Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3245 (01/18/2020)

11 new signatures:

MEDIUMHTTP:MS-SP-RFI-INFODISCLOSEHTTP: Microsoft SharePoint SPVirtualFile and WebPartPageWebService Information Disclosure
MEDIUMHTTP:ORACLE-E-BS-SQLINJHTTP: Oracle E-Business Suite Multiple Components SQL Injection
MEDIUMHTTP:ORACLE:E-BUSINESS-SQL-INJHTTP: Oracle E-Business Suite Work In Process SQL Injection
HIGHHTTP:XSS:SOLAR-SERVU-FTP-UFNHTTP: SolarWinds Serv-U FTP Server USER_FULL_NAME Stored Cross-Site Scripting
MEDIUMHTTP:CTS:ELOG-PROJ-DOSHTTP: ELOG Project ELOG show_uploader_json NULL Pointer Dereference Denial of Service
HIGHMS-RPC:OF:ADTECH-WEBACE-BWOPCBSMS-RPC: Advantech WebAccess SCADA BwOpcBs Buffer Overflow Remote Code Execution
CRITICALHTTP:CTS:RCONFIG-CMD-INJHTTP: rConfig ajaxArchiveFiles.php Command Injection
MEDIUMHTTP:STC:DL:WINDOWS-RTF-BU-OVFLHTTP: Microsoft Windows CVE-2019-1439 Buffer Overflow
MEDIUMHTTP:XSS:MS-OFC-SHAREPOINT-XSSHTTP: Microsoft Office SharePoint Stored Cross-site Scripting
HIGHHTTP:ORACLE:JDEV-ADF-FCS-DESERHTTP: Oracle JDeveloper ADF Faces Untrusted Deserialization
MEDIUMHTTP:EMBDTHS-GOAHEAD-DOSHTTP: EmbedThis GoAhead Web Server File Upload Denial of Service

5 updated signatures:

CRITICALHTTP:CTS:ADVTECH-RMM-ARB-UPLOADHTTP: Advantech WISE-PaaS RMM LastMapName Arbitrary File Upload
MEDIUMHTTP:STC:ADOBE:CVE-2019-8033-CEHTTP: Adobe Acrobat Reader CVE-2019-8033 Remote Code Execution
HIGHHTTP:STC:IE:CVE-2019-1429-RCEHTTP: Microsoft Internet Explorer CVE-2019-1429 Remote Code Execution
HIGHHTTP:DIR:CITRIX-ADC-GW-RCEHTTP: Citrix ADC & Gateway Remote Code Execution
HIGHAPP:REMOTE:CVE-2019-7839-RCEAPP: Adobe ColdFusion CVE-2019-7839 Remote Code Execution


Details of the signatures included within this bulletin:


HTTP:DIR:CITRIX-ADC-GW-RCE - HTTP: Citrix ADC & Gateway Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Citrix ADC & Gateway. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://support.citrix.com/article/CTX267027
  • cve: CVE-2019-19781

Affected Products:

  • Citrix application_delivery_controller_firmware 12.1
  • Citrix netscaler_gateway_firmware 12.0
  • Citrix netscaler_gateway_firmware 10.5
  • Citrix application_delivery_controller_firmware 13.0
  • Citrix netscaler_gateway_firmware 12.1
  • Citrix gateway_firmware 13.0
  • Citrix netscaler_gateway_firmware 11.1
  • Citrix application_delivery_controller_firmware 12.0
  • Citrix application_delivery_controller_firmware 10.5
  • Citrix application_delivery_controller_firmware 11.1

APP:REMOTE:CVE-2019-7839-RCE - APP: Adobe ColdFusion CVE-2019-7839 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2019-7839

Affected Products:

  • Adobe coldfusion 2018
  • Adobe coldfusion 11.0
  • Adobe coldfusion 2016

HTTP:MS-SP-RFI-INFODISCLOSE - HTTP: Microsoft SharePoint SPVirtualFile and WebPartPageWebService Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint's SPVirtualFile and WebPartPageWebService classes . A successful attack can lead to sensitive information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443
  • cve: CVE-2019-1443

Affected Products:

  • Microsoft sharepoint_server 2019
  • Microsoft sharepoint_enterprise_server 2016
  • Microsoft sharepoint_foundation 2010
  • Microsoft sharepoint_foundation 2013

