Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #2895 (05/18/2017)

EOL Announcement (January 3, 2017): End-of-Life Notification for Juniper Networks IDP/AppID Signature Releases on EOL products. Please see TSB17019 for more information.

24 new signatures:

HIGHIMAP:OUTLOOK-RCEIMAP: Microsoft Outlook Client Code Execution
HIGHAPP:MISC:ESKIMOROLL-KERBEROS-PEAPP: ESKIMOROLL Kerberos Privilege Escalation
HIGHMS-RPC:RPC-OVFMSRPC: Microsoft Windows DCOM RPC Interface Buffer Overrun
HIGHHTTP:STC:MOZILLA:CVE-2014-1513HTTP: Mozilla Firefox CVE-2014-1513 Remote Code Execution
HIGHHTTP:STC:SAFARI:CVE-2017-2446HTTP: Apple Safari CVE-2017-2446 Remote Code Execution
HIGHHTTP:MISC:GENERIC-DIR-TRAVERSALHTTP: Generic Directory Traversal Detected
CRITICALAPP:REMOTE:ESTEEMAUDIT-RCEHTTP: Microsoft Windows Empty RDP Cookie Negotiation Attempt
HIGHHTTP:HPE-INTELLIGENT-CENTER-IDHTTP: HPE Intelligent Management Center FileDownloadServlet Information Disclosure
MEDIUMDNS:CVE-2017-0171-DOSDNS: Windows DNS CVE-2017-0171 Denial Of Service
HIGHHTTP:STC:MANTIS-PASS-RESETHTTP: Mantis Bug Tracker confirm_hash Remote Password Reset
HIGHHTTP:STC:ADOBE:CVE-2017-3071-CEHTTP: Adobe Flash CVE-2017-3071 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2017-3068-CEHTTP: Adobe Flash CVE-2017-3068 Remote Code Execution
HIGHHTTP:STC:CHROME:CVE-2017-5030HTTP: Google Chrome CVE-2017-5030 Remote Code Execution
HIGHHTTP:STC:CHROME:CVE-2016-5198HTTP: Google Chrome CVE-2016-5198 Remote Code Execution
HIGHHTTP:STC:CHROME:CVE-2016-5200HTTP: Google Chrome CVE-2016-5200 Remote Code Execution
HIGHHTTP:STC:IE:CVE-2017-0134-RCEHTTP: Microsoft Edge CVE-2017-0134 Remote Code Execution
HIGHHTTP:INTEL-AMT-PEHTTP: Intel Active Management Technology Remote Privilege Escalation
HIGHHTTP:STC:APPLE-SAFARI-PARAM-UAFHTTP: Apple Safari parameter name Use After Free
HIGHHTTP:STC:APPLE-CVE-2016-4622-CEHTTP: Apple Safari CVE-2016-4622 Remote Code Execution
HIGHHTTP:STC:APPLE-TYPARRAY-BUF-NEUHTTP: Apple TypeArray Buffer Neutering
HIGHHTTP:STC:APPLE-SAFARI-OOBHTTP: Apple Safari CVE-2017-2447 Out Of Bounds
HIGHHTTP:STC:CVE-2017-2464-MCHTTP: Apple Safari CVE-2017-2464 Memory Corruption
HIGHHTTP:STC:APPLE-SFRI-PWN2OWN-UAFHTTP: Apple Safari Pwn2Own Use After Free
HIGHSMTP:OUTLOOK:OUTLOOK-CESMTP: Outlook Client Code Execution

11 updated signatures:

MEDIUMSCADA:ICCP:INVALID-TPDUSCADA: Invalid TPDU Code
INFOCHAT:MSN:HTTP:MSNFTP-INVITECHAT: MSN over HTTP File Transfer Invitation Message
MEDIUMHTTP:STC:ACTIVEX:MAGNETOSOFT-OVHTTP: Magnetosoft Networkresources Unsafe ActiveX Overflow
HIGHHTTP:STC:ADOBE:CVE-2017-3055-CEHTTP: Adobe Acrobat Reader CVE-2017-3055 Remote Code Execution
INFOSMB:SMBV1-REQSMB: SMBv1 Request Detected
INFOP2P:XUNLEI:DOWNLOADP2P: Xunlei Download
HIGHHTTP:STC:IE:CVE-2017-0141-AVHTTP: Microsoft Edge CVE-2017-0141 Access Violation
HIGHDNS:ISC-BIND-CNAME-DNAME-DOSDNS: ISC BIND Referral CNAME and DNAME Assertion Failure Denial of Service
HIGHHTTP:STC:IE:CVE-2017-0015-MCHTTP: Microsoft Edge CVE-2017-0015 Memory Corruption
HIGHHTTP:STC:IE:CVE-2016-3386-RCEHTTP: Microsoft Edge CVE-2016-3386 Remote Code Execution
MEDIUMSCADA:ICCP:BUFFER-SIZESCADA: Wrong Buffer Size

2 renamed signatures:

HTTP:STC:APPLE_SAFARI-IO->HTTP:STC:CVE-2017-2464-MC
APP:GENERIC-DIR-TRAV->APP:HP-PROTECTOR-DIR-TRAV


Details of the signatures included within this bulletin:


IMAP:OUTLOOK-RCE - IMAP: Microsoft Outlook Client Code Execution

Severity: HIGH

Description:

This signature prevents triggering of executable code on the client's side to send an email to other users.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603


APP:MISC:ESKIMOROLL-KERBEROS-PE - APP: ESKIMOROLL Kerberos Privilege Escalation

Severity: HIGH

Description:

This signatures can be used to detect anomalous behavior within the Kerberos protocol.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2014-6324

Affected Products:

  • microsoft windows_server_2008
  • microsoft windows_server_2003
  • microsoft windows_7 -
  • microsoft windows_8 -
  • microsoft windows_8.1 -
  • microsoft windows_server_2008 r2
  • microsoft windows_server_2012 -
  • microsoft windows_vista -
  • microsoft windows_server_2012 r2

MS-RPC:RPC-OVF - MSRPC: Microsoft Windows DCOM RPC Interface Buffer Overrun

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the RPC in Microsoft Windows. A successful attack can lead to a buffer overflow and arbitrary remote code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2003-0352

Affected Products:

  • microsoft windows_2000 (sp2)
  • microsoft windows_nt 4.0 (sp1:workstation)
  • microsoft windows_2003_server r2
  • microsoft windows_2000 (sp2:datacenter_server)
  • microsoft windows_2000 (:professional)
  • microsoft windows_nt 4.0 (sp2:workstation)
  • microsoft windows_nt 4.0 (:workstation)
  • microsoft windows_xp (:64-bit)
  • microsoft windows_2000 (sp1:server)
  • microsoft windows_nt 4.0 (sp6a:workstation)
  • microsoft windows_2000 (:server)
  • microsoft windows_xp (sp1)
  • microsoft windows_2000 (sp4:professional)
  • microsoft windows_nt 4.0 (sp3:workstation)
  • microsoft windows_nt 4.0 (sp1:server)
  • microsoft windows_nt 4.0 (sp6a:terminal_server)
  • microsoft windows_nt 4.0 (sp6:terminal_server)
  • microsoft windows_2000 (sp4)
  • microsoft windows_2003_server r2 (:64-bit)
  • microsoft windows_nt 4.0 (:terminal_server)
  • microsoft windows_2003_server standard
  • microsoft windows_nt 4.0 (sp6a)
  • microsoft windows_nt 4.0 (sp6:workstation)
  • microsoft windows_2000 (sp3:professional)
  • microsoft windows_2000 (sp1:professional)
  • microsoft windows_2000 (sp4:advanced_server)
  • microsoft windows_nt 4.0 (sp1:terminal_server)
  • microsoft windows_2000 (sp3:advanced_server)
  • microsoft windows_nt 4.0 (sp6)
  • microsoft windows_nt 4.0 (sp5:server)
  • microsoft windows_2000 (sp2:server)
  • microsoft windows_nt 4.0 (sp4)
  • microsoft windows_nt 4.0 (sp5)
  • microsoft windows_nt 4.0 (sp4:enterprise_server)
  • microsoft windows_nt 4.0 (sp2)
  • microsoft windows_nt 4.0 (:enterprise_server)
  • microsoft windows_2000 (sp3)
  • microsoft windows_nt 4.0 (sp1)
  • microsoft windows_2003_server web
  • microsoft windows_nt 4.0 (sp3:server)
  • microsoft windows_nt 4.0 (sp4:terminal_server)
  • microsoft windows_2000 (:advanced_server)
  • microsoft windows_2003_server r2 (:datacenter_64-bit)
  • microsoft windows_2003_server enterprise_64-bit
  • microsoft windows_xp (gold)
  • microsoft windows_nt 4.0 (sp6a:server)
  • microsoft windows_2003_server standard (:64-bit)
  • microsoft windows_nt 4.0 (sp2:enterprise_server)
  • microsoft windows_2000 (:datacenter_server)
  • microsoft windows_2003_server enterprise (:64-bit)
  • microsoft windows_xp (sp1:home)
  • microsoft windows_2000 (sp3:datacenter_server)
  • microsoft windows_nt 4.0 (sp2:terminal_server)
  • microsoft windows_2000 (sp4:server)
  • microsoft windows_2000 (sp3:server)
  • microsoft windows_nt 4.0 (sp6:enterprise_server)
  • microsoft windows_nt 4.0 (sp2:server)
  • microsoft windows_xp (:home)
  • microsoft windows_nt 4.0 (sp3)
  • microsoft windows_nt 4.0 (sp6:server)
  • microsoft windows_2000 (sp1)
  • microsoft windows_nt 4.0 (sp3:terminal_server)
  • microsoft windows_2000 (sp1:advanced_server)
  • microsoft windows_xp (gold:professional)
  • microsoft windows_2000 (sp4:datacenter_server)
  • microsoft windows_xp (sp1:64-bit)
  • microsoft windows_nt 4.0 (sp5:enterprise_server)
  • microsoft windows_nt 4.0 (sp6a:enterprise_server)
  • microsoft windows_nt 4.0 (sp3:enterprise_server)
  • microsoft windows_nt 4.0
  • microsoft windows_nt 4.0 (:server)
  • microsoft windows_2000 (sp2:professional)
  • microsoft windows_nt 4.0 (sp4:server)
  • microsoft windows_nt 4.0 (sp5:terminal_server)
  • microsoft windows_nt 4.0 (sp1:enterprise_server)
  • microsoft windows_nt 4.0 (sp5:workstation)
  • microsoft windows_nt 4.0 (sp4:workstation)
  • microsoft windows_2000 (sp1:datacenter_server)
  • microsoft windows_2000 (sp2:advanced_server)
  • microsoft windows_2003_server enterprise

APP:HP-PROTECTOR-DIR-TRAV - APP: HP DataProtector Directory Traversal

Severity: HIGH

Description:

his signature detects an attempt to exploit a known vulnerability against HP DataProtector application. Successful exploitation could allow an attacker to execute arbitrary codes into the context of the running application.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, vmx-16.1, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

  • bugtraq: 47638
  • cve: CVE-2011-1736
  • url: http://securitytracker.com/id?1029550

Affected Products:

  • hp openview_storage_data_protector 6.10
  • hp openview_storage_data_protector 6.00
  • hp openview_storage_data_protector 6.11

HTTP:STC:MOZILLA:CVE-2014-1513 - HTTP: Mozilla Firefox CVE-2014-1513 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2014-1513

HTTP:STC:SAFARI:CVE-2017-2446 - HTTP: Apple Safari CVE-2017-2446 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-2446

HTTP:STC:ACTIVEX:MAGNETOSOFT-OV - HTTP: Magnetosoft Networkresources Unsafe ActiveX Overflow

Severity: MEDIUM

Description:

This signature detects attempts to use unsafe ActiveX controls in the Magnetosoft Networkresources. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

isg-3.5.141652, idp-5.1.110161014, DI-Client, idp-4.1.110110719, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, vmx-16.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://www.magnetosoft.com/products/sknetresource/sknetresource_features.htm

HTTP:MISC:GENERIC-DIR-TRAVERSAL - HTTP: Generic Directory Traversal Detected

Severity: HIGH

Description:

This signature detects a generic directory traversal attempt from client request.

Supported On:

srx-branch-12.1, isg-3.5.141652, vmx-16.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1

References:

  • url: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
  • cve: CVE-2017-3230

APP:REMOTE:ESTEEMAUDIT-RCE - HTTP: Microsoft Windows Empty RDP Cookie Negotiation Attempt

Severity: CRITICAL

Description:

Esteemaudit is a Remote Desktop Protocol (RDP) exploit. By exploiting this vulnerability, a threat actor can target a remote RDP Service and eventually take control of the compromised system.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-9073

HTTP:HPE-INTELLIGENT-CENTER-ID - HTTP: HPE Intelligent Management Center FileDownloadServlet Information Disclosure

Severity: HIGH

Description:

An information disclosure vulnerability has been reported in the Service Operation Manager Module of HPE Intelligent Management Center. Successful exploitation could allow an attacker to disclose sensitive information under the context of SYSTEM from the target host.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-5797

DNS:CVE-2017-0171-DOS - DNS: Windows DNS CVE-2017-0171 Denial Of Service

Severity: MEDIUM

Description:

Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server are configured to answer version queries.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-0171

HTTP:STC:MANTIS-PASS-RESET - HTTP: Mantis Bug Tracker confirm_hash Remote Password Reset

Severity: HIGH

Description:

A remote password reset vulnerability has been reported in Mantis Bug Tracker. Successful exploitation results in the attacker being able to change the password for arbitrary accounts.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://hyp3rlinx.altervista.org/advisories/mantis-bug-tracker-pre-auth-remote-password-reset.txt
  • url: https://www.mantisbt.org/blog/?p=518
  • cve: CVE-2017-7615

HTTP:STC:ADOBE:CVE-2017-3055-CE - HTTP: Adobe Acrobat Reader CVE-2017-3055 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-12.1, isg-3.5.141652, vmx-16.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1

References:

  • cve: CVE-2017-3055

SCADA:ICCP:BUFFER-SIZE - SCADA: Wrong Buffer Size

Severity: MEDIUM

Description:

This signature detects a TPDU buffer size that is too small or too big. OSI Transport Class 0 (TP0) specifies the amount of user data that can be carried on any particular transport primitive. If the protocol specifications form the basis for local buffer management, too much or too little data could lead to a buffer overflow attack.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://www.faqs.org/rfcs/rfc1006.html
  • url: http://www.zvon.org/tmRFC/RFC905/Output/chapter13.html

P2P:XUNLEI:DOWNLOAD - P2P: Xunlei Download

Severity: INFO

Description:

This signature detects a download request through Xunlei. Xunlei is a Chinese peer-to-peer file sharing program.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://www.xunlei.com/

DNS:ISC-BIND-CNAME-DNAME-DOS - DNS: ISC BIND Referral CNAME and DNAME Assertion Failure Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in ISC BIND9. Successful exploitation leads to denial-of-service conditions.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-3137

SCADA:ICCP:INVALID-TPDU - SCADA: Invalid TPDU Code

Severity: MEDIUM

Description:

This signature detects an invalid TPDU code. ISO 8073 specifies a limited set of TPDU codes. It is possible that an invalid TPDU code can cause mis-operation by the local implementation.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://www.zvon.org/tmRFC/RFC905/Output/chapter13.html
  • url: http://www.faqs.org/rfcs/rfc1006.html

CHAT:MSN:HTTP:MSNFTP-INVITE - CHAT: MSN over HTTP File Transfer Invitation Message

Severity: INFO

Description:

This signature detects a MSN Messenger Live Person to Person File Transfer Invite message over HTTP.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: http://www.hypothetic.org/docs/msn/index.php

HTTP:STC:ADOBE:CVE-2017-3068-CE - HTTP: Adobe Flash CVE-2017-3068 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, srx-branch-12.1, vmx-16.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1

References:

  • cve: CVE-2017-3068

HTTP:STC:CHROME:CVE-2017-5030 - HTTP: Google Chrome CVE-2017-5030 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to remote code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-5030

HTTP:STC:CHROME:CVE-2016-5198 - HTTP: Google Chrome CVE-2016-5198 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-5198

HTTP:STC:CHROME:CVE-2016-5200 - HTTP: Google Chrome CVE-2016-5200 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-5200

HTTP:STC:IE:CVE-2017-0015-MC - HTTP: Microsoft Edge CVE-2017-0015 Memory Corruption

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Microsoft Edge. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-0015

HTTP:STC:IE:CVE-2017-0134-RCE - HTTP: Microsoft Edge CVE-2017-0134 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-0134

HTTP:INTEL-AMT-PE - HTTP: Intel Active Management Technology Remote Privilege Escalation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Intel Active Management Technology (AMT) and the Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT) variants. Successful exploitation allows an unprivileged attacker to gain administrative privileges over the management component of the target system.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-5689

HTTP:STC:APPLE-SAFARI-PARAM-UAF - HTTP: Apple Safari parameter name Use After Free

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Apple's Safari. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: https://github.com/tunz/js-vuln-db/blob/master/jsc/CVE-2016-1857.md
  • cve: CVE-2016-1857

Affected Products:

  • apple iphone_os 9.3.1
  • apple safari 9.1
  • apple apple_tv 9.2

SMB:SMBV1-REQ - SMB: SMBv1 Request Detected

Severity: INFO

Description:

This signature is written to block the SMBv1 requests.

Supported On:

isg-3.5.141652, idp-5.1.110161014, DI-Client, idp-4.1.110110719, DI-Worm, idp-4.0.0, mx-11.4, DI-Base, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, idp-5.0.0, idp-4.2.0, isg-3.5.0, isg-3.0.0, DI-Server, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, j-series-9.5, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-4.2.110100823, isg-3.5.141597, idp-5.1.110160603


HTTP:STC:APPLE-CVE-2016-4622-CE - HTTP: Apple Safari CVE-2016-4622 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • url: https://github.com/tunz/js-vuln-db/blob/master/jsc/CVE-2016-4622.md
  • cve: CVE-2016-4622

Affected Products:

  • apple iphone_os 9.3.2
  • apple apple_tv 9.2.1
  • apple safari 9.1.1

HTTP:STC:APPLE-TYPARRAY-BUF-NEU - HTTP: Apple TypeArray Buffer Neutering

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-4734

Affected Products:

  • apple apple_tv 9.2.2
  • apple iphone_os 9.3.5
  • apple safari 9.1.3

HTTP:STC:APPLE-SAFARI-OOB - HTTP: Apple Safari CVE-2017-2447 Out Of Bounds

Severity: HIGH

Description:

This signature detects an attempt to exploit an out-of-bounds read vulnerability in Apple Safari. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-2447

HTTP:STC:IE:CVE-2017-0141-AV - HTTP: Microsoft Edge CVE-2017-0141 Access Violation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to access violation.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-0141

HTTP:STC:CVE-2017-2464-MC - HTTP: Apple Safari CVE-2017-2464 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-2464

HTTP:STC:APPLE-SFRI-PWN2OWN-UAF - HTTP: Apple Safari Pwn2Own Use After Free

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Apple Safari browser. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-2491

SMTP:OUTLOOK:OUTLOOK-CE - SMTP: Outlook Client Code Execution

Severity: HIGH

Description:

This signature prevents triggering of executable code on the client's side to send an email to other users.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603


HTTP:STC:ADOBE:CVE-2017-3071-CE - HTTP: Adobe Flash CVE-2017-3071 Remote Code Execution

Severity: HIGH

Description:

Adobe Flash Player have an exploitable use when masking display objects. Successful exploitation could lead to arbitrary code execution.

Supported On:

isg-3.5.141652, srx-branch-12.1, vsrx-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2017-3071

HTTP:STC:IE:CVE-2016-3386-RCE - HTTP: Microsoft Edge CVE-2016-3386 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Edge. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

  • cve: CVE-2016-3386

Affected Products:

  • microsoft edge -
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out