN-MSACCESS - HTTP: Oracle Outside In Microsoft Access 1.x Parser Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Outside-In Microsoft Access 1.x database files (.mdb) Parser. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 63076
cve: CVE-2013-5791

Affected Products:

oracle fusion_middleware 8.4
oracle fusion_middleware 8.4.1

HTTP:STC:IE:CVE-2016-0063-CE - HTTP: Microsoft Internet Explorer CVE-2016-0063 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0063

HTTP:STC:ACTIVEX:VLOG-OPLC-ACTX - HTTP: Unitronics VisiLogic OPLC IDE TeePreviewer ChartLink Unsafe ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in the Unitronics VisiLogic OPLC. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

url: http://www.zerodayinitiative.com/advisories/zdi-15-577/
cve: CVE-2015-6478

HTTP:STC:AUTODESK-GIF-BO - HTTP: Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Autodesk Design Review. A successful attack can lead to arbitrary code execution.

Supported On:

References:

HTTP:STC:CVE-2016-0033-DOS - HTTP: Microsoft .NET Framework Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft .NET framework. A successful attack can lead to Denial of service.

Supported On:

References:

cve: CVE-2016-0033

HTTP:STC:IE:CVE-2016-0072-RCE - HTTP: Microsoft Internet Explorer CVE-2016-0072 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to Remote Code Execution.

Supported On:

References:

cve: CVE-2016-0072

HTTP:STC:CVE-2016-0061-CE - HTTP: Microsoft Internet Explorer CVE-2016-0061 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0061

HTTP:STC:IE:CVE-2016-0071-CE - HTTP: Microsoft Internet Explorer CVE-2016-0071 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0071

HTTP:STC:DL:CVE-2016-0041-CE - HTTP: Microsoft Windows CVE-2016-0041 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known Vulnerability in Microsoft Windows Operating System. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

References:

cve: CVE-2016-0041

HTTP:MISC:MS-IIS-DOS - HTTP: Microsoft IIS Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to cause a denial-of-service (DoS) on Microsoft IIS. A successful attack could result in complete resource consumption and ultimately causing the web server to stop responding.

Supported On:

NTP:CRYPTO-NAK-AUTH-BYPASS - NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against NTP Daemon. The vulnerability is due to improper validation of crypto-NAK packets that leads to an NTP Symmetric association to be established with an unauthorized peer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted crypto-NAK NTP packet to the vulnerable service. Successful exploitation will let the attacker change the time on the target system, resulting in a policy bypass and potentially other security vulnerabilities.

Supported On:

References:

cve: CVE-2015-7871

SSL:SQUID-SSL-BUMP-DOS - SSL: Squid SSL-Bump Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Squid. The vulnerability is due to integer overflow and input validation errors in Squid when processing TLS messages. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted Client or Server Hello message, which when parsed triggers the vulnerability; the vulnerable application consumes an uncontrolled amount of resource and does not respond to requests, leading to a denial-of-service condition.

Supported On:

DNS:ISC-BIND-PACKAGE-DOS - DNS: ISC BIND buffer.c REQUIRE Assertion Failure Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against BIND DNS package bind9. A successful exploit can lead to denial of service.

Supported On:

References:

cve: CVE-2015-8705

HTTP:ORACLE:COREL-DRAW-BO - HTTP: Oracle Outside In CorelDRAW File Parser Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Outside-In. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

cve: CVE-2011-2264
bugtraq: 48766

Affected Products:

