Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3301 (07/23/2020)

9 deprecated signatures:

CRITICALHTTP:HPE-CVE-2019-11941-ELHTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Pattern covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-EXP-LANG-INJHTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-EXPINJHTTP: HPE IMC devGroupSelect Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS-HPE-IMC-RCEHTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
CRITICALHTTP:MISC:HPE-IMC-ELINJHTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:HPE-IMCP-URL-RCEHTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:HPE-INJECTION-RCEHTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-FR-EL-CIHTTP: HPE IMC ForwardRedirect Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
CRITICALHTTP:MISC:HPE-IMC-OPETATOR-CEHTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/

Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups

4 new signatures:

HIGHHTTP:SQL:INJ:VBULLETIN-NODEIDHTTP: vBulletin nodeId SQL Injection
CRITICALHTTP:CTS:SAP-NETW-UN-AUTH-UCHTTP: SAP NetWeaver Unauthenticated User Creation
MEDIUMHTTP:CTS:CITRIX-APP-DEL-AUTH-BYHTTP: Citrix Application Delivery Controller Authorization bypass
MEDIUMHTTP:STC:ADOBE:CVE-2020-9606UAFHTTP: Adobe Acrobat and Reader CVE-2020-9606 Use After Free

9 new protocol anomalies:

MEDIUMHTTP:OVERFLOW:ETAGHTTP:Etag Header Overflow
MEDIUMHTTP:OVERFLOW:DATEHTTP:Date Header Overflow
MEDIUMHTTP:OVERFLOW:ACCEPT_RANGESHTTP:Accept ranges Header Overflow
MEDIUMLPR:ERROR:INVALID_FILE_SIZELPR:Invalid FileSize
MEDIUMMSN:ERROR:INVALID_CONTENT_LENMSN:Invalid Content Length Value
MEDIUMMSN:ERROR:INVALID_APP_IDMSN:Invalid AppID
MEDIUMHTTP:FIRST-CHUNK-PREPADDINGHTTP:First Chunk Prepadding
MEDIUMHTTP:OVERFLOW:SOAPACTIONHTTP:Soapaction Header Overflow
MEDIUMHTTP:OVERFLOW:PROXY_AUTHHTTP:Proxy authorization Header Overflow

2 updated signatures:

HIGHHTTP:IIS:CVE-2017-7269-RCEHTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow
MEDIUMSMB:MS-SMBV3-COMP-INFO-DISSMB: Microsoft Windows SMBv3 Compression Information Disclosure


Details of the signatures included within this bulletin:

HTTP:SQL:INJ:VBULLETIN-NODEID - HTTP: vBulletin nodeId SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against vBulletin nodeID. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-12720

Affected Products:

  • Vbulletin vbulletin 5.6.1.-
  • Vbulletin vbulletin 5.0.5
  • Vbulletin vbulletin 5.0.4
  • Vbulletin vbulletin 5.5.2
  • Vbulletin vbulletin 5.2.6
  • Vbulletin vbulletin 5.1.3
  • Vbulletin vbulletin 5.5.3
  • Vbulletin vbulletin 5.5.0
  • Vbulletin vbulletin 5.5.1
  • Vbulletin vbulletin 5.5.6
  • Vbulletin vbulletin 5.1.2
  • Vbulletin vbulletin 5.5.4
  • Vbulletin vbulletin 5.4.3
  • Vbulletin vbulletin 5.1.0
  • Vbulletin vbulletin 5.1.1
  • Vbulletin vbulletin 5.0.3
  • Vbulletin vbulletin 5.0.2
  • Vbulletin vbulletin 5.0.1
  • Vbulletin vbulletin 5.2.1
  • Vbulletin vbulletin 5.6.0
  • Vbulletin vbulletin 5.0.0
  • Vbulletin vbulletin 5.2.0
  • Vbulletin vbulletin 5.2.2
  • Vbulletin vbulletin 5.3.3
  • Vbulletin vbulletin 5.3.2
  • Vbulletin vbulletin 5.2.4
  • Vbulletin vbulletin 5.2.5

HTTP:OVERFLOW:ETAG - HTTP:Etag Header Overflow

Severity: MEDIUM

Description:

This anomaly triggers when a suspiciously long etag header is detected. The maximum length of this header, specified in the Sensor Setting Rulebase and can be configured in the Sensor Settings of the policy.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

HTTP:OVERFLOW:ACCEPT_RANGES - HTTP:Accept ranges Header Overflow

Severity: MEDIUM

Description:

This anomaly triggers when a suspiciously long Accept-Ranges header is detected.The maximum length of this header, specified in the Sensor Setting Rulebase and can be configured in the Sensor Settings of the policy.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

