Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #2781 (09/27/2016)

24 new signatures:

HIGHSCADA:IGSS-FILE-OP-OFSCADA: IGSS IGSSDataServer.exe File Operation Overflow Attempt
HIGHAPP:IBM:TIVOLI-STORAGE-HOFAPP: IBM Tivoli Storage Manager Remote Heap Buffer Overflow
HIGHHTTP:STC:DL:MS-WIN-FAXCOVERHTTP: Microsoft Windows Fax Services Cover Page Memory Corruption
HIGHHTTP:STC:DL:MS-LSASS-DNAME-BOVHTTP: Microsoft Windows LSASS Domain Name Buffer Overflow
HIGHHTTP:STC:DL:KER-RINGOBJ-PRIVHTTP: Linux Kernel KeyRing Object Exploit Attempt
HIGHHTTP:STC:DL:IE-EMET-CHECK-IOCHTTP: Windows Internet Explorer EMET Detection Attempt
HIGHHTTP:STC:DL:REMOTEEXEC-COMP-BOHTTP: RemoteExec Computers List Buffer Overflow
HIGHHTTP:STC:DL:ADOBE-PSCS4-TIFFHTTP: Adobe Photoshop CS4 TIFF File Code Execute
HIGHHTTP:URI-PHP-INJHTTP: PHP Code Injection In HTTP Requests
HIGHHTTP:STC:DL:MSWORD-RTF-RCEHTTP: Microsoft Word CVE 2015-2424 Remote Code Execution
HIGHHTTP:STC:DL:MS-SECLOGON-PRIVHTTP: Microsoft Secondary Logon CVE-2016-0099 Privilege Escalation
HIGHHTTP:STC:IMG:APPLE-QT-BMP-OFHTTP: Apple QuickTime BMP File Handling Heap Overflow
HIGHHTTP:STC:ADOBE:CVE-2016-4277-CEHTTP: Adobe Flash CVE-2016-4277 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2016-4282-CEHTTP: Adobe Flash CVE-2016-4282 Remote Code Execution
MEDIUMSMTP:SMTP-JAVASCR-OBFSMTP: Javascript Obfuscation In SMTP Traffic
MEDIUMSMTP:SMTP-OBFUSCATED-SCRIPTSMTP: Obfuscated Script Encoding Detected
MEDIUMSMTP:JAVASCR-EXE-DWNLOADSMTP: Javascript Stealth Executable Download Attempt
MEDIUMSMTP:MULTIPLE-AV-EVASIONSMTP: Multiple AV Products Evasion Attempt
MEDIUMHTTP:STC:MULTI-AV-EVASIONHTTP: Multiple AV Products Evasion Attempt
MEDIUMHTTP:STC:UTF-8-EVASIONHTTP: UTF-8 Evasion Attempt
MEDIUMHTTP:STC:INVALID-RESP-EVAHTTP: Header Invalid Entry Evasion Attempt
HIGHHTTP:OVERFLOW:WECON-LEVIS-HOFHTTP: WECON LeviStudio Address Name Heap Buffer Overflow
MEDIUMSSL:TREND-CM-INFO-DISSSL: Trend Micro Control Manager TreeUserControl_process_tree_event Information Disclosure
HIGHHTTP:MISC:NAGIOS-NWTOOL-CSRFHTTP: Nagios Network Analyzer create Cross-Site Request Forgery

4 updated signatures:

HIGHAPP:UPNP:LIBUPNP-DSN-BOFAPP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow
MEDIUMHTTP:STC:CVE-2016-3374-SECHTTP: Microsoft Edge CVE-2016-3374 Security Bypass
HIGHHTTP:STC:IE:CVE-2016-3294-MCHTTP: Microsoft Edge CVE-2016-3294 Memory Corruption
HIGHHTTP:STC:JAVA:JNLP-OFHTTP: Java Runtime Environment Web Start JNLP File Stack Buffer Overflow


Details of the signatures included within this bulletin:

HTTP:STC:CVE-2016-3374-SEC - HTTP: Microsoft Edge CVE-2016-3374 Security Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Edge. A successful attack can lead to a Security feature bypass within the context of the affected application.