ACD Systems Inc ACDSee Canvas 12
NewSoft Presto! PageManager 9
Guidance Software EnCase Forensic V4 4.18.0 A
Novell Groupwise 8.0 HP2
Novell Groupwise 6.5.0 SP5
Kamel Software Fastlook 2009
Novell Groupwise 6.5 SP6 Update 3
Novell Groupwise 5.2.0
Novell Groupwise 5.5.0
Guidance Software EnCase Forensic 6.14
Cisco Security Agent 4.5.0
AccessData Forensic Toolkit 8.3.2.0
AccessData Forensic Toolkit 3.2
Novell Groupwise 6.5.0 SP3
Novell Groupwise 6.5.0 SP4
Novell Groupwise 6.0.1 Sp1
Oracle Fusion Middleware 8.3.5.0
Novell Groupwise 6.5.6
Avantstar Inc. Quick View Plus 11
HP Trim
Symantec Enterprise Vault 7.5
Novell Groupwise 8.0 HP1
Guidance Software EnCase Enterprise 4.0.0
Guidance Software EnCase Enterprise 4.16.0
Novell GroupWise Internet Agent 8.0
Cisco Security Agent 4.0.3.728
Cisco Security Agent 3.X
Cisco Security Agent 4.0.3
Cisco Security Agent 4.0.2
Cisco Security Agent 4.0.1
Cisco Security Agent 4.0.0
Cisco Security Agent 4.5.1.659
Cisco Security Agent 5.0.0.201
Novell Groupwise 6.5.0 SP1
McAfee GroupShield 7.0.716.101
Novell Groupwise 6.5.0 SP6 Update 1
Novell Groupwise 8.0 SP2
Cisco Security Agent 5.1.0 .79
IBM Content Integrator 8.5.1
Cisco Security Agent 3
Novell Groupwise 5.57E
Cisco Security Agent 5.2
Novell Groupwise 6.5.3
Novell Groupwise 6.5.0 SP2
Novell Groupwise 6.0.0 SP4
AccessData FTK 3.2
Kroll Ontrack EasyRecovery
Kroll Ontrack PowerControls
MarkLogic Server
Novell Groupwise 6.5.0 SP6
McAfee Host Data Loss Prevention 9.0
Novell Groupwise 6.5.0 Post SP6
Symantec Enterprise Vault 8.0 SP4
Cisco Security Agent 6.0(1.126)
Cisco Security Agent 6.0(2.099)
Cisco Security Agent 5.2.0.285
Cisco Security Agent 6.0
Cisco Security Agent 6.0.1.132
Cisco Security Agent 5.1.0.117
Cisco Security Agent 5.2.0.296
Novell Groupwise 8.02 HP1
Cisco Security Agent 4.5.1
Cisco Security Agent 4.5.1.639
Guidance Software EnCase Forensic 5.0
Guidance Software EnCase
Symantec Enterprise Vault 9.0.2
IBM DB2 9.7 fixpack 2
IBM DB2 9.7 fixpack 3
IBM DB2 9.7
IBM OmniFind 9.1
Novell Groupwise 8.0
Novell Groupwise 6.0.0
Oracle Fusion Middleware 8.3.2.0
Novell Groupwise 6.0.0 SP3
IBM Content Integrator 8.6
IBM Content Manager Enterprise Edition 8.4.3
IBM Classification Module 8.6
IBM CommonStore for Exchange 8.4
IBM CommonStore for Lotus Domino 8.4
IBM Content Analytics 2.1
IBM Content Analytics 2.2
IBM Content Collector for Email 2.1.1
IBM Content Collector for Email 2.2
IBM Content Collector for File Systems 2.1.1
Novell Groupwise 6.0.0 SP1
Novell Groupwise 6.0.0 SP2
IBM Content Collector for Microsoft SharePoint 2.2
IBM Document Manager 8.4.2
Cisco Security Agent 5.0
Cisco Security Agent 5.0.0.193
Cisco Security Agent 5.1
IBM FileNet Capture 5.2
IBM FileNet Capture 5.2.1
IBM FileNet Content Manager 5.0
IBM FileNet Content Manager 5.1
IBM FileNet Integrated Document Management Desktop 4.0.2
IBM FileNet Integrated Document Management Desktop 4.0.3
IBM InfoSphere Classification Module 8.7
IBM Production Imaging Edition 5.0
IBM WEB Interface for Content Management 1.0.1
IBM WEB Interface for Content Management 1.0.2
IBM WEB Interface for Content Management 1.0.3
IBM WEB Interface for Content Management 1.0.4
Novell Groupwise 6.5.2
Novell Groupwise 6.5.4
Cisco Security Agent 4.5.0
IBM Content Collector for File Systems 2.2
Guidance Software EnCase Forensic 6.12
Cisco Security Agent 2.1.0
Novell Groupwise 8.01X
IBM Content Collector for Microsoft SharePoint 2.1.1
Novell Groupwise 8.02
Novell Groupwise 8.02 HP2
Symantec Enterprise Vault 10.0
Symantec Enterprise Vault 9.0
Symantec Enterprise Vault 8.0 SP5
Novell Groupwise 6.5.0
Symantec Enterprise Vault 9.0.1
Cisco Security Agent 4.5.1.657
IBM OmniFind 8.5
Novell Groupwise 8.0 SP1
IBM Document Manager 2.2
IBM eDiscovery Analyzer 2.2
IBM eDiscovery Manager 2.2
Cisco Security Agent 6.0.2.145
Symantec Enterprise Vault 8.0

HTTP:STC:DL:CVE-2016-0022-RCE - HTTP: Microsoft Office Word CVE-2016-0022 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Office Word. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0022

HTTP:STC:IE:IE-2016-0067-RCE - HTTP: Microsoft Internet Explorer CVE-2016-0067 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0067

HTTP:EFS-FILE-SERVER-BO - HTTP: EFS Software Easy File Sharing Web Server Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Easy File Management Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the current user.

Supported On:

HTTP:STC:IE:IE-2016-0062-RCE - HTTP: Microsoft Internet Explorer CVE-2016-0062 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0062

APP:IBM:OPCODE-1330-CMD-INJ - APP: IBM Tivoli Storage Manager FastBack Server Opcode 1330 Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Tivoli Storage Manager FastBack Server. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2015-1949

HTTP:STC:IE:CVE-2016-0068-CE - HTTP: Microsoft Internet Explorer CVE-2016-0068 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0068

HTTP:STC:DL:CVE-2016-0015-CE-1 - HTTP: Microsoft Windows CVE-2016-0015 Remote Code Execution 1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to remote code execution.