SMB:MS-SMBV3-COMP-INFO-DIS - SMB: Microsoft Windows SMBv3 Compression Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows SMBv3 Compression. A successful attack can lead to sensitive information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-1206

Affected Products:

  • Microsoft windows_10 2004
  • Microsoft windows_server_2016 2004
  • Microsoft windows_10 1903
  • Microsoft windows_server_2016 1909
  • Microsoft windows_10 1909
  • Microsoft windows_server_2016 1903

HTTP:OVERFLOW:DATE - HTTP:Date Header Overflow

Severity: MEDIUM

Description:

This anomaly triggers when a suspiciously long date header is detected. The maximum length of this header, specified in the Sensor Setting Rulebase and can be configured in the Sensor Settings of the policy.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

HTTP:STC:ADOBE:CVE-2020-9606UAF - HTTP: Adobe Acrobat and Reader CVE-2020-9606 Use After Free

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2020-9606
  • url: https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

Affected Products:

  • Adobe acrobat_dc 17.011.30138
  • Adobe acrobat_dc 15.006.30452
  • Adobe acrobat_reader_dc 15.006.30119
  • Adobe acrobat_dc 15.020.20042
  • Adobe acrobat_dc 17.012.20093
  • Adobe acrobat_reader_dc 15.006.30456
  • Adobe acrobat_dc 19.021.20056
  • Adobe acrobat_dc 15.006.30434
  • Adobe acrobat_dc 15.006.30392
  • Adobe acrobat_dc 15.006.30354
  • Adobe acrobat_dc 15.016.20045
  • Adobe acrobat_reader_dc 17.011.30138
  • Adobe acrobat_reader_dc 15.006.30394
  • Adobe acrobat_reader_dc 15.006.30306
  • Adobe acrobat_reader_dc 15.006.30352
  • Adobe acrobat_dc 15.006.30456
  • Adobe acrobat_dc 15.006.30394
  • Adobe acrobat_reader_dc 19.010.20064
  • Adobe acrobat_dc 15.009.20077
  • Adobe acrobat_dc 17.011.30078
  • Adobe acrobat_reader_dc 15.006.30452
  • Adobe acrobat_reader_dc 15.006.30392
  • Adobe acrobat_dc 17.011.30155
  • Adobe acrobat_reader_dc 15.009.20071
  • Adobe acrobat_reader_dc 17.011.30070
  • Adobe acrobat_reader_dc 19.021.20056
  • Adobe acrobat_dc 15.006.30306
  • Adobe acrobat_dc 15.006.30119
  • Adobe acrobat_reader_dc 15.006.30060
  • Adobe acrobat_reader_dc 19.021.20058
  • Adobe acrobat_dc 15.006.30352
  • Adobe acrobat_reader_dc 15.006.30354
  • Adobe acrobat_dc 19.010.20064
  • Adobe acrobat_reader_dc 15.020.20039
  • Adobe acrobat_reader_dc 18.009.20044
  • Adobe acrobat_dc 15.009.20071
  • Adobe acrobat_reader_dc 15.006.30280
  • Adobe acrobat_reader_dc 17.011.30120
  • Adobe acrobat_reader_dc 15.009.20077
  • Adobe acrobat_dc 19.021.20047
  • Adobe acrobat_reader_dc 15.006.30096
  • Adobe acrobat_reader_dc 15.023.20053
  • Adobe acrobat_dc 17.011.30070
  • Adobe acrobat_dc 15.006.30060
  • Adobe acrobat_dc 15.020.20039
  • Adobe acrobat_reader_dc 19.021.20047
  • Adobe acrobat_dc 17.011.30096
  • Adobe acrobat_reader_dc 15.009.20079
  • Adobe acrobat_dc 17.011.30120
  • Adobe acrobat_reader_dc 17.011.30096
  • Adobe acrobat_dc 19.021.20058
  • Adobe acrobat_dc 15.006.30096
  • Adobe acrobat_dc 15.009.20069
  • Adobe acrobat_dc 17.011.30065
  • Adobe acrobat_reader_dc 18.011.20055
  • Adobe acrobat_reader_dc 19.010.20098
  • Adobe acrobat_dc 15.006.30094
  • Adobe acrobat_dc 15.023.20053
  • Adobe acrobat_reader_dc 19.008.20081
  • Adobe acrobat_dc 15.009.20079
  • Adobe acrobat_dc 17.011.30143
