Update Details
Update #3216 (10/10/2019)
3 new signatures:
| CRITICAL | HTTP:MISC:DLINK-CMD-INJ-PING | HTTP: Dlink Home Router Command Injection |
| HIGH | HTTP:PHP:VBULLETIN-RCE | HTTP: vBulletin Pre-Auth Remote Code Execution |
| HIGH | HTTP:MISC:PULSE-GUACAMOLE-ID | HTTP: Pulse Secure Guacamole URI Information Disclosure |
1 updated signature:
| HIGH | HTTP:STC:ACTIVEX:GE-HISTORIAN | HTTP: GE Proficy Historian KeyHelp.ocx ActiveX Control |
Details of the signatures included within this bulletin:
HTTP:MISC:DLINK-CMD-INJ-PING - HTTP: Dlink Home Router Command Injection
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Dlink Home Router. A successful attack can lead to command injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Dlink dir-655_firmware 3.02b05
- Dlink dhp-1565_firmware 1.01
- Dlink dir-652_firmware -
- Dlink dir-866l_firmware 1.03b04
HTTP:PHP:VBULLETIN-RCE - HTTP: vBulletin Pre-Auth Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against vBulletin. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-16759
Affected Products:
- Vbulletin vbulletin 5.2.2
- Vbulletin vbulletin 5.1.2
- Vbulletin vbulletin 5.5.2
- Vbulletin vbulletin 5.5.0
- Vbulletin vbulletin 5.5.1
- Vbulletin vbulletin 5.0.3
- Vbulletin vbulletin 5.5.4
- Vbulletin vbulletin 5.4.3
- Vbulletin vbulletin 5.1.1
- Vbulletin vbulletin 5.2.0
- Vbulletin vbulletin 5.0.0
- Vbulletin vbulletin 5.1.0
- Vbulletin vbulletin 5.0.4
- Vbulletin vbulletin 5.2.1
- Vbulletin vbulletin 5.0.1
- Vbulletin vbulletin 5.5.3
- Vbulletin vbulletin 5.1.3
- Vbulletin vbulletin 5.0.5
- Vbulletin vbulletin 5.2.6
- Vbulletin vbulletin 5.0.2
HTTP:STC:ACTIVEX:GE-HISTORIAN - HTTP: GE Proficy Historian KeyHelp.ocx ActiveX Control
Severity: HIGH
Description:
This signature detects attempts to use unsafe ActiveX control in the GE Proficy. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Supported On:
idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- bugtraq: 55265
- cve: CVE-2012-2516
- bugtraq: 54215
- cve: CVE-2012-2515
Affected Products:
- General_electric proficy_historian 3.1
- General_electric proficy_hmi/scada-ifix 5.0
- General_electric proficy_hmi/scada-ifix 5.1
- General_electric proficy_historian 4.5
- General_electric proficy_historian 4.0
- General_electric proficy_historian 3.5
- General_electric pulse 1.0
- General_electric proficy_batch_execution 5.6
- General_electric si7_i/o_driver 7.20
HTTP:MISC:PULSE-GUACAMOLE-ID - HTTP: Pulse Secure Guacamole URI Information Disclosure
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Pulse Secure. A successful attack can lead to sensitive information disclosure.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- url: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- bugtraq: 108073
- cve: CVE-2019-11510
Affected Products:
- Pulsesecure pulse_connect_secure 8.2
- Pulsesecure pulse_connect_secure 9.0
- Pulsesecure pulse_connect_secure 8.3