Supported On:

srx-branch-11.4, idp-4.1.110110719, mx-11.4, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, srx-10.0, srx-branch-10.0, vsrx-12.1, idp-5.0.110121210, isg-3.4.139899, vsrx-15.1, idp-4.1.110110609, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117, srx-11.4

References:

cve: CVE-2016-0015

HTTP:LIBREOFFICE-INTEGR-UNDRFLW - HTTP: LibreOffice and OpenOffice ODF Document PrinterSetup Integer Underflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in theLibreOffice and OpenOffice. A successful attack can lead to an integer underflow and arbitrary remote code execution within the context of the client.

Supported On:

References:

cve: CVE-2015-5212

DNS:NGINX-RESOLVER-DOS - DNS: Nginx DNS Resolver Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Nginx. A successful exploit can lead to denial of service.

Supported On:

References:

cve: CVE-2016-0742

APP:CUPS:GIF-READ-LZW-OF - APP: Apple CUPS gif_read_lzw Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Common Unix Printing System (CUPS). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2011-3170
bugtraq: 49323

Affected Products:

Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 10.04 Amd64
Ubuntu Ubuntu Linux 10.04 I386
Ubuntu Ubuntu Linux 10.04 Powerpc
Ubuntu Ubuntu Linux 10.04 Sparc
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.10 ARM
Mandriva Enterprise Server 5 X86 64
Mandriva Enterprise Server 5
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2009.0 X86 64
Mandriva Linux Mandrake 2010.1 X86 64
Mandriva Linux Mandrake 2010.1
Ubuntu Ubuntu Linux 8.04 LTS Amd64
Ubuntu Ubuntu Linux 8.04 LTS I386
Ubuntu Ubuntu Linux 8.04 LTS Lpia
Mandriva Linux Mandrake 2011
Mandriva Linux Mandrake 2011 x86_64
Ubuntu Ubuntu Linux 10.10 amd64
Debian Linux 6.0 amd64
Debian Linux 6.0 arm
Debian Linux 6.0 powerpc
Debian Linux 6.0 sparc
Debian Linux 6.0 ia-64
Debian Linux 6.0 mips
Debian Linux 6.0 s/390
Ubuntu Ubuntu Linux 8.04 LTS Powerpc
Ubuntu Ubuntu Linux 8.04 LTS Sparc
Ubuntu Ubuntu Linux 10.10 i386
Gentoo Linux
Debian Linux 6.0 ia-32
Ubuntu Ubuntu Linux 10.10 powerpc
Easy Software Products CUPS 1.4.8

HTTP:STC:DL:CVE-2016-0055-MC - HTTP: Microsoft Office PowerPoint CVE-2016-0055 Memory Corruption

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Powerpoint while parsing a specially crafted powerpoint document. Successful exploitation could lead to further attacks.

Supported On:

References:

cve: CVE-2016-0055

HTTP:STC:DL:IMAGIC-GIF-BO - HTTP: ImageMagick GIF Comment Processing Buffer Overflow

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in ImageMagick GIF parsing library. Successful attack could lead to trigger buffer overflow conditions.

Supported On:

References:

bugtraq: 62080

HTTP:MISC:SQUID-PROXY-GOPHER-RP - HTTP: Squid Proxy Gopher Response Processing Buffer Overflow

Severity: HIGH

Description:

A buffer overflow vulnerability has exists in the Squid proxy server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2011-3205

SSL:SSL-V3-TRAFFIC-CBS-ENC-ID - SSL: SSLv3 Traffic CBS Encryption Information Disclosure

Severity: HIGH

Description:

This signature detects SSLv3 Traffic over the network. Attackers can make use of it, to modify network transmissions between the client and server.

Supported On:

References:

cve: CVE-2014-3569
cve: CVE-2014-3566

SSH:KBDINT-NEXT-DEV-POL-BYPASS - SSH: OpenSSH kbdint_next_device Policy Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a code execution vulnerability in OpenSSH A successful attack can lead to policy bypass.

Supported On:

References:

cve: CVE-2015-5600

HTTP:INVALID:HTTP-RESPONSE-CODE - HTTP: Squid Proxy Invalid HTTP Response Status Code Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Web clients and proxies, including Squid Proxy. Attacker can achieve results ranging from denial of service to remote code execution.

Supported On:

SSH:KBDINT-NEXT-DEV-POL-BYPAS-1 - SSH: OpenSSH kbdint_next_device Policy Bypass1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a code execution vulnerability in OpenSSH A successful attack can lead to policy bypass.

