Update Details

Update #3177 (06/04/2019)

45 new signatures:

HIGH	HTTP:STC:ADOBE:CVE-2019-7782-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7782 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7785-CE	HTTP: Adobe Reader CVE-2019-7785 Remote Code Execution
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7141-ID	HTTP: Adobe Reader CVE-2019-7141 Information Disclosure
HIGH	HTTP:STC:ADOBE:CVE-2019-7814-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7814 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7823-CE	HTTP: Adobe Reader CVE-2019-7823 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7827-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7827 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7820-CE	HTTP: Adobe Reader CVE-2019-7820 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7809-CE	HTTP: Adobe Pdf CVE-2019-7809 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7807-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7807 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7804-CE	HTTP: Adobe Reader CVE-2019-7804 Remote Code Execution
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7801-ID	HTTP: Adobe Acrobat and Reader CVE-2019-7801 Information Disclosure
HIGH	HTTP:STC:ADOBE:CVE-2019-7763-CE	HTTP: Adobe Reader CVE-2019-7763 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7760-CE	HTTP: Adobe Pdf CVE-2019-7760 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7766-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7766 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7765-CE	HTTP: Adobe Reader CVE-2019-7765 Remote Code Execution
HIGH	HTTP:DOS:ASTERISK-UPGRD-2	HTTP: Digium Asterisk res_http_websocket HTTP Upgrade Request Denial of Service 2
MEDIUM	HTTP:DIR:CVE-2018-18990-DIR-TRA	HTTP: LAquis SCADA Web Server Directory Traversal
HIGH	HTTP:MISC:IBM-QRADAR-CE	HTTP: IBM QRadar SIEM Remote Code Execution
HIGH	HTTP:ORACLE:CVE-2018-3010-RCE-2	HTTP: Oracle Outside In Excel PropertySetStream Remote Code Execution 2
MEDIUM	HTTP:DIR:WP-CVE-2019-8943	HTTP: WordPress CVE-2019-8943 Directory Traversal
HIGH	SSL:FACEBOOK-FIZZ-TLS13-IO-DOS	SSL: Facebook Fizz TLS 1.3 Early Data Integer Overflow Denial of Service
HIGH	HTTP:EXPLOIT:MS-VBSCRIPT-RCE	HTTP: Microsoft Windows Vbscript Engine Remote Code Execution
HIGH	HTTP:DRUPAL-INSECURE-DESERIAL	HTTP: Drupal Core phar stream wrapper Insecure Deserialization
HIGH	HTTP:WORD-PRESS-CONTENT-RCE	HTTP: WordPress Comment Content Filter Remote Code Execution
HIGH	HTTP:HPE-IMC-INSECURE-DESERIAL	HTTP: HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization
HIGH	HTTP:MIRC-URI-HANDLER-RCE	HTTP: mIRC URI Handler Remote Code Execution
HIGH	SMB:OF:MS-WINDOWS-RCE	SMB: Microsoft Windows SMB Server SMBv2 Smb2UpdateLeaseFileName Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7834-CE	HTTP: Adobe Reader CVE-2019-7834 Remote Code Execution
HIGH	HTTP:STC:OMRON-UAF	HTTP: OMRON CX-One CX-Programmer Program Use After Free
HIGH	HTTP:STC:ADOBE:CVE-2019-7779-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7779 Code Execution
HIGH	HTTP:SQL:INJ:CVE-2019-11448	HTTP: Zoho ManageEngine Applications Manager Popup_SLA.jsp sid SQL Injection
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7142-ID	HTTP: Adobe Acrobat and Reader CVE-2019-7142 Information Disclosure
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7770-ID	HTTP: Adobe Acrobat and Reader CVE-2019-7770 Information Disclosure
HIGH	HTTP:STC:CVE-2019-6537-RCE	HTTP: WECON LeviStudio DataLogTool Multiple Remote Code Execution
MEDIUM	HTTP:APACHE:CVE-2019-0199-DOS	HTTP: Apache Tomcat HTTP2 Denial of Service
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7813-ID	HTTP: Adobe Acrobat and Reader CVE-2019-7813 Information Disclosure
HIGH	HTTP:CLAMAV-CVE-2019-1788-OB	HTTP: ClamAV OLE2 uniq_add Out-of-Bounds Write Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7797-CE	HTTP: Adobe Acrobat CVE-2019-7797 Remote Code Execution
HIGH	HTTP:DIR:CVE-2018-7836-DIR-TRAV	HTTP: Schneider Electric IIoT Monitor Zip Directory Traversal
MEDIUM	HTTP:MISC:CVE-2018-12545-DOS	HTTP: Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Denial Of Service
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7799-ID	HTTP: Adobe Acrobat and Reader CVE-2019-7799 Information Disclosure
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7769-ID	HTTP: Adobe Pdf CVE-2019-7769 Information Disclosure
HIGH	HTTP:STC:ADOBE:CVE-2019-7835-CE	HTTP: Adobe Acrobat and Reader CVE-2019-7835 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-7831-CE	HTTP: Adobe Reader CVE-2019-7831 Remote Code Execution
MEDIUM	HTTP:STC:ADOBE:CVE-2019-7810-ID	HTTP: Adobe Acrobat CVE-2019-7810 Information Disclosure

28 updated signatures:

HIGH	DNS:ISC-BIND-ANY-DOS	DNS: ISC BIND ANY Query Response Assertion Failure Denial of Service
HIGH	HTTP:ORACLE:OUTSIDEIN-CORELDRAW	HTTP: Oracle Outside In CorelDRAW File Parser Integer Overflow
MEDIUM	HTTP:DEL-GMS-ANALYZER-ID	HTTP: Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure
LOW	HTTP:STC:ATLASSIAN-INFO-DIS	HTTP: Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure
HIGH	SSL:OPENSSL-CVE-2017-3731-DOS	SSL: OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow
HIGH	APP:MISC:QUAGGA-VTY-DOS	APP: Quagga VTY Interface Denial of Service
HIGH	HTTP:PROXY:SQUID-ESI-RESP-DOS	HTTP: Squid Proxy ESI Response Denial of Service
HIGH	APP:MS-WIN-CREDSSP-MITM-CE	APP: Microsoft Windows CredSSP MITM Code Execution
HIGH	APP:MISC:ELASTICSEARCH-DESER	APP: Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization
CRITICAL	APP:OBSERVICED-OF	APP: Oracle Secure Backup observiced.exe Buffer Overflow
HIGH	HTTP:ATLASN-CONFLUENCE-RCE	HTTP: Atlassian Confluence Server/Data Center Remote Code Execution
HIGH	DNS:OVERFLOW:DNSMASQ-HEAP-BO	DNS: DNSmasq add_resource_record Heap Buffer Overflow
HIGH	APP:MISC:OPENVPN-DOS	APP: OpenVPN P_CONTROL Denial Of Service
HIGH	HTTP:ORACLE:CVE-2018-3010-RCE-1	HTTP: Oracle Outside In Excel PropertySetStream Remote Code Execution 1
HIGH	SSL:VULN:CVE-2019-5010-DOS	SSL: Python SSL X.509 DistributionPoint Extension NULL Pointer Dereference
MEDIUM	HTTP:APACHE:TOMCAT-REDIRECT	HTTP: Apache Tomcat Default Servlet Open Redirect
MEDIUM	HTTP:APACHE:HTTPD-MOD-CACHE-DOS	HTTP: Apache HttpD Mod Cache SoCache Denial of Service
HIGH	HTTP:MISC:JENKINS-CI-CSRF	HTTP: Jenkins CI Server Multiple Cross-Site Request Forgery
HIGH	DNS:ISC-BIND-CVE-2016-9444-DOS	DNS: ISC BIND Query Response Missing RRSIG Denial of Service
HIGH	APP:TARANTOOL-OOB	APP: Tarantool xrow_header_decode Out of Bounds Read
HIGH	DHCP:OPT:MS-OPT-OF	DHCP: Microsoft Windows DHCP Client Service Buffer Overflow
CRITICAL	DNS:BIND-DBC-ASSERT-DOS	DNS: ISC BIND db.c Assertion Failure Denial of Service
HIGH	SSL:OPENSSL-CHACHA-DOS	SSL: OpenSSL chacha20_poly1305_cipher Denial of Service
MEDIUM	HTTP:STC:APACHE-ESI-ID	HTTP: Apache Traffic Server ESI Plugin Cookie Header Information Disclosure
MEDIUM	DHCP:RQST:ISC-DOS	DHCP: ISC DHCP TCP Session Exhaustion Denial of Service
HIGH	DB:ORACLE:FUSION-XLS-IO	DB: Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow
MEDIUM	DNS:QUERY:CVE-2018-5740-DOS	DNS: ISC BIND deny-answer-aliases Assertion Failure Denial of Service
HIGH	HTTP:STC:ADOBE:CVE-2019-7125-CE	HTTP: Adobe Pdf CVE-2019-7125 Remote Code Execution

Details of the signatures included within this bulletin:

---

HTTP:STC:ADOBE:CVE-2019-7782-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7782 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7782

---

HTTP:STC:ADOBE:CVE-2019-7785-CE - HTTP: Adobe Reader CVE-2019-7785 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7785

---

HTTP:STC:APACHE-ESI-ID - HTTP: Apache Traffic Server ESI Plugin Cookie Header Information Disclosure

Severity: MEDIUM

Description:

An information disclosure vulnerability has been reported in Apache Traffic Server. Successful exploitation of this vulnerability could lead to disclosure of sensitive information.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2018-8040
• url: https://lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3cusers.trafficserver.apache.org%3e

Affected Products:

• Apache traffic_server 6.0.0
• Debian debian_linux 9.0
• Apache traffic_server 6.1.0
• Apache traffic_server 6.1.1
• Apache traffic_server 6.2.0

---

HTTP:STC:ADOBE:CVE-2019-7141-ID - HTTP: Adobe Reader CVE-2019-7141 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to Information Disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7141

---

DNS:ISC-BIND-ANY-DOS - DNS: ISC BIND ANY Query Response Assertion Failure Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet for an ANY query. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 95386
• cve: CVE-2016-9131

Affected Products:

• Isc bind 9.3.5
• Isc bind 9.3.4
• Isc bind 9.7.1
• Isc bind 9.9.5
• Isc bind 9.8.5
• Isc bind 9.10.1
• Isc bind 9.8.1
• Isc bind 9.4.1
• Isc bind 9.4
• Isc bind 9.2.1
• Isc bind 9.9.7
• Isc bind 9.5
• Isc bind 9.10.0
• Isc bind 9.6.2
• Isc bind 9.9.6
• Isc bind 9.9.2
• Isc bind 9.6
• Isc bind 9.9.1
• Isc bind 9.8.3
• Isc bind 9.8.0
• Isc bind 9.6.1
• Isc bind 9.0
• Isc bind 9.10.4
• Isc bind 9.9.9
• Isc bind 9.2.8
• Isc bind 9.1
• Isc bind 9.9.8
• Isc bind 9.2.9
• Isc bind 9.2
• Isc bind 9.3.1
• Isc bind 9.6.0
• Isc bind 9.1.1
• Isc bind 9.3
• Isc bind 9.10.2
• Isc bind 9.11.0
• Isc bind 9.1.0
• Isc bind 9.3.6
• Isc bind 9.2.6
• Isc bind 9.4.0
• Isc bind 9.9.4
• Isc bind 9.1.3
• Isc bind 9.8.6
• Isc bind 9.3.3
• Isc bind 9.1.2
• Isc bind 9.2.7
• Isc bind 9.7.7
• Isc bind 9.0.0
• Isc bind 9.6.3
• Isc bind 9.2.4
• Isc bind 9.7.6
• Isc bind 9.3.2
• Isc bind 9.0.1
• Isc bind 9.5.1
• Isc bind 9.3.0
• Isc bind 9.7.5
• Isc bind 9.2.0
• Isc bind 9.8.4
• Isc bind 9.2.5
• Isc bind 9.5.0
• Isc bind 9.2.2
• Isc bind 9.7.4
• Isc bind 9.4.2
• Isc bind 9.9.0
• Isc bind 9.5.3
• Isc bind 9.2.3
• Isc bind 9.7.3
• Isc bind 9.4.3
• Isc bind 9.9.3
• Isc bind 9.8.2
• Isc bind 9.5.2
• Isc bind 9.7.0
• Isc bind 9.7.2
• Isc bind 9.10.3

---

HTTP:ATLASN-CONFLUENCE-RCE - HTTP: Atlassian Confluence Server/Data Center Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Atlassian Confluence Server/Data Center. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• url: https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-exploits-cve-2019-3396-to-perform-remote-code-execution-ddos-attacks-and-cryptocurrency-mining/
• url: https://paper.seebug.org/886/
• cve: CVE-2019-3396

---

HTTP:STC:ADOBE:CVE-2019-7814-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7814 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7814

---

HTTP:STC:ADOBE:CVE-2019-7823-CE - HTTP: Adobe Reader CVE-2019-7823 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7823

---

HTTP:ORACLE:OUTSIDEIN-CORELDRAW - HTTP: Oracle Outside In CorelDRAW File Parser Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Outside-In. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 50207
• cve: CVE-2011-3541

Affected Products:

• Oracle fusion_middleware 8.3.7
• Oracle fusion_middleware 8.3.5.0

---

HTTP:STC:ADOBE:CVE-2019-7827-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7827 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7827

---

HTTP:STC:ADOBE:CVE-2019-7820-CE - HTTP: Adobe Reader CVE-2019-7820 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7820

---

HTTP:DEL-GMS-ANALYZER-ID - HTTP: Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure

Severity: MEDIUM

Description:

An information disclosure vulnerability exists in the license.jsp component of Dell SonicWALL GMS, Analyzer. Successful exploit results in a disclosure of the Serial Number for the product. An attacker can use this information to gain access to the admin account on the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

---

HTTP:STC:ADOBE:CVE-2019-7809-CE - HTTP: Adobe Pdf CVE-2019-7809 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7809

---

HTTP:STC:ADOBE:CVE-2019-7807-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7807 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7807

---

HTTP:STC:ADOBE:CVE-2019-7804-CE - HTTP: Adobe Reader CVE-2019-7804 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7804

---

SSL:OPENSSL-CHACHA-DOS - SSL: OpenSSL chacha20_poly1305_cipher Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in OpenSSL. A remote attacker could exploit this vulnerability by sending a crafted packet to the target application. Successful exploitation results in a denial of service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

• cve: CVE-2016-7054

Affected Products:

• Openssl openssl 1.1.0a
• Openssl openssl 1.1.0b
• Openssl openssl 1.1.0

---

HTTP:STC:ADOBE:CVE-2019-7801-ID - HTTP: Adobe Acrobat and Reader CVE-2019-7801 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7801

---

HTTP:STC:ADOBE:CVE-2019-7763-CE - HTTP: Adobe Reader CVE-2019-7763 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7763

---

DNS:QUERY:CVE-2018-5740-DOS - DNS: ISC BIND deny-answer-aliases Assertion Failure Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against ISC BIND. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• url: https://kb.isc.org/article/aa-01639/74/cve-2018-5740%3a-a-flaw-in-the-deny-answer-aliases-feature-can-cause-an-insist-assertion-failure-in-named.html
• cve: CVE-2018-5740
• url: http://securitytracker.com/id?1041436

---

HTTP:STC:ADOBE:CVE-2019-7760-CE - HTTP: Adobe Pdf CVE-2019-7760 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7760

---

HTTP:STC:ADOBE:CVE-2019-7766-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7766 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7766

---

HTTP:STC:ADOBE:CVE-2019-7765-CE - HTTP: Adobe Reader CVE-2019-7765 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7765

---

HTTP:STC:ADOBE:CVE-2019-7799-ID - HTTP: Adobe Acrobat and Reader CVE-2019-7799 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7799

---

HTTP:APACHE:TOMCAT-REDIRECT - HTTP: Apache Tomcat Default Servlet Open Redirect

Severity: MEDIUM

Description:

An open redirect vulnerability has been reported in Apache Tomcat. This is due to insufficient sanitization of crafted URLs. Upon clicking the link, an authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website, leading to a spoofing vulnerability.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2018-11784
• url: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3cannounce.tomcat.apache.org%3e

---

SSL:OPENSSL-CVE-2017-3731-DOS - SSL: OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow

Severity: HIGH

Description:

An integer underflow vulnerability leading to an out of bounds read has been reported in OpenSSL. Successful exploitation results in denial of service conditions on the affected service.

Supported On:

srx-branch-19.2, idp-4.1.110110719, isg-3.4.140032, idp-4.0.0, idp-4.0.110090709, idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, isg-3.5.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-12.1, srx-branch-12.1, vsrx3bsd-19.2, isg-3.4.139899, idp-4.2.110100823, idp-5.0.110121210, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, isg-3.5.141818, j-series-9.5, idp-5.0.110130325, vsrx-15.1, idp-4.1.110110609, idp-4.0.110090831, srx-19.2, mx-11.4

References:

• cve: CVE-2017-3731
• bugtraq: 95813

Affected Products:

• Openssl openssl 1.0.2i
• Openssl openssl 1.0.2b
• Openssl openssl 1.0.2f
• Openssl openssl 1.0.2c
• Openssl openssl 1.0.2j
• Openssl openssl 1.1.0b
• Openssl openssl 1.0.2
• Openssl openssl 1.0.2d
• Openssl openssl 1.1.0a
• Openssl openssl 1.0.2a
• Openssl openssl 1.0.2h
• Openssl openssl 1.1.0c
• Openssl openssl 1.0.2e

---

HTTP:STC:ATLASSIAN-INFO-DIS - HTTP: Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure

Severity: LOW

Description:

An information disclosure vulnerability has been reported in Atlassian FishEye and Crucible. Successful exploitation results in the disclosure of sensitive information such as email addresses.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

• url: https://jira.atlassian.com/browse/fe-6892
• url: https://jira.atlassian.com/browse/cruc-8053
• cve: CVE-2017-9512

Affected Products:

• Atlassian crucible 4.4.0
• Atlassian fisheye 4.4.0

---

HTTP:PROXY:SQUID-ESI-RESP-DOS - HTTP: Squid Proxy ESI Response Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Squid Proxy. Successful exploitation could result in denial-of-service conditions on the target service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

---

HTTP:DIR:CVE-2018-18990-DIR-TRA - HTTP: LAquis SCADA Web Server Directory Traversal

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against LAquis SCADA. A successful attack can lead to Information Disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 106634
• cve: CVE-2018-18990

---

HTTP:DRUPAL-INSECURE-DESERIAL - HTTP: Drupal Core phar stream wrapper Insecure Deserialization

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Drupal. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-6339

---

HTTP:ORACLE:CVE-2018-3010-RCE-2 - HTTP: Oracle Outside In Excel PropertySetStream Remote Code Execution 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Outside In. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2018-3010
• bugtraq: 104762
• url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Affected Products:

• Oracle outside_in_technology 8.5.3

---

HTTP:DIR:WP-CVE-2019-8943 - HTTP: WordPress CVE-2019-8943 Directory Traversal

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against WordPress. A successful attack can lead to Path Traversal.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 107089
• cve: CVE-2019-8943

---

APP:MISC:ELASTICSEARCH-DESER - APP: Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Elastic Elasticsearch. Successful exploitation could result in arbitrary code execution with the privileges of the affected java process.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2015-5377

---

DNS:ISC-BIND-CVE-2016-9444-DOS - DNS: ISC BIND Query Response Missing RRSIG Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability has been reported in ISC BIND. Successful exploitation could lead to denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• url: https://kb.isc.org/article/aa-01441/
• cve: CVE-2016-9444

Affected Products:

• Isc bind 9.3.4
• Isc bind 9.7.1
• Isc bind 9.8.0
• Isc bind 9.10.1
• Isc bind 9.8.1
• Isc bind 9.4.1
• Isc bind 9.4
• Isc bind 9.2.1
• Isc bind 9.5
• Isc bind 9.10.0
• Isc bind 9.6.2
• Isc bind 9.6
• Isc bind 9.6.1
• Isc bind 9.0
• Isc bind 9.2.0
• Isc bind 9.9.9
• Isc bind 9.2.8
• Isc bind 9.1
• Isc bind 9.9.8
• Isc bind 9.2.9
• Isc bind 9.2
• Isc bind 9.3.1
• Isc bind 9.6.0
• Isc bind 9.1.1
• Isc bind 9.3
• Isc bind 9.10.2
• Isc bind 9.11.0
• Isc bind 9.1.0
• Isc bind 9.3.6
• Isc bind 9.2.6
• Isc bind 9.4.0
• Isc bind 9.1.3
• Isc bind 9.3.3
• Isc bind 9.1.2
• Isc bind 9.2.7
• Isc bind 9.7.7
• Isc bind 9.0.0
• Isc bind 9.6.3
• Isc bind 9.2.4
• Isc bind 9.7.6
• Isc bind 9.3.2
• Isc bind 9.0.1
• Isc bind 9.5.1
• Isc bind 9.2.5
• Isc bind 9.10.4
• Isc bind 9.3.5
• Isc bind 9.3.0
• Isc bind 9.5.0
• Isc bind 9.2.2
• Isc bind 9.7.4
• Isc bind 9.4.2
• Isc bind 9.7.5
• Isc bind 9.5.3
• Isc bind 9.2.3
• Isc bind 9.7.3
• Isc bind 9.4.3
• Isc bind 9.5.2
• Isc bind 9.7.0
• Isc bind 9.7.2
• Isc bind 9.10.3

---

APP:OBSERVICED-OF - APP: Oracle Secure Backup observiced.exe Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Secure Backup daemon. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 37733
• url: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
• cve: CVE-2010-0072

Affected Products:

• Oracle oracle10g_enterprise_edition 10.2.0 .3
• Oracle oracle10g_standard_edition 10.2.0 .3
• Oracle oracle10g_personal_edition 10.2.0 .3

---

SSL:FACEBOOK-FIZZ-TLS13-IO-DOS - SSL: Facebook Fizz TLS 1.3 Early Data Integer Overflow Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Facebook Fizz. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

• url: https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
• url: https://threatpost.com/dos-bug-facebook-fizz-tls/143086/
• cve: CVE-2019-3560

---

SSL:VULN:CVE-2019-5010-DOS - SSL: Python SSL X.509 DistributionPoint Extension NULL Pointer Dereference

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Python SSL module. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

• url: https://bugs.python.org/file48052/talos-2019-0758.txt
• url: https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html
• cve: CVE-2019-5010

---

APP:MS-WIN-CREDSSP-MITM-CE - APP: Microsoft Windows CredSSP MITM Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Windows applications that depend on the CredSSP component for authentication. Successful exploitation would allow the attacker to execute arbitrary code under the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 103265
• cve: CVE-2018-0886

---

HTTP:EXPLOIT:MS-VBSCRIPT-RCE - HTTP: Microsoft Windows Vbscript Engine Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability in Microsoft Windows VBScript Engine. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

---

HTTP:MISC:IBM-QRADAR-CE - HTTP: IBM QRadar SIEM Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM QRadar. A successful attack can lead to Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2016-9722

Affected Products:

• Ibm qradar_security_information_and_event_manager 7.2.6
• Ibm qradar_security_information_and_event_manager 7.2.2
• Ibm qradar_security_information_and_event_manager 7.2.7
• Ibm qradar_security_information_and_event_manager 7.2.8
• Ibm qradar_security_information_and_event_manager 7.2.3
• Ibm qradar_security_information_and_event_manager 7.3.0
• Ibm qradar_security_information_and_event_manager 7.2.4
• Ibm qradar_security_information_and_event_manager 7.2.0
• Ibm qradar_security_information_and_event_manager 7.2.5
• Ibm qradar_security_information_and_event_manager 7.2.1

---

HTTP:WORD-PRESS-CONTENT-RCE - HTTP: WordPress Comment Content Filter Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against WordPress Comment Content Filter. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 107411
• url: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
• url: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
• cve: CVE-2019-9787

---

HTTP:HPE-IMC-INSECURE-DESERIAL - HTTP: HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

---

DNS:OVERFLOW:DNSMASQ-HEAP-BO - DNS: DNSmasq add_resource_record Heap Buffer Overflow

Severity: HIGH

Description:

A heap-based buffer overflow vulnerability has been reported in DNSmasq.A remote attacker could exploit this vulnerability by sending a specially crafted response to the server. Successful exploitation could result in arbitrary code execution in the security context of the root user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 101085
• cve: CVE-2017-14491

Affected Products:

• Canonical ubuntu_linux 12.04
• Thekelleys dnsmasq 2.77
• Canonical ubuntu_linux 16.04
• Novell leap 42.3
• Redhat enterprise_linux_desktop 6.0
• Canonical ubuntu_linux 14.04
• Novell leap 42.2
• Redhat enterprise_linux_desktop 7.0
• Debian debian_linux 7.0
• Debian debian_linux 9.0
• Canonical ubuntu_linux 17.04
• Debian debian_linux 7.1
• Redhat enterprise_linux_server 7.0
• Redhat enterprise_linux_workstation 6.0
• Redhat enterprise_linux_server 6.0
• Redhat enterprise_linux_workstation 7.0

---

HTTP:MIRC-URI-HANDLER-RCE - HTTP: mIRC URI Handler Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against mIRC URI handler. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• url: https://www.mirc.com/whatsnew.txt
• cve: CVE-2019-6453

---

DNS:BIND-DBC-ASSERT-DOS - DNS: ISC BIND db.c Assertion Failure Denial of Service

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against BIND DNS Service. The vulnerability is due to improper parsing of incoming responses, allowing malformed records to be accepted by BIND when they should not be accepted. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• url: https://kb.isc.org/article/AA-01317
• cve: CVE-2015-8000

Affected Products:

• Isc bind 9.4.0b2
• Isc bind 9.5.2-p4
• Isc bind 8.4.7
• Isc bind 9.9.5
• Isc bind 9.4.0b4
• Isc bind 9.5.0-p2
• Isc bind 9.9.7
• Isc bind 9.4.0a1
• Isc bind 9.7.0b2
• Isc bind 9.5.0b2
• Isc bind 9.7.4b1
• Isc bind 9.6.1
• Isc bind 9.6.0a1
• Isc bind 9.6.1b1
• Isc bind 9.6-esv-r2
• Isc bind 9.6-esv-r4
• Isc bind 9.1.2
• Isc bind 9.2.7
• Isc bind 9.7.7
• Isc bind 9.5.0a5
• Isc bind 9.6-esv-r6
• Isc bind 9.6.3b1
• Isc bind 9.2.5
• Isc bind 9.7.5
• Isc bind 9.8.4
• Isc bind 9.7.0b3
• Isc bind 9.5.0a7
• Isc bind 9.2.3
• Isc bind 9.7.3
• Isc bind 9.8.6
• Isc bind 9.5.0a1
• Isc bind 9.2.1
• Isc bind 9.7.1
• Isc bind 9.8.0
• Isc bind 9.6.2-p3
• Isc bind 9.6.2b1
• Isc bind 9.10.1
• Isc bind 9.8.2
• Isc bind 9.6.3
• Isc bind 9.5
• Isc bind 9.7.0a3
• Isc bind 9.4.3b2
• Isc bind 9.5.0-p2-w1
• Isc bind 9.7.0a1
• Isc bind 9.1
• Isc bind 9.9.8
• Isc bind 9.6.0
• Isc bind 9.3
• Isc bind 9.5.1b2
• Isc bind 9.6.2-p1
• Isc bind 9.3.3
• Isc bind 9.4.0a3
• Isc bind 9.3.1
• Isc bind 9.4.0
• Isc bind 9.0.1
• Isc bind 9.5.1
• Isc bind 9.5.3b1
• Isc bind 9.5.2-p3
• Isc bind 9.10.3
• Isc bind 9.4.2
• Isc bind 9.9.0
• Isc bind 9.5.3
• Isc bind 9.6-esv-r4-p1
• Isc bind 9.4.0b1
• Isc bind 9.5.0-p1
• Isc bind 9.9.2
• Isc bind 9.4.0a4
• Isc bind 9.4.0b3
• Isc bind 9.9.4
• Isc bind 9.4.0a6
• Isc bind 9.6.2
• Isc bind 9.6-esv-r5b1
• Isc bind 9.3.2
• Isc bind 9.10.0
• Isc bind 9.9.6
• Isc bind 9.7.0b1
• Isc bind 9.4.0a2
• Isc bind 9.6-esv-r1
• Isc bind 9.6-esv-r3
• Isc bind 9.5.2-p1
• Isc bind 9.1.1
• Isc bind 9.5.0a3
• Isc bind 9.6-esv-r5
• Isc bind 9.1.3
• Isc bind 9.2.6
• Isc bind 9.5.0a4
• Isc bind 9.6-esv-r7
• Isc bind 9.2.4
• Isc bind 9.7.6
• Isc bind 9.5.0a6
• Isc bind 9.6-esv-r9
• Isc bind 9.2.2
• Isc bind 9.7.4
• Isc bind 9.5.2b1
• Isc bind 9.8.5
• Isc bind 9.10.2
• Isc bind 9.2.0
• Isc bind 9.7.2
• Isc bind 9.5.0a2
• Isc bind 9.7.0
• Isc bind 9.8.1
• Isc bind 9.4
• Isc bind 9.5.0-p2-w2
• Isc bind 9.7.0a2
• Isc bind 9.7.1b1
• Isc bind 9.5.0b1
• Isc bind 9.4.3b3
• Isc bind 9.8.3
• Isc bind 9.5.0b3
• Isc bind 9.4.3b1
• Isc bind 9.0
• Isc bind 9.6.0b1
• Isc bind 9.6.2-p2
• Isc bind 9.2
• Isc bind 9.5.1b1
• Isc bind 9.5.1b3
• Isc bind 9.5.2-p2
• Isc bind 9.6-esv
• Isc bind 9.3.0
• Isc bind 9.4.1
• Isc bind 9.9.1
• Isc bind 9.5.0
• Isc bind 9.4.3
• Isc bind 9.9.3
• Isc bind 9.4.0a5
• Isc bind 9.5.2

---

APP:MISC:OPENVPN-DOS - APP: OpenVPN P_CONTROL Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in OpenVPN. A remote, unauthenticated attacker can exploit this vulnerability to cause the OpenVPN server program to terminate, resulting in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2017-7478

Affected Products:

• Openvpn openvpn 2.4.0
• Openvpn openvpn 2.3.12
• Openvpn openvpn 2.3.13
• Openvpn openvpn 2.3.14
• Openvpn openvpn 2.4.1

---

DB:ORACLE:FUSION-XLS-IO - DB: Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow

Severity: HIGH

Description:

An integer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to improper parsing of Excel files. When handling TxO records the code improperly wraps an integer value. This will result in an integer overflow causing a heap-based buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by causing an application that uses the vulnerable library to handle a malformed Excel file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1

References:

• url: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

---

SMB:OF:MS-WINDOWS-RCE - SMB: Microsoft Windows SMB Server SMBv2 Smb2UpdateLeaseFileName Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows SMB Server SMBv2 Smb2UpdateLeaseFileName. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, mx-11.4, isg-3.4.140032, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, isg-3.4.139899, srx-branch-12.1, vsrx-12.1, idp-5.0.110121210, j-series-9.5, idp-5.0.110130325, vsrx-15.1, idp-4.1.110110609, srx-12.1

References:

• cve: CVE-2019-0630
• bugtraq: 106876

---

HTTP:STC:ADOBE:CVE-2019-7834-CE - HTTP: Adobe Reader CVE-2019-7834 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7834

---

HTTP:STC:OMRON-UAF - HTTP: OMRON CX-One CX-Programmer Program Use After Free

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OMRON CX-One CX-Programmer module. The vulnerability is due to input validation error when processing Program parameter of the CX-Programmer project files. A remote attacker could exploit this vulnerability by enticing a target user into opening a maliciously crafted project file. Successful exploitation could result in arbitrary code execution in the context of the target user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-6556

---

HTTP:STC:ADOBE:CVE-2019-7779-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7779 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7779

---

HTTP:SQL:INJ:CVE-2019-11448 - HTTP: Zoho ManageEngine Applications Manager Popup_SLA.jsp sid SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• url: https://www.manageengine.com/products/applications_manager/issues.html#v14150
• cve: CVE-2019-11448

---

HTTP:APACHE:HTTPD-MOD-CACHE-DOS - HTTP: Apache HttpD Mod Cache SoCache Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache HTTPD mod_cache_socache. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• url: http://securitytracker.com/id?1040572
• bugtraq: 103522
• url: https://httpd.apache.org/security/vulnerabilities_24.html
• cve: CVE-2018-1303

Affected Products:

• Apache http_server 2.4.29
• Debian debian_linux 9.0
• Debian debian_linux 8.0

---

HTTP:STC:ADOBE:CVE-2019-7142-ID - HTTP: Adobe Acrobat and Reader CVE-2019-7142 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7142

---

HTTP:MISC:JENKINS-CI-CSRF - HTTP: Jenkins CI Server Multiple Cross-Site Request Forgery

Severity: HIGH

Description:

This signature detects attempts to exploit known vulnerabilities in the Jenkins CI. Successful exploitation of these vulnerabilities could lead to a variety of effects including denial-of-service, configuration changes, and, in the worst case, arbitrary command execution with the privileges of Jenkins.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 98062
• cve: CVE-2017-1000356

Affected Products:

• Jenkins jenkins 2.46.1
• Jenkins jenkins 2.56

---

HTTP:STC:ADOBE:CVE-2019-7770-ID - HTTP: Adobe Acrobat and Reader CVE-2019-7770 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7770

---

APP:TARANTOOL-OOB - APP: Tarantool xrow_header_decode Out of Bounds Read

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Tarantool. Successful exploitation results in denial of service conditions.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2016-9037

Affected Products:

• Tarantool tarantool 1.7.2

---

HTTP:STC:CVE-2019-6537-RCE - HTTP: WECON LeviStudio DataLogTool Multiple Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against WECON LeviStudio DataLogTool. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 106861
• cve: CVE-2019-6537

---

DHCP:OPT:MS-OPT-OF - DHCP: Microsoft Windows DHCP Client Service Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Windows DHCP Client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 18923
• cve: CVE-2006-2372

Affected Products:

• Microsoft windows_xp_professional
• Microsoft windows_xp_home
• Microsoft windows_2000_datacenter_server
• Microsoft windows_2000_professional SP3
• Microsoft windows_2000_server SP3
• Microsoft windows_2000_advanced_server SP3
• Microsoft windows_2000_datacenter_server SP3
• Microsoft windows_2000_datacenter_server SP1
• Microsoft windows_2000_server SP2
• Nortel_networks contact_center
• Nortel_networks symposium_network_control_center_(ncc)
• Nortel_networks periphonics
• Microsoft windows_xp_tablet_pc_edition SP2
• Microsoft windows_2000_professional
• Microsoft windows_2000_server SP1
• Microsoft windows_2000_professional SP1
• Microsoft windows_2000_advanced_server SP1
• Nortel_networks symposium_tapi_service_provider
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_professional SP4
• Nortel_networks self-service_mps_1000
• Nortel_networks self-service_speech_server
• Nortel_networks centrex_ip_client_manager 7.0.0
• Nortel_networks centrex_ip_client_manager 8.0.0
• Nortel_networks centrex_ip_element_manager 8.0.0
• Nortel_networks centrex_ip_element_manager 7.0.0
• Microsoft windows_xp_media_center_edition
• Microsoft windows_xp_tablet_pc_edition
• Nortel_networks media_processing_server
• Microsoft windows_2000_server
• Microsoft windows_xp_home SP1
• Microsoft windows_server_2003_standard_edition
• Nortel_networks centrex_ip_element_manager 9.0.0
• Microsoft windows_2000_advanced_server
• Microsoft windows_xp_media_center_edition SP2
• Microsoft windows_xp
• Nortel_networks contact_center_express
• Microsoft windows_server_2003_enterprise_x64_edition
• Microsoft windows_xp_professional SP1
• Nortel_networks contact_center_manager
• Nortel_networks enterprise_network_management_system
• Microsoft windows_xp_professional_x64_edition
• Microsoft windows_server_2003_datacenter_edition SP1
• Microsoft windows_server_2003_datacenter_edition_itanium SP1
• Microsoft windows_server_2003_enterprise_edition_itanium SP1
• Microsoft windows_server_2003_enterprise_edition SP1
• Microsoft windows_server_2003_standard_edition SP1
• Microsoft windows_server_2003_web_edition SP1
• Nortel_networks self-service_mps_100
• Nortel_networks symposium_agent
• Microsoft windows_2000_advanced_server SP2
• Microsoft windows_2000_datacenter_server SP2
• Microsoft windows_2000_professional SP2
• Nortel_networks self-service_mps_500
• Microsoft windows_2000_server SP4
• Microsoft windows_server_2003_enterprise_edition
• Microsoft windows_server_2003_datacenter_edition
• Microsoft windows_server_2003_web_edition
• Microsoft windows_server_2003_datacenter_x64_edition
• Microsoft windows_server_2003_enterprise_edition_itanium
• Microsoft windows_server_2003_datacenter_edition_itanium
• Microsoft windows_xp_tablet_pc_edition SP1
• Nortel_networks multiservice_data_manager
• Microsoft windows_server_2003_standard_x64_edition
• Nortel_networks optivity_telephony_manager_tm-cs1000
• Nortel_networks centrex_ip_client_manager 9.0
• Microsoft windows_xp_home SP2
• Microsoft windows_xp_professional SP2
• Nortel_networks web-centric_voice_application_development_suite
• Microsoft windows_xp_media_center_edition SP1

---

HTTP:APACHE:CVE-2019-0199-DOS - HTTP: Apache Tomcat HTTP2 Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-19.2, vsrx3bsd-19.2, srx-17.3, vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2

References:

• url: https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.38
• cve: CVE-2019-0199

---

HTTP:STC:ADOBE:CVE-2019-7813-ID - HTTP: Adobe Acrobat and Reader CVE-2019-7813 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7813

---

HTTP:CLAMAV-CVE-2019-1788-OB - HTTP: ClamAV OLE2 uniq_add Out-of-Bounds Write Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against ClamAV. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, j-series-9.5, vsrx-15.1, srx-12.1

References:

• url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166
• url: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
• cve: CVE-2019-1788

---

HTTP:STC:ADOBE:CVE-2019-7797-CE - HTTP: Adobe Acrobat CVE-2019-7797 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7797

---

HTTP:DIR:CVE-2018-7836-DIR-TRAV - HTTP: Schneider Electric IIoT Monitor Zip Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Schneider Electric IIoT Monitor. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• bugtraq: 106484
• url: https://www.schneider-electric.com/en/download/document/sevd-2018-354-03/
• url: http://www.zerodayinitiative.com/advisories/zdi-19-032/
• cve: CVE-2018-7836
• url: http://www.zerodayinitiative.com/advisories/zdi-19-030/
• url: http://www.zerodayinitiative.com/advisories/zdi-19-029/
• url: http://www.zerodayinitiative.com/advisories/zdi-19-022/
• url: http://www.zerodayinitiative.com/advisories/zdi-19-021/

---

HTTP:MISC:CVE-2018-12545-DOS - HTTP: Eclipse Jetty HTTP2 SETTINGS Frames Resource Exhaustion Denial Of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Eclipse Jetty. A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-19.2, vsrx3bsd-19.2, srx-17.3, vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2

References:

• url: https://bugs.eclipse.org/bugs/show_activity.cgi?id=538096
• cve: CVE-2018-12545

---

HTTP:DOS:ASTERISK-UPGRD-2 - HTTP: Digium Asterisk res_http_websocket HTTP Upgrade Request Denial of Service 2

Severity: HIGH

Description:

A denial-of-service vulnerability has been reported in Digium Asterisk. The vulnerability is due to improper handling of HTTP Upgrade requests during initial WebSocket connection establishment within the res_http_websocket module of Asterisk. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

• url: http://downloads.asterisk.org/pub/security/ast-2018-009.html
• cve: CVE-2018-17281

---

HTTP:STC:ADOBE:CVE-2019-7769-ID - HTTP: Adobe Pdf CVE-2019-7769 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7769

---

DHCP:RQST:ISC-DOS - DHCP: ISC DHCP TCP Session Exhaustion Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against DHCP Server. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2017-3144
• url: https://kb.isc.org/article/aa-01354
• cve: CVE-2016-2774

Affected Products:

• Isc dhcp 4.2.2
• Isc dhcp 4.3.1
• Isc dhcp 4.3.0
• Isc dhcp 4.3.2
• Isc dhcp 4.1.0
• Isc dhcp 4.2.1
• Isc dhcp 4.2.4
• Isc dhcp 4.1.1
• Isc dhcp 4.2.0
• Isc dhcp 4.1.2
• Isc dhcp 4.1-esv
• Isc dhcp 4.2.7
• Isc dhcp 4.2.8
• Isc dhcp 4.2.5
• Isc dhcp 4.2.3
• Isc dhcp 4.2.6
• Isc dhcp 4.3.3

---

HTTP:ORACLE:CVE-2018-3010-RCE-1 - HTTP: Oracle Outside In Excel PropertySetStream Remote Code Execution 1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Outside In. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• bugtraq: 104762
• cve: CVE-2018-3010

Affected Products:

• Oracle outside_in_technology 8.5.3

---

HTTP:STC:ADOBE:CVE-2019-7835-CE - HTTP: Adobe Acrobat and Reader CVE-2019-7835 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7835

---

HTTP:STC:ADOBE:CVE-2019-7831-CE - HTTP: Adobe Reader CVE-2019-7831 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7831

---

HTTP:STC:ADOBE:CVE-2019-7810-ID - HTTP: Adobe Acrobat CVE-2019-7810 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat. A successful attack can lead to Sensitive Information Disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

• cve: CVE-2019-7810

---

APP:MISC:QUAGGA-VTY-DOS - APP: Quagga VTY Interface Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Quagga. Successful exploitation would cause the target Quagga daemon to allocate excessive memory and crash, resulting in denial-of-service conditions.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

• cve: CVE-2017-5495

Affected Products:

• Quagga quagga 1.1.0

---

HTTP:STC:ADOBE:CVE-2019-7125-CE - HTTP: Adobe Pdf CVE-2019-7125 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, j-series-9.5, vsrx-15.1, srx-12.1

References:

• cve: CVE-2019-7125