EOL Announcement (January 3, 2017): End-of-Life Notification for Juniper Networks IDP/AppID Signature Releases on EOL products. Please see TSB17019 for more information.
16 new signatures:
HIGH | SSL:TRENDMICRO-ARB-FILE-INCL | SSL: Trend Micro Control Manager lang Parameter Arbitrary File Inclusion |
HIGH | HTTP:DOS:URI-PARAM-RANDOM | HTTP: Suspicious Random URI And GET Parameter |
HIGH | HTTP:MISC:DISKPULSE-SERVER-BO | HTTP: Disk Pulse Enterprise Server HttpParser Buffer Overflow |
HIGH | HTTP:STC:ADOBE:CVE-2017-3001-CE | HTTP: Adobe Flash CVE-2017-3001 Remote Code Execution |
HIGH | HTTP:SQL:REQ-URI | HTTP: SQL Commands Detected In HTTP URIs |
HIGH | HTTP:TWINCAT-OVERFLOW | HTTP: TwinCAT Scope TCatScopeView.exe Buffer Overflow |
HIGH | HTTP:STC:ADOBE:CVE-2017-2997-CE | HTTP: Adobe Flash CVE-2017-2997 Remote Code Execution |
HIGH | HTTP:DOS:SUSPICIOUS-URL | HTTP: Suspicious URL Detected |
HIGH | HTTP:SQL:TRENDMICRO-CMD-INJCTN | HTTP: Trend Micro SafeSync restartService Command Injection |
MEDIUM | HTTP:STC:DL:MAL-WIN-BRIEFCASE-4 | HTTP: Windows Briefcase Integer Underflow Vulnerability (4) |
HIGH | HTTP:EXPLOIT:URI-CMD-INJ | HTTP: Generic Command Injection Detected In URI |
HIGH | HTTP:SQL:TRENDMICRO-COM-INJ | HTTP: Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection |
MEDIUM | HTTP:EXPLOIT:SUSPICIOUS-MUL-PRT | HTTP: Suspicious Multi Part Traffic |
HIGH | SSL:TRENDMICRO-COMM-INJTN | HTTP: Trend Micro SafeSync for Enterprise restartService Command Injection |
HIGH | APP:ZLIB-COMPRES-LIB-DOS-2 | APP: Zlib Compression Library Denial Of Service (2) |
HIGH | SSL:TRENDMICRO-SS-CMD-INJ | SSL: Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection |
23 updated signatures:
HIGH | DNS:SAMBA-DNS-REPLY-FLAG-DOS | DNS: Samba DNS Reply Flag Denial of Service |
HIGH | HTTP:STC:DL:APPLE-DMG-VOLNAME | HTTP: Apple Computer Finder DMG Volume Name Memory Corruption |
HIGH | HTTP:APACHE:STRUTS2-MAL-HYD-RCE | HTTP: Apache Struts 2 Malicious Header Remote Code Execution |
HIGH | HTTP:STC:ACTIVEX:ISSYMBOL | HTTP: Advantech Studio ISSymbol Unsafe ActiveX Control Multiple Buffer Overflow |
HIGH | SMTP:COMMAND:STARTTLS-CMD | SMTP: Multiple Products STARTTLS Plaintext Command Injection |
HIGH | DNS:EXPLOIT:BIND-KEYPARSE-DOS | DNS: ISC BIND DNSSEC Key Parsing Buffer Denial of Service |
MEDIUM | HTTP:STC:IE:CVE-2017-0065-ID | HTTP: Microsoft Edge CVE-2017-0065 Information Disclosure |
HIGH | APP:NOVELL:NETIQ-EDIR-BOF | HTTP: Novell NetIQ eDirectory Stack Buffer Overflow |
HIGH | HTTP:STC:MS-DOTNET-NAMESPACE-BO | HTTP: Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow |
MEDIUM | APP:KERBEROS:MIT-KRB5-KDC-DOS | APP: MIT Kerberos 5 Key Distribution Center Denial of Service |
LOW | HTTP:EXT:DOT-UNSAFE | HTTP: Unsafe File Extension |
HIGH | HTTP:STC:IE:CVE-2015-2515-UAF | HTTP: Microsoft Internet Explorer CVE-2015-2515 User After Free |
HIGH | APP:EMC-ALPHASTORE-CMDEXEC | APP: EMC AlphaStore Mutiple Parameter Parsing Command Injecton |
HIGH | HTTP:STC:IE:UTF8-DECODE-OF | HTTP: Internet Explorer HTML Decoding Memory Corruption |
HIGH | HTTP:STC:ADOBE:CVE-2017-2960-CE | HTTP: Adobe Acrobat and Reader CVE-2017-2960 Remote Code Execution |
HIGH | APP:CAIN-ABEL-CISCO-IOS-BOF | APP: Cain & Abel Cisco IOS Configuration File Buffer Overflow |
HIGH | HTTP:STC:DL:MPLAYER-SAMI | HTTP: MPlayer SAMI Subtitle sub_read_line_sami Buffer Overflow |
HIGH | APP:IBM:TIVOLI-OF | APP: IBM Tivoli Management Framework Overflow |
CRITICAL | SHELLCODE:X86:BASE64-NOOP-80 | SHELLCODE: Base64 X86 NOOP Detection Over HTTP |
HIGH | APP:TROLLTECH-QT-BMP-OF | APP: Trolltech Qt BMP Handling Overflow |
HIGH | HTTP:PHP:FTP-GENLIST-IO | HTTP: PHP FTP Genlist Method Integer Overflow |
CRITICAL | SHELLCODE:X86:REVERS-CONECT-80 | SHELLCODE: X86 Linux Reverse Connect Detection Over HTTP |
MEDIUM | HTTP:EXPLOIT:HOST-RANDOM-3 | HTTP: Suspicious Randomized Host Header (3) |
2 renamed signatures:
HTTP:STC:DL:MAL-WIN-BRIEFCASE-2 | -> | HTTP:STC:DL:MAL-WIN-BRIEFCASE-3 |
HTTP:STC:ACTIVEX:CVE-2017-002 | -> | HTTP:STC:ACTIVEX:CVE-2017-0022 |
An arbitrary file inclusion vulnerability has been reported in Trend Micro Control Manager. Successful exploitation results in arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature attempts to detect buffer overflow vulnerability in the web server component of Disk Pulse Enterprise Server. Successful exploitation allows the attacker to execute arbitrary code in the security context of system.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in Novell NetIQ eDirectory. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the vulnerable application.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a know problem in Windows Briefcase. Windows Briefcase is a feature that will synchronize the contents of two folders. A successful exploit can lead to arbitrary code execution in the security context of the affected user.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against MIT Kerberos 5 Key Distribution Center. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects payloads being transferred over network that have been using x86 linux reserve connect. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Zlib Compression Library. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects a HTTP request for downloading a file with an "unsafe" extension using Internet Explorer. Microsoft has announced that using Internet Explorer to download files with certain extensions can be unsafe. See the references for more information.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in the Samba DNS Reply Flag. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. An attacker could exploit this vulnerability by sending a DNS query to a vulnerable server with a spoofed source IP address of another vulnerable server. Successful exploitation could result in excessive consumption of resources on both vulnerable servers, possibly causing a denial of service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a know problem in Windows Briefcase. Windows Briefcase is a feature that will synchronize the contents of two folders. A successful exploit can lead to arbitrary code execution in the security context of the affected user.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a vulnerability in the Apple Computer Mac OSX Finder application. By supplying a specially crafted DMG file, an attacker can cause arbitrary code to be executed on the victim host.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise storage.pm page. Successful exploitation could lead to arbitrary command execution under the security context of root.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, DI-Base, mx-11.4, DI-Server, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. Successful exploitation could lead to arbitrary command execution under the security context of the root.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise.Successful exploitation could lead to arbitrary command execution under the security context of the root.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise storage.pm page. Successful exploitation could lead to arbitrary command execution under the security context of root.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in Advantech Studio. An attacker can create a Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects a suspicious HTTP URL. This kind of behavior is mostly observed when someone is trying to scan and send malicious traffic against a network security device using various traffic generation tools. This signature may trigger false-positives inside the Intranet traffic, so it is suggested to avoid using it for inspecting such traffic. This signature is highly recommended to protect web servers and devices deployed at a data centre.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects a suspicious HTTP URL value. This kind of behavior is mostly observed when someone is trying to scan and send malicious traffic against a network security device using various traffic generation tools. This signature may trigger false-positives inside the Intranet traffic, so it is suggested to avoid using it for inspecting such traffic. This signature is highly recommended to protect web servers and devices deployed at a data centre.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects specific characters, typically used in SQL procedures, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a SQL injection attack through a procedure.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects the attempt to exploit the buffer overflow vulnerability on TCatScopeView.exe when processing malicious svw or wsm file extension. A successful attack can lead to arbitrary code execution
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against EMC AlphaStore. Attackers can inject and execute arbitrary commands on the targeted system.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in the PHP's ftp_genlist Method. Successful exploitation could lead to arbitrary code execution
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in MPlayer. Specifically, the vulnerability is due a stack buffer overflow when reading a long caption from a SAMI subtitle file. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to download a crafted SAMI file, resulting in the execution of arbitrary code in the security context of the target user.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known flaw in IBM Tivoli Management Framework. An attacker can send an overly long parameter, which could result in arbitrary code execution or a denial of service.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against several mail transfer agents (MTA's). A successful attack can lead to arbitrary command injection.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects a suspicious HTTP host header. This kind of behavior is mostly observed when someone is trying to scan and send malicious traffic against a network security device using various traffic generation tools. This signature may trigger false-positives inside the Intranet traffic, so it is suggested to avoid using it for inspecting such traffic. This signature is highly recommended to protect web servers and devices deployed at a data centre.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a flaw in the Trolltech Qt image handling subsystem, which is used by the KDE Graphical Environment, commonly found in Linux and other Unix-based systems. A known vulnerability exists in the read_dib function that does not perform proper bounds checking of RLE data from a BMP file. An attacker could exploit this flaw to crash a system or possibly install malicious software when a user attempts to view a specially crafted BMP.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects a suspicious HTTP MULTI-PART data traffic, where "Boundary" string is missing to mark the initiation of boundary. This kind of behavior is mostly observed when someone is trying to scan and send malicious traffic against a network security device using various traffic generators.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to request arbitrary commands in URL. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Cain & Abel Cisco IOS. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to use an unsafe ActiveX control in Microsoft XML Core Services. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in the Microsoft .NET framework. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against ISC BIND. Attackers can send crafted malicious data to cause denial of service condition to the target service.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects an attempt to exploit a known vulnerability against Microsoft Edge. Successful attack can lead to unauthorized info disclosure.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects an attempt to exploit an Use-After-Free Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603