Supported On:

References:

cve: CVE-2015-5600

DNS:OVERFLOW:EXIM-DECODE-BO2 - DNS: Exim DKIM DNS Decoding Buffer Overflow 2

Severity: CRITICAL

Description:

Supported On:

References:

bugtraq: 56285

HTTP:MISC:SONICWALL-AUTH-BYPASS - HTTP: SonicWALL Multiple Products Authentication Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against SonicWALL. Successful exploitation may allow the attacker to bypass authentication and allow access to sensitive data.

Supported On:

HTTP:XSS:NOVELL-GW-WEB-ACCESS - HTTP: Novell GroupWise WebAccess Cross-Site Scripting 1

Severity: HIGH

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against Novell GroupWise WebAccess. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

DNS:SQUID-DNS-DOS - DNS: Squid DNS Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Squid. A successful attack can result in a denial-of-service condition.

Supported On:

SMB:SAMBA-SMB-PKT-PARS-BO - SMB: Samba SMB Packets Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Samba. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

SMTP:MS-WIN-SMTP-DOS - SMTP: Microsoft Windows SMTP Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can result in a denial-of-service condition.

Supported On:

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, mx-11.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, idp-5.1.110151004, idp-5.1.110151117, srx-11.4

SMB:OF:MS-BROWSER-ELECT - SMB: Microsoft Windows BROWSER ELECTION Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Microsoft Windows Browser Protocol Handler. It is due to a boundary error in the kernel component of the Windows Browsing service that is responsible for handling the incoming datagrams. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.

Supported On:

References:

cve: CVE-2011-0654
url: http://www.microsoft.com/kb/2511455
bugtraq: 46360

Affected Products:

Microsoft Windows 7 for 32-bit Systems
Microsoft Windows 7 for x64-based Systems
Microsoft Windows 7 for Itanium-based Systems
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista SP2
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Server 2008 Standard Edition X64
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Vista December CTP X64
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2003 Sp2 Datacenter
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2003 SP1 Platform SDK
Microsoft Windows Server 2003 R2 Platfom SDK
Microsoft Windows Server 2008 Standard Edition Itanium
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Server 2003 R2 X64
Avaya Meeting Exchange 5.0.0.0.52
Microsoft Windows Server 2003 R2 Compute Cluster
Microsoft Windows Server 2003 R2 Enterprise
Microsoft Windows Server 2008 - Sp2 Enterprise X64
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition Release Candidate
Microsoft Windows Server 2008 Datacenter Edition Release Candidate
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Server 2003 R2
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows 7 XP Mode
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows Server 2003 Sp2 Storage
Avaya Aura Conferencing 6.0 Standard
Microsoft Windows Server 2003 Enterprise Edition Itanium SP2
Microsoft Windows Server 2003 Enterprise Edition Itanium Sp2 Itanium
Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64
Microsoft Windows Vista Home Basic 64-bit edition Sp2 X64
Microsoft Windows Server 2003 R2 X64-Enterprise
Microsoft Windows Vista x64 Edition
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows Server 2003 Itanium
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows Vista 2.0
Avaya Meeting Exchange 5.2
Microsoft Windows Server 2008 R2 Datacenter
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2003 Terminal Services
Microsoft Windows Server 2003 R2 Storage
Microsoft Windows Server 2003 Gold X64-Standard
Microsoft Windows Server 2003 R2 Standard
Avaya CallPilot 4.0
Avaya CallPilot 5.0
Avaya Communication Server 1000 Telephony Manager 3.0
Avaya Communication Server 1000 Telephony Manager 4.0
Microsoft Windows Server 2003 R2 Enterprise Edition
Microsoft Windows Server 2003 R2 Enterprise Edition SP1
Microsoft Windows Server 2003 R2 Enterprise Edition SP2
Microsoft Windows Server 2003 R2 Datacenter Edition
Microsoft Windows Server 2003 R2 Datacenter Edition SP1
Microsoft Windows Server 2003 R2 Datacenter Edition SP2
Microsoft Windows Server 2003 R2 Standard Edition
Microsoft Windows Server 2003 R2 web Edition
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.1 SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2003 R2 Datacenter
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Vista Beta 2
Microsoft Windows Server 2003 R2 X64-Standard
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Professional x64 Edition SP3
Microsoft Windows XP Professional SP3
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Home SP3
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 R2 X64-Datacenter
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Windows Server 2008 R2 x64
Microsoft Windows Server 2008 R2 Itanium
Microsoft Windows XP Service Pack 3
Microsoft Windows Server 2008 SP2 Beta
Avaya Meeting Exchange 5.2 SP2
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 7 RC
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows Vista December CTP Gold
Avaya Aura Conferencing 6.0 SP1 Standard
Microsoft Windows XP Embedded SP3
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Microsoft Windows Server 2003 Sp2 Enterprise
Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1
Microsoft Windows Server 2003 Standard Edition SP1 Beta 1
Microsoft Windows Server 2003 Web Edition SP1 Beta 1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 Sp1 Compute Cluster
Microsoft Windows Vista December CTP
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Server 2003 Sp1 Storage
Microsoft Active Directory
Microsoft Windows Server 2003 SP1
Avaya Meeting Exchange 5.2 SP1
Microsoft Windows Vista 1.0
Microsoft Windows Vista December CTP SP1
Microsoft Windows Vista SP1
Microsoft Windows 7 Home Premium
Microsoft Windows 7 Starter
Microsoft Windows 7 Professional
Microsoft Windows 7 Ultimate
Microsoft Windows Server 2003 Sp2 Compute Cluster
Avaya Meeting Exchange 5.0
Microsoft Windows 7 Beta
Microsoft Windows Vista December CTP SP2
Microsoft Windows Vista 3.0
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows Server 2003 Standard Edition
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Avaya Meeting Exchange 5.1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Vista Business 64-bit edition
Microsoft Windows Vista Enterprise 64-bit edition
Microsoft Windows Vista Home Basic 64-bit edition
Microsoft Windows Vista Home Premium 64-bit edition
Microsoft Windows Vista Ultimate 64-bit edition
Microsoft Windows Vista
Microsoft Windows Vista Beta
Microsoft Windows Server 2008 Standard Edition Release Candidate
Microsoft Windows Vista SP2 Beta
Microsoft Windows Vista Beta 1
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Vista Home Premium SP1

