Update #3095 (08/30/2018)
1 new signature:
HIGH | HTTP:FIREFOX-WEBEXT-RCE | HTTP: Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass |
2 updated signatures:
LOW | HTTP:TUNNEL:SMTP | HTTP: SMTP Proxied Through HTTP |
LOW | APP:REMOTE:TEAMVIEWER | APP: TeamViewer Activity |
Details of the signatures included within this bulletin:
HTTP:FIREFOX-WEBEXT-RCE - HTTP: Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass
Severity: HIGH
Description:
This signature detects attempt to exploit a policy bypass vulnerability which has been reported in Mozilla Firefox. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could allow the attacker to execute arbitrary commands.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
HTTP:TUNNEL:SMTP - HTTP: SMTP Proxied Through HTTP
Severity: LOW
Description:
This signature detects attempts to connect to an SMTP server through an HTTP CONNECT. Some HTTP servers allow to proxy to other services. Spammers use improperly configured HTTP servers to forward spam e-mails to avoid black lists.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Avirt gateway_suite 4.2.0
- Avirt gateway 4.2.0
- Cacheflow cacheos 4.0.11
- Cacheflow cacheos 4.0.12
- Cacheflow cacheos 4.0.13
- Cacheflow cacheos 4.0.14
- Cacheflow cacheos
- Cacheflow cacheos 3.1.21
- Netscape fasttrack_server 4.0.1
- Netscape enterprise_server 4.1.0 SP5
- Netscape enterprise_server 4.0.0
- Sambar server 4.1.0 beta
- Filemaker filemaker_pro 5.0.0
- Imatix xitami_for_windows 2.4.0 d2
- Lotus domino_enterprise_server 5.0.1
- Sambar server 5.0.0 beta5
- Sambar server 5.0.0 beta6
- Sambar server 4.4.0 production
- Sambar server 4.1.0 production
- Sambar server 4.2.1 production
- Sambar server 4.3.0 production
- Lotus domino_enterprise_server 5.0.2 b
- Sambar server 5.0.0 beta4
- Sambar server 5.0.0 beta3
- Sambar server 5.0.0 beta2
- Sambar server 5.0.0 beta1
- Sonicwall soho 5.1.5 .0
- Lotus domino_enterprise_server 5.0.2
- Ipswitch ws_ftp_server 2.0.0
- Ipswitch ws_ftp_server 2.0.1
- Ipswitch ws_ftp_server 2.0.2
- Ipswitch ws_ftp_server 2.0.3
- Sambar server 4.3.0
- Acme_software thttpd 2.0.4
- Acme_software thttpd 2.15.0
- Acme_software thttpd 2.0.0
- Acme_software thttpd 2.0.2
- Acme_software thttpd 2.0.3
- Acme_software thttpd 2.0.5
- Acme_software thttpd 2.0.6
- Acme_software thttpd 2.0.7
- Acme_software thttpd 2.0.9
- Apache_software_foundation apache 1.3.4
- Acme_software thttpd 2.11.0
- Acme_software thttpd 2.12.0
- Acme_software thttpd 2.13.0
- Acme_software thttpd 2.14.0
- Acme_software thttpd 2.16.0
- Acme_software thttpd 2.17.0
- Acme_software thttpd 2.0.1
- Acme_software thttpd 2.0.8
- Network_associates webshield_for_solaris 4.0.0
- Netscape fasttrack_server 2.0.1 C
- Lotus domino_enterprise_server 5.0.4
- Apache_software_foundation apache 1.3.7 -Dev
- Ibm http_server 1.3.6 .2 Win32
- Ibm http_server 1.3.6 .2 Unix
- Sambar server 4.3.0 beta 9