HTTP:STC:ADOBE:CVE-2019-8033-CE - HTTP: Adobe Acrobat Reader CVE-2019-8033 Remote Code Execution

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8033

Affected Products:

  • Adobe acrobat_reader_dc 17.012.20093
  • Adobe acrobat_reader_dc 15.016.20041
  • Adobe acrobat_reader_dc 15.006.30434
  • Adobe acrobat_dc 15.016.20041
  • Adobe acrobat_reader_dc 15.006.30416
  • Adobe acrobat_reader_dc 17.000.0000
  • Adobe acrobat_reader_dc 17.011.30078
  • Adobe acrobat_reader_dc 17.011.30102
  • Adobe acrobat_reader_dc 15.006.30173
  • Adobe acrobat_dc 17.011.30106
  • Adobe acrobat_dc 15.010.20059
  • Adobe acrobat_reader_dc 15.016.20045
  • Adobe acrobat_reader_dc 15.017.20050
  • Adobe acrobat_dc 15.006.30413
  • Adobe acrobat_reader_dc 15.006.30418
  • Adobe acrobat_reader_dc 17.011.30059
  • Adobe acrobat_dc 15.006.30198
  • Adobe acrobat_dc 15.006.30498
  • Adobe acrobat_dc 19.008.20074
  • Adobe acrobat_reader_dc 17.011.30106
  • Adobe acrobat_dc 17.011.30110
  • Adobe acrobat_dc 17.011.30102
  • Adobe acrobat_reader_dc 18.011.20038
  • Adobe acrobat_dc 19.008.20081
  • Adobe acrobat_dc 15.006.30417
  • Adobe acrobat_reader_dc 15.010.20059
  • Adobe acrobat_dc 18.011.20058
  • Adobe acrobat_reader_dc 15.006.30094
  • Adobe acrobat_reader_dc 18.009.20050
  • Adobe acrobat_dc 15.017.20050
  • Adobe acrobat_dc 17.009.20058
  • Adobe acrobat_reader_dc 15.006.30198
  • Adobe acrobat_dc 15.006.30464
  • Adobe acrobat_reader_dc 15.006.30475
  • Adobe acrobat_dc 17.011.30059
  • Adobe acrobat_reader_dc 15.009.20069
  • Adobe acrobat_reader_dc 15.010.20060
  • Adobe acrobat_dc 15.006.30280
  • Adobe acrobat_dc 19.010.20099
  • Adobe acrobat_reader_dc 15.006.30498
  • Adobe acrobat_dc 18.011.20038
  • Adobe acrobat_dc 15.006.30243
  • Adobe acrobat_dc 17.011.30140
  • Adobe acrobat_dc 19.010.20100
  • Adobe acrobat_reader_dc 17.011.30066
  • Adobe acrobat_reader_dc 15.006.30280
  • Adobe acrobat_dc 18.009.20050
  • Adobe acrobat_reader_dc 15.006.30464
  • Adobe acrobat_reader_dc 15.006.30243
  • Adobe acrobat_dc 15.016.20039
  • Adobe acrobat_reader_dc 17.009.20058
  • Adobe acrobat_reader_dc 19.010.20099
  • Adobe acrobat_reader_dc 19.010.20100
  • Adobe acrobat_reader_dc 19.012.20034
  • Adobe acrobat_dc 15.006.30121
  • Adobe acrobat_reader_dc 15.020.20042
  • Adobe acrobat_reader_dc 17.011.30142
  • Adobe acrobat_dc 19.012.20034
  • Adobe acrobat_reader_dc 17.012.20098
  • Adobe acrobat_reader_dc 17.011.30080
  • Adobe acrobat_reader_dc 15.023.20056
  • Adobe acrobat_dc 19.010.20091