HTTP:STC:CVE-2016-0051-DOS - HTTP: Microsoft Windows CVE-2016-0051 Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to Denial Of Service.

Supported On:

References:

cve: CVE-2016-0051

SMTP:DOS:OPENSSL-TLSRECORD-1 - SMTP: OpenSSL TLS Record Tampering Denial of Service 1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2013-4353

HTTP:STC:SCRIPT:APACHE-XML-DOS - HTTP: Apache Santuario XML Security for Java DTD Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Apache Santuario. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 64437
cve: CVE-2013-4517

Affected Products:

apache xml_security_for_java up to 1.5.5
apache xml_security_for_java 1.5.4
apache xml_security_for_java 1.4.0
apache xml_security_for_java 1.2.0
apache xml_security_for_java 1.4.5
apache xml_security_for_java 1.2.1
apache xml_security_for_java 1.5.3
apache xml_security_for_java 1.4.1
apache xml_security_for_java 1.3.0
apache xml_security_for_java 1.5.2
apache xml_security_for_java 1.4.6
apache xml_security_for_java 1.4.2
apache xml_security_for_java 1.5.1
apache xml_security_for_java 1.4.7
apache xml_security_for_java 1.4.8
apache xml_security_for_java 1.4.3
apache xml_security_for_java 1.5.0
apache xml_security_for_java 1.4.4

DNS:ISC-BIND-REGEX-DOS - DNS: ISC BIND Regular Expression Handling Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against ISC BIND DNS Server. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2013-2266

Affected Products:

isc bind 9.9.2
isc bind 9.8.0 (p2)
isc bind 9.7.0 (beta)
isc bind 9.7.1 (p1)
isc bind 9.7.2 (p1)
isc bind 9.8.0 (rc1)
isc bind 9.7.0b3
isc bind 9.8.2 (rc2)
isc bind 9.9.0 (a3)
isc bind 9.8.4
isc bind 9.9.3 (b1)
isc bind 9.7.0 (p1)
isc bind 9.7.3 (p1)
isc bind 9.7.4 (b1)
isc bind 9.8.2 (rc1)
isc bind 9.7.5 (rc1)
isc bind 9.9.0 (rc1)
isc bind 9.7.2 (p2)
isc bind 9.7.5 (b1)
isc bind 9.9.0 (b1)
isc bind 9.7.0 (rc2)
isc bind 9.7.6 (p2)
isc bind 9.9.0 (rc4)
isc bind 9.7.0a3
isc bind 9.7.6 (p1)
isc bind 9.8.5 (b1)
isc bind 9.8.2 (b1)
isc bind 9.8.0 (b1)
isc bind 9.7.5 (rc2)
isc bind 9.8.3 (p2)
isc bind 9.8.0 (a1)
isc bind 9.9.0 (rc3)
isc bind 9.7.0a1
isc bind 9.7.3 (b1)
isc bind 9.7.4 (p1)
isc bind 9.7.0 (p2)
isc bind 9.9.1 (p2)
isc bind 9.8.1 (b1)
isc bind 9.7.4b1
isc bind 9.9.1 (p1)
isc bind 9.8.1 (p1)
isc bind 9.7.3 (rc1)
isc bind 9.7.0b1
isc bind 9.9.0 (b2)
isc bind 9.8.1 (rc1)
isc bind 9.7.0 (rc1)
isc bind 9.7.1b1
isc bind 9.7.0a2
isc bind 9.7.0b2
isc bind 9.8.3 (p1)
isc bind 9.8.0 (p1)
isc bind 9.8.1 (b3)
isc bind 9.7.1 (p2)
isc bind 9.7.2 (p3)
isc bind 9.7.1 (rc1)
isc bind 9.7.2 (rc1)
isc bind 9.9.0 (a1)
isc bind 9.7.4 (rc1)
isc bind 9.8.0 (p4)
isc bind 9.9.0 (a2)
isc bind 9.8.1 (b2)
isc bind 9.9.0 (rc2)

HTTP:STC:DL:CVE-2015-1642-RCE - HTTP: Microsoft Office Word CVE-2015-1642 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful exploit can lead to remote code execution.

