Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3112 (10/25/2018)

2 new signatures:

HIGHHTTP:ZOHO-MGR-OPUTIL-BYPHTTP: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass
MEDIUMLDAP:CVE-2018-14648-DOSLDAP: Red Hat 389 Directory Server do_search Denial of Service

4 updated signatures:

MEDIUMHTTP:STC:MS-WIN-GDI-IDHTTP: Microsoft Windows Graphics Device Interface Information Disclosure
HIGHHTTP:STC:IE:CVE-2016-3276-CEHTTP: Microsoft Internet Explorer CVE-2016-3276 Code Execution
HIGHHTTP:SQL:HEADER-CON-DISPOSITIONHTTP: SQL Injection Content Disposition Header
HIGHHTTP:STC:ACTIVEX:SAMSUNG-CNCHTTP: Samsung SmartViewer CNC_Ctrl Unsafe ActiveX Control


Details of the signatures included within this bulletin:

HTTP:STC:MS-WIN-GDI-ID - HTTP: Microsoft Windows Graphics Device Interface Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempt to exploit an information disclosure vulnerability which exists in the Graphics Device Interface (GDI) components of Microsoft Windows.Successful exploitation could result in disclosure of information which could be used to further compromise the target system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-8424

HTTP:STC:IE:CVE-2016-3276-CE - HTTP: Microsoft Internet Explorer CVE-2016-3276 Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit an Use-After-Free Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2016-3276

Affected Products:

  • Microsoft internet_explorer 11

HTTP:SQL:HEADER-CON-DISPOSITION - HTTP: SQL Injection Content Disposition Header

Severity: HIGH

Description:

This signature detects attempts to SQL Injection exploit vulnerability against Content Disposition Header. Successful exploitation can lead to compromise of database.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2016-4350
  • cve: CVE-2017-5794
  • url: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
  • url: https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/
  • url: https://gist.github.com/forced-request/5158759a6418e6376afb
  • cve: CVE-2016-0752

Affected Products:

  • Solarwinds storage_resource_monitor 6.2.1

HTTP:ZOHO-MGR-OPUTIL-BYP - HTTP: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass

Severity: HIGH

Description:

This signature detects attempt to exploit an authentication bypass vulnerability which has been reported in ManageEngine OpManager. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to authentication bypass and grant the attacker the control of the service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-17283

LDAP:CVE-2018-14648-DOS - LDAP: Red Hat 389 Directory Server do_search Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Red Hat 389 Directory Server. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-14648

HTTP:STC:ACTIVEX:SAMSUNG-CNC - HTTP: Samsung SmartViewer CNC_Ctrl Unsafe ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Samsung SmartViewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2014-9265
  • cve: CVE-2015-8040

Affected Products:

  • Samsung smartviewer -
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out