  • Adobe acrobat_dc 15.006.30504
  • Adobe acrobat_dc 15.006.30244
  • Adobe acrobat_dc 15.010.20056
  • Adobe acrobat_dc 17.011.30113
  • Adobe acrobat_dc 17.000.0000
  • Adobe acrobat_reader_dc 15.006.30417
  • Adobe acrobat_reader_dc 17.011.30065
  • Adobe acrobat_reader_dc 15.006.30201
  • Adobe acrobat_dc 18.011.20055
  • Adobe acrobat_reader_dc 15.006.30244
  • Adobe acrobat_reader_dc 15.006.30461
  • Adobe acrobat_dc 19.010.20098
  • Adobe acrobat_reader_dc 15.010.20056
  • Adobe acrobat_reader_dc 17.011.30152
  • Adobe acrobat_dc 18.011.20040
  • Adobe acrobat_reader_dc 17.011.30113
  • Adobe acrobat_reader_dc 17.011.30105
  • Adobe acrobat_dc 17.011.30156
  • Adobe acrobat_reader_dc 17.011.30150
  • Adobe acrobat_dc 17.011.30150
  • Adobe acrobat_dc 15.006.30416
  • Adobe acrobat_reader_dc 15.017.20053
  • Adobe acrobat_reader_dc 17.011.30156
  • Adobe acrobat_reader_dc 15.006.30279
  • Adobe acrobat_dc 17.011.30152
  • Adobe acrobat_dc 15.006.30172
  • Adobe acrobat_dc 15.006.30497
  • Adobe acrobat_reader_dc 17.012.20095
  • Adobe acrobat_dc 15.006.30475
  • Adobe acrobat_reader_dc 15.006.30174
  • Adobe acrobat_dc 18.011.20063
  • Adobe acrobat_dc 17.012.20098
  • Adobe acrobat_dc 15.006.30174
  • Adobe acrobat_dc 15.023.20070
  • Adobe acrobat_dc 15.006.30495
  • Adobe acrobat_reader_dc 19.008.20071
  • Adobe acrobat_reader_dc 15.006.30505
  • Adobe acrobat_dc 17.011.30105
  • Adobe acrobat_reader_dc 15.006.30172
  • Adobe acrobat_reader_dc 15.023.20070
  • Adobe acrobat_reader_dc 15.006.30493
  • Adobe acrobat_dc 17.012.20096
  • Adobe acrobat_dc 15.006.30279
  • Adobe acrobat_dc 15.006.30493
  • Adobe acrobat_dc 19.010.20069
  • Adobe acrobat_reader_dc 17.011.30079
  • Adobe acrobat_dc 17.009.20044
  • Adobe acrobat_dc 15.017.20053
  • Adobe acrobat_reader_dc 15.006.30495
  • Adobe acrobat_reader_dc 19.010.20069
  • Adobe acrobat_dc 17.011.30066
  • Adobe acrobat_dc 15.006.30448
  • Adobe acrobat_dc 15.006.30418
  • Adobe acrobat_reader_dc 18.011.20063
  • Adobe acrobat_dc 19.008.20080
  • Adobe acrobat_reader_dc 15.006.30497
  • Adobe acrobat_reader_dc 19.008.20080
  • Adobe acrobat_reader_dc 15.006.30457
  • Adobe acrobat_dc 15.010.20060
  • Adobe acrobat_dc 15.006.30457
  • Adobe acrobat_dc 15.006.30355
  • Adobe acrobat_dc 19.008.20071
  • Adobe acrobat_dc 17.011.30079
  • Adobe acrobat_reader_dc 15.006.30482
  • Adobe acrobat_reader_dc 17.011.30099
  • Adobe acrobat_reader_dc 17.009.20044
  • Adobe acrobat_dc 17.011.30099
  • Adobe acrobat_reader_dc 17.011.30110
  • Adobe acrobat_dc 17.012.20095
  • Adobe acrobat_reader_dc 15.008.20082
  • Adobe acrobat_dc 15.006.30173
  • Adobe acrobat_reader_dc 15.006.30355
  • Adobe acrobat_dc 15.006.30280
  • Adobe acrobat_dc 15.006.30482
  • Adobe acrobat_reader_dc 17.011.30068
  • Adobe acrobat_reader_dc 19.010.20091
  • Adobe acrobat_dc 15.008.20082
  • Adobe acrobat_dc 17.011.30068
  • Adobe acrobat_dc 17.011.30142
  • Adobe acrobat_dc 17.011.30127
  • Adobe acrobat_reader_dc 18.011.20040
  • Adobe acrobat_reader_dc 15.006.30121
  • Adobe acrobat_reader_dc 15.006.30097
  • Adobe acrobat_dc 17.011.30080
  • Adobe acrobat_reader_dc 15.016.20039
  • Adobe acrobat_reader_dc 17.011.30127
  • Adobe acrobat_dc 15.006.30097
  • Adobe acrobat_dc 15.023.20056
  • Adobe acrobat_reader_dc 17.011.30140
  • Adobe acrobat_dc 