Supported On:

References:

cve: CVE-2015-1642

HTTP:STC:DL:CVE-2016-0056-RCE - HTTP: Microsoft Word CVE-2016-0056 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to remote code execution

Supported On:

References:

cve: CVE-2016-0056

HTTP:STC:SSL:MD5-SIGNATURE-1 - HTTP: SSL Certificate Signed With MD5 Hash(1)

Severity: MEDIUM

Description:

This signature detects SSL certificates that have been signed using the MD5 hash algorithm. Known weaknesses in the MD5 algorithm allow for certificates signed with it to be spoofed by attackers. The certificate detected by this signature could potentially be illegitimate. All certificates in the signing chain are checked.

Supported On:

References:

url: http://www.win.tue.nl/hashclash/rogue-ca/
bugtraq: 33065
cve: CVE-2004-0748
cve: CVE-2003-0543
cve: CVE-2008-5448

HTTP:STC:DL:CVE-2016-0059-ID - HTTP: Microsoft Office CVE-2016-0059 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful attack can lead to Information Disclosure.

Supported On:

References:

cve: CVE-2016-0059

HTTP:STC:IE:CVE-2016-0064-RCE - HTTP: Microsoft Internet Explorer CVE-2016-0064 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to Remote Code Execution.

Supported On:

References:

cve: CVE-2016-0064

HTTP:STC:CVE-2016-0058-RCE - HTTP: Microsoft Windows CVE-2016-0058 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows PDF Library. A successful attack can lead to Remote Code Execution.

Supported On:

References:

cve: CVE-2016-0058

HTTP:STC:DL:CVE-2016-0042-RCE - HTTP: Microsoft Windows CVE-2016-0042 Remote Code Execution

Severity: HIGH

Description:

Supported On:

References:

cve: CVE-2016-0042

HTTP:STC:CVE-2016-0038-RCE - HTTP: Microsoft Windows CVE-2016-0038 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to remote code execution.

Supported On:

References:

cve: CVE-2016-0038

HTTP:STC:M3U-VLC-SMB-LINK-1 - HTTP: VideoLAN VLC Media Player SMB Link Buffer Overflow (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the VideoLAN VLC Media Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

References:

bugtraq: 35500
cve: CVE-2009-2484

HTTP:STC:ADOBE:PDF-BITDEF-OF-1 - HTTP: BitDefender Antivirus PDF Processing Memory Corruption (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerabilities in multiple BitDefender products. Successful exploitation could lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2008-5409

HTTP:STC:DL:CAB-VULNS - HTTP: Cab File Multiple Vulnerabilities

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against multiple CAB file parsing programs. Attackers can send files or links to files containing hostile CAB files resulting in full control of the victim's computer.

Supported On:

References:

bugtraq: 14998
cve: CVE-2005-3142
cve: CVE-2006-0994
bugtraq: 17876

Affected Products:

Sophos MailMonitor for Notes/Domino 4.04
Sophos PureMessage Small Business Edition 4.04
Sophos Anti-Virus 3.95.0
Sophos Anti-Virus 3.90.0
Sophos Anti-Virus 3.91.0
Sophos MailMonitor for Notes/Domino
Sophos Anti-Virus 3.78.0 d
Sophos Anti-Virus 3.96.0 .0
Sophos Anti-Virus 3.4.6
Sophos MailMonitor for SMTP 2.0.0
Sophos MailMonitor for SMTP 2.1.0
Sophos Anti-Virus 3.78.0
Sophos Anti-Virus 3.79.0
Sophos Anti-Virus 3.80.0
Sophos Anti-Virus 3.81.0
Sophos Anti-Virus 3.82.0
Sophos Anti-Virus 3.83.0
Sophos Anti-Virus 3.84.0
Sophos Anti-Virus 3.85.0
Sophos Anti-Virus 3.86.0
Sophos Anti-Virus 5.2.0
Sophos Anti-Virus 4.5.11
Sophos Anti-Virus 4.04
Sophos Anti-Virus 4.7.1
Sophos Anti-Virus Small Business Edition 4.04
Sophos PureMessage for Windows/Exchange 5.2.0
Sophos PureMessage for UNIX 4.04
Sophos MailMonitor for SMTP 4.04
Sophos MailMonitor for Exchange 4.04

HTTP:STC:DL:ORACLE-JPEG-QCD-OF2 - HTTP: Oracle Outside In JPEG 2000 QCD Segment Processing Heap Buffer Overflow 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. It is due to handling the QCD segments in JPEG 2000 files. A successful attack can lead to arbitrary code execution in the context of the affected application.

