Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3094 (08/28/2018)

7 new signatures:

HIGHHTTP:STC:ADOBE:CVE-2018-12754CEHTTP: Adobe Reader CVE-2018-12754 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2018-12824CEHTTP: Adobe Flash CVE-2018-12824 Remote Code Execution
MEDIUMHTTP:STC:ADOBE:CVE-2018-12826IDHTTP: Adobe Flash Player CVE-2018-12826 Information Disclosure
HIGHHTTP:STC:ADOBE:CVE-2018-12808MCHTTP: Adobe Pdf CVE-2018-12808 Out Of Bound Write
HIGHHTTP:STC:ADOBE:CVE-2018-12825SBHTTP: Adobe Flash Player CVE-2018-12825 Security Bypass
HIGHHTTP:APACHE:CVE-2018-11776RCHTTP: Apache Struts2 CVE-2018-11776 Remote Code Execution
MEDIUMNFS:MOUNT-INVALID-VERSIONNFS: Mount Protocol Invalid Version

5 updated signatures:

HIGHHTTP:STC:CVE-2018-8414RCEHTTP: Microsoft Windows Shell CVE-2018-8414 Remote Code Execution
MEDIUMHTTP:STC:SCRIPT:JS-ARRAY-POSTHTTP: Heuristics PHP Array POST Obfuscation
HIGHHTTP:STC:ACTIVEX:DBPOWERAMPHTTP: dBpowerAMP Audio Player 2 unsafe ActiveX Control
HIGHHTTP:STC:DL:CVE-2018-8376-RCEHTTP: Microsoft Powerpoint CVE-2018-8376 Remote code Execution
HIGHHTTP:STC:IE:CVE-2018-0893MCHTTP: Microsoft Edge CVE-2018-0893 Scripting Engine Memory Corruption Vulnerability

10 deleted signatures:

DOS:WINDOWS:WINNUKE-NETBIOSDOS: WinNuke (netbios)
SMB:MS-WIN-2000-LANMAN-UDP-DOSSMB: Microsoft Windows 2000 Lanman UDP Denial of Service
IP:SRC-ROUTE-OFIGMP: Source Route Overflow
DOS:IP:IGMP-OVERSIZEDOS: IGMP Oversize
NETBIOS:DOS:RFPOISONNETBIOS RFPoision DOS Attack
FINGER:USER:ROOTFINGER: User "root"
HTTP:STC:CLSID:ACTIVEX:WH32-OFHTTP: WinHelp32.exe Remote Buffer Overrun
SCAN:CYBERCOP:FINGER-QUERYSCAN: Cybercop Finger Query
FINGER:USER:SLASH-FILEFINGER: / File Query
SCAN:MISC:HTTP:FINGER-PROBESCAN: Finger Probe


Details of the signatures included within this bulletin:

DOS:WINDOWS:WINNUKE-NETBIOS - DOS: WinNuke (netbios)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Windows and SCO Open Server. SCO Open Server 5.0 and all versions of Windows are susceptible. Attackers can remotely send "Out of Band" data (with the URGENT bit set in the TCP header) to NETBIOS/139, causing the service to terminate.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 2010
  • url: http://www.securityfocus.com/advisories/1007
  • url: http://www.securityfocus.com/advisories/1411
  • cve: CVE-1999-0153

Affected Products:

  • Microsoft windows_nt
  • Microsoft windows_2000
  • Microsoft windows_95
  • Sco openserver 5.0

HTTP:STC:ADOBE:CVE-2018-12754CE - HTTP: Adobe Reader CVE-2018-12754 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2018-12754

HTTP:STC:SCRIPT:JS-ARRAY-POST - HTTP: Heuristics PHP Array POST Obfuscation

Severity: MEDIUM

Description:

This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

FINGER:USER:ROOT - FINGER: User "root"

Severity: MEDIUM

Description:

This signature detects attempts to exploit the FINGER service. Attackers can send root FINGER requests to determine who is running as root on the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • url: http://probing.csx.cam.ac.uk/about/finger.html
  • cve: CVE-1999-0612

Affected Products:

  • Gnu fingerd
  • Microsoft windows_nt
  • Gnu finger_service
  • Microsoft windows_2000

HTTP:STC:IE:CVE-2018-0893MC - HTTP: Microsoft Edge CVE-2018-0893 Scripting Engine Memory Corruption Vulnerability

Severity: HIGH

Description:

This signature detects an attempt to exploit a Memory Corruption in Microsoft Edge. Successful exploitation could allow an attacker to execute arbitrary code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 103288
  • cve: CVE-2018-0893

SMB:MS-WIN-2000-LANMAN-UDP-DOS - SMB: Microsoft Windows 2000 Lanman UDP Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Windows 2000. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 4532
  • cve: CVE-2002-0597

Affected Products:

  • Microsoft windows_2000_advanced_server SP1
  • Microsoft windows_2000_professional SP1
  • Microsoft windows_2000_server SP1
  • Microsoft windows_2000_professional SP2
  • Microsoft windows_2000_professional
  • Microsoft windows_2000_server SP2
  • Microsoft windows_2000_advanced_server SP2
  • Microsoft windows_2000_server
  • Microsoft windows_2000_advanced_server