Supported On:

srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

References:

  • cve: CVE-2016-3374

APP:UPNP:LIBUPNP-DSN-BOF - APP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp Device Service Name. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • bugtraq: 57602
  • cve: CVE-2012-5958

Affected Products:

  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
  • portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8

HTTP:STC:ADOBE:CVE-2016-4277-CE - HTTP: Adobe Flash CVE-2016-4277 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

References:

  • cve: CVE-2016-4277

HTTP:STC:ADOBE:CVE-2016-4282-CE - HTTP: Adobe Flash CVE-2016-4282 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

References:

  • cve: CVE-2016-4282

SMTP:MULTIPLE-AV-EVASION - SMTP: Multiple AV Products Evasion Attempt

Severity: MEDIUM

Description:

This signature detects the evasions attempts to bypass multiple AV products.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2012-1461

SCADA:IGSS-FILE-OP-OF - SCADA: IGSS IGSSDataServer.exe File Operation Overflow Attempt

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IGSS Interactive Graphical SCADA System. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2011-1567
  • cve: CVE-2011-4050
  • bugtraq: 46936

Affected Products:

  • 7t igss

SMTP:SMTP-JAVASCR-OBF - SMTP: Javascript Obfuscation In SMTP Traffic

Severity: MEDIUM

Description:

This signature will detect the Javascript obfuscation in SMTP traffic.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

APP:IBM:TIVOLI-STORAGE-HOF - APP: IBM Tivoli Storage Manager Remote Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Tivoli Storage Manager Client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Tivoli Client.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2008-4801

Affected Products:

  • ibm tivoli_storage_manager_client 5.2
  • ibm tivoli_storage_manager_client up to 5.2.5.2
  • ibm tivoli_storage_manager_client 5.4.1.2
  • ibm tivoli_storage_manager_client 5.3
  • ibm tivoli_storage_manager_express
  • ibm tivoli_storage_manager_client up to 5.4.2.2
  • ibm tivoli_storage_manager_client up to 5.5.0.91
  • ibm tivoli_storage_manager_client 5.2.5.1
  • ibm tivoli_storage_manager_client 5.3.5.2
  • ibm tivoli_storage_manager_client 5.3.5.3
  • ibm tivoli_storage_manager_client up to 5.3.6.1
  • ibm tivoli_storage_manager_client 5.5.0.0
  • ibm tivoli_storage_manager 5.3.2
  • ibm tivoli_storage_manager 5.3.3
  • ibm tivoli_storage_manager 5.3.1
  • ibm tivoli_storage_manager_client 5.1.8.0
  • ibm tivoli_storage_manager_client 5.4
  • ibm tivoli_storage_manager 5.2.9
  • ibm tivoli_storage_manager 5.2.8
  • ibm tivoli_storage_manager_client up to 5.1.8.1
  • ibm tivoli_storage_manager 5.2.7
  • ibm tivoli_storage_manager_client 5.4.1.1
  • ibm tivoli_storage_manager_client 5.1

HTTP:STC:DL:MS-WIN-FAXCOVER - HTTP: Microsoft Windows Fax Services Cover Page Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Windows Fax Services Cover. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Windows Fax Services.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2010-2701
  • bugtraq: 45942

Affected Products:

  • fathsoft fathftp 1.7

HTTP:STC:DL:MS-LSASS-DNAME-BOV - HTTP: Microsoft Windows LSASS Domain Name Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Windows LSASS Service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Microsoft Windows LSASS Service.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2011-0039

Affected Products:

  • microsoft windows_2003_server (sp2:x64)
  • microsoft windows_2003_server (sp2)
  • microsoft windows_xp - (sp2)
  • microsoft windows_xp - (sp2:x64)
  • microsoft windows_xp (sp3)
  • microsoft windows_2003_server (sp2:itanium)

HTTP:STC:DL:KER-RINGOBJ-PRIV - HTTP: Linux Kernel KeyRing Object Exploit Attempt

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Linux Kernel KeyRing Object. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Kernel.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-0728

Affected Products:

  • linux linux_kernel 4.4

HTTP:STC:DL:IE-EMET-CHECK-IOC - HTTP: Windows Internet Explorer EMET Detection Attempt

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Internet Explorer. Attackers can do information gathering about target using these vulnerability.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2013-7331

HTTP:STC:DL:REMOTEEXEC-COMP-BO - HTTP: RemoteExec Computers List Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in RemoteExec. A successful attack can lead to a buffer overflow and arbitrary remote code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:DL:ADOBE-PSCS4-TIFF - HTTP: Adobe Photoshop CS4 TIFF File Code Execute

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Adobe Photoshop CS4. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Adobe Photoshop Software.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2010-1279

Affected Products:

  • adobe photoshop_cs4 11.0

HTTP:STC:MULTI-AV-EVASION - HTTP: Multiple AV Products Evasion Attempt

Severity: MEDIUM

Description:

This signature detects the evasions attempts to bypass multiple AV products.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2012-1461

HTTP:STC:UTF-8-EVASION - HTTP: UTF-8 Evasion Attempt

Severity: MEDIUM

Description:

This signature detects UTF-8 evasion attempt.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:INVALID-RESP-EVA - HTTP: Header Invalid Entry Evasion Attempt

Severity: MEDIUM

Description:

This signature detects evasion attempts via HTTP header.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

HTTP:URI-PHP-INJ - HTTP: PHP Code Injection In HTTP Requests

Severity: HIGH

Description:

This signature detects the attempts of injection of PHP code in the HTTP requests.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2012-0297
  • cve: CVE-2012-2957

Affected Products:

  • symantec web_gateway 5.0.1
  • symantec web_gateway 5.0
  • symantec web_gateway 5.0.2

HTTP:STC:DL:MSWORD-RTF-RCE - HTTP: Microsoft Word CVE 2015-2424 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to arbitrary code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2015-2424

Affected Products:

  • microsoft powerpoint 2007
  • microsoft word 2007
  • microsoft powerpoint 2010
  • microsoft word 2013
  • microsoft powerpoint 2013
  • microsoft word 2010

HTTP:STC:DL:MS-SECLOGON-PRIV - HTTP: Microsoft Secondary Logon CVE-2016-0099 Privilege Escalation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-0099

Affected Products:

  • microsoft windows_server_2008
  • microsoft windows_rt_8.1 -
  • microsoft windows_10 1511
  • microsoft windows_8.1 -
  • microsoft windows_server_2008 r2
  • microsoft windows_vista
  • microsoft windows_server_2012 -
  • microsoft windows_7 -
  • microsoft windows_10 -
  • microsoft windows_server_2012 r2

HTTP:STC:IMG:APPLE-QT-BMP-OF - HTTP: Apple QuickTime BMP File Handling Heap Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Apple QuickTime products. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the security context of the currently logged in user.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2006-2238
  • bugtraq: 17953

Affected Products:

  • apple quicktime 7.0.3
  • apple quicktime 7.0
  • apple quicktime 7.0.1
  • apple quicktime up to 7.0.4
  • apple quicktime 7.0.2

HTTP:STC:JAVA:JNLP-OF - HTTP: Java Runtime Environment Web Start JNLP File Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful exploit can lead to a buffer overflow and arbitrary code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2007-3655
  • bugtraq: 24832

Affected Products:

  • Gentoo dev-java/ibm-jre-bin 1.4.2.10
  • SuSE Novell Linux POS 9
  • Sun JRE (Linux Production Release) 1.5.0 05
  • SuSE Open-Enterprise-Server
  • Sun JRE (Linux Production Release) 1.5.0 01
  • Red Hat Enterprise Linux Extras 4
  • Red Hat Enterprise Linux Supplementary 5 Server
  • SuSE SUSE Linux Enterprise Server 9
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0
  • SuSE SuSE Linux School Server for i386
  • Sun JRE (Linux Production Release) 1.5.0
  • Red Hat Enterprise Linux Desktop Supplementary 5 Client
  • SuSE SUSE Linux Enterprise Server 8
  • Sun JRE (Linux Production Release) 1.5.0 08
  • Gentoo dev-java/ibm-jdk-bin 1.5.0.6
  • Gentoo dev-java/ibm-jdk-bin 1.4.2.10
  • Sun JRE (Linux Production Release) 1.5.0 02
  • Gentoo dev-java/ibm-jre-bin 1.5.0.6
  • SuSE SUSE Linux Enterprise SDK 10.SP1
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • Sun JRE (Linux Production Release) 1.6.0 01
  • Apple Mac OS X 10.4.10
  • Apple Mac OS X Server 10.4.10
  • Gentoo Linux
  • Sun JRE (Linux Production Release) 1.5.0 06
  • Sun JRE (Linux Production Release) 1.5.0 07
  • Sun JRE (Linux Production Release) 1.5.0 03
  • Sun JRE (Linux Production Release) 1.5.0 04
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X Server 10.4.11
  • Sun JRE (Linux Production Release) 1.5.0 09
  • Sun JRE (Linux Production Release) 1.5.0 10

SMTP:SMTP-OBFUSCATED-SCRIPT - SMTP: Obfuscated Script Encoding Detected

Severity: MEDIUM

Description:

This signature will detect the obfuscated script encoding in SMTP traffic.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

HTTP:STC:IE:CVE-2016-3294-MC - HTTP: Microsoft Edge CVE-2016-3294 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-3294

SMTP:JAVASCR-EXE-DWNLOAD - SMTP: Javascript Stealth Executable Download Attempt

Severity: MEDIUM

Description:

This signature will detect the download of javascript stealth executables over SMTP.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

HTTP:OVERFLOW:WECON-LEVIS-HOF - HTTP: WECON LeviStudio Address Name Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the WECON LeviStudio. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

SSL:TREND-CM-INFO-DIS - SSL: Trend Micro Control Manager TreeUserControl_process_tree_event Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Trend Micro Control Manager. A successful attack can lead to Information Disclosure.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

HTTP:MISC:NAGIOS-NWTOOL-CSRF - HTTP: Nagios Network Analyzer create Cross-Site Request Forgery

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Nagios Network Analyzer. A remote, unauthenticated attacker can exploit this vulnerability by enticing an authenticated administrator to visit a maliciously crafted page.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out