Supported On:

References:

bugtraq: 54500
cve: CVE-2012-1769

Affected Products:

Microsoft Exchange Server 2007 SP3
Microsoft Exchange Server 2007 SP 1
Microsoft Exchange Server 2010 SP2
Microsoft FAST Search Server 2010 for SharePoint
Guidance Software Encase Forensics 6.19.3
ACD Systems Inc Canvas 14
Guidance Software Encase Forensics 7.04
AccessData Group FTK 3.2
McAfee Security for Microsoft Sharepoint 2.5
McAfee Security for Microsoft Exchange 7.6
Oracle Oracle Outside In Technology 8.3.5
Oracle Oracle Outside In Technology 8.3.7
AccessData Group FTK 3.3
AccessData Group FTK 3.4
Microsoft Exchange Server 2007 SP3
Microsoft Exchange Server 2007 SP2
Microsoft Exchange Server 2010 SP1
Microsoft Office SharePoint Server 2010 SP1
AccessData Group FTK 4.0

HTTP:CLAMAV-ENCRYPT-PDF-MC2 - HTTP: ClamAV Encrypted PDF File Handling Memory Corruption 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against ClamAV. Attackers can execute arbitrary code or trigger a denial of service condition on the targeted system.

Supported On:

References:

cve: CVE-2013-2021

HTTP:ORACLE:OUTSIDE-PRDOX-BO2 - HTTP: Oracle Outside In Paradox Database Handling Buffer Overflow 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle Outside In. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

bugtraq: 57364
cve: CVE-2013-0418

Affected Products:

microsoft exchange_server 2010 (sp2)
microsoft exchange_server 2007 (sp3)
oracle fusion_middleware 8.3.7.0
oracle fusion_middleware 8.4

DNS:OVERFLOW:TXTRECORD-1 - DNS: DNS TXT Record Handling Remote Buffer Overflow (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in SPF Library Project libspf2. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Root system level. This signature should only be used to protect DNS servers under your control, and not for the Internet in general. This detects DNS TXT records 200 bytes or longer, which is common on the Internet. This library was used primarily in Debian 4.0 and was fixed in libspf2 version 1.2.8, released in mid-September, 2008. If you do not have a vulnerable version of libspf2, it is not recommended to use this signature, as it can false-positive on normal, non-malicious Internet traffic.

Supported On:

References:

url: http://www.doxpara.com/?page_id=1256
cve: CVE-2008-2469
bugtraq: 31881
cve: CVE-2012-5671

DNS:OVERFLOW:TRANSPOOF-3 - DNS: Transaction Spoofing (3)

Severity: HIGH

Description:

This signature triggers when it detects attempts to exploit a known vulnerability against most DNS servers (both Windows and Unix/Linux). Attackers can spoof DNS replies by sending multiple crafted packets to DNS servers. A successful attack can result in redirected traffic to unintended locations. There is a related threshold to this attack - sc_dns_mismatch_rate.

Supported On:

HTTP:STC:CVE-2016-0046-RCE - HTTP: Microsoft Windows CVE-2016-0046 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows PDF Library. A successful attack can lead to Remote Code Execution.

Supported On:

References:

cve: CVE-2016-0046

SSL:OPENSSL-AES-NI-INTUDF2 - SSL: OpenSSL AES-NI Integer Underflow 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2012-2686

Affected Products:

openssl 1.0.1c
openssl 1.0.1b
openssl 1.0.1a
openssl 1.0.1

HTTP:STC:DL:CVE-2016-0052-RCE - HTTP: Microsoft Office CVE-2016-0052 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Office while parsing a crafted RTF document. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0052

HTTP:STC:DL:CVE-2016-0054-RCE - HTTP: Microsoft Office Excel CVE-2016-0054 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Office while parsing a specially crafted Excel document. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0054

HTTP:STC:DL:MSHTML-HELP-1 - HTTP: Microsoft HTML Help '.chm' File Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft HTML Help. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

References:

cve: CVE-2009-0119

HTTP:STC:DL:CVE-2016-0053-RCE - HTTP: Microsoft Office CVE-2016-0053 Remote Code Execution

Severity: HIGH

Description:

Supported On:

References:

cve: CVE-2016-0053

HTTP:STC:IE:CVE-2016-0060-RCE - HTTP: Microsoft Internet Explorer CVE-2016-0060 Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2016-0060

HTTP:MISC:ENDIAN-PRX-CMDEXEC - HTTP: Endian Firewall Proxy Password Change Command Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Endian Firewall Proxy application. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2015-5082

LDAP:IMAIL-BOF-1 - LDAP: Imail Buffer Overflow1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Imail LDAP service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2004-0297

APP:MISC:ENDIAN-PRX-CMDEXEC2 - HTTP: Endian Firewall Proxy Password Change Command Execution 2

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Endian Firewall Proxy application. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

References:

cve: CVE-2015-5082

DB:ORACLE:TNS:INTERMEDIA-DOS-1 - DB: Oracle Database InterMedia Denial of Service (1)

Severity: HIGH

Description:

Supported On:

DNS:MUL-VEND-TXT-BOF - DNS: Multiple Vendors DNS TXT Record Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Multiple Vendors. A successful exploit can lead to remote code execution.