- Ibm http_server 1.3.3 Win32
- Ncsa httpd 1.2.0
- Ncsa httpd 1.1.0
- Ncsa httpd 1.0.0
- Apache_software_foundation apache 1.3.12
- Netscape enterprise_server 3.6.0 SP3
- Apache_software_foundation apache 1.3.13
- Netscape enterprise_server 4.1.0 SP8
- Apache_software_foundation apache 1.3.6
- Apache_software_foundation apache 1.3.9
- Apache_software_foundation apache 1.3.11
- Etype eserv 2.9.2
- Etype eserv 2.98.0
- Analogx simpleserver:www 1.0.5
- Lotus domino 5.0.6
- Lotus domino 4.6.3
- Lotus domino 5.0.8
- Lotus domino 5.0.9 a
- Etype eserv 2.50.0
- Netscape enterprise_server_for_netware_4/5 4.1.1
- Netscape enterprise_server_for_netware_4/5 5.0.0
- Cacheflow cacheos 3.1.12
- Apache_software_foundation apache 2.0.28 Beta
- Delegate delegate 7.8.1
- Apache_software_foundation apache 1.3.3
- Apache_software_foundation apache 1.3.14
- Apache_software_foundation apache 1.3.17
- Allegrosurf allegrosurf 4.0.0
- Allegrosurf allegrosurf 3.0.0 .1.3
- Microsoft iis 5.1
- Netscape enterprise_server 3.51.0
- Netscape enterprise_server 3.0.0
- Netscape fasttrack_server 2.0.1
- Apache_software_foundation tomcat 4.0.0
- Apache_software_foundation tomcat 3.2.1
- Microsoft iis 3.0
- Microsoft iis 4.0
- Cacheflow cacheos 4.0.0
- Cacheflow cacheos 3.1.0
- Tinyproxy tinyproxy 1.4.3
- Lotus domino 4.6.1
- Lotus domino 4.6.4
- Ascenvision ascencache Model 1010
- Microsoft iis 2.0
- Imatix xitami_for_windows 2.4.0 d9
- Analogx simpleserver:www 1.0.6
- Analogx simpleserver:www 1.0.7
- Check_point_software firewall-1 4.0.0 SP8
- Check_point_software firewall-1 4.0.0 SP7
- Check_point_software firewall-1 4.0.0 SP6
- Check_point_software firewall-1 4.0.0 SP5
- Check_point_software firewall-1 4.0.0 SP4
- Check_point_software firewall-1 4.0.0 SP3
- Check_point_software firewall-1 4.0.0 SP2
- Check_point_software firewall-1 4.0.0 SP1
- Check_point_software firewall-1 4.1.0 SP5
- Ipswitch ws_ftp_server 1.0.4
- Ipswitch ws_ftp_server 1.0.2 EVAL
- Ipswitch ws_ftp_server 1.0.1 EVAL
- Ipswitch imail 5.0.0
- Csm proxy 5.0.0
- Csm proxy 4.2.0
- Csm proxy 4.1.0
- Apache_software_foundation tomcat 3.1.0
- Apache_software_foundation tomcat 3.0.0
- Ibm http_server 1.3.19
- Omnicron omnihttpd 2.0.0 Alpha 1
- Omnicron omnihttpd 2.0.0 Alpha 2
- Lotus domino 5.0.1
- Lotus domino 5.0.7
- Trend_micro interscan_viruswall_(linux) 3.6.0
- Acme_software thttpd 2.22.0
- Symantec i-gear_ms_proxy 3.5.0
- Pronetix_ltd. topproxy
- Intergate proxy/cache_server 2.9.0
- Analogx simpleserver:www 1.0.8
- Analogx simpleserver:www 1.8.0
- Analogx simpleserver:www 1.13.0
- Liteserve liteserve 1.4.0
- Ipswitch imail 6.3.0
- Ipswitch imail 6.4.0
- Ipswitch imail 7.0.4
- Ipswitch imail 7.0.3
- Ipswitch imail 7.0.2
- Ipswitch imail 7.0.1
- Imatix xitami_for_windows 2.5.0 b4
- Imatix xitami_for_windows 2.4.0 d7
- Apache_software_foundation apache 1.3.22
- Netscape enterprise_server 3.6.0
