Update #3057 (04/19/2018)
1 new signature:
MEDIUM | HTTP:APACHE:SOLR-XXE-INFO-DIS | HTTP: Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure |
3 updated signatures:
MEDIUM | SSL:IIS:CERT-DOS | SSL: Microsoft IIS SChannel Process Denial of Service |
MEDIUM | HTTP:STC:CVE-2018-6794 | HTTP: Suricata TCP Handshake Content Detection Bypass |
MEDIUM | HTTP:STC:IE:IFRAME-FILE | HTTP: Internet Explorer "IFRAME" Tag Local File Source |
Details of the signatures included within this bulletin:
SSL:IIS:CERT-DOS - SSL: Microsoft IIS SChannel Process Denial of Service
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft IIS. A successful attack can result in a denial-of-service condition.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_server_2008_standard_edition - Gold Storage
- Microsoft windows_server_2008_standard_edition - Sp2 Web
- Microsoft windows_vista Business SP2
- Microsoft windows_vista_business_64-bit_edition SP2
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_standard_edition - Gold Datacenter
- Microsoft windows_server_2008_standard_edition - Gold
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_server_2008_standard_edition - Gold Hpc
- Microsoft windows_server_2008_standard_edition Itanium
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_vista SP1
- Microsoft windows_server_2008_standard_edition - Gold Enterprise
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_server_2008_standard_edition - Gold Itanium
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_standard_edition - Gold Standard
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_7_home_premium
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_7_starter
- Microsoft windows_7_xp_mode
- Microsoft windows_7_professional
- Avaya aura_conferencing 6.0 Standard
- Microsoft windows_server_2008_standard_edition - Sp2 Storage
- Microsoft windows_7_ultimate
- Microsoft windows_server_2008_standard_edition - Gold Web
- Microsoft windows_server_2008_standard_edition X64
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_standard_edition - Sp2 Hpc
- Microsoft windows_server_2008 SP2 Beta
- Avaya aura_conferencing Standard
- Microsoft windows_vista Home Premium SP1
HTTP:STC:CVE-2018-6794 - HTTP: Suricata TCP Handshake Content Detection Bypass
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Suricata IDS/IPS. Successful exploitation could result in a bypass of security policies.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
HTTP:APACHE:SOLR-XXE-INFO-DIS - HTTP: Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Apache Solr. Successful exploitation results in the disclosure of file or directory contents for any file or directory readable by the Apache Solr service.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
HTTP:STC:IE:IFRAME-FILE - HTTP: Internet Explorer "IFRAME" Tag Local File Source
Severity: MEDIUM
Description:
This signature detects an HTML file containing an "IFRAME" tag with a source set that points to a location to a local file. Attackers can be attempting to open malware placed on the target system by a different exploit. Note: Network administrators can use this technique for legitimate purposes.
Supported On:
isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft internet_explorer 6.0
- Avaya definityone_media_servers R10
- Avaya definityone_media_servers R12
- Avaya ip600_media_servers R12
- Avaya ip600_media_servers R10
- Avaya s3400_message_application_server
- Avaya s8100_media_servers R12
- Avaya definityone_media_servers
- Avaya ip600_media_servers
- Avaya ip600_media_servers R11
- Avaya ip600_media_servers R9
- Avaya ip600_media_servers R8
- Avaya ip600_media_servers R7
- Avaya ip600_media_servers R6
- Avaya definityone_media_servers R6
- Avaya definityone_media_servers R7
- Avaya definityone_media_servers R8
- Avaya definityone_media_servers R9
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers R8
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R6
- Microsoft internet_explorer 6.0 SP1
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers
- Avaya s8100_media_servers R11
- Avaya definityone_media_servers R11
- Avaya modular_messaging S3400