Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3057 (04/19/2018)

1 new signature:

MEDIUMHTTP:APACHE:SOLR-XXE-INFO-DISHTTP: Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure

3 updated signatures:

MEDIUMSSL:IIS:CERT-DOSSSL: Microsoft IIS SChannel Process Denial of Service
MEDIUMHTTP:STC:CVE-2018-6794HTTP: Suricata TCP Handshake Content Detection Bypass
MEDIUMHTTP:STC:IE:IFRAME-FILEHTTP: Internet Explorer "IFRAME" Tag Local File Source


Details of the signatures included within this bulletin:

SSL:IIS:CERT-DOS - SSL: Microsoft IIS SChannel Process Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft IIS. A successful attack can result in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2010-3229
  • bugtraq: 43780

Affected Products:

  • Microsoft windows_7_for_32-bit_systems
  • Microsoft windows_7_for_x64-based_systems
  • Microsoft windows_server_2008_standard_edition - Gold Storage
  • Microsoft windows_server_2008_standard_edition - Sp2 Web
  • Microsoft windows_vista Business SP2
  • Microsoft windows_vista_business_64-bit_edition SP2
  • Microsoft windows_vista_enterprise_64-bit_edition SP2
  • Microsoft windows_vista Enterprise SP2
  • Microsoft windows_vista_home_basic_64-bit_edition SP2
  • Microsoft windows_vista Home Basic SP2
  • Microsoft windows_vista_home_premium_64-bit_edition SP2
  • Microsoft windows_vista Home Premium SP2
  • Microsoft windows_vista SP2
  • Microsoft windows_vista_ultimate_64-bit_edition SP2
  • Microsoft windows_vista Ultimate SP2
  • Microsoft windows_vista_x64_edition SP2
  • Microsoft windows_server_2008_datacenter_edition SP2
  • Microsoft windows_server_2008_enterprise_edition SP2
  • Microsoft windows_server_2008_standard_edition SP2
  • Microsoft windows_server_2008_for_32-bit_systems SP2
  • Microsoft windows_server_2008_for_itanium-based_systems SP2
  • Microsoft windows_server_2008_for_x64-based_systems SP2
  • Microsoft windows_server_2008_standard_edition - Gold Datacenter
  • Microsoft windows_server_2008_standard_edition - Gold
  • Microsoft windows_vista_home_premium_64-bit_edition SP1
  • Microsoft windows_server_2008_standard_edition - Gold Hpc
  • Microsoft windows_server_2008_standard_edition Itanium
  • Microsoft windows_vista_x64_edition SP1
  • Microsoft windows_vista SP1
  • Microsoft windows_server_2008_standard_edition - Gold Enterprise
  • Microsoft windows_vista_ultimate_64-bit_edition SP1
  • Microsoft windows_server_2008_standard_edition - Gold Itanium
  • Microsoft windows_server_2008_for_x64-based_systems R2
  • Microsoft windows_server_2008_for_itanium-based_systems
  • Microsoft windows_server_2008_standard_edition - Gold Standard
  • Microsoft windows_server_2008_for_itanium-based_systems R2
  • Microsoft windows_server_2008_datacenter_edition
  • Microsoft windows_server_2008_enterprise_edition
  • Microsoft windows_server_2008_standard_edition
  • Microsoft windows_vista Business SP1
  • Microsoft windows_vista Home Basic SP1
  • Microsoft windows_7_home_premium
  • Microsoft windows_vista Enterprise SP1
  • Microsoft windows_vista Ultimate SP1
  • Microsoft windows_vista_business_64-bit_edition SP1
  • Microsoft windows_vista_enterprise_64-bit_edition SP1
  • Microsoft windows_vista_home_basic_64-bit_edition SP1
  • Microsoft windows_7_starter
  • Microsoft windows_7_xp_mode
  • Microsoft windows_7_professional
  • Avaya aura_conferencing 6.0 Standard
  • Microsoft windows_server_2008_standard_edition - Sp2 Storage
  • Microsoft windows_7_ultimate
  • Microsoft windows_server_2008_standard_edition - Gold Web
  • Microsoft windows_server_2008_standard_edition X64
  • Microsoft windows_server_2008_for_32-bit_systems
  • Microsoft windows_server_2008_for_x64-based_systems
  • Microsoft windows_server_2008_standard_edition - Sp2 Hpc
  • Microsoft windows_server_2008 SP2 Beta
  • Avaya aura_conferencing Standard
  • Microsoft windows_vista Home Premium SP1

HTTP:STC:CVE-2018-6794 - HTTP: Suricata TCP Handshake Content Detection Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Suricata IDS/IPS. Successful exploitation could result in a bypass of security policies.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • url: https://github.com/kirillwow/ids_bypass
  • url: https://redmine.openinfosecfoundation.org/issues/2427
  • cve: CVE-2018-6794

HTTP:APACHE:SOLR-XXE-INFO-DIS - HTTP: Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache Solr. Successful exploitation results in the disclosure of file or directory contents for any file or directory readable by the Apache Solr service.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2018-1308
  • url: https://issues.apache.org/jira/browse/SOLR-11971

HTTP:STC:IE:IFRAME-FILE - HTTP: Internet Explorer "IFRAME" Tag Local File Source

Severity: MEDIUM

Description:

This signature detects an HTML file containing an "IFRAME" tag with a source set that points to a location to a local file. Attackers can be attempting to open malware placed on the target system by a different exploit. Note: Network administrators can use this technique for legitimate purposes.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • url: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
  • bugtraq: 11515
  • cve: CVE-2004-1050

Affected Products:

  • Microsoft internet_explorer 6.0
  • Avaya definityone_media_servers R10
  • Avaya definityone_media_servers R12
  • Avaya ip600_media_servers R12
  • Avaya ip600_media_servers R10
  • Avaya s3400_message_application_server
  • Avaya s8100_media_servers R12
  • Avaya definityone_media_servers
  • Avaya ip600_media_servers
  • Avaya ip600_media_servers R11
  • Avaya ip600_media_servers R9
  • Avaya ip600_media_servers R8
  • Avaya ip600_media_servers R7
  • Avaya ip600_media_servers R6
  • Avaya definityone_media_servers R6
  • Avaya definityone_media_servers R7
  • Avaya definityone_media_servers R8
  • Avaya definityone_media_servers R9
  • Avaya s8100_media_servers R9
  • Avaya s8100_media_servers R8
  • Avaya s8100_media_servers R7
  • Avaya s8100_media_servers R6
  • Microsoft internet_explorer 6.0 SP1
  • Avaya s8100_media_servers R10
  • Avaya s8100_media_servers
  • Avaya s8100_media_servers R11
  • Avaya definityone_media_servers R11
  • Avaya modular_messaging S3400
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out