- Novell bordermanager_enterprise_edition 3.5.0
- Novell bordermanager 3.1.0
- Novell bordermanager 3.2.0
- Novell bordermanager 3.3.0
- Novell bordermanager 3.4.0
- Novell bordermanager 3.6.0
- Check_point_software firewall-1 4.0.0
- Sambar server 4.4.0 Beta 3
- Network_associates gauntlet_firewall 5.0.0
- Network_associates gauntlet_firewall 5.5.0
- Netcplus browsegate 2.80.0
- Ipswitch imail 6.0.1
- Ipswitch imail 6.0.2
- Ipswitch imail 6.0.3
- Ipswitch imail 6.0.4
- Ipswitch imail 6.0.6
- Acme_software thttpd 2.19.0
- Acme_software thttpd 2.20.0
- Lotus domino 5.0.0
- Acme_software thttpd 2.18.0
- Lotus domino_server 4.6.0
- Lotus domino_server 4.6.6
- Lotus domino_server 5.0.0
- Netscape enterprise_server 3.6.0 SP2
- Avirt gateway_suite 3.5.0
- Avirt gateway_suite 3.3.0
- Apache_software_foundation apache 1.2.5
- Apache_software_foundation apache 1.3.1
- Lotus domino_enterprise_server 5.0.3
- National_science_foundation squid_web_proxy 2.0.0
- Allegrosurf allegrosurf 4.3.0
- Allegrosurf allegrosurf 4.2.0 .0.2
- Allegrosurf allegrosurf 4.2.0 .0.1
- Allegrosurf allegrosurf 4.1.0 .0.2
- Allegrosurf allegrosurf 4.2.0 .0.0
- Allegrosurf allegrosurf 4.1.0 .0.1
- Allegrosurf allegrosurf 4.0.0 .0.1
- Apache_software_foundation apache 1.0.3
- Ncsa httpd 1.5.0 a-export
- Allegrosurf allegrosurf 3.0.0 .1.2
- Allegrosurf allegrosurf 3.0.0 .1.0
- Allegrosurf allegrosurf 3.0.0
- Ipswitch ws_ftp_server 2.0.4
- Argo_software_design mail_server 1.8.0 .0.3
- Argo_software_design mail_server 1.8.0 .0.1
- Argo_software_design mail_server 1.8.0 .0.0
- Argo_software_design mail_server 1.7.0 .0.4
- Argo_software_design mail_server 1.7.0 .0.3
- Argo_software_design mail_server 1.7.0 .0.2
- Argo_software_design mail_server 1.7.0 .0.1
- Argo_software_design mail_server 1.7.0 .0.0
- Imatix xitami_for_windows 2.5.0 b5
- Ascenvision ascencache Model 3020
- Ascenvision ascencache Model 5030
- Ipswitch ws_ftp_server 1.0.5
- Boramae boramae_cache_server 3.5.1
- Ipswitch ws_ftp_server 1.0.3
- Ipswitch ws_ftp_server 1.0.2
- Ipswitch ws_ftp_server 1.0.1
- Korea_network_intelligence catchweb_2000-e
- Korea_network_intelligence catchweb_2000-e_plus
- Ibm http_server 1.3.12 .4
- Ibm http_server 1.3.12 .3
- Imatix xitami 2.5.0 b5
- Filemaker filemaker_pro 5.5.0
- Deerfield.com wingate 4.5.0
- Httptunnel_client httptunnel_client win32
- Deerfield.com website 3.1.11 .0
- Inmon traffic_server 2.1.6
- Inmon traffic_server 2.0.0 .21
- Inmon traffic_server 2.0.0 .16
- Inmon traffic_server 2.0.0 .15
- Network_associates webshield_for_solaris 4.1.0
- Network_associates webshield_e250
- Network_associates webshield_e500
- Adtran express_6120_idsl_remote_access_router
- Acme_software thttpd 2.21.0
- Netscape enterprise_server 3.0.0 L
- Netscape enterprise_server 3.0.1 B
- Netscape enterprise_server 2.0.1 C
- Jana_server jana_server 2.0.0
- Netscape fasttrack_server 3.0.1 B
- Liteserve liteserve 1.31.0
- Liteserve liteserve 1.36.0
- Liteserve liteserve 1.3.0
- Medusa medusa 20010416
- Mywebserver mywebserver 1.0.1
- Apache_software_foundation tomcat 4.0.2
- Pi-soft spoonproxy 2.6.0 .14
- Pi-soft spoonproxy 2.6.0 .13
- Pi-soft spoonproxy 2.6.0 .6
- Pi-soft spoonproxy 2.6.0 .5
- Pi-soft spoonproxy 2.6.0
- Pi-soft spoonproxy 2.5.0
- Pi-soft spoonproxy 2.4.50
- Pi-soft spoonproxy 2.3.0
- Pi-soft spoonproxy 2.2.0
- Pi-soft spoonproxy 2.1.1
- Pi-soft spoonproxy 2.1.0
- Pi-soft spoonproxy 2.0.0
- Pi-soft spoonproxy 1.61.0
- Pi-soft spoonproxy 1.60.0
- Sonicwall tele3
- Sonicwall pro100
- Sonicwall pro200
- Sonicwall pro300
- Sonicwall gx_2500
- Sonicwall gx_6500
- Analogx simpleserver:www 1.16.0
- Nec express5800/surfnavi
- Internet_factory proxy_builder
- Compusource_(pty)_ltd power_web_server++ 4.1.0
- Unitech_networks netplicator
- Grok_developments netproxy 4.0.0
- Grok_developments netproxy 4.1.0
- Finjan surfingate 4.0.0
- Apache_software_foundation apache 1.0.0
- Apache_software_foundation apache 1.0.2
- Apache_software_foundation apache 1.0.5
- Apache_software_foundation apache 1.1.0
- Apache_software_foundation apache 1.1.1
- Ncsa httpd 1.3.0
- Ncsa httpd 1.4.0
- Ncsa httpd 1.4.1
- Ncsa httpd 1.4.2
- Ncsa httpd 1.5.1
- Ncsa httpd 1.5.2
- Ncsa httpd 1.5.2 a
- Netscape enterprise_server 2.0.0 a
- Cacheflow cacheos 3.1.0 .20
- Cacheflow cacheos 3.1.19
- Cacheflow cacheos 3.1.18
- Apache_software_foundation tomcat 4.0.1
- Apache_software_foundation tomcat 3.3.0
- Apache_software_foundation tomcat 3.2.0
- Finjan surfingate 6.0.0 1
- Cacheflow cacheos 3.1.14
- Analogx simpleserver:www 1.15.0
- Cacheflow cacheos 3.1.13
- Acme_software thttpd 2.10.0
- Lotus domino 5.0.5
- Imatix xitami 2.4.0 a1
- Imatix xitami 2.4.0 b
- Netapp netcachec700_series
- Imatix xitami 2.4.0 b1
- Imatix xitami 2.5.0
- Imatix xitami 2.4.0
- Cacheflow cacheos 3.1.0 .09
- Omnicron omnihttpd 2.0.8
- Lotus domino 5.0.3
- Lotus domino 5.0.2
- Lotus domino 5.0.4
- Apache_software_foundation apache 1.3.15
- Apache_software_foundation apache 1.3.20
- Lotus domino 5.0.9
- Omnicron omnihttpd 2.0.5
- Omnicron omnihttpd 2.0.4
- Netcplus browsegate 2.80.2
- Omnicron omnihttpd 1.1.0
- Omnicron omnihttpd 2.4.0 Pro
- National_science_foundation squid_web_proxy 2.1.0
- National_science_foundation squid_web_proxy 2.2.0
- Lotus domino 5.0.5 -french
- Lotus domino 5.0.8 -french
- Avirt gateway_suite 3.3.0 a
- Microsoft iis 4.0 Alpha
- Ibm http_server 1.3.6 .3
- Apache_software_foundation apache 1.3.16
- Apache_software_foundation apache 1.3.18
- Apache_software_foundation apache 1.3.19
- Ipswitch imail 5.0.5
- Ipswitch imail 5.0.6
- Ipswitch imail 5.0.7
- Netscape fasttrack_server 3.0.1
- Astaro security_linux 3.2.0 00
- Astaro security_linux 3.2.0 11
- Astaro security_linux 3.2.0 10
- Sonicwall soho 5.0.0 .0
- Sonicwall soho 4.0.0 .0
- Microsoft iis 1.0
- Apache_software_foundation apache 1.3.14 Mac
- Ibm http_server 1.3.6 Win32
- Ibm http_server 1.3.6 .4 Win32
- Netscape enterprise_server_for_netware_4/5 3.0.7 a
- Apache_software_foundation apache 1.3.0
- Astaro security_linux 3.2.0 12
- Ipswitch imail 5.0.8
- Lotus domino_server 4.6.0 .x
- Ipswitch imail 6.0.0
- Analogx simpleserver:www 1.0.1
- Netscape fasttrack_server 2.0.1 a
- W3c httpd 3.0.0
- Ipswitch imail 6.1.0
- Microsoft iis 5.0
- Trend_micro interscan_webmanager 1.2.0
- Ipswitch imail 6.0.5
- Delegate delegate 7.7.1
- Delegate delegate 7.7.0 .0
- Delegate delegate 7.8.0 .0
- Novell bordermanager 3.5.0
- Novell bordermanager 3.0.0
- Ascenvision ascencache Model 7060
- Sambar server 4.2.0 beta 7
- Sambar server 4.2.0 beta 8
- Imatix xitami 2.4.0 d9
- Apache_software_foundation apache 1.2.0
- Check_point_software firewall-1 4.1.0 SP2
- Check_point_software firewall-1 4.1.0 SP3
- Netscape enterprise_server 3.1.0
- Netscape enterprise_server 3.2.0
- Netscape enterprise_server 3.3.0
- Netscape enterprise_server 3.4.0
- Netscape enterprise_server 3.5.0
- Netscape enterprise_server 2.0.0
- Check_point_software firewall-1 4.1.0
- Etype eserv 2.92.0
- Etype eserv 2.93.0
- Etype eserv 2.94.0
- Etype eserv 2.95.0 BETA2
- Etype eserv 2.95.0
- Etype eserv 2.96.0
- Etype eserv 2.97.0
- Netscape enterprise_server_for_solaris 3.5.0
- Netscape enterprise_server_for_solaris 3.6.0
- Analogx simpleserver:www 1.0.3
- Analogx simpleserver:www 1.0.4
- Cacheflow cacheos 3.1.17
- Cacheflow cacheos 3.1.16
- Cacheflow cacheos 3.1.15
- Netapp netcachec1100_series
- Netapp netcachec3100_series
- Netapp netcachec6100_series
- Cacheflow cacheos 3.1.11
- Cacheflow cacheos 3.1.0 .10
- Ibm http_server 1.3.12 .2
- Cacheflow cacheos 3.1.0 .08
- Cacheflow cacheos 3.1.0 .07
- Cacheflow cacheos 3.1.0 .06
- Cacheflow cacheos 3.1.0 .05
- Cacheflow cacheos 3.1.0 .04
- Cacheflow cacheos 3.1.0 .03
- Cacheflow cacheos 3.1.0 .02
- Ipswitch imail 6.2.0
- Netscape enterprise_server 3.6.0 SP1
- Delegate delegate 7.8.2
- Check_point_software firewall-1 4.1.0 SP1
- Check_point_software firewall-1 4.1.0 SP4
- Omnicron omnihttpd 2.0.7
- Omnicron omnihttpd 2.0.6
- Tinyproxy tinyproxy 1.3.2
- Tinyproxy tinyproxy 1.3.3
- Lotus domino 5.0.7 a
- Sambar server 5.1.0
Severity: LOW
Description:
This signature detects the remote desktop control application TeamViewer when it makes an initial connection to the registration server. TeamViewer allows a user to share their desktop and hard drive contents with any other user over the Internet, a possible security risk. Its use may be a violation of your organization's acceptable use policy. TeamViewer can be run without installation and without administrator privileges. It is designed to work from behind NAT firewalls. If the TeamViewer port (5938) is blocked, the application will revert to HTTP to register.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References: