Update Details
Update #3260 (03/06/2020)
4 new signatures:
| MEDIUM | HTTP:CTS:CENTREON-FRMPHP-CMDINJ | HTTP: Centreon formMibs Command Injection |
| HIGH | HTTP:APACHE:PTR-DEREF-DOS-1 | HTTP: Apache HTTPD mod_http2 Null Pointer Dereference (1) |
| HIGH | HTTP:STC:IE:CVE-2020-0824-RCE | HTTP: Microsoft Internet Explorer CVE-2020-0824 Remote Code Execution |
| MEDIUM | HTTP:SCRIPT-INJ-VUL-99 | HTTP: SCRIPT-INJ Infection-99 |
3 updated signatures:
| HIGH | APP:CA:ARCSRV:BKP-LGSERVER-BO | APP: CA BrightStor ARCServe Backup LGServer Buffer Overflow |
| MEDIUM | HTTP:SUSP-HDR-REDRCT-VUL-98 | HTTP: SUSP-HDR-REDRCT Infection-98 |
| MEDIUM | HTTP:ORACLE-E-BS-SQLINJ | HTTP: Oracle E-Business Suite Multiple Components SQL Injection |
Details of the signatures included within this bulletin:
HTTP:CTS:CENTREON-FRMPHP-CMDINJ - HTTP: Centreon formMibs Command Injection
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Centreon Web Application. A successful attack can lead to command injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-15298
Affected Products:
- Centreon centreon_web 2.8.20
- Centreon centreon_web 2.8.27
- Centreon centreon_web 2.8.2
- Centreon centreon_web 2.8.26
- Centreon centreon_web 2.8.3
- Centreon centreon_web 19.04.4
- Centreon centreon_web 2.8.25
- Centreon centreon_web 2.8.24
- Centreon centreon_web 2.8.1
- Centreon centreon_web 2.8.12
- Centreon centreon_web 2.8.6
- Centreon centreon_web 2.8.13
- Centreon centreon_web 19.10.1
- Centreon centreon_web 2.8.7
- Centreon centreon_web 19.04.0
- Centreon centreon_web 2.8.10
- Centreon centreon_web 19.10.0
- Centreon centreon_web 2.8.4
- Centreon centreon_web 19.04.1
- Centreon centreon_web 2.8.11
- Centreon centreon_web 2.8.5
- Centreon centreon_web 19.04.2
- Centreon centreon_web 2.8.16
- Centreon centreon_web 2.8.29
- Centreon centreon_web 18.10.4
- Centreon centreon_web 19.04.3
- Centreon centreon_web 2.8.17
- Centreon centreon_web 2.8.28
- Centreon centreon_web 18.10.5
- Centreon centreon_web 2.8.14
- Centreon centreon_web 18.10.6
- Centreon centreon_web 2.8.15
- Centreon centreon_web 18.10.7
- Centreon centreon_web 18.10.0
- Centreon centreon_web 2.8.8
- Centreon centreon_web 18.10.1
- Centreon centreon_web 2.8.9
- Centreon centreon_web 2.8.18
- Centreon centreon_web 2.8.23
- Centreon centreon_web 18.10.2
- Centreon centreon_web 2.8.19
- Centreon centreon_web 2.8.22
- Centreon centreon_web 18.10.3
- Centreon centreon_web 2.8.21
HTTP:SCRIPT-INJ-VUL-99 - HTTP: SCRIPT-INJ Infection-99
Severity: MEDIUM
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1
APP:CA:ARCSRV:BKP-LGSERVER-BO - APP: CA BrightStor ARCServe Backup LGServer Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Computer Associates BrightStor ARCServe Backup LGServer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- url: http://www.securityfocus.com/archive/1/458644
- url: http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993
- bugtraq: 22340
- cve: CVE-2007-0449
- bugtraq: 22199
Affected Products:
- Computer_associates business_protection_suite_for_microsoft_sbs_std_ed r2
- Computer_associates desktop_protection_suite 2.0
- Computer_associates desktop_management_suite 11.1
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.1
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.0
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.1 SP1
- Computer_associates business_protection_suite_for_microsoft_sbs_pre_ed r2
- Computer_associates business_protection_suite 2.0
- Computer_associates brightstor_mobile_backup 4.0
HTTP:ORACLE-E-BS-SQLINJ - HTTP: Oracle E-Business Suite Multiple Components SQL Injection
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Oracle E-Business Suite Multiple Components. A successful attack can lead to command injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-2587
- cve: CVE-2020-2586
- url: https://www.oracle.com/security-alerts/cpuapr2019.html
- cve: CVE-2019-2638
Affected Products:
- Oracle human_resources 12.1.3
- Oracle human_resources 12.2.6
- Oracle human_resources 12.2.5
- Oracle human_resources 12.2.9
- Oracle human_resources 12.2.4
- Oracle human_resources 12.1.1
- Oracle human_resources 12.2.3
- Oracle human_resources 12.1.2
- Oracle human_resources 12.2.7
HTTP:APACHE:PTR-DEREF-DOS-1 - HTTP: Apache HTTPD mod_http2 Null Pointer Dereference (1)
Severity: HIGH
Description:
A null pointer dereference vulnerability has been reported in the mod_http2 module of Apache HTTPD. A remote, unauthenticated attacker could exploit these vulnerability by sending maliciously crafted HTTP request to the affected server. Successful exploitation of the vulnerability could lead to denial of service conditions.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2017-7659
- bugtraq: 99132
Affected Products:
- Apache http_server 2.4.24
- Apache http_server 2.4.25
HTTP:STC:IE:CVE-2020-0824-RCE - HTTP: Microsoft Internet Explorer CVE-2020-0824 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-0824
Affected Products:
- Microsoft internet_explorer 11
HTTP:SUSP-HDR-REDRCT-VUL-98 - HTTP: SUSP-HDR-REDRCT Infection-98
Severity: MEDIUM
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1