Update Details

Update #3059 (04/27/2018)

82 updated signatures:

HIGH	SSL:MCAFEE-AM-INPUT-VALIDATION	SSL: McAfee Asset Manager ReportsAudit.jsp Input Validation Error
HIGH	SSL:HEWLETT-PACKARD-VERTICA-RCI	SSL: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection
HIGH	SSL:VULN:OPENSSL-X509-DOS	SSL: OpenSSL X509_cmp_time Denial-of-Service
MEDIUM	SSL:OSSIM-COMMAND-EXEC	SSL: AlienVault OSSIM Arbitrary Command Injection
HIGH	SSL:ALIEN-VAULT-SOAP-REQUEST-CE	SSL: AlienVault OSSIM av-centerd Util.pm Request Arbitrary Command Execution
HIGH	SSL:VULN:MOZILLA-NSS-REG	SSL: Mozilla Network Security Services Regexp Heap Overflow
MEDIUM	SSL:VULN:ASN1-TYPE-CMP-DOS	SSL: OpenSSL ASN1_TYPE_cmp Denial of Service
HIGH	SSL:GNUTLS-CERT-POLICY-BYPASS	SSL: GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass
HIGH	SSL:VULN:CVE-2015-0291-DOS	SSL: OpenSSL Signature Algorithm CVE-2015-0291 DOS
HIGH	SSL:NOVELL-GROUPWISE-DIR-TRA	SSL: Novell GroupWise Service FileUploadServlet Directory Traversal
HIGH	SSL:APPLE-SSL-BYPASS	SSL: Apple Products SSL Security Feature Bypass
HIGH	SSL:MS-ACTIVE-DIR-RCE	SSL: Microsoft Active Directory Federation Services Code Execution
HIGH	SSL:VULN:NOVELL-NETIQ-SB	SSL: Novell NetIQ Privileged User Manager Eval Policy Bypass
HIGH	SSL:OPENSSL-MEMLEAK-DOS	SSL: OpenSSL Invalid Session Ticket Denial of Service
MEDIUM	SSL:NOVELL-IMANAGER-DOS	SSL: Novell iManager ASN.1 Parsing Denial of Service
HIGH	SSL:SAFESYNC-RCE	SSL: Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution
HIGH	SSL:OVERFLOW:HP-SYS-IPRANGE-OF	SSL: HP System Management Homepage iprange Stack Buffer Overflow
HIGH	SSL:CISCO-EPNM-DESERIAL-CE	SSL: Cisco Prime Infrastructure and EPNM Deserialization Code Execution
MEDIUM	SSL:ENCRYPTED-CMD-EXEC	SSL: Symantec Encryption Management Server Local Command Execution
HIGH	SSL:SOPHOS-WEBAPP-CMD-EXEC	SSL: Sophos Web Appliance SophosConfig Arbitrary Command Execution
HIGH	SSL:OPENSSL-ETM-REN-DOS	SSL: OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service
HIGH	SSL:MICROFOCUS-NETIQ-AB	SSL: Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass
HIGH	SSL:TMCM-INFO-DISC	SSL: Trend Micro Control Manager task_controller Information Disclosure
MEDIUM	SSL:OPENSSL-DHE-DOS	SSL: OpenSSL DHE Client Key Exchange Denial of Service
HIGH	SSL:ORACLE-VIRTUAL-AGT-CMD-INJ	SSL: Oracle Virtual Server Agent Command Injection
HIGH	SSL:ALIENVAULT-SQLI	SSL: AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection
HIGH	SSL:NAGIOS-NRPE-CHKUSRS-CI	SSL: Nagios Remote Plugin Executor Command Injection
MEDIUM	SSL:MCAFEE-AM-MGR-INFO-DISC	SSL: McAfee Asset Manager downloadReport Information Disclosure
HIGH	SSL:OPENSSL-ECDH-DOS	SSL: OpenSSL Anonymous ECDH Denial of Service
MEDIUM	SSL:SCHANNEL-IMPROPER-CERT	SSL: Microsoft IIS SChannel Improper Certificate Verification
HIGH	SSL:VULN:CVE-2015-0208-DOS	SSL: OpenSSL Invalid PSS Parameters Denial of Service
MEDIUM	SSL:GNUTLS-EXTRACT-DER-DOS	SSL: GnuTLS DER Certificate Format Decoding Denial of Service
HIGH	SSL:SSL-V3-TRAFFC-DOS	SSL: OpenSSL ssl23_get_client_hello Function Denial of Service
HIGH	SSL:OVERFLOW:ELLIPTIC-POLY-DOS	SSL: OpenSSL Elliptic Polynomial Denial-Of-Service
HIGH	SSL:BLOCKED-PHP-SQLI	SSL: Symantec Web Gateway blocked.php Blind SQL Injection
HIGH	SSL:OPENSSL-DO-SSL3-WRITE-DOS	SSL: OpenSSL do_ssl3_write Denial of Service
HIGH	SSL:ALIENVAULT-USM-SQLI	SSL: Alienvault Unified Security Management and OSSIM gauge.php SQL Injection
HIGH	SSL:INVALID:GNUTLS-RECORD-OF	SSL: GnuTLS TLS Record Application GenericBlockCipher Parsing Overflow
HIGH	SSL:OVERFLOW:MSCRSFT-SCHANNL-CE	SSL: Microsoft Windows SChannel Buffer Overflow
HIGH	SSL:TM-CM-PRODUCTTREE-ID	SSL: Trend Micro Control Manager Multiple Information Disclosure
HIGH	SSL:MICROFOCUS-GROUPWISE-XSS	SSL: Micro Focus GroupWise Admin Console Cross Site Scripting
HIGH	SSL:GNU-DER-PARSING-DOS	SSL: Gnu DER Certificate Parsing Denial Of Service
HIGH	SSL:OPENSSL-CHAINS-CERT-FORG	SSL: OpenSSL Alternative Chains Certificate Forgery Policy Bypass (1)
HIGH	SSL:SYMANTEC-ENDPOINT-XSS	SSL: Symantec Endpoint Protection Manager Cross-Site Scripting
HIGH	SSL:IPFIRE-PROXY-RCE	SSL: IPFire proxy.cgi Remote Code Execution
HIGH	SSL:OPENSSL-GET-KEY-EXCH-UAF	SSL: OpenSSL ssl3_get_key_exchange Use-After-Free Memory Corruption
HIGH	SSL:AVAST-ANTIVIRUS-CERT-RCE	SSL: Avast Antivirus X.509 Certificate Common Name Remote Command Execution
HIGH	SSL:ALIEN-VAULT-SOAP-CE	SSL: AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution
HIGH	SSL:INVALID:LIBTASN1-DOS	SSL: GnuTLS libtasn1 ASN.1 DER Infinite Loop Denial of Service
HIGH	SSL:HP-INODEMNGCHECKER-EXE-BOF	SSL: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow
MEDIUM	SSL:MD5-SIGNATURE-1	SSL: SSL Certificate Signed With MD5 Hash(1)
HIGH	SSL:HP-LOADRUNNER-BO	SSL: HP LoadRunner magentproc.exe Stack Buffer Overflow
HIGH	SSL:OPENSSL-MITM-SEC-BYPASS	SSL: OpenSSL ChangeCipherSpec MITM Security Bypass
HIGH	SSL:VULN:OPENSSL-HS-DOS	SSL: OpenSSL Handshake Denial Of Service
HIGH	SSL:SYMC-WEB-CMD-INJ	SSL: Symantec Web Gateway OS Command Injection
MEDIUM	SSL:DIGIUM-ASTERISK-SECBYPASS	SSL: Digium Asterisk NULL Certificate Security Bypass
HIGH	SSL:VULN:NOVELL-FSFUI-UP2	SSL: Novell File Reporter FSFUI File Upload 2
HIGH	SSL:OP5-MONITOR-CI	SSL: OP5 Monitor command_test.php Command Injection
MEDIUM	SSL:BEA-WEBLOGIC-DOS	SSL: BEA WebLogic SSL Handling Denial of Service
HIGH	SSL:TM-SPS-CI	SSL: Trend Micro Smart Protection Server admin_notification.php Command Injection
HIGH	SSL:TRENDMICRO-CRLMGR-HELLO	SSL: Trend Micro Control Manager download.php Information Disclosure
HIGH	SSL:SYMANTEC-CSRF	SSL: Symantec Endpoint Protection Manager Cross Site Request Forgery
HIGH	SSL:WS-APPSRV-RCE2	SSL: IBM WebSphere Application Server Remote Code Execution 2
MEDIUM	SSL:SYMANTEC-EP-POLICY-BYPASS	SSL: Symantec Endpoint Protection Console Servlet Policy Bypass
HIGH	SSL:SMART-PROTECTION-SERVER-CE	SSL: Trend Micro Smart Protection Server Command Injection
HIGH	SSL:ALIEN-VAULT-OSSIM-SOAP-CE-1	SSL: AlienVault OSSIM av-centerd Util.pm Request Arbitrary Command Execution (1)
HIGH	SSL:GNUTLS-TLS-RECORD-MC	SSL: GnuTLS TLS Record Decoding Out-of-bounds Memory Access
HIGH	SSL:OPENSSL-ECDH-UAF	SSL: OpenSSL ECDH Use After Free
HIGH	SSL:VIRTUAL-MOBILE-INFRA-CE	SSL: Trend Micro Virtual Mobile Infrastructure Command Injection
HIGH	SSL:OPENSSL-PEEK-DOS	SSL: OpenSSL SSL_peek Infinite Loop Denial of Service
HIGH	SSL:GNUTLS-CERT-BYPASS	SSL: GnuTLS Certificate Verification Policy Bypass
HIGH	SSL:HP-SYS-MGMT-HOME-PAGE-RCE	SSL: HP System Management Homepage iprange Parameter Code Execution
HIGH	SSL:MCAFEE-DIR-TRAVERSAL	SSL: McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal
HIGH	SSL:MCAFEE-EPOLICY-XML	SSL: McAfee ePolicy Orchestrator XML External Entity
HIGH	SSL:TREND-MICRO-DIR-TRAV	SSL: Trend Micro Control Manager Widget importFile.php Directory Traversal
HIGH	SSL:MICROSOFT-HTTP-SYS-2	SSL: Microsoft HTTP.sys HTTP 2.0 Denial of Service
HIGH	SSL:VULN:OPENSSL-PSS-PARAM	SSL: OpenSSL RSA PSS Absent Mask Generation Parameter Denial of Service
HIGH	SSL:SYMC-BACKUP-EXEC	SSL: Symantec Backup Exec System Recovery Manager Unauthorized File Upload
HIGH	SSL:VULN:HP-PROCURVE-SB	SSL: HP ProCurve Manager SNAC GetDomainControllerServlet Policy Bypass
HIGH	SSL:EPO-XMLNTITY-INJ	SSL: McAfee ePolicy CVE-2015-0921 XML Entity Injection
HIGH	SSL:APACHE-NIO-CONNECTOR-DOS	SSL: Apache Tomcat NIO Connector Denial of Service
MEDIUM	SSL:VULN:TREND-MICRO-CM-SQLI	SSL: Trend Micro Control Manager SQL Injection

Details of the signatures included within this bulletin:

SSL:MCAFEE-AM-INPUT-VALIDATION - SSL: McAfee Asset Manager ReportsAudit.jsp Input Validation Error

Severity: HIGH

Description:

This signature detects attempts to exploit an input validation vulnerability in the ReportsAudit.jsp file in McAfee Asset Manager. Attackers can submit a malicious request to execute arbitrary commands.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

bugtraq: 66302
cve: CVE-2014-2587

Affected Products:

Mcafee asset_manager 6.6

SSL:ALIEN-VAULT-SOAP-REQUEST-CE - SSL: AlienVault OSSIM av-centerd Util.pm Request Arbitrary Command Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Buffer Overflow in Alien Vault OSSIM. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2014-3805

Affected Products:

Alienvault open_source_security_information_management 4.4
Alienvault open_source_security_information_management 4.3
Alienvault open_source_security_information_management 4.1
Alienvault open_source_security_information_management 4.5
Alienvault open_source_security_information_management 4.0.4
Alienvault open_source_security_information_management 4.3.3
Alienvault open_source_security_information_management 4.2
Alienvault open_source_security_information_management 4.2.2
Alienvault open_source_security_information_management 4.6
Alienvault open_source_security_information_management 4.3.2
Alienvault open_source_security_information_management 4.1.3
Alienvault open_source_security_information_management 4.2.3
Alienvault open_source_security_information_management 4.0.3
Alienvault open_source_security_information_management 4.0
Alienvault open_source_security_information_management 4.6.1
Alienvault open_source_security_information_management 4.3.1
Alienvault open_source_security_information_management 4.1.2

SSL:GNUTLS-CERT-POLICY-BYPASS - SSL: GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass

Severity: HIGH

Description:

A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation if the target system has in its trusted list a CA that issues X.509 version 1 certificates.

Supported On:

References:

cve: CVE-2014-1959

Affected Products:

Gnu gnutls 3.1.9
Gnu gnutls 3.2.0
Gnu gnutls 3.2.10
Gnu gnutls 3.1.16
Gnu gnutls 3.1.17
Gnu gnutls 3.2.8.1
Gnu gnutls 3.1.18
Gnu gnutls 3.1.15
Gnu gnutls 3.1.19
Gnu gnutls 3.2.9
Gnu gnutls 3.2.8
Gnu gnutls 3.1.0
Gnu gnutls 3.1.1
Gnu gnutls 3.1.2
Gnu gnutls 3.1.20
Gnu gnutls 3.2.7
Gnu gnutls 3.1.3
Gnu gnutls 3.2.6
Gnu gnutls 3.1.4
Gnu gnutls 3.2.5
Gnu gnutls 3.1.10
Gnu gnutls 3.1.5
Gnu gnutls 3.2.4
Gnu gnutls 3.1.11
Gnu gnutls 3.1.6
Gnu gnutls 3.2.3
Gnu gnutls 3.1.12
Gnu gnutls 3.1.7
Gnu gnutls 3.2.2
Gnu gnutls 3.1.13
Gnu gnutls 3.1.8
Gnu gnutls 3.2.1
Gnu gnutls 3.1.14

SSL:NOVELL-GROUPWISE-DIR-TRA - SSL: Novell GroupWise Service FileUploadServlet Directory Traversal

Severity: HIGH

Description:

A directory traversal vulnerability exists within the Administration Service of Novell GroupWise 2014. The vulnerability is due to a flaw in handling of a parameter in the FileUploadServlet servlet. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation allows an attacker to disclose or destroy arbitrary files on the server.

Supported On:

References:

cve: CVE-2014-0600

Affected Products:

Novell groupwise 2014

SSL:OPENSSL-DO-SSL3-WRITE-DOS - SSL: OpenSSL do_ssl3_write Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2014-0198

Affected Products:

Openssl openssl 1.0.1e
Openssl openssl 1.0.0f
Openssl openssl 1.0.0c
Openssl openssl 1.0.0h
Openssl openssl 1.0.1d
Openssl openssl 1.0.1g
Openssl openssl 1.0.0b
Openssl openssl 1.0.0l
Openssl openssl 1.0.0g
Openssl openssl 1.0.0i
Openssl openssl 1.0.1c
Openssl openssl 1.0.0
Openssl openssl 1.0.0d
Openssl openssl 1.0.0j
Openssl openssl 1.0.0a
Openssl openssl 1.0.1f
Openssl openssl 1.0.1
Openssl openssl 1.0.0e
Openssl openssl 1.0.0k
Openssl openssl 1.0.1a
Openssl openssl 1.0.1b

SSL:VULN:NOVELL-NETIQ-SB - SSL: Novell NetIQ Privileged User Manager Eval Policy Bypass

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Novell NetIQ. The vulnerability is due to an access control weakness when handling calls to the eval method within POST requests. Successful exploitation could allow an attacker to bypass certain security restrictions and could lead to further attacks.

Supported On:

SSL:NOVELL-IMANAGER-DOS - SSL: Novell iManager ASN.1 Parsing Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Novell iManager. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2003-0543

Affected Products:

Openssl openssl 0.9.6
Openssl openssl 0.9.7

SSL:VULN:NOVELL-FSFUI-UP2 - SSL: Novell File Reporter FSFUI File Upload 2

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Novell File Reporter. Successful exploitation could allow an attacker to upload arbitrary files and it could lead to further attacks.

Supported On:

References:

bugtraq: 56579
cve: CVE-2012-4959

Affected Products:

Novell file_reporter 1.0.2

SSL:VULN:HP-PROCURVE-SB - SSL: HP ProCurve Manager SNAC GetDomainControllerServlet Policy Bypass

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in HP ProCurve Manager. Successful exploitation could allow an attacker to bypass certain security features and that could lead to further attacks.

Supported On:

SSL:ALIEN-VAULT-SOAP-CE - SSL: AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Alien Vault OSSIM. A successful attack can lead to multiple command execution.

Supported On:

References:

cve: CVE-2014-3804

Affected Products:

Alienvault open_source_security_information_management 4.4
Alienvault open_source_security_information_management 4.3
Alienvault open_source_security_information_management 4.1
Alienvault open_source_security_information_management 4.5
Alienvault open_source_security_information_management 4.0.4
Alienvault open_source_security_information_management 4.3.3
Alienvault open_source_security_information_management 4.2
Alienvault open_source_security_information_management 4.2.2
Alienvault open_source_security_information_management 4.6
Alienvault open_source_security_information_management 4.3.2
Alienvault open_source_security_information_management 4.1.3
Alienvault open_source_security_information_management 4.2.3
Alienvault open_source_security_information_management 4.0.3
Alienvault open_source_security_information_management 4.0
Alienvault open_source_security_information_management 4.6.1
Alienvault open_source_security_information_management 4.3.1
Alienvault open_source_security_information_management 4.1.2

SSL:SOPHOS-WEBAPP-CMD-EXEC - SSL: Sophos Web Appliance SophosConfig Arbitrary Command Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Sophos Web Appliance. A successful attack could allow the attacker to execute arbitrary commands with elevated privileges.

Supported On:

References:

url: http://www.sophos.com/en-us/support/knowledgebase/120230.aspx
url: http://www.zerodayinitiative.com/advisories/zdi-14-069/
bugtraq: 66734
cve: CVE-2014-2850

Affected Products:

Sophos web_appliance_firmware 3.1.0.1
Sophos web_appliance_firmware 3.4.1
Sophos web_appliance_firmware 3.3.5.1
Sophos web_appliance_firmware 3.4.0
Sophos web_appliance_firmware 3.3.6.1
Sophos web_appliance_firmware 3.2.4
Sophos web_appliance_firmware 3.3.6
Sophos web_appliance_firmware 3.7.0
Sophos web_appliance_firmware 3.2.2.1
Sophos web_appliance_firmware 3.7.9.1
Sophos web_appliance_firmware 3.0.4
Sophos web_appliance_firmware 3.7.1
Sophos web_appliance_firmware 3.4.8
Sophos web_appliance_firmware 3.7.8
Sophos web_appliance_firmware 3.7.2
Sophos web_appliance_firmware 3.5.2
Sophos web_appliance_firmware 3.7.3
Sophos web_appliance_firmware 3.5.3
Sophos web_appliance_firmware 3.6.4.2
Sophos web_appliance_firmware 3.4.3.1
Sophos web_appliance_firmware 3.7.4
Sophos web_appliance_firmware 3.5.0
Sophos web_appliance_firmware 3.0.1
Sophos web_appliance_firmware 3.7.5
Sophos web_appliance_firmware 3.6.4.1
Sophos web_appliance_firmware 3.5.1
Sophos web_appliance_firmware 3.2.7
Sophos web_appliance_firmware 3.0.3
Sophos web_appliance_firmware 3.7.6
Sophos web_appliance_firmware 3.2.1
Sophos web_appliance_firmware 3.5.6
Sophos web_appliance_firmware 3.5.1.2
Sophos web_appliance_firmware 3.8.1
Sophos web_appliance_firmware 3.0.2
Sophos web_appliance_firmware 3.7.7
Sophos web_appliance_firmware 3.8.0
Sophos web_appliance_firmware 3.1.4
Sophos web_appliance_firmware 3.7.8.1
Sophos web_appliance_firmware 3.3.4
Sophos web_appliance_firmware 3.5.4
Sophos web_appliance_firmware 3.6.3
Sophos web_appliance_firmware 3.0.0
Sophos web_appliance_firmware 3.7.8.2
Sophos web_appliance_firmware 3.3.5
Sophos web_appliance_firmware 3.5.5
Sophos web_appliance_firmware 3.1.2
Sophos web_appliance_firmware 3.0.1.1
Sophos web_appliance_firmware 3.2.3
Sophos web_appliance_firmware 3.0.5
Sophos web_appliance_firmware 3.4.7
Sophos web_appliance_firmware 3.1.1
Sophos web_appliance_firmware 3.1.3
Sophos web_appliance -
Sophos web_appliance_firmware 3.2.2
Sophos web_appliance_firmware 3.6.2.1
Sophos web_appliance_firmware 3.4.6
Sophos web_appliance_firmware 3.3.3
Sophos web_appliance_firmware 3.1.0
Sophos web_appliance_firmware 3.2.5
Sophos web_appliance_firmware 3.3.0
Sophos web_appliance_firmware 3.7.9
Sophos web_appliance_firmware 3.4.5
Sophos web_appliance_firmware 3.5.1.1
Sophos web_appliance_firmware 3.6.2.3
Sophos web_appliance_firmware 3.0.5.1
Sophos web_appliance_firmware 3.6.2.4.1
Sophos web_appliance_firmware 3.3.1
Sophos web_appliance_firmware 3.4.4
Sophos web_appliance_firmware 3.6.1.1
Sophos web_appliance_firmware 3.6.4
Sophos web_appliance_firmware 3.6.2.4.0
Sophos web_appliance_firmware 3.3.2
Sophos web_appliance_firmware 3.6.1
Sophos web_appliance_firmware 3.4.3
Sophos web_appliance_firmware 3.3.3.1
Sophos web_appliance_firmware 3.2.6
Sophos web_appliance_firmware 3.6.2
Sophos web_appliance_firmware 3.4.2
Sophos web_appliance_firmware 3.8.1.1

SSL:TMCM-INFO-DISC - SSL: Trend Micro Control Manager task_controller Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Trend Micro Control Manager. Successful exploitation of this vulnerability could allow attacker to disclose information from arbitrary files in the target system.

Supported On:

SSL:GNUTLS-EXTRACT-DER-DOS - SSL: GnuTLS DER Certificate Format Decoding Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against GnuTLS. A successful exploit can lead to denial of service.

Supported On:

References:

cve: CVE-2015-3622

Affected Products:

Gnu libtasn1 4.4
Fedoraproject fedora 21

SSL:ALIENVAULT-SQLI - SSL: AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection

Severity: HIGH

Description:

A SQL injection vulnerability has been reported in AlienVault USM and OSSIM. Successful exploitation could result in arbitrary command execution as the root user.

Supported On:

SSL:NAGIOS-NRPE-CHKUSRS-CI - SSL: Nagios Remote Plugin Executor Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Nagios NRPE. A successful attack can lead to arbitrary command injection and execution.

Supported On:

References:

bugtraq: 66969
cve: CVE-2014-2913

Affected Products:

Novell opensuse 11.4
Novell opensuse 13.1
Novell opensuse 12.3
Nagios remote_plugin_executor 2.15

SSL:OPENSSL-ECDH-DOS - SSL: OpenSSL Anonymous ECDH Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. The vulnerability is due to a NULL pointer dereference in processing handshake messages using anonymous ECDH ciphersuites. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target. Successful exploitation could lead to a denial of service condition.

Supported On:

References:

cve: CVE-2014-3470

SSL:OP5-MONITOR-CI - SSL: OP5 Monitor command_test.php Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the command_test.php script of op5 Monitor. Successful exploitation allows the attacker to execute arbitrary code under the security context of the user 'monitor'.

Supported On:

SSL:SSL-V3-TRAFFC-DOS - SSL: OpenSSL ssl23_get_client_hello Function Denial of Service

Severity: HIGH

Description:

This signature detects SSLv3 Traffic over the network. Attackers can make use of it, to modify network transmissions between the client and server.

Supported On:

References:

cve: CVE-2014-3569
cve: CVE-2014-3566

Affected Products:

Openssl openssl 1.0.1j

SSL:BEA-WEBLOGIC-DOS - SSL: BEA WebLogic SSL Handling Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against BEA WebLogic. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 10544
cve: CVE-2004-2424

Affected Products:

Bea_systems weblogic_express 8.1.0
Bea_systems weblogic_server 8.1.0
Bea_systems weblogic_server 8.1.0 SP 1
Bea_systems weblogic_server 8.1.0 SP 2
Bea_systems weblogic_express 8.1.0 SP 2
Bea_systems weblogic_server_for_win32 8.1.0
Bea_systems weblogic_express_for_win32 8.1.0
Bea_systems weblogic_express 8.1.0 SP 1
Bea_systems weblogic_server_for_win32 8.1.0 SP 1
Bea_systems weblogic_express 8.1.0 SP 3
Bea_systems weblogic_express_for_win32 8.1.0 SP 3
Bea_systems weblogic_express_for_win32 8.1.0 SP 2
Bea_systems weblogic_server_for_win32 8.1.0 SP 2
Bea_systems weblogic_express_for_win32 8.1.0 SP 1
Bea_systems weblogic_server_for_win32 8.1.0 SP 3
Bea_systems weblogic_express 8.1.0 SP 4
Bea_systems weblogic_express_for_win32 8.1.0 SP 4
Bea_systems weblogic_server 8.1.0 SP 4
Bea_systems weblogic_server_for_win32 8.1.0 SP 4
Bea_systems weblogic_server 8.1.0 SP 3

SSL:HP-SYS-MGMT-HOME-PAGE-RCE - SSL: HP System Management Homepage iprange Parameter Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP System Management. A successful attack can lead to arbitrary code execution.

Supported On:

SSL:ALIENVAULT-USM-SQLI - SSL: Alienvault Unified Security Management and OSSIM gauge.php SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Alienvault Unified Security Management and OSSIM. Successful exploitation could result in the execution of arbitrary SELECT commands against the database and the disclosure of information from the database.

Supported On:

References:

cve: CVE-2016-8582

Affected Products:

Alienvault open_source_security_information_and_event_management 5.3.1
Alienvault unified_security_management 5.3.1

SSL:TM-CM-PRODUCTTREE-ID - SSL: Trend Micro Control Manager Multiple Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in theTrend Micro Control Manager. Successful exploitation could allow the attacker to read arbitrary files from the target system.

Supported On:

References:

cve: CVE-2016-6220

Affected Products:

Trendmicro trend_micro_control_manager 6.0

SSL:GNU-DER-PARSING-DOS - SSL: Gnu DER Certificate Parsing Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against GnuTLS. A successful exploit can lead to denial-of-service.

Supported On:

References:

cve: CVE-2015-6251

Affected Products:

Gnu gnutls 3.3.5
Gnu gnutls 3.3.14
Gnu gnutls 3.3.15
Gnu gnutls 3.3.8
Gnu gnutls 3.3.9
Debian debian_linux 8.0
Gnu gnutls 3.3.2
Gnu gnutls 3.3.3
Gnu gnutls 3.3.12
Gnu gnutls 3.3.0
Gnu gnutls 3.3.13
Gnu gnutls 3.4.1
Gnu gnutls 3.3.1
Gnu gnutls 3.3.10
Gnu gnutls 3.4.0
Gnu gnutls 3.3.6
Gnu gnutls 3.3.11
Gnu gnutls 3.4.3
Gnu gnutls 3.3.7
Gnu gnutls 3.3.16
Gnu gnutls 3.4.2
Gnu gnutls 3.3.4

SSL:SAFESYNC-RCE - SSL: Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution

Severity: HIGH

Description:

A remote command execution vulnerability exists in Trend Micro SafeSync for Enterprise ad.pm page. The vulnerability is due to insufficient validation of the user-supplied id parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system. Successful exploitation could lead to arbitrary command execution under the security context of SYSTEM.

Supported On:

SSL:IPFIRE-PROXY-RCE - SSL: IPFire proxy.cgi Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the proxy.cgi script of IPFire. Successful exploitation allows the attacker to execute arbitrary code under the security context of a non-privileged user.

Supported On:

SSL:OPENSSL-GET-KEY-EXCH-UAF - SSL: OpenSSL ssl3_get_key_exchange Use-After-Free Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the OpenSSL library. The vulnerability is due to an error in ssl3_get_key_exchange function while handling server key exchange message. If a certificate structure contains a crafted value, the vulnerable code could cause a double-free error. Remote attackers could exploit this vulnerability by enticing the target user to connect to a malicious server using a vulnerable version of the OpenSSL library. Successful exploitation may allow for arbitrary code execution with the privileges of the application using the OpenSSL library.

Supported On:

References:

cve: CVE-2010-2939
bugtraq: 42306

Affected Products:

Debian linux 5.0 Ia-64
Ubuntu ubuntu_linux 6.06 LTS Powerpc
Ubuntu ubuntu_linux 6.06 LTS I386
Ubuntu ubuntu_linux 6.06 LTS Amd64
Vmware esx_server 3.0.3
Vmware esx_server 4.0
Netbsd netbsd 5.0
Ubuntu ubuntu_linux 8.04 LTS Amd64
Ubuntu ubuntu_linux 8.04 LTS I386
Ubuntu ubuntu_linux 8.04 LTS Lpia
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Ubuntu ubuntu_linux 8.04 LTS Sparc
Vmware esxi_server 4.1
Ubuntu ubuntu_linux 9.10 Amd64
Slackware linux 13.0
Ubuntu ubuntu_linux 9.10 Lpia
Ubuntu ubuntu_linux 9.10 Powerpc
Ubuntu ubuntu_linux 9.10 Sparc
Slackware linux 12.1
Hp system_management_homepage 6.2
Hp system_management_homepage 6.0.0.96
Ubuntu ubuntu_linux 9.10 I386
Slackware linux 13.0 X86 64
Vmware esxi_server 4.0
Freebsd freebsd 7.0
Ubuntu ubuntu_linux 10.10 amd64
Ubuntu ubuntu_linux 10.10 powerpc
Netbsd netbsd 4.0.1
Ubuntu ubuntu_linux 10.10 i386
Netbsd netbsd 5.0.1
Hp system_management_homepage 6.0
Hp system_management_homepage 6.2.0-12
Hp system_management_homepage 6.1
Netbsd netbsd 4.0.2
Debian linux 5.0
Debian linux 5.0 Alpha
Debian linux 5.0 Amd64
Debian linux 5.0 Arm
Debian linux 5.0 Hppa
Debian linux 5.0 Ia-32
Suse suse_linux_enterprise 11
Debian linux 5.0 M68k
Debian linux 5.0 Mips
Debian linux 5.0 Mipsel
Debian linux 5.0 Powerpc
Debian linux 5.0 S/390
Debian linux 5.0 Sparc
Slackware linux 13.1 X86 64
Ubuntu ubuntu_linux 9.04 Amd64
Ubuntu ubuntu_linux 9.04 I386
Ubuntu ubuntu_linux 9.04 Lpia
Ubuntu ubuntu_linux 9.04 Powerpc
Ubuntu ubuntu_linux 9.04 Sparc
Slackware linux 12.0
Ubuntu ubuntu_linux 10.04 I386
Hp system_management_homepage 6.2
Vmware esx_server 4.1
Hp system_management_homepage 6.1.0.102
Hp system_management_homepage 6.1.0.103
Vmware esxi_server 3.5
Suse suse_linux_enterprise 10 SP3
Vmware esx_server 3.5
Slackware linux X86 64 -Current
Netbsd netbsd 4.0
Ubuntu ubuntu_linux 10.04 Amd64
Suse suse_linux_enterprise 11 SP1
Ubuntu ubuntu_linux 10.04 Powerpc
Ubuntu ubuntu_linux 10.04 Sparc
Openssl_project openssl 1.0.0A
Hp system_management_homepage 6.0.0.95
Mandriva linux_mandrake 2010.1 X86 64
Mandriva linux_mandrake 2010.1
Slackware linux 11.0
Slackware linux -Current
Ubuntu ubuntu_linux 6.06 LTS Sparc
Suse opensuse 11.3
Slackware linux 13.1
Hp system_management_homepage 6.0.0-95
Hp system_management_homepage 6.1.0-103
Suse opensuse 11.2
Slackware linux 12.2
Netbsd netbsd 5.0.2
Suse opensuse 11.1
Debian linux 5.0 Armel
Pardus linux_2009

SSL:HP-INODEMNGCHECKER-EXE-BOF - SSL: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP iNode Management Center. A successful attack allows the attacker to execute arbitrary code within the context of the server.

Supported On:

References:

bugtraq: 48527
cve: CVE-2011-1867

Affected Products:

Hp intelligent_management_center_user_access_manager_(uam) 5.0
Hp intelligent_management_center_user_access_manager_(uam) 5.0 (E0101)
Hp intelligent_management_center_endpoint_admission_defense_(ead) 5.0
Hp intelligent_management_center_endpoint_admission_defense_(ead) 5.0 (E0101)

SSL:OPENSSL-MITM-SEC-BYPASS - SSL: OpenSSL ChangeCipherSpec MITM Security Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known security-bypass vulnerability against OpenSSL. A successful exploitation would provide an attacker the ability to decrypt traffic and inject plaintext into a TLS connection.

Supported On:

References:

bugtraq: 67899
cve: CVE-2014-0224

SSL:VULN:OPENSSL-HS-DOS - SSL: OpenSSL Handshake Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 9899
cve: CVE-2004-0079

Affected Products:

Cisco ios 12.1(11)EA1
Check_point_software vpn-1_vsx_ng_with_application_intelligence
Check_point_software firewall-1_vsx_ng_with_application_intelligence
Sgi irix 6.5.20 M
Sgi irix 6.5.20 F
Freebsd freebsd 4.8.0
Stonesoft stonebeat_webcluster 2.0.0
Red_hat linux 7.2.0
Cisco secure_content_accelerator_10000
Openssl_project openssl 0.9.6 F
Avaya s8300 R2.0.0
Openssl_project openssl 0.9.6 H
Cisco pix_firewall 6.2.0 (3)
Avaya s8300 R2.0.1
Check_point_software firewall-1_gx 2.0.0
Avaya intuity_r5 R5.1.46
Freebsd freebsd 5.2.0
Apple mac_os_x 10.3.9
Apple mac_os_x_server 10.3.9
Red_hat linux 8.0.0
Stonesoft stonebeat_fullcluster_for_firewall-1 3.0.0
Cisco pix_firewall 6.1.0 (2)
Cisco firewall_services_module_(fwsm) 1.1.2
Avaya intuity_audix_r5
Symantec clientless_vpn_gateway_4400_series 5.0.0
Sco open_server 5.0.6
Cisco pix_firewall 6.3.2
Cisco pix_firewall 6.1.5
Cisco pix_firewall 6.2.0 (3.100)
Cisco firewall_services_module_(fwsm) 2.1.0 (0.208)
Sgi irix 6.5.24 M
Avaya sg203 4.4.0
Cisco call_manager
Red_hat fedora Core1
Avaya sg208 4.4.0
Hp hp-ux 11.23.0
Openssl_project openssl 0.9.7 Beta1
Sgi propack 3.0.0
Cisco css11000_content_services_switch
Novell edirectory 8.5.12 a
Cisco pix_firewall 6.0.0 (4.101)
Cisco pix_firewall 6.0.3
Avaya vsu_100 R2.0.1
Stonesoft servercluster 2.5.0
Cisco pix_firewall 6.0.4
Cisco pix_firewall 6.1.4
Cisco threat_response
Cisco ios 12.2SY
Openbsd openbsd 3.3
Red_hat desktop 4.0.0
Tarantella enterprise_3 3.30.0
Openssl_project openssl 0.9.6 K
Stonesoft stonegate 2.0.4
Cisco ios 12.2ZA
Cisco ios 12.2(14)SY
Cisco ios 12.1(11B)E14
Check_point_software providor-1 4.1.0 SP1
Novell edirectory 8.0.0
Novell edirectory 8.7.0
Sgi propack 3.0.0 SP6
Rsa_security bsafe_ssl-j_sdk 3.0.0
Cisco mds_9000
Hp hp-ux 8.5.0
Apple mac_os_x_server 10.3.3
Rsa_security bsafe_ssl-j_sdk 3.1.0
Red_hat fedora Core3
Cisco firewall_services_module_(fwsm)
Cisco ciscoworks_common_management_foundation 2.1.0
Avaya vsu_2000 R2.0.1
Red_hat openssl-0.9.7a-2.i386.rpm
Red_hat openssl-devel-0.9.7a-2.i386.rpm
Red_hat openssl-perl-0.9.7a-2.i386.rpm
Red_hat openssl096-0.9.6-15.i386.rpm
Red_hat linux 7.3.0
Red_hat linux 7.3.0 I386
Vmware gsx_server 2.0.1 build 2129
Cisco firewall_services_module_(fwsm) 1.1.3
Cisco okena_stormwatch 3.2.0
Sco unixware 7.1.1
Hp hp-ux 11.0.0
Novell edirectory 8.7.1
Blue_coat_systems cacheos_ca/sa 4.1.10
Stonesoft stonegate 2.0.9
Freebsd freebsd 4.9.0
Novell edirectory 8.5.27
Stonesoft stonebeat_fullcluster_for_isa_server 3.0.0
Cisco access_registrar
Cisco pix_firewall 6.1.0 (3)
Cisco pix_firewall 6.1.0
Freebsd freebsd 5.1.0
Sgi propack 2.4.0
Cisco ios 12.2(14)SY1
Stonesoft stonegate 2.0.7
Tarantella enterprise_3 3.20.0 0
Cisco pix_firewall 6.0.0 (1)
Stonesoft stonebeat_fullcluster_for_raptor 2.0.0
Cisco ios 12.1(11B)E12
Cisco pix_firewall 6.1.0 (1)
Novell imanager 1.5.0
Novell imanager 2.0.0
4d webstar 5.3.1
4d webstar 5.3.0
4d webstar 5.2.4
4d webstar 5.2.3
4d webstar 5.2.2
4d webstar 5.2.1
Avaya sg5 4.3.0
Avaya sg5x 4.3.0
Avaya sg5x 4.2.0
Avaya sg200 4.31.29
Avaya sg203 4.31.29
Freebsd freebsd 5.1.0 -RELEASE
Freebsd freebsd 5.2.0 -RELEASE
Avaya vsu_5
Avaya vsu_5x
Check_point_software firewall-1_next_generation FP0
Check_point_software firewall-1_next_generation FP1
Check_point_software vpn-1_next_generation FP1
Check_point_software vpn-1_next_generation FP0
Check_point_software vpn-1_next_generation FP2
Check_point_software firewall-1_next_generation FP2
Openssl_project openssl 0.9.6 C
Stonesoft stonegate 1.7.2
Stonesoft stonegate 2.1.0
Secure_computing sidewinder 5.2.0 .0.01
Secure_computing sidewinder 5.2.0 .0.03
Secure_computing sidewinder 5.2.0 .0.04
Sco open_server 5.0.7
Secure_computing sidewinder 5.2.0 .1.02
Cisco pix_firewall 6.2.3
Red_hat enterprise_linux_as 3
Red_hat enterprise_linux_es 3
Netscreen instant_virtual_extranet 3.0.0
Netscreen instant_virtual_extranet 3.3.1
Cisco pix_firewall 6.3.1
Netscreen instant_virtual_extranet 3.3.0
Hp apache-based_web_server 2.0.43 .00
Cisco application_&_content_networking_software_(acns)
Cisco gss_4490_global_site_selector
Cisco css11500_content_services_switch
Tarantella enterprise_3 3.40.0
Cisco webns 7.10.0
Cisco webns 7.1.0 0.1.02
Cisco webns 7.1.0 0.2.06
Cisco webns 7.2.0 0.0.03
Sgi irix 6.5.22 m
4d webstar 5.2.0
Freebsd freebsd 5.1.0 -RELENG
Cisco pix_firewall 6.3.0
Freebsd freebsd 4.8.0 -RELENG
Lite_speed_technologies litespeed_web_server 1.3.1
Avaya s8700 R2.0.0
Cisco pix_firewall 6.3.0 (3.102)
Cisco pix_firewall 6.3.0 (3.109)
Cisco firewall_services_module_(fwsm) 1.1.0 (3.005)
Hp apache-based_web_server 2.0.43 .04
Stonesoft stonegate_vpn_client 2.0.8
Stonesoft stonegate_vpn_client 2.0.9
Stonesoft stonebeat_fullcluster_for_firewall-1 2.0.0
Hp wbem A.01.05.08
Cisco gss_4480_global_site_selector
Hp wbem A.02.00.00
Cisco ios 12.1(13)E9
Avaya sg208
Red_hat enterprise_linux_ws 3
Sgi irix 6.5.23 M
Openssl_project openssl 0.9.6 G
Cisco webns 6.10.0
Vmware gsx_server 2.0.0
Blue_coat_systems cacheos_ca/sa 4.1.12
Openssl_project openssl 0.9.6 J
Lite_speed_technologies litespeed_web_server 1.1.0
Lite_speed_technologies litespeed_web_server 1.1.1
Lite_speed_technologies litespeed_web_server 1.2.0 RC1
Lite_speed_technologies litespeed_web_server 1.2.0 RC2
Lite_speed_technologies litespeed_web_server 1.2.1
Lite_speed_technologies litespeed_web_server 1.2.2
Lite_speed_technologies litespeed_web_server 1.3.0
Lite_speed_technologies litespeed_web_server 1.3.0 RC1
Avaya sg5 4.2.0
Openssl_project openssl 0.9.6 I
Stonesoft stonebeat_fullcluster_for_gauntlet 2.0.0
Sun crypto_accelerator_4000 1.0.0
Sgi propack 2.3.0
Openssl_project openssl 0.9.7
4d webstar 4.0.0
Red_hat desktop 3.0.0
Citrix secure_gateway_for_solaris 1.13.0
Citrix secure_gateway_for_solaris 1.12.0
Cisco webns 6.10.0 B4
Openssl_project openssl 0.9.6 E
Openssl_project openssl 0.9.7 B
Hp wbem A.02.00.01
Stonesoft stonegate 2.2.1
Stonesoft stonegate 2.2.0
Cisco pix_firewall 6.2.0 (2)
Avaya vsu_500
Cisco pix_firewall 6.0.0 (2)
Hp hp-ux 11.11.0
Cisco pix_firewall 6.2.0 (1)
Stonesoft stonegate 2.0.6
Stonesoft stonegate 2.0.5
Stonesoft stonegate 2.0.1
Cisco ios 12.1(11B)E
Stonesoft stonegate 1.7.1
Stonesoft stonegate 1.7.0
Stonesoft stonegate 1.6.3
Stonesoft stonegate 1.6.2
Sco unixware 7.1.3
Stonesoft stonegate 1.5.17
Novell edirectory 8.5.0
Stonesoft stonegate 2.2.4
Novell edirectory 8.7.1 SU1
Vmware gsx_server 2.5.1
Secure_computing sidewinder 5.2.0 .1
Blue_coat_systems proxysg
Lite_speed_technologies litespeed_web_server 1.0.1
Cisco pix_firewall 6.2.2
Cisco pix_firewall 6.2.2 .111
Cisco pix_firewall 6.3.0 (1)
Sgi irix 6.5.21 M
Sgi irix 6.5.21 F
Stonesoft stonegate_vpn_client 2.0.7
Stonesoft stonegate_vpn_client 1.7.2
Stonesoft stonegate_vpn_client 2.0.0
Stonesoft stonegate_vpn_client 1.7.0
Avaya intuity LX
Avaya intuity S3210
Avaya intuity S3400
Red_hat enterprise_linux_as 4
Cisco pix_firewall 6.0.0
Red_hat enterprise_linux_ws 4
Avaya vsu_5000 R2.0.1
Avaya vsu_7500 R2.0.1
Avaya vsu_10000 R2.0.1
Avaya s8700 R2.0.1
Stonesoft stonebeat_webcluster 2.5.0
Avaya s8500 R2.0.0
Citrix secure_gateway_for_solaris 1.1.0
Apple mac_os_x 10.4.2
Avaya s8500 R2.0.1
Avaya sg5 4.4.0
Avaya sg5x 4.4.0
Avaya sg200 4.4.0
Hp aaa_server
Stonesoft servercluster 2.5.2
Cisco webns 7.10.0 .0.06s
Check_point_software providor-1 4.1.0
Cisco pix_firewall 6.1.3
Check_point_software providor-1 4.1.0 SP2
Check_point_software providor-1 4.1.0 SP3
Check_point_software providor-1 4.1.0 SP4
Avaya converged_communications_server 2.0.0
Openbsd openbsd 3.4
Lite_speed_technologies litespeed_web_server 1.0.3
Stonesoft stonegate 2.0.8
Vmware gsx_server 3.0.0 build 7592
Cisco ciscoworks_common_services 2.2.0
Stonesoft stonegate 1.5.18
Stonesoft stonebeat_securitycluster 2.0.0
Cisco pix_firewall 6.1.0 (4)
Vmware gsx_server 2.5.1 build 5336
Cisco ios 12.1(19)E1
Cisco pix_firewall 6.2.0
Cisco ios 12.1(11)E
Cisco ios 12.1(11)EC
Netscreen instant_virtual_extranet 3.1.0
Red_hat enterprise_linux_es 4
Cisco css_secure_content_accelerator 1.0.0
Secure_computing sidewinder 5.2.0
Computer_associates etrust_security_command_center 1.0.0
Openssl_project openssl 0.9.7 Beta2
Openssl_project openssl 0.9.7 Beta3
Cisco pix_firewall 6.2.1
Red_hat openssl096b-0.9.6b-3.i386.rpm
Openssl_project openssl 0.9.6 D
Stonesoft stonebeat_fullcluster_for_raptor 2.5.0
Red_hat fedora Core2
Openssl_project openssl 0.9.7 C
Secure_computing sidewinder 5.2.0 .0.02
Cisco pix_firewall 6.0.0 (4)
Openssl_project openssl 0.9.7 A
Cisco pix_firewall 6.1.0 (5)
Cisco css_secure_content_accelerator 2.0.0
Novell edirectory 8.6.2
Rsa_security bsafe_ssl-j_sdk 3.0.1
Lite_speed_technologies litespeed_web_server 1.3.0 RC2
Apple mac_os_x 10.3.3
Apple mac_os_x_server 10.4.2
Netscreen instant_virtual_extranet 3.2.0
Stonesoft stonebeat_securitycluster 2.5.0
Lite_speed_technologies litespeed_web_server 1.3.0 RC3

SSL:SYMC-WEB-CMD-INJ - SSL: Symantec Web Gateway OS Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Web Gateway. The vulnerability is due to insufficient input validation by existing application scripts accessible though the SWG console's interface. A remote authenticated attacker can leverage this vulnerability to inject and execute commands with SYSTEM privileges.

Supported On:

References:

bugtraq: 71620
cve: CVE-2014-7285

Affected Products:

Symantec web_gateway 5.2.1

SSL:SCHANNEL-IMPROPER-CERT - SSL: Microsoft IIS SChannel Improper Certificate Verification

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Information Server (IIS). The vulnerability is due to the improper way IIS handles Client Certificate Mapping. A successful attack attempt will allow the attacker to use another user's client certificate without the proper private key.

Supported On:

References:

cve: CVE-2009-0085

Affected Products:

Microsoft windows_xp (sp2)
Microsoft windows_vista gold
Microsoft windows_server_2003 (sp2:itanium)
Microsoft windows_server_2008 (:x64)
Microsoft windows_server_2008 (:itanium)
Microsoft windows_vista (:x64)
Microsoft windows_vista (sp1)
Microsoft windows_xp (:x64)
Microsoft windows_server_2003 (sp1:itanium)
Microsoft windows_server_2003 (sp2:x64)
Microsoft windows_vista (sp1:x64)
Microsoft windows_server_2003 (sp2)
Microsoft windows_xp (sp3)
Microsoft windows_server_2003 (:x64)
Microsoft windows_server_2003 (sp1)
Microsoft windows_xp (sp2:x64)
Microsoft windows_2000 (sp4)

SSL:TM-SPS-CI - SSL: Trend Micro Smart Protection Server admin_notification.php Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the admin_notification.php script of Trend Micro Smart Protection Server. Successful exploitation could lead to arbitrary code execution under the security context of the webserv process.

Supported On:

References:

cve: CVE-2016-6267

Affected Products:

Trend_micro smart_protection_server 2.5
Trend_micro smart_protection_server 2.6
Trend_micro smart_protection_server 3.0

SSL:TRENDMICRO-CRLMGR-HELLO - SSL: Trend Micro Control Manager download.php Information Disclosure

Severity: HIGH

Description:

An information disclosure vulnerability exists in Trend Micro Control Manager. Successful exploitation could result in an arbitrary file read from the target server.

Supported On:

SSL:ALIEN-VAULT-OSSIM-SOAP-CE-1 - SSL: AlienVault OSSIM av-centerd Util.pm Request Arbitrary Command Execution (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Buffer Overflow in Alien Vault OSSIM. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 69239
cve: CVE-2014-5210

Affected Products:

Alienvault open_source_security_information_management 2.1
Alienvault open_source_security_information_management 4.3.3
Alienvault open_source_security_information_management 2.1.2
Alienvault open_source_security_information_management 4.6
Alienvault open_source_security_information_management 4.3.2
Alienvault open_source_security_information_management 4.2
Alienvault open_source_security_information_management 2.1.5
Alienvault open_source_security_information_management 4.0.3
Alienvault open_source_security_information_management 4.4
Alienvault open_source_security_information_management 4.5
Alienvault open_source_security_information_management 4.1.3
Alienvault open_source_security_information_management 4.3
Alienvault open_source_security_information_management 1.0.6
Alienvault open_source_security_information_management 4.0
Alienvault open_source_security_information_management 4.1.2
Alienvault open_source_security_information_management 4.1
Alienvault open_source_security_information_management 1.0.4
Alienvault open_source_security_information_management 3.1.10
Alienvault open_source_security_information_management 2.1.5-1
Alienvault open_source_security_information_management 4.6.1
Alienvault open_source_security_information_management 3.1
Alienvault open_source_security_information_management 3.1.12
Alienvault open_source_security_information_management 2.1.5-3
Alienvault open_source_security_information_management 4.0.4
Alienvault open_source_security_information_management 2.1.5-2
Alienvault open_source_security_information_management 4.2.2
Alienvault open_source_security_information_management 3.1.9
Alienvault open_source_security_information_management 4.2.3
Alienvault open_source_security_information_management 4.3.1

SSL:SMART-PROTECTION-SERVER-CE - SSL: Trend Micro Smart Protection Server Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Trend Micro Smart Protection Server. Successful exploitation could lead to arbitrary code execution.

Supported On:

References:

Affected Products:

Trend_micro smart_protection_server 2.5
Trend_micro smart_protection_server 2.6
Trend_micro smart_protection_server 3.0

SSL:GNUTLS-TLS-RECORD-MC - SSL: GnuTLS TLS Record Decoding Out-of-bounds Memory Access

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in in GnuTLS. The vulnerability is due to an error in the function _gnutls_ciphertext2compressed(). A remote attacker could exploit this vulnerability to cause an affected server or a client application to crash resulting in a denial-of-service condition.

Supported On:

References:

bugtraq: 60215
cve: CVE-2013-2116

Affected Products:

Gnu gnutls 2.12.23

SSL:VIRTUAL-MOBILE-INFRA-CE - SSL: Trend Micro Virtual Mobile Infrastructure Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Trend Micro Virtual Mobile Infrastructure. Successful exploitation could lead to arbitrary code execution.

Supported On:

References:

Affected Products:

Trend_micro virtual_mobile_infrastructure 5.0

SSL:OPENSSL-PEEK-DOS - SSL: OpenSSL SSL_peek Infinite Loop Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability exists in OpenSSL. Successful exploitation will cause the server application to use up 100% of its CPU resources, resulting in a denial-of-service condition.

Supported On:

References:

cve: CVE-2016-6305

Affected Products:

Openssl openssl 1.1.0

SSL:OPENSSL-ETM-REN-DOS - SSL: OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service

Severity: HIGH

Description:

This vulnerability is in OpenSSL due to improper handling of the Encrypt-Then-Mac extension during renegotiation. successful exploitation can lead to to denial of Service.

Supported On:

References:

cve: CVE-2017-3733

Affected Products:

Hp operations_agent 11.15
Openssl openssl 1.1.0c
Hp operations_agent 11.14
Openssl openssl 1.1.0b
Openssl openssl 1.1.0
Openssl openssl 1.1.0a
Openssl openssl 1.1.0d

SSL:TREND-MICRO-DIR-TRAV - SSL: Trend Micro Control Manager Widget importFile.php Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Trend Micro Control Manager. A successful attack can result in directory traversal attacks.

Supported On:

SSL:VULN:CVE-2015-0291-DOS - SSL: OpenSSL Signature Algorithm CVE-2015-0291 DOS

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL while performing signature algorithm extension communication. A successful attack can result in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

url: https://www.openssl.org/news/secadv_20150319.txt
cve: CVE-2015-0291

Affected Products:

Openssl openssl 1.0.2

SSL:OPENSSL-ECDH-UAF - SSL: OpenSSL ECDH Use After Free

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. The vulnerability is due to an error in processing handshake messages arriving in incorrect order by ephemeral ECDH ciphersuites. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted TLS handshake sequence. A successful attack would result in the execution of arbitrary attacker code in the context of the affected application. If the attack fails, the application may terminate abnormally, resulting in a denial-of-service condition. Applications using OpenSSL may be affected by this vulnerability if the version of OpenSSL they use supports ephemeral ECDH ciphersuites and if these ciphersuites are enabled in the application configuration.

Supported On:

References:

bugtraq: 49471
cve: CVE-2011-3210

Affected Products:

Openssl_project openssl 0.9.8J
Openssl_project openssl 0.9.8I
Ubuntu ubuntu_linux 11.04 amd64
Ubuntu ubuntu_linux 11.10 amd64
Ubuntu ubuntu_linux 11.10 i386
Ubuntu ubuntu_linux 11.04 powerpc
Hp system_management_homepage 3.0.0.64
Hp system_management_homepage 3.0.0.68
Ubuntu ubuntu_linux 10.04 Amd64
Ubuntu ubuntu_linux 10.04 I386
Openssl_project openssl 0.9.8K
Ubuntu ubuntu_linux 10.04 Sparc
Openssl_project openssl 1.0.0A
Ubuntu ubuntu_linux 10.04 ARM
Openssl_project openssl 0.9.8 A
Hp system_management_homepage
Hp system_management_homepage 3.0.1.73
Hp system_management_homepage 6.0.0.96
Hp hp-ux B.11.11
Openssl_project openssl 1.0.0b
Avaya 96x1_ip_deskphone 6
Ubuntu ubuntu_linux 11.04 ARM
Hp system_management_homepage 6.0.0.95
Ubuntu ubuntu_linux 10.10 i386
Openssl_project openssl 0.9.8 E
Ubuntu ubuntu_linux 11.04 i386
Mandriva linux_mandrake 2010.1 X86 64
Mandriva linux_mandrake 2010.1
Ubuntu ubuntu_linux 8.04 LTS Amd64
Ubuntu ubuntu_linux 8.04 LTS Lpia
Mandriva linux_mandrake 2011
Mandriva linux_mandrake 2011 x86_64
Ubuntu ubuntu_linux 8.04 LTS Sparc
Openssl_project openssl 0.9.8O
Openssl_project openssl 0.9.8p
Openssl_project openssl 0.9.8Q
Openssl_project openssl 0.9.8L
Ubuntu ubuntu_linux 10.10 amd64
Ubuntu ubuntu_linux 10.10 powerpc
Hp system_management_homepage 3.0.2.77
Ubuntu ubuntu_linux 8.04 LTS I386
Hp insight_control_for_linux_(ic-linux) 7.0
Openssl_project openssl 0.9.8R
Openssl_project openssl 0.9.8s
Hp system_management_homepage 6.2
Openssl_project openssl 0.9.8
Ubuntu ubuntu_linux 10.04 Powerpc
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Kolab kolab_groupware_server 2.3.2
Kolab kolab_groupware_server 2.3.1
Openssl_project openssl 1.0.0d
Hp system_management_homepage 3.0.0-68
Hp system_management_homepage 3.0.1-73
Hp system_management_homepage 3.0.2.77 B
Hp system_management_homepage 3.0.2-77
Openssl_project openssl 0.9.8 F
Hp system_management_homepage 6.1.0-103
Openssl_project openssl 0.9.8H
Openssl_project openssl 0.9.8M
Openssl_project openssl 0.9.8N
Kolab kolab_groupware_server 2.2.4
Hp hp-ux B.11.23
Hp system_management_homepage 6.1.0.102
Hp system_management_homepage 6.1.0.103
Ubuntu ubuntu_linux 10.10 ARM
Hp system_management_homepage 6.2.2.7
Hp system_management_homepage 6.1
Hp hp-ux B.11.31
Hp system_management_homepage 6.0
Openssl_project openssl 1.0.0c
Hp system_management_homepage 6.0.0-95
Openssl_project openssl 0.9.8 B
Openssl_project openssl 0.9.8G
Openssl_project openssl 0.9.8 C
Hp system_management_homepage 6.3
Hp system_management_homepage 6.2
Hp system_management_homepage 6.2.0-12
Openssl_project openssl 0.9.8 D

SSL:INVALID:LIBTASN1-DOS - SSL: GnuTLS libtasn1 ASN.1 DER Infinite Loop Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability exists in libtasn1, a component of GnuTLS. Successful exploitation may result in a denial-of-service condition.

Supported On:

References:

url: http://seclists.org/oss-sec/2016/q2/66
cve: CVE-2016-4008

Affected Products:

Canonical ubuntu_linux 12.04
Gnu libtasn1 4.7
Canonical ubuntu_linux 16.04
Canonical ubuntu_linux 15.10
Fedoraproject fedora 23
Novell opensuse 13.2
Fedoraproject fedora 22
Canonical ubuntu_linux 14.04
Fedoraproject fedora 24

SSL:WS-APPSRV-RCE2 - SSL: IBM WebSphere Application Server Remote Code Execution 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM WebSphere Application. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

url: http://www-01.ibm.com/support/docview.wss?uid=swg21970575
url: http://securitytracker.com/id?1034097
cve: CVE-2015-4852
bugtraq: 77653
cve: CVE-2015-7450

Affected Products:

Oracle weblogic_server 12.1.2.0
Oracle weblogic_server 12.1.3.0
Oracle weblogic_server 12.2.1.0
Oracle weblogic_server 10.3.6.0

SSL:VULN:TREND-MICRO-CM-SQLI - SSL: Trend Micro Control Manager SQL Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Trend Micro Control Manager. A successful attack can lead to arbitrary code execution.

Supported On:

References:

url: http://esupport.trendmicro.com/solution/en-us/1114749.aspx

SSL:VULN:MOZILLA-NSS-REG - SSL: Mozilla Network Security Services Regexp Heap Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Mozilla Network Security Services. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 35891
cve: CVE-2009-2404

Affected Products:

Mozilla seamonkey 1.0
Mozilla network_security_services_(nss) 3.12.2
Mozilla network_security_services_(nss) 3.12
Debian linux 5.0 Ia-64
Sun solaris 10 Sparc
Red_hat enterprise_linux_desktop 5 Client
Sun opensolaris Build Snv 84
Debian linux 5.0 Mips
Vmware esx_server 4.0
Sun opensolaris Build Snv 101A
Sun opensolaris Build Snv 119
Sun solaris 10 X86
Mozilla network_security_services_(nss) 3.2.0
Debian linux 5.0 Powerpc
Sun opensolaris Build Snv 57
Sun opensolaris Build Snv 121
Sun java_system_access_manager_policy_agent 2.2
Mozilla firefox 3.0.7 Beta
Mandriva linux_mandrake 2009.1 X86 64
Ubuntu ubuntu_linux 8.04 LTS Amd64
Sun opensolaris Build Snv 50
Ubuntu ubuntu_linux 8.04 LTS Lpia
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Ubuntu ubuntu_linux 8.04 LTS Sparc
Red_hat desktop 3.0.0
Sun opensolaris Build Snv 48
Mozilla network_security_services_(nss) 3.4.0
Mozilla firefox 3.0.11
Sun java_system_directory_server_enterprise_edition 6.0
Suse opensuse 10.3
Mozilla network_security_services_(nss) 3.6.0
Sun opensolaris Build Snv 112
Mozilla firefox 3.0.4
Sun opensolaris Build Snv 123
Mozilla network_security_services_(nss) 3.3.0
Mozilla network_security_services_(nss) 3.3.1
Mozilla network_security_services_(nss) 3.3.2
Sun opensolaris Build Snv 49
Mozilla network_security_services_(nss) 3.4.1
Mozilla network_security_services_(nss) 3.4.2
Mozilla network_security_services_(nss) 3.5.0
Mozilla network_security_services_(nss) 3.6.1
Mozilla network_security_services_(nss) 3.7.0
Mozilla network_security_services_(nss) 3.7.1
Mozilla firefox 3.0.8
Mozilla network_security_services_(nss) 3.7.3
Mozilla network_security_services_(nss) 3.7.5
Mozilla network_security_services_(nss) 3.7.7
Mozilla network_security_services_(nss) 3.8.0
Slackware linux 13.0
Slackware linux 13.0 X86 64
Mozilla network_security_services_(nss) 3.7.2
Sun opensolaris Build Snv 102
Sun java_system_directory_server 5.2 Patch2
Sun solaris 9 Sparc
Sun java_system_directory_server 5.2 Patch4
Sun java_system_directory_server 5.2 2005Q4
Slackware linux 12.1
Sun opensolaris Build Snv 68
Sun opensolaris Build Snv 99
Suse suse_linux_enterprise 10 SP2 DEBUGINFO
Mozilla seamonkey 1.0.3
Sun opensolaris Build Snv 92
Sun opensolaris Build Snv 85
Sun opensolaris Build Snv 64
Vmware vma 4.0
Sun opensolaris Build Snv 91
Suse suse_linux_enterprise_desktop 11
Sun opensolaris Build Snv 110
Sun opensolaris Build Snv 111
Mandriva linux_mandrake 2008.0
Mandriva linux_mandrake 2008.0 X86 64
Sun java_system_directory_server 5.2 Patch6
Sun java_system_directory_server 5.2 2003Q4
Sun java_system_directory_server 5.2 2005Q1
Debian linux 4.0 Alpha
Sun java_system_directory_server 5.2 2004Q2
Mozilla firefox 3.0.2
Suse suse_linux_enterprise_server 11 DEBUGINFO
Mozilla firefox 3.0 Beta 5
Red_hat enterprise_linux_as 4.7.Z
Red_hat enterprise_linux_es 4.7.Z
Mozilla seamonkey 1.0.6
Sun opensolaris Build Snv 54
Sun opensolaris Build Snv 118
Mozilla firefox 3.0.7
Sun opensolaris Build Snv 51
Mozilla seamonkey 1.0.8
Suse suse_linux_enterprise_sdk 10 SP3
Pardus linux_2008
Suse suse_linux_enterprise_server 10 SP3
Suse suse_linux_enterprise 10 SP3 DEBUGINFO
Avaya cms_server 16.0
Suse suse_linux_enterprise_server 11
Sun opensolaris Build Snv 101
Sun opensolaris Build Snv 116
Mozilla firefox 3.0.9
Mozilla seamonkey 1.0.1
Ubuntu ubuntu_linux 9.04 Amd64
Sun opensolaris Build Snv 100
Debian linux 5.0
Debian linux 5.0 Alpha
Debian linux 5.0 Amd64
Debian linux 5.0 Arm
Debian linux 5.0 Hppa
Debian linux 5.0 Ia-32
Suse suse_linux_enterprise 11
Debian linux 5.0 M68k
Red_hat enterprise_linux_as 3
Debian linux 5.0 Mipsel
Red_hat enterprise_linux_ws 3
Debian linux 5.0 S/390
Mozilla firefox 3.0
Mozilla firefox 3.0.1
Avaya interactive_response 3.0
Sun opensolaris Build Snv 108
Mozilla network_security_services_(nss) 3.9.2
Sun opensolaris Build Snv 80
Suse opensuse 11.0
Sun opensolaris Build Snv 93
Sun opensolaris Build Snv 94
Red_hat enterprise_linux_es 3
Mandriva enterprise_server 5
Mandriva linux_mandrake 2009.1
Mandriva linux_mandrake 2009.0 X86 64
Ubuntu ubuntu_linux 9.04 I386
Ubuntu ubuntu_linux 9.04 Lpia
Ubuntu ubuntu_linux 9.04 Powerpc
Ubuntu ubuntu_linux 9.04 Sparc
Sun opensolaris Build Snv 88
Sun java_system_directory_server 5.2 Patch3
Sun opensolaris Build Snv 89
Red_hat enterprise_linux_desktop_workstation 5 Client
Red_hat enterprise_linux 5 Server
Sun opensolaris Build Snv 103
Slackware linux 12.0
Sun opensolaris Build Snv 95
Ubuntu ubuntu_linux 8.04 LTS I386
Mandriva linux_mandrake 2009.0
Sun opensolaris Build Snv 87
Slackware linux -Current
Sun opensolaris Build Snv 59
Sun opensolaris Build Snv 124
Avaya interactive_response 4.0
Avaya cms_server 15.0
Mandriva corporate_server 3.0.0
Sun java_system_directory_server_enterprise_edition 6.1
Sun java_system_directory_server_enterprise_edition 6.2
Sun java_system_directory_server_enterprise_edition 6.3
Sun java_system_directory_server_enterprise_edition 6.3.1
Sun opensolaris Build Snv 83
Sun opensolaris Build Snv 111A
Mozilla network_security_services_(nss) 3.2.1
Sun one_directory_server 5.2.0
Sun opensolaris Build Snv 109
Sun opensolaris Build Snv 58
Sun opensolaris Build Snv 96
Sun opensolaris Build Snv 104
Sun opensolaris Build Snv 90
Debian linux 4.0 Armel
Debian linux 4.0 Amd64
Debian linux 4.0 Arm
Debian linux 4.0 Hppa
Debian linux 4.0 Ia-32
Debian linux 4.0 Ia-64
Debian linux 4.0 M68k
Debian linux 4.0 Mips
Debian linux 4.0 Mipsel
Debian linux 4.0 Powerpc
Debian linux 4.0 S/390
Debian linux 4.0 Sparc
Debian linux 4.0
Mozilla seamonkey 1.0 Dev
Mozilla seamonkey 1.0.2
Mozilla firefox 3.0.10
Mozilla network_security_services_(nss) 3.11
Sun opensolaris Build Snv 81
Sun opensolaris Build Snv 117
Sun opensolaris Build Snv 82
Sun opensolaris Build Snv 113
Sun opensolaris Build Snv 114
Suse suse_linux_enterprise_desktop 10 SP2
Suse suse_linux_enterprise_server 10 SP2
Suse suse_linux_enterprise_sdk 10 SP2
Ubuntu ubuntu_linux 8.10 Amd64
Ubuntu ubuntu_linux 8.10 I386
Ubuntu ubuntu_linux 8.10 Lpia
Ubuntu ubuntu_linux 8.10 Powerpc
Ubuntu ubuntu_linux 8.10 Sparc
Sun solaris 9 X86
Sun opensolaris Build Snv 120
Red_hat enterprise_linux_as 4
Mozilla firefox 3.0.5
Red_hat enterprise_linux_ws 4
Red_hat enterprise_linux Desktop Version 4
Sun java_enterprise_system 2005Q4
Sun opensolaris Build Snv 98
Mozilla network_security_services_(nss) 3.11.3
Slackware linux 11.0
Sun java_enterprise_system 5
Mozilla seamonkey 1.0.5
Sun opensolaris Build Snv 67
Mozilla firefox 3.0.6
Sun opensolaris Build Snv 76
Sun opensolaris Build Snv 77
Sun opensolaris Build Snv 78
Red_hat enterprise_linux 5.2.Z Server
Debian linux 5.0 Sparc
Sun opensolaris Build Snv 122
Mozilla firefox 3.0.3
Mandriva corporate_server 3.0.0 X86 64
Sun opensolaris Build Snv 115
Debian linux 5.0 Armel
Mandriva enterprise_server 5 X86 64
Mozilla seamonkey 1.0.7
Sun opensolaris Build Snv 105
Red_hat enterprise_linux_es 4
Slackware linux 12.2
Mozilla network_security_services_(nss) 3.9.0
Sun opensolaris Build Snv 86
Mozilla firefox 3.0.12
Sun java_system_directory_server 5.2
Sun opensolaris Build Snv 61
Sun opensolaris Build Snv 106
Sun opensolaris Build Snv 107
Suse opensuse 11.1
Suse suse_linux_enterprise_desktop 10 SP3

SSL:VULN:ASN1-TYPE-CMP-DOS - SSL: OpenSSL ASN1_TYPE_cmp Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful exploit can lead to denial of service condition in the context of the application.

Supported On:

References:

bugtraq: 73225
cve: CVE-2015-0286

Affected Products:

Openssl openssl 1.0.0d
Openssl openssl 1.0.0e
Openssl openssl 1.0.1l
Openssl openssl 1.0.0f
Openssl openssl 1.0.1k
Openssl openssl 1.0.0g
Openssl openssl 1.0.1j
Openssl openssl 1.0.1i
Openssl openssl 1.0.0a
Openssl openssl 1.0.1h
Openssl openssl 1.0.0b
Openssl openssl 0.9.8ze
Openssl openssl 1.0.1b
Openssl openssl 1.0.0c
Openssl openssl 1.0.0q
Openssl openssl 1.0.0l
Openssl openssl 1.0.1
Openssl openssl 1.0.0m
Openssl openssl 1.0.1g
Openssl openssl 1.0.0
Openssl openssl 1.0.0n
Openssl openssl 1.0.1f
Openssl openssl 1.0.0o
Openssl openssl 1.0.1e
Openssl openssl 1.0.2
Openssl openssl 1.0.0h
Openssl openssl 1.0.1d
Openssl openssl 1.0.0i
Openssl openssl 1.0.1c
Openssl openssl 1.0.0j
Openssl openssl 1.0.0p
Openssl openssl 1.0.0k
Openssl openssl 1.0.1a

SSL:APPLE-SSL-BYPASS - SSL: Apple Products SSL Security Feature Bypass

Severity: HIGH

Description:

There signature detects attempts to exploit a known issue against Apple Products in the way it handles SSL/TLS session version negotiation. By injecting malformed traffic into an SSL or TLS session, a man-in-the-middle attacker can exploit this vulnerability.

Supported On:

References:

cve: CVE-2014-1266

Affected Products:

Apple mac_os_x 10.9.1
Apple iphone_os 6.1.4
Apple iphone_os 6.0
Apple iphone_os 6.1.3
Apple mac_os_x 10.9
Apple apple_tv 6.0.1
Apple iphone_os 7.0.3
Apple iphone_os 6.1
Apple apple_tv 6.0
Apple iphone_os 6.1.2
Apple iphone_os 7.0
Apple iphone_os 7.0.2
Apple iphone_os 7.0.5
Apple iphone_os 7.0.1
Apple iphone_os 7.0.4
Apple iphone_os 6.0.2
Apple iphone_os 6.1.5
Apple iphone_os 6.0.1

SSL:MS-ACTIVE-DIR-RCE - SSL: Microsoft Active Directory Federation Services Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Active Directory. A successful attack can lead to arbitrary remote code execution within the context of the affected application.

Supported On:

References:

bugtraq: 37214
cve: CVE-2009-2509

Affected Products:

Microsoft windows_server 2008 R2
Microsoft windows_server_2008_r2_datacenter
Microsoft windows_server_2008_for_x64-based_systems R2
Microsoft windows_server_2008_datacenter_edition SP2
Microsoft windows_server_2008_enterprise_edition SP2
Microsoft windows_server_2008_standard_edition SP2
Microsoft windows_server_2008_for_32-bit_systems SP2
Microsoft windows_server_2008_for_x64-based_systems SP2
Microsoft windows_server_2003_x64 SP2
Microsoft windows_server_2003_standard_edition
Microsoft windows_server_2003_enterprise_x64_edition SP2
Microsoft windows_server_2003_standard_edition SP2
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_server_2003 SP1
Microsoft windows_server_2003 SP2
Microsoft windows_server_2008_datacenter_edition
Microsoft windows_server_2008_enterprise_edition
Microsoft windows_server_2008_standard_edition
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_web_edition SP1
Microsoft windows_server_2003_x64 SP1
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_server_2003_web_edition SP2
Microsoft windows_server_2003_datacenter_x64_edition SP2
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008 SP2 Beta

SSL:OPENSSL-MEMLEAK-DOS - SSL: OpenSSL Invalid Session Ticket Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability exists in OpenSSL. It is due to a memory leak when OpenSSL processes invalid session tickets to verify their integrity. A remote, unauthenticated attacker can send crafted handshake messages to cause memory leaks, exhaust system memory and create a denial of service condition on an application using the vulnerable library.

Supported On:

References:

bugtraq: 70586
cve: CVE-2014-3567

Affected Products:

Openssl openssl 1.0.0d
Openssl openssl 1.0.0e
Openssl openssl 1.0.0f
Openssl openssl 1.0.0g
Openssl openssl 1.0.1i
Openssl openssl 1.0.0a
Openssl openssl 0.9.8zb
Openssl openssl 1.0.1h
Openssl openssl 1.0.0b
Openssl openssl 1.0.0c
Openssl openssl 1.0.0l
Openssl openssl 1.0.1
Openssl openssl 1.0.0m
Openssl openssl 1.0.1g
Openssl openssl 1.0.0
Openssl openssl 1.0.0n
Openssl openssl 1.0.1f
Openssl openssl 1.0.1e
Openssl openssl 1.0.0h
Openssl openssl 1.0.1d
Openssl openssl 1.0.0i
Openssl openssl 1.0.1c
Openssl openssl 1.0.0j
Openssl openssl 1.0.1b
Openssl openssl 1.0.0k
Openssl openssl 1.0.1a

SSL:OVERFLOW:HP-SYS-IPRANGE-OF - SSL: HP System Management Homepage iprange Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP System Management Homepage. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2013-2362

Affected Products:

Hp system_management_homepage up to 7.2
Hp system_management_homepage 7.0
Hp system_management_homepage 7.1

SSL:CISCO-EPNM-DESERIAL-CE - SSL: Cisco Prime Infrastructure and EPNM Deserialization Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Cisco Prime Infrastructure and Evolved programmable Network Manager (EPNM). A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2016-1291

Affected Products:

Cisco prime_infrastructure 2.2.0
Cisco prime_infrastructure 1.4.0
Cisco prime_infrastructure 1.2.0
Cisco prime_infrastructure 2.1.0
Cisco prime_infrastructure 1.3.0
Cisco prime_infrastructure 1.3.0.20
Cisco prime_infrastructure 1.4.1
Cisco prime_infrastructure 1.2.1
Cisco prime_infrastructure 1.2.0.103
Cisco prime_infrastructure 2.2%5c%282%5c%29
Cisco evolved_programmable_network_manager 1.2.0
Cisco prime_infrastructure 1.4.2
Cisco prime_infrastructure 1.4.0.45
Cisco prime_infrastructure 2.0.0

SSL:ENCRYPTED-CMD-EXEC - SSL: Symantec Encryption Management Server Local Command Execution

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Encryption Management. A successful exploit can lead to remote command execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 72308
cve: CVE-2014-7288

Affected Products:

Symantec pgp_universal_server 3.3.2
Symantec encryption_management_server 3.3.2

SSL:MICROFOCUS-NETIQ-AB - SSL: Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Micro Focus NetIQ Sentinel Server. The vulnerability is due to a flaw in SentinelContext Java class that allows a user to retrieve a valid authentication cookie from the vulnerable server by providing "admin" user name in an HTTP request. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to bypass authentication and gain access to the web application as admin user.

Supported On:

References:

cve: CVE-2016-1605

Affected Products:

Netiq sentinel 7.4.1
Netiq sentinel 7.4

SSL:ORACLE-VIRTUAL-AGT-CMD-INJ - SSL: Oracle Virtual Server Agent Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle VM. The vulnerability is due to an input validation error in proxy parameters of utl_test_url function in Oracle VM Agent when processing XML-RPC requests. A remote authenticated attacker can exploit this vulnerabilities to inject and execute arbitrary commands.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 44031
cve: CVE-2010-3582

Affected Products:

Oracle oracle_vm 2.2.1

SSL:MCAFEE-AM-MGR-INFO-DISC - SSL: McAfee Asset Manager downloadReport Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known flaw in the McAfee Asset Manager. A successful attack can lead to gain access to restricted files. This may lead to disclosure of sensitive information.

Supported On:

References:

bugtraq: 66302
cve: CVE-2014-2588

Affected Products:

Mcafee asset_manager 6.6

SSL:VULN:CVE-2015-0208-DOS - SSL: OpenSSL Invalid PSS Parameters Denial of Service

Severity: HIGH

Description:

Supported On:

References:

url: https://www.openssl.org/news/secadv_20150319.txt
cve: CVE-2015-0208

Affected Products:

Openssl openssl 1.0.2

SSL:OPENSSL-DHE-DOS - SSL: OpenSSL DHE Client Key Exchange Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful exploit can lead to denial of service in the context of the application.

Supported On:

References:

bugtraq: 73238
cve: CVE-2015-1787

Affected Products:

Openssl openssl 1.0.2

SSL:OVERFLOW:ELLIPTIC-POLY-DOS - SSL: OpenSSL Elliptic Polynomial Denial-Of-Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

References:

url: http://securitytracker.com/id?1032564
url: https://www.openssl.org/news/secadv_20150611.txt
cve: CVE-2015-1788

Affected Products:

Openssl openssl 1.0.0d
Openssl openssl 1.0.1m
Openssl openssl 1.0.0e
Openssl openssl 1.0.1l
Openssl openssl 1.0.0f
Openssl openssl 1.0.1k
Openssl openssl 1.0.0g
Openssl openssl 1.0.1j
Openssl openssl 1.0.1i
Openssl openssl 1.0.0a
Openssl openssl 1.0.1h
Openssl openssl 1.0.0b
Openssl openssl 1.0.0p
Openssl openssl 1.0.0c
Openssl openssl 1.0.0q
Openssl openssl 1.0.0l
Openssl openssl 1.0.0r
Openssl openssl 1.0.1
Openssl openssl 1.0.0m
Openssl openssl 1.0.1g
Openssl openssl 0.9.8zf
Openssl openssl 1.0.0
Openssl openssl 1.0.0n
Openssl openssl 1.0.1f
Openssl openssl 1.0.0o
Openssl openssl 1.0.1e
Openssl openssl 1.0.2
Openssl openssl 1.0.0h
Openssl openssl 1.0.1d
Openssl openssl 1.0.0i
Openssl openssl 1.0.1c
Openssl openssl 1.0.2a
Openssl openssl 1.0.0j
Openssl openssl 1.0.1b
Openssl openssl 1.0.0k
Openssl openssl 1.0.1a

SSL:VULN:OPENSSL-X509-DOS - SSL: OpenSSL X509_cmp_time Denial-of-Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

References:

Affected Products:

Openssl openssl 1.0.0d
Openssl openssl 1.0.1m
Openssl openssl 1.0.0e
Openssl openssl 1.0.1l
Openssl openssl 1.0.0f
Openssl openssl 1.0.1k
Openssl openssl 1.0.0g
Openssl openssl 1.0.1j
Openssl openssl 1.0.1i
Openssl openssl 1.0.0a
Openssl openssl 1.0.1h
Openssl openssl 1.0.0b
Openssl openssl 1.0.0p
Openssl openssl 1.0.0c
Openssl openssl 1.0.0q
Openssl openssl 1.0.0l
Openssl openssl 1.0.0r
Openssl openssl 1.0.1
Openssl openssl 1.0.0m
Openssl openssl 1.0.1g
Openssl openssl 0.9.8zf
Openssl openssl 1.0.0
Openssl openssl 1.0.0n
Openssl openssl 1.0.1f
Openssl openssl 1.0.0o
Openssl openssl 1.0.1e
Openssl openssl 1.0.2
Openssl openssl 1.0.0h
Openssl openssl 1.0.1d
Openssl openssl 1.0.0i
Openssl openssl 1.0.1c
Openssl openssl 1.0.2a
Openssl openssl 1.0.0j
Openssl openssl 1.0.1b
Openssl openssl 1.0.0k
Openssl openssl 1.0.1a

SSL:MICROFOCUS-GROUPWISE-XSS - SSL: Micro Focus GroupWise Admin Console Cross Site Scripting

Severity: HIGH

Description:

A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.

Supported On:

References:

cve: CVE-2016-5760

Affected Products:

Novell groupwise 2014
Novell groupwise 2014_r2

SSL:OPENSSL-CHAINS-CERT-FORG - SSL: OpenSSL Alternative Chains Certificate Forgery Policy Bypass (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack could allow a remote attacker to bypass authentication by impersonating users or services.

Supported On:

References:

url: http://openssl.org/news/secadv_20150709.txt
bugtraq: 75652
url: http://securitytracker.com/id?1032817
cve: CVE-2015-1793

Affected Products:

Oracle supply_chain_products_suite 6.1.3.0
Openssl openssl 1.0.2b
Openssl openssl 1.0.1o
Oracle supply_chain_products_suite 6.1.2.2
Openssl openssl 1.0.2c
Openssl openssl 1.0.1n
Oracle supply_chain_products_suite 6.2.0

SSL:AVAST-ANTIVIRUS-CERT-RCE - SSL: Avast Antivirus X.509 Certificate Common Name Remote Command Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Avast Antivirus. A successful attack can lead to arbitrary code execution.

Supported On:

SSL:MD5-SIGNATURE-1 - SSL: SSL Certificate Signed With MD5 Hash(1)

Severity: MEDIUM

Description:

This signature detects SSL certificates that have been signed using the MD5 hash algorithm. Known weaknesses in the MD5 algorithm allow for certificates signed with it to be spoofed by attackers. The certificate detected by this signature could potentially be illegitimate. All certificates in the signing chain are checked.

Supported On:

References:

bugtraq: 33065
url: http://www.win.tue.nl/hashclash/rogue-ca/
cve: CVE-2004-0748
cve: CVE-2008-5448
cve: CVE-2003-0543
cve: CVE-2016-8027
cve: CVE-2017-11394
cve: CVE-2017-10949
bugtraq: 99169
cve: CVE-2017-4997

Affected Products:

Apache http_server 2.0.42
Apache http_server 2.0.38
Apache http_server 2.0.47
Apache http_server 2.0.43
Apache http_server 2.0.28
Apache http_server 2.0.48
Apache http_server 2.0
Apache http_server 2.0.37
Apache http_server 2.0.44
Apache http_server 2.0.49
Apache http_server 2.0.40
Apache http_server 2.0.36
Apache http_server 2.0.45
Apache http_server 2.0.32
Apache http_server 2.0.41
Apache http_server 2.0.39
Apache http_server 2.0.50
Apache http_server 2.0.46
Apache http_server 2.0.35

SSL:BLOCKED-PHP-SQLI - SSL: Symantec Web Gateway blocked.php Blind SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Symantec Web Gateway. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

References:

bugtraq: 54424
cve: CVE-2012-2574

Affected Products:

Symantec web_gateway 5.0.3
Symantec web_gateway 5.0.2
Symantec web_gateway 5.0.1
Symantec web_gateway 5.0.3.18
Symantec web_gateway 5.0.3.17

SSL:OVERFLOW:MSCRSFT-SCHANNL-CE - SSL: Microsoft Windows SChannel Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft SCHANNEL. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Microsoft SCHANNEL.

Supported On:

References:

bugtraq: 70954
cve: CVE-2014-6321

Affected Products:

Microsoft windows_server_2012 r2
Microsoft windows_7 -
Microsoft windows_server_2003
Microsoft windows_server_2012 -
Microsoft windows_server_2008 r2
Microsoft windows_8.1 -
Microsoft windows_8 -
Microsoft windows_vista -
Microsoft windows_rt -
Microsoft windows_rt_8.1 -
Microsoft windows_server_2008

SSL:SYMANTEC-CSRF - SSL: Symantec Endpoint Protection Manager Cross Site Request Forgery

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Symantec Endpoint Protection Manager . A successful exploit can lead to Cross-Site Request Forgery and spoof requests to the server as if from the target user.

Supported On:

References:

cve: CVE-2016-3653

Affected Products:

Symantec endpoint_protection_manager 12.1.6

SSL:HP-LOADRUNNER-BO - SSL: HP LoadRunner magentproc.exe Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP LoadRunner. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 61446
cve: CVE-2013-4800

Affected Products:

Hp loadrunner 9.50.0
Hp loadrunner up to 11.51
Hp loadrunner 9.52
Hp loadrunner 11.50
Hp loadrunner 9.51
Hp loadrunner 9.0.0
Hp loadrunner 11.0.0.0

SSL:SYMANTEC-EP-POLICY-BYPASS - SSL: Symantec Endpoint Protection Console Servlet Policy Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Endpoint Protection. A successful exploit can lead to policy bypass.

Supported On:

References:

cve: CVE-2015-1486

Affected Products:

Symantec endpoint_protection_manager 12.1.0

SSL:INVALID:GNUTLS-RECORD-OF - SSL: GnuTLS TLS Record Application GenericBlockCipher Parsing Overflow

Severity: HIGH

Description:

This signature detects a known flaw in GnuTLS. It is due to an error in ciphertext_to_compressed() which fails to verify the size of the ciphertext. Successful exploitation may allow the attacker to execute arbitrary code in the context of the service, or crash the target service which uses the library, causing a Denial Of Service condition.

Supported On:

References:

cve: CVE-2012-1573

Affected Products:

Gnu gnutls 2.12.14
Gnu gnutls 3.0.9
Gnu gnutls 2.3.8
Gnu gnutls 2.10.0
Gnu gnutls 2.12.8
Gnu gnutls 2.12.10
Gnu gnutls 2.10.2
Gnu gnutls 2.4.1
Gnu gnutls 2.10.4
Gnu gnutls 2.1.8
Gnu gnutls 2.4.3
Gnu gnutls 2.3.2
Gnu gnutls 2.0.4
Gnu gnutls 2.12.2
Gnu gnutls 2.3.0
Gnu gnutls 2.12.0
Gnu gnutls 2.3.6
Gnu gnutls 2.0.0
Gnu gnutls 2.12.6
Gnu gnutls 2.3.4
Gnu gnutls 2.0.2
Gnu gnutls 2.1.0
Gnu gnutls 2.12.4
Gnu gnutls 2.1.2
Gnu gnutls 2.12.12
Gnu gnutls 2.1.4
Gnu gnutls 3.0.13
Gnu gnutls 2.8.4
Gnu gnutls 2.1.6
Gnu gnutls 3.0.11
Gnu gnutls 2.6.3
Gnu gnutls 2.8.6
Gnu gnutls 2.6.1
Gnu gnutls 2.12.6.1
Gnu gnutls 2.8.0
Gnu gnutls 2.2.4
Gnu gnutls 2.8.2
Gnu gnutls 3.0.4
Gnu gnutls 2.6.5
Gnu gnutls 2.5.0
Gnu gnutls 2.2.2
Gnu gnutls 3.0.6
Gnu gnutls 2.2.0
Gnu gnutls 3.0.0
Gnu gnutls 3.0.2
Gnu gnutls 2.3.10
Gnu gnutls 2.12.15
Gnu gnutls 2.3.9
Gnu gnutls 2.7.4
Gnu gnutls 3.0.8
Gnu gnutls 2.10.1
Gnu gnutls 2.12.9
Gnu gnutls 2.4.0
Gnu gnutls 2.12.11
Gnu gnutls 2.10.3
Gnu gnutls 2.4.2
Gnu gnutls 2.3.3
Gnu gnutls 2.10.5
Gnu gnutls 2.3.1
Gnu gnutls 2.12.3
Gnu gnutls 3.0
Gnu gnutls 2.3.7
Gnu gnutls 2.12.1
Gnu gnutls 2.3.5
Gnu gnutls 2.0.1
Gnu gnutls 2.1.1
Gnu gnutls 2.12.7
Gnu gnutls 2.0.3
Gnu gnutls 2.1.3
Gnu gnutls 2.12.5
Gnu gnutls 2.1.5
Gnu gnutls 2.1.7
Gnu gnutls 2.12.13
Gnu gnutls 3.0.12
Gnu gnutls 2.6.2
Gnu gnutls 2.8.5
Gnu gnutls 3.0.10
Gnu gnutls 2.6.0
Gnu gnutls 2.6.6
Gnu gnutls 2.8.1
Gnu gnutls 3.0.5
Gnu gnutls 3.0.14
Gnu gnutls 2.6.4
Gnu gnutls 2.2.5
Gnu gnutls up to 2.12.16
Gnu gnutls 2.8.3
Gnu gnutls 3.0.7
Gnu gnutls 2.2.3
Gnu gnutls 3.0.1
Gnu gnutls 2.2.1
Gnu gnutls 3.0.3
Gnu gnutls 2.3.11

SSL:HEWLETT-PACKARD-VERTICA-RCI - SSL: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection

Severity: HIGH

Description:

A remote command injection vulnerability exists in the Management Console for Hewlett Packard Enterprise Vertica. Successful exploitation would allow the attacker to execute arbitrary OS commands in the underlying system as root privileges.

Supported On:

References:

cve: CVE-2016-2002

Affected Products:

Hp vertica 7.0.2.12
Hp vertica 7.2.1
Hp vertica 7.2.0
Hp vertica 7.1.2

SSL:DIGIUM-ASTERISK-SECBYPASS - SSL: Digium Asterisk NULL Certificate Security Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Digium Asterisk VoIP based application. Successful attacks could lead to security bypass and lead to further attacks.

Supported On:

References:

Affected Products:

Digium certified_asterisk 13.1
Digium asterisk 1.8.2.4
Digium asterisk 11.1.1
Digium asterisk 12.8.1
Digium asterisk 1.8.14.1
Digium certified_asterisk 1.8.2.0
Digium certified_asterisk 1.8.1.0
Digium asterisk 1.8.13.1
Digium asterisk 1.8.2.2
Digium asterisk 1.8.24.1
Digium asterisk 11.14.0
Digium asterisk 11.10.1
Digium asterisk 12.8.0
Digium asterisk 1.8.10.0
Digium asterisk 1.8.28.0
Digium asterisk 1.8.21.0
Digium certified_asterisk 1.8.11.0
Digium asterisk 1.8.11.1
Digium certified_asterisk 1.8.5.0
Digium asterisk 12.1.1
Digium asterisk 1.8.28.2
Digium certified_asterisk 11.6.0
Digium asterisk 11.7.0
Digium asterisk 11.13.0
Digium certified_asterisk 11.6
Digium asterisk 1.8.17.0
Digium asterisk 1.8.27.0
Digium asterisk 11.1.0
Digium asterisk 12.3.2
Digium asterisk 1.8.20.0
Digium asterisk 11.0.1
Digium asterisk 12.6.0
Digium asterisk 1.8.23.0
Digium asterisk 13.1.0
Digium asterisk 1.8.20.2
Digium asterisk 1.8.1.1
Digium asterisk 1.8.32.0
Digium asterisk 1.8.25.0
Digium asterisk 12.7.1
Digium asterisk 11.2.0
Digium asterisk 1.8.15.1
Digium asterisk 1.8.12.2
Digium certified_asterisk 1.8.28
Digium asterisk 1.8.22.0
Digium asterisk 1.8.3
Digium asterisk 1.8.12.0
Digium asterisk 13.3.0
Digium asterisk 1.8.1
Digium asterisk 12.4.0
Digium asterisk 11.3.0
Digium asterisk 1.8.18.0
Digium asterisk 11.8.0
Digium certified_asterisk 1.8.6.0
Digium asterisk 12.2.0
Digium asterisk 11.5.1
Digium asterisk 1.8.3.3
Digium asterisk 11.11.0
Digium certified_asterisk 1.8.14.0
Digium asterisk 11.1.2
Digium certified_asterisk 1.8.13.0
Digium asterisk 1.8.19.0
Digium asterisk 1.8.14.0
Digium asterisk 1.8.26.0
Digium asterisk 12.3.0
Digium asterisk 1.8.12
Digium asterisk 1.8.19.1
Digium certified_asterisk 1.8.12.0
Digium asterisk 1.8.2.1
Digium asterisk 11.10.0
Digium asterisk 1.8.13.0
Digium asterisk 1.8.2.3
Digium asterisk 1.8.24.0
Digium asterisk 1.8.28.1
Digium asterisk 1.8.23.1
Digium asterisk 1.8.10.1
Digium asterisk 12.1.0
Digium asterisk 13.0.1
Digium certified_asterisk 1.8.8.0
Digium asterisk 11.0.2
Digium asterisk 11.12.0
Digium asterisk 1.8.20.1
Digium asterisk 11.17.0
Digium asterisk 11.0.0
Digium asterisk 1.8.3.1
Digium asterisk 1.8.1.2
Digium certified_asterisk 1.8.0.0
Digium certified_asterisk 1.8.10.0
Digium asterisk 12.3.1
Digium asterisk 11.4.0
Digium certified_asterisk 1.8.7.0
Digium asterisk 1.8.11.0
Digium asterisk 12.7.0
Digium certified_asterisk 1.8.15
Digium asterisk 1.8.26.1
Digium certified_asterisk 1.8.4.0
Digium certified_asterisk 1.8.3.0
Digium asterisk 1.8.15.0
Digium asterisk 12.0.0
Digium asterisk 1.8.2
Digium asterisk 11.9.0
Digium asterisk 13.3.1
Digium asterisk 13.0.0
Digium asterisk 1.8.0
Digium asterisk 1.8.12.1
Digium asterisk 1.8.16.0
Digium asterisk 11.16.0
Digium asterisk 11.15.0
Digium certified_asterisk 1.8.28.0
Digium asterisk 1.8.18.1
Digium certified_asterisk 1.8.11
Digium asterisk 11.8.1
Digium asterisk 13.2.0
Digium asterisk 11.6.0
Digium asterisk 12.5.0
Digium asterisk 11.5.0
Digium asterisk 1.8.3.2
Digium certified_asterisk 1.8.9.0

SSL:GNUTLS-CERT-BYPASS - SSL: GnuTLS Certificate Verification Policy Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the GnuTLS Certificate. The vulnerability is due to an error in validating certificates. A remote attacker can employ this vulnerability to bypass certificate validation performed by an application using a vulnerable version of the GnuTLS library.

Supported On:

References:

cve: CVE-2014-0092

Affected Products:

Gnu gnutls 3.1.9
Gnu gnutls 3.2.0
Gnu gnutls 3.2.10
Gnu gnutls 3.1.16
Gnu gnutls 3.1.17
Gnu gnutls 3.2.8.1
Gnu gnutls 3.1.18
Gnu gnutls 3.1.15
Gnu gnutls 3.1.19
Gnu gnutls 3.2.11
Gnu gnutls 3.2.9
Gnu gnutls 3.2.8
Gnu gnutls 3.1.0
Gnu gnutls 3.1.1
Gnu gnutls 3.1.21
Gnu gnutls 3.1.2
Gnu gnutls 3.1.20
Gnu gnutls 3.2.7
Gnu gnutls 3.1.3
Gnu gnutls 3.2.6
Gnu gnutls 3.1.4
Gnu gnutls 3.2.5
Gnu gnutls 3.1.10
Gnu gnutls 3.1.5
Gnu gnutls 3.2.4
Gnu gnutls 3.1.11
Gnu gnutls 3.1.6
Gnu gnutls 3.2.3
Gnu gnutls 3.1.12
Gnu gnutls 3.1.7
Gnu gnutls 3.2.2
Gnu gnutls 3.1.13
Gnu gnutls 3.1.8
Gnu gnutls 3.2.1
Gnu gnutls 3.1.14

SSL:OSSIM-COMMAND-EXEC - SSL: AlienVault OSSIM Arbitrary Command Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against AlienVault OSSIM. A successful exploit can lead to the arbitrary command execution.

Supported On:

SSL:MCAFEE-DIR-TRAVERSAL - SSL: McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal

Severity: HIGH

Description:

This signature detects directory traversal attempts against the Mcafee Cloud. Attackers can use a slightly modified directory traversal attack to access files outside the Web server's path, from which they can gain sensitive information about the system and use it to craft a targeted attack.

Supported On:

References:

url: https://kc.mcafee.com/corporate/index?page=content&id=sb10066
url: http://www.zerodayinitiative.com/advisories/zdi-14-050/
bugtraq: 66181
cve: CVE-2014-2536

Affected Products:

Mcafee cloud_single_sign_on 4.0.0
Mcafee cloud_identity_manager 3.1
Mcafee cloud_identity_manager 3.5.1
Intel expressway_cloud_access_360 2.1
Intel expressway_cloud_access_360 2.5
Mcafee cloud_identity_manager 3.0

SSL:MCAFEE-EPOLICY-XML - SSL: McAfee ePolicy Orchestrator XML External Entity

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the McAfee ePolicy Orchestrato. A successful attack may result in data exposure and/or arbitrary command injection.

Supported On:

References:

bugtraq: 65771
cve: CVE-2014-2205

Affected Products:

Mcafee epolicy_orchestrator 4.6.7
Mcafee epolicy_orchestrator 4.6.3
Mcafee epolicy_orchestrator 4.6.6
Mcafee epolicy_orchestrator 4.6.2
Mcafee epolicy_orchestrator 4.6.5
Mcafee epolicy_orchestrator 4.6.1
Mcafee epolicy_orchestrator 4.6.4
Mcafee epolicy_orchestrator 4.6.0

SSL:MICROSOFT-HTTP-SYS-2 - SSL: Microsoft HTTP.sys HTTP 2.0 Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability exists in Microsoft Windows' HTTP 2.0 protocol stack. Successful exploitation of this vulnerability can cause the target system to become unresponsive, resulting in a denial-of-service condition.

Supported On:

References:

cve: CVE-2016-0150

Affected Products:

Microsoft windows_10 -
Microsoft windows_10 1511

SSL:VULN:OPENSSL-PSS-PARAM - SSL: OpenSSL RSA PSS Absent Mask Generation Parameter Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. The vulnerability is due to a NULL pointer dereference when an OpenSSL application receives and processes a crafted certificate containing an invalid RSA PSS parameter. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2015-3194

Affected Products:

Openssl openssl 1.0.1o
Openssl openssl 1.0.1n
Openssl openssl 1.0.1p
Openssl openssl 1.0.1m
Openssl openssl 1.0.1l
Openssl openssl 1.0.1k
Openssl openssl 1.0.1j
Openssl openssl 1.0.1i
Openssl openssl 1.0.1h
Openssl openssl 1.0.1
Openssl openssl 1.0.1g
Openssl openssl 1.0.2d
Openssl openssl 1.0.1f
Openssl openssl 1.0.1e
Openssl openssl 1.0.2
Openssl openssl 1.0.2b
Openssl openssl 1.0.1d
Openssl openssl 1.0.2c
Openssl openssl 1.0.1c
Openssl openssl 1.0.1b
Openssl openssl 1.0.2a
Openssl openssl 1.0.1a

SSL:SYMANTEC-ENDPOINT-XSS - SSL: Symantec Endpoint Protection Manager Cross-Site Scripting

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Endpoint Protection Manager.This can lead to arbitrary script code execution in the context of the affected user.

Supported On:

References:

cve: CVE-2016-3652

Affected Products:

Symantec endpoint_protection_manager 12.1.6

SSL:SYMC-BACKUP-EXEC - SSL: Symantec Backup Exec System Recovery Manager Unauthorized File Upload

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Backup Exec System Recovery Manager. Attackers can execute arbitrary commands in the security context of the service process.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2008-0457
bugtraq: 27487

Affected Products:

Symantec backup_exec_system_recovery_manager 7.0
Symantec backup_exec_system_recovery_manager 7.0.1

SSL:APACHE-NIO-CONNECTOR-DOS - SSL: Apache Tomcat NIO Connector Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Apache Tomcat. The vulnerability is due to an infinite loop in NIO Connector when a client breaks the connection in the middle of reading the response for a request to a big file. An unauthenticated, remote attacker can exploit this vulnerability by sending HTTP requests for a large file and disconnecting from the server while reading the file. Successful exploitation could result in a denial of service condition.

Supported On:

References:

cve: CVE-2012-4534

Affected Products:

Apache tomcat 7.0.18
Apache tomcat 6.0.13
Apache tomcat 6.0.5
Apache tomcat 6.0.10
Apache tomcat 6.0.31
Apache tomcat 7.0.0 (beta)
Apache tomcat 6.0.35
Apache tomcat 6.0.11
Apache tomcat 7.0.1
Apache tomcat 6.0.15
Apache tomcat 6.0.18
Apache tomcat 7.0.2 (beta)
Apache tomcat 6.0.14
Apache tomcat 6.0.19
Apache tomcat 6.0.30
Apache tomcat 6.0.2 (alpha)
Apache tomcat 6.0.9 (beta)
Apache tomcat 6.0.6 (alpha)
Apache tomcat 6.0.7 (alpha)
Apache tomcat 7.0.25
Apache tomcat 6.0.17
Apache tomcat 6.0.32
Apache tomcat 6.0.33
Apache tomcat 6.0.29
Apache tomcat 6.0.8 (alpha)
Apache tomcat 6.0
Apache tomcat 7.0.11
Apache tomcat 6.0.28
Apache tomcat 7.0.9
Apache tomcat 7.0.20
Apache tomcat 7.0.10
Apache tomcat 6.0.27
Apache tomcat 7.0.8
Apache tomcat 7.0.21
Apache tomcat 7.0.4 (beta)
Apache tomcat 7.0.13
Apache tomcat 6.0.26
Apache tomcat 7.0.22
Apache tomcat 7.0.12
Apache tomcat 6.0.3
Apache tomcat 7.0.23
Apache tomcat 7.0.15
Apache tomcat 6.0.24
Apache tomcat 6.0.16
Apache tomcat 6.0.4 (alpha)
Apache tomcat 7.0.14
Apache tomcat 6.0.2 (beta)
Apache tomcat 7.0.6
Apache tomcat 7.0.17
Apache tomcat 7.0.5
Apache tomcat 6.0.7 (beta)
Apache tomcat 7.0.16
Apache tomcat 6.0.12
Apache tomcat 6.0.0 (alpha)
Apache tomcat 6.0.1 (alpha)
Apache tomcat 7.0.7
Apache tomcat 7.0.19
Apache tomcat 6.0.20
Apache tomcat 7.0.3

SSL:EPO-XMLNTITY-INJ - SSL: McAfee ePolicy CVE-2015-0921 XML Entity Injection

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against McAfee ePolicy Orchestrator application. Successful exploitation could allow an attacker execute arbitrary codes into the context of the running application which could lead to further attacks.

Supported On:

References:

Affected Products:

Mcafee epolicy_orchestrator 5.1.0
Mcafee epolicy_orchestrator 5.1.1
Mcafee epolicy_orchestrator 5.0.1
Mcafee epolicy_orchestrator 5.0.0
Mcafee epolicy_orchestrator 4.6.8