FINGER:USER:SLASH-FILE - FINGER: / File Query

Severity: MEDIUM

Description:

This signature detects attempts to exploit vulnerabilities in finger daemons. Attackers can exploit a poorly-written finger daemon to read arbitrary files on a system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-1999-0612

IP:SRC-ROUTE-OF - IGMP: Source Route Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Windows Win32 TCP/IP Stack. A successful attack can lead to a buffer overflow and arbitrary remote code execution with SYSTEM privileges.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609

References:

  • url: http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
  • bugtraq: 27100
  • cve: CVE-2007-0069

Affected Products:

  • Microsoft windows_xp_professional
  • Microsoft windows_xp_media_center_edition SP2
  • Microsoft windows_xp_home SP1
  • Hp storage_management_appliance 2.1
  • Microsoft windows_xp_home
  • Microsoft windows_xp_embedded
  • Microsoft windows_xp_embedded SP1
  • Microsoft windows_server_2003_web_edition SP2
  • Microsoft windows_server_2003_web_edition SP1
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Microsoft small_business_server_2003
  • Microsoft windows_server_2003_x64 SP2
  • Microsoft windows_xp_media_center_edition SP1
  • Microsoft windows_home_server
  • Microsoft small_business_server_2003 R2
  • Microsoft small_business_server_2003 R2 SP2
  • Microsoft windows_server_2003_itanium SP2
  • Microsoft windows_server_2003_x64 SP1
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_tablet_pc_edition
  • Microsoft windows_vista Ultimate
  • Microsoft windows_vista Home Premium
  • Microsoft windows_vista Business
  • Microsoft windows_vista Enterprise
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_vista_business_64-bit_edition
  • Microsoft windows_vista Home Basic
  • Microsoft windows_xp_64-bit_edition
  • Microsoft windows_server_2003_standard_x64_edition
  • Microsoft windows_server_2003_enterprise_x64_edition
  • Microsoft windows_xp_professional SP1
  • Microsoft windows_server_2003 SP1
  • Microsoft windows_server_2003 SP2
  • Microsoft windows_xp_professional_x64_edition
  • Microsoft windows_server_2003_datacenter_edition SP1
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition SP1
  • Microsoft windows_server_2003_standard_edition SP1
  • Microsoft windows_vista_enterprise_64-bit_edition
  • Microsoft windows_vista_home_premium_64-bit_edition
  • Microsoft windows_vista_ultimate_64-bit_edition
  • Microsoft small_business_server_2003_premium_edition
  • Microsoft windows_server_2003_enterprise_edition
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_server_2003_datacenter_x64_edition
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft windows_xp_professional_x64_edition SP2
  • Microsoft windows_server_2003_itanium
  • Microsoft windows_server_2003_itanium SP1
  • Microsoft small_business_server_2003 SP2
  • Microsoft windows_server_2003_datacenter_x64_edition SP2
  • Microsoft windows_server_2003_enterprise_x64_edition SP2
  • Microsoft windows_server_2003_standard_edition SP2
  • Microsoft windows_vista_home_basic_64-bit_edition
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_tablet_pc_edition SP1
  • Microsoft windows_xp

HTTP:STC:CVE-2018-8414RCE - HTTP: Microsoft Windows Shell CVE-2018-8414 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 105016
  • cve: CVE-2018-8414

SCAN:MISC:HTTP:FINGER-PROBE - SCAN: Finger Probe

Severity: INFO

Description:

This signature detects access to the FINGER CGI program, a common target of vulnerability scans. Attackers can use the program to determine valid users on the network.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-1999-0612

SCAN:CYBERCOP:FINGER-QUERY - SCAN: Cybercop Finger Query

Severity: LOW

Description:

This signature detects attempts to scan the system using CyberCop Scanner. Attackers can be attempting to locate a version of the FINGER service that exposes user information to anyone on the network.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • url: http://www.juniper.net/security/auto/vulnerabilities/vuln2320.html
  • url: http://www.windowsitpro.com/WindowsSecurity/Article/ArticleID/9203/9203.html
  • url: http://en.wikipedia.org/wiki/Finger_protocol
  • cve: CVE-1999-0612

HTTP:STC:ACTIVEX:DBPOWERAMP - HTTP: dBpowerAMP Audio Player 2 unsafe ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in dBpowerAMP Audio Player 2. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.dbpoweramp.com/dbpoweramp.htm

HTTP:STC:DL:CVE-2018-8376-RCE - HTTP: Microsoft Powerpoint CVE-2018-8376 Remote code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Microsoft Powerpoint. Successful exploitation could allow an attacker to execute arbitrary code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-8376

DOS:IP:IGMP-OVERSIZE - DOS: IGMP Oversize

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the IGMP header in Microsoft Windows 98 and 2000 TCP/IP stacks. Attackers can send maliciously crafted IGMP headers to cause the stack to fail and cause a denial of service.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609

References:

  • bugtraq: 514
  • cve: CVE-1999-0918

Affected Products:

  • Microsoft windows_nt 4.0 SP2
  • Microsoft windows_nt_server 4.0
  • Microsoft windows_nt_enterprise_server 4.0
  • Microsoft windows_2000_server
  • Microsoft windows_nt 4.0 SP1
  • Microsoft windows_nt 4.0 SP5
  • Microsoft windows_nt 4.0 SP3
  • Microsoft windows_nt 4.0 SP4
  • Microsoft windows_nt_enterprise_server 4.0 SP1
  • Microsoft windows_nt_enterprise_server 4.0 SP2
  • Microsoft windows_nt_terminal_server 4.0 SP3
  • Microsoft windows_nt_enterprise_server 4.0 SP4
  • Microsoft windows_nt_enterprise_server 4.0 SP3
  • Microsoft windows_nt_enterprise_server 4.0 SP5
  • Microsoft windows_nt_server 4.0 SP1
  • Microsoft windows_nt_server 4.0 SP2
  • Microsoft windows_nt_server 4.0 SP3
  • Microsoft windows_nt_server 4.0 SP4
  • Microsoft windows_nt_server 4.0 SP5
  • Microsoft windows_nt_terminal_server 4.0 SP1
  • Microsoft windows_nt_terminal_server 4.0 SP2
  • Microsoft windows_nt_terminal_server 4.0 SP4
  • Microsoft windows_nt_terminal_server 4.0 SP5
  • Microsoft windows_98
  • Microsoft windows_nt_workstation 4.0 SP1
  • Microsoft windows_nt_workstation 4.0 SP2
  • Microsoft windows_nt_workstation 4.0 SP3
  • Microsoft windows_nt_workstation 4.0 SP4
  • Microsoft windows_nt_workstation 4.0 SP5
  • Microsoft windows_nt_workstation 4.0
  • Microsoft windows_nt_terminal_server 4.0
  • Microsoft windows_95
  • Microsoft windows_nt 4.0

NETBIOS:DOS:RFPOISON - NETBIOS RFPoision DOS Attack

Severity: HIGH

Description:

This signature detects attempts to exploit a known LSA vulnerability in Microsoft Windows NT. Attackers can send maliciously crafted packets to the LSA to choke srvsvc.dll causing services.exe to reference a bad memory location. This can crash the targeted host, resulting in a restart.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, idp-4.2.110100823, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, idp-5.0.0, isg-3.5.0, vsrx3bsd-18.2, srx-18.2, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, isg-3.0.0, idp-5.0.110121210, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-4.0.110090831, isg-3.4.0

References:

  • bugtraq: 465
  • url: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q231/4/57.asp&NoWebContent=1
  • cve: CVE-1999-0721

Affected Products:

  • Microsoft windows_nt 4.0 (sp4)
  • Microsoft windows_2000
  • Microsoft windows_nt 4.0 (sp5)

HTTP:STC:ADOBE:CVE-2018-12824CE - HTTP: Adobe Flash CVE-2018-12824 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution .

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2018-12824

HTTP:STC:ADOBE:CVE-2018-12826ID - HTTP: Adobe Flash Player CVE-2018-12826 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. successful attack can lead to sensitive data exposure.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2018-12826

HTTP:STC:CLSID:ACTIVEX:WH32-OF - HTTP: WinHelp32.exe Remote Buffer Overrun

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft HTML Help, which provides functionality for Windows help systems. Help ActiveX control (Hhctrl.ocx) is used by winhelp32.exe. Winhlp performs insufficient bounds checking of the Item parameter in the WinHlp command. Attackers can embed a call to the vulnerable ActiveX control in a malicious Web page or HTML e-mail to execute arbitrary commands as the Internet Explorer user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 4857
  • cve: CVE-2002-0823

Affected Products:

  • Microsoft windows_2000 (sp2)
  • Microsoft windows_2000 (sp1:professional)
  • Microsoft windows_2000 (sp2:advanced_server)
  • Microsoft windows_2000 (sp1:server)
  • Microsoft windows_2000 (sp2:server)
  • Microsoft windows_2000 (sp2:professional)
  • Microsoft windows_2000 (sp1)
  • Microsoft windows_2000 (sp1:advanced_server)
  • Microsoft windows_help

HTTP:STC:ADOBE:CVE-2018-12808MC - HTTP: Adobe Pdf CVE-2018-12808 Out Of Bound Write

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to memory corruption.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2018-12808

HTTP:STC:ADOBE:CVE-2018-12825SB - HTTP: Adobe Flash Player CVE-2018-12825 Security Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Adobe Flash Player. An attack can entice a user to load a malicious Flash file which can result in arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-12825

HTTP:APACHE:CVE-2018-11776RC - HTTP: Apache Struts2 CVE-2018-11776 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Apache Struts 2. A successful attack will result in the execution of command in the security context of the affected web application server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 105125
  • cve: CVE-2018-11776

NFS:MOUNT-INVALID-VERSION - NFS: Mount Protocol Invalid Version

Severity: MEDIUM

Description:

Signature attempts to detect anomalous behaviour in MOUT protocol transaction.

Supported On:

vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-17.3

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out