Supported On:

DHCP:SERVER:ISC-DHCLIENT-BOF-1 - DHCP: ISC DHCP dhclient script_write_params Stack Buffer Overflow (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the ISC DHCP dhclient script_write_params. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

NFS:MS-WINDOWS-NFS-NULL-DOS2 - NFS: Microsoft Windows NFS Server NULL Pointer Dereference Denial of Service 2

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows NFS Server. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 57853
cve: CVE-2013-1281

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache HTTPD. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 49616
cve: CVE-2011-3348

Affected Products:

apache http_server 2.0.55
apache http_server 1.3.29
apache http_server 1.3.1
apache http_server 2.0.53
apache http_server 1.3.27
apache http_server 1.3.68
apache http_server 2.0.51
apache http_server 1.3.25
apache http_server 2.0.60
apache http_server 1.0.3
apache http_server 1.3.23
apache http_server 1.3.39
apache http_server 2.0.36
apache http_server 1.0.5
apache http_server 2.0.38
apache http_server 1.3.9
apache http_server 1.3.35
apache http_server 2.2.11
apache http_server 2.1.9
apache http_server 2.0.59
apache http_server up to 2.2.20
apache http_server 1.3.1.1
apache http_server 2.0.9
apache http_server 2.2.13
apache http_server 2.1.7
apache http_server 1.3.31
apache http_server 0.8.11
apache http_server 2.2.15
apache http_server 2.1.5
apache http_server 2.0.34 (beta)
apache http_server 1.3.33
apache http_server 1.3.41
apache http_server 2.2.17
apache http_server 2.1.3
apache http_server 1.3.17
apache http_server 2.1
apache http_server 2.1.1
apache http_server 1.3.15
apache http_server 1.2.5
apache http_server 1.1
apache http_server 1.3.13
apache http_server 1.3
apache http_server 2.2.0
apache http_server 1.3.11
apache http_server 1.2.9
apache http_server 2.2.2
apache http_server 2.0.41
apache http_server 2.2.4
apache http_server 2.0.43
apache http_server 1.3.37
apache http_server 2.0.32 (beta)
apache http_server 2.2.6
apache http_server 2.0.45
apache http_server 2.2.8
apache http_server 2.0.47
apache http_server 1.3.19
apache http_server 1.3.6
apache http_server 2.0.49
apache http_server 1.3.4
apache http_server 2.0.56
apache http_server 1.3.28
apache http_server 1.3.65
apache http_server 1.3.2
apache http_server 2.0.54
apache http_server 1.3.26
apache http_server 1.3.0
apache http_server 2.0.52
apache http_server 1.3.24
apache http_server 2.0.63
apache http_server 2.0.35
apache http_server 1.0.2
apache http_server 2.0.50
apache http_server 1.3.22
apache http_server 2.0.61
apache http_server 2.0.37
apache http_server 1.3.20
apache http_server 1.3.38
apache http_server 2.0.39
apache http_server 1.3.8
apache http_server 2.1.8
apache http_server 1.3.34
apache http_server 2.2.10
apache http_server 2.1.6
apache http_server 2.0.58
apache http_server 1.3.36
apache http_server 2.2.12
apache http_server 2.1.4
apache http_server 1.3.30
apache http_server 2.0.28 (beta)
apache http_server 2.2.14
apache http_server 2.1.2
apache http_server 1.3.32
apache http_server 1.3.42
apache http_server 2.2
apache http_server 1.2.6
apache http_server 2.2.16
apache http_server 1.3.16
apache http_server 2.0
apache http_server 1.2.4
apache http_server 0.8.14
apache http_server 2.2.18
apache http_server 1.0
apache http_server 1.3.14
apache http_server 1.2
apache http_server 2.2.1
apache http_server 1.3.12
apache http_server 1.1.1
apache http_server 2.2.3
apache http_server 2.0.40
apache http_server 1.3.10
apache http_server 1.99
apache http_server 2.0.42
apache http_server 2.0.44
apache http_server 2.2.9
apache http_server 2.0.46
apache http_server 1.3.7
apache http_server 2.0.48
apache http_server 1.3.18
apache http_server 1.4.0
apache http_server 1.3.5
apache http_server 2.0.57
apache http_server 1.3.3

HTTP:ORACLE:PARADOX-DB-DOS - HTTP: Oracle Outside In Paradox Database Stream Filter Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Outside In Paradox Database. A successful attack can result in a denial-of-service condition.