  • Adobe acrobat_reader_dc 17.011.30140
  • Adobe acrobat_dc 15.023.20056
  • Adobe acrobat_dc 15.006.30097
  • Adobe acrobat_reader_dc 17.011.30127
  • Adobe acrobat_reader_dc 15.016.20039
  • Adobe acrobat_dc 17.011.30080
  • Adobe acrobat_reader_dc 15.006.30097
  • Adobe acrobat_reader_dc 15.006.30121
  • Adobe acrobat_reader_dc 18.011.20040
  • Adobe acrobat_dc 17.011.30127
  • Adobe acrobat_dc 17.011.30142
  • Adobe acrobat_dc 17.011.30068
  • Adobe acrobat_dc 15.008.20082
  • Adobe acrobat_reader_dc 19.010.20091
  • Adobe acrobat_reader_dc 17.011.30068
  • Adobe acrobat_dc 15.006.30482
  • Adobe acrobat_reader_dc 15.006.30355
  • Adobe acrobat_dc 15.006.30173
  • Adobe acrobat_reader_dc 15.008.20082
  • Adobe acrobat_dc 17.012.20095
  • Adobe acrobat_reader_dc 17.011.30110
  • Adobe acrobat_dc 17.011.30099
  • Adobe acrobat_reader_dc 17.009.20044
  • Adobe acrobat_reader_dc 17.011.30099
  • Adobe acrobat_reader_dc 15.006.30482
  • Adobe acrobat_dc 17.011.30079
  • Adobe acrobat_dc 19.008.20071
  • Adobe acrobat_dc 15.006.30355
  • Adobe acrobat_dc 15.006.30457
  • Adobe acrobat_dc 15.010.20060
  • Adobe acrobat_reader_dc 15.006.30457
  • Adobe acrobat_reader_dc 19.008.20080
  • Adobe acrobat_reader_dc 15.006.30497
  • Adobe acrobat_dc 19.008.20080
  • Adobe acrobat_reader_dc 18.011.20063
  • Adobe acrobat_dc 15.006.30418
  • Adobe acrobat_dc 15.006.30448
  • Adobe acrobat_dc 17.011.30066
  • Adobe acrobat_reader_dc 19.010.20069
  • Adobe acrobat_reader_dc 15.006.30495
  • Adobe acrobat_dc 15.017.20053
  • Adobe acrobat_dc 17.009.20044
  • Adobe acrobat_reader_dc 17.011.30079
  • Adobe acrobat_dc 19.010.20069
  • Adobe acrobat_dc 15.006.30493
  • Adobe acrobat_dc 15.006.30279
  • Adobe acrobat_dc 17.012.20096
  • Adobe acrobat_reader_dc 15.006.30493
  • Adobe acrobat_reader_dc 15.023.20070
  • Adobe acrobat_reader_dc 15.006.30172
  • Adobe acrobat_dc 17.011.30105
  • Adobe acrobat_reader_dc 19.008.20071
  • Adobe acrobat_dc 15.006.30495
  • Adobe acrobat_dc 15.023.20070
  • Adobe acrobat_dc 15.006.30174
  • Adobe acrobat_dc 17.012.20098
  • Adobe acrobat_dc 18.011.20063
  • Adobe acrobat_reader_dc 15.006.30174
  • Adobe acrobat_dc 15.006.30475
  • Adobe acrobat_reader_dc 19.008.20074
  • Adobe acrobat_dc 15.006.30497
  • Adobe acrobat_dc 15.006.30172
  • Adobe acrobat_reader_dc 15.006.30279
  • Adobe acrobat_reader_dc 15.017.20053
  • Adobe acrobat_dc 15.006.30416
  • Adobe acrobat_reader_dc 17.011.30105
  • Adobe acrobat_reader_dc 17.011.30113
  • Adobe acrobat_dc 18.011.20040
  • Adobe acrobat_reader_dc 15.010.20056
  • Adobe acrobat_dc 19.010.20098
  • Adobe acrobat_reader_dc 15.006.30461
  • Adobe acrobat_reader_dc 15.006.30244
  • Adobe acrobat_dc 18.011.20055
  • Adobe acrobat_reader_dc 15.006.30201
  • Adobe acrobat_reader_dc 17.011.30065
  • Adobe acrobat_reader_dc 15.006.30417
  • Adobe acrobat_dc 17.000.0000
  • Adobe acrobat_dc 17.011.30113
  • Adobe acrobat_dc 15.010.20056
  • Adobe acrobat_dc 15.006.30244
  • Adobe acrobat_dc 17.011.30143
  • Adobe acrobat_dc 15.009.20079
  • Adobe acrobat_reader_dc 19.008.20081
  • Adobe acrobat_dc 15.023.20053
  • Adobe acrobat_dc 18.009.20044
  • Adobe acrobat_reader_dc 19.010.20098
  • Adobe acrobat_reader_dc 18.011.20055
  • Adobe acrobat_dc 15.006.30094
  • Adobe acrobat_dc 17.011.30065
  • Adobe acrobat_dc 15.009.20069
  • Adobe acrobat_dc 15.006.30096
  • Adobe acrobat_dc 15.006.30201
  • Adobe acrobat_reader_dc 17.011.30096
  • Adobe acrobat_dc 17.011.30120
  • Adobe acrobat_reader_dc 15.009.20079
  • Adobe acrobat_dc 17.011.30096
  • Adobe acrobat_dc 15.020.20039
  • Adobe acrobat_dc 15.006.30060
  • Adobe acrobat_dc 17.011.30070
  • Adobe acrobat_reader_dc 15.023.20053
  • Adobe acrobat_reader_dc 15.006.30096
  • Adobe acrobat_reader_dc 15.009.20077
  • Adobe acrobat_reader_dc 17.011.30120
  • Adobe acrobat_reader_dc 17.012.20095
  • Adobe acrobat_dc 15.009.20071
  • Adobe acrobat_reader_dc 18.009.20044
  • Adobe acrobat_reader_dc 15.020.20039
  • Adobe acrobat_dc 19.010.20064
  • Adobe acrobat_reader_dc 15.006.30354
  • Adobe acrobat_dc 15.006.30352
  • Adobe acrobat_reader_dc 15.006.30060
  • Adobe acrobat_dc 15.006.30119
  • Adobe acrobat_dc 15.006.30306
  • Adobe acrobat_reader_dc 17.011.30070
  • Adobe acrobat_reader_dc 15.009.20071
  • Adobe acrobat_reader_dc 15.006.30392
  • Adobe acrobat_reader_dc 15.006.30452
  • Adobe acrobat_dc 17.011.30078
  • Adobe acrobat_dc 15.009.20077
  • Adobe acrobat_reader_dc 19.010.20064
  • Adobe acrobat_dc 15.006.30394
  • Adobe acrobat_dc 15.006.30456
  • Adobe acrobat_reader_dc 15.006.30352
  • Adobe acrobat_reader_dc 15.006.30306
  • Adobe acrobat_reader_dc 15.006.30394
  • Adobe acrobat_reader_dc 17.011.30138
  • Adobe acrobat_dc 15.016.20045
  • Adobe acrobat_dc 15.006.30354
  • Adobe acrobat_dc 15.006.30392
  • Adobe acrobat_dc 15.006.30434
  • Adobe acrobat_reader_dc 15.006.30448
  • Adobe acrobat_reader_dc 15.006.30456
  • Adobe acrobat_dc 17.012.20093
  • Adobe acrobat_dc 15.020.20042
  • Adobe acrobat_reader_dc 15.006.30119
  • Adobe acrobat_dc 15.006.30452
  • Adobe acrobat_dc 17.011.30138

HTTP:STC:IE:CVE-2019-1429-RCE - HTTP: Microsoft Internet Explorer CVE-2019-1429 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1429

Affected Products:

  • Microsoft internet_explorer 11
  • Microsoft internet_explorer 9
  • Microsoft internet_explorer 10

HTTP:ORACLE-E-BS-SQLINJ - HTTP: Oracle E-Business Suite Multiple Components SQL Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Oracle E-Business Suite Multiple Components. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-2587
  • cve: CVE-2020-2586
  • url: https://www.oracle.com/security-alerts/cpuapr2019.html
  • cve: CVE-2019-2638

Affected Products:

  • Oracle human_resources 12.1.3
  • Oracle human_resources 12.2.6
  • Oracle human_resources 12.2.5
  • Oracle human_resources 12.2.9
  • Oracle human_resources 12.2.4
  • Oracle human_resources 12.1.1
  • Oracle human_resources 12.2.3
  • Oracle human_resources 12.1.2
  • Oracle human_resources 12.2.7

HTTP:CTS:ADVTECH-RMM-ARB-UPLOAD - HTTP: Advantech WISE-PaaS RMM LastMapName Arbitrary File Upload

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WISE-PaaS RMM. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-13551

Affected Products:

  • Advantech wise-pass/rmm 3.3.29

HTTP:ORACLE:E-BUSINESS-SQL-INJ - HTTP: Oracle E-Business Suite Work In Process SQL Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Oracle E-Business Suite. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://www.onapsis.com/blog/oracle-payday-vulnerabilities
  • url: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  • cve: CVE-2019-2633

Affected Products:

  • Oracle work_in_process 12.2.8
  • Oracle work_in_process 12.2.4
  • Oracle work_in_process 12.1.1
  • Oracle work_in_process 12.1.2
  • Oracle work_in_process 12.2.7
  • Oracle work_in_process 12.2.3
  • Oracle work_in_process 12.1.3
  • Oracle work_in_process 12.2.6
  • Oracle work_in_process 12.2.5

HTTP:XSS:SOLAR-SERVU-FTP-UFN - HTTP: SolarWinds Serv-U FTP Server USER_FULL_NAME Stored Cross-Site Scripting

Severity: HIGH

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against SolarWinds Serv-U FTP Server. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-13182

Affected Products:

  • Solarwinds serv-u_ftp_server 15.1.7

HTTP:CTS:ELOG-PROJ-DOS - HTTP: ELOG Project ELOG show_uploader_json NULL Pointer Dereference Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against ELOG Project. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://www.tenable.com/security/research/tra-2019-53
  • url: https://bitbucket.org/ritt/elog/src/32ba07e19241e0bcc68aaa640833424fb3001956/src/elogd.c?at=master
  • cve: CVE-2019-3995

Affected Products:

  • Elog_project elog 3.1.4-57bea22

MS-RPC:OF:ADTECH-WEBACE-BWOPCBS - MS-RPC: Advantech WebAccess SCADA BwOpcBs Buffer Overflow Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Advantech WebAccess. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1


HTTP:CTS:RCONFIG-CMD-INJ - HTTP: rConfig ajaxArchiveFiles.php Command Injection

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against rConfig. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-19509

Affected Products:

  • Rconfig rconfig 3.9.3

HTTP:STC:DL:WINDOWS-RTF-BU-OVFL - HTTP: Microsoft Windows CVE-2019-1439 Buffer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1439

Affected Products:

  • Microsoft windows_10 1607
  • Microsoft windows_server_2016 1903
  • Microsoft windows_rt_8.1 -
  • Microsoft windows_10 1803
  • Microsoft windows_10 1809
  • Microsoft windows_server_2019 -
  • Microsoft windows_server_2016 1803
  • Microsoft windows_10 1903
  • Microsoft windows_8.1 -
  • Microsoft windows_server_2008 r2
  • Microsoft windows_server_2012 -
  • Microsoft windows_10 1709
  • Microsoft windows_7 -
  • Microsoft windows_10 -
  • Microsoft windows_server_2016 -
  • Microsoft windows_server_2008 -
  • Microsoft windows_server_2012 r2

HTTP:XSS:MS-OFC-SHAREPOINT-XSS - HTTP: Microsoft Office SharePoint Stored Cross-site Scripting

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against Microsoft Office SharePoint. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1070
  • cve: CVE-2019-1070

Affected Products:

  • Microsoft sharepoint_enterprise_server 2013
  • Microsoft sharepoint_enterprise_server 2016

HTTP:ORACLE:JDEV-ADF-FCS-DESER - HTTP: Oracle JDeveloper ADF Faces Untrusted Deserialization

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Oracle JDeveloper. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-2904

Affected Products:

  • Oracle jdeveloper 12.2.1.3.0
  • Oracle jdeveloper 11.1.1.9.0
  • Oracle jdeveloper 12.1.3.0.0
  • Oracle application_development_framework 12.2.1.3.0
  • Oracle application_development_framework 12.1.3.0.0
  • Oracle application_development_framework 11.1.1.9.0

HTTP:EMBDTHS-GOAHEAD-DOS - HTTP: EmbedThis GoAhead Web Server File Upload Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against EmbedThis GoAhead Web Server. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-5097

Affected Products:

  • Embedthis goahead 5.0.1
  • Embedthis goahead 4.1.1
  • Embedthis goahead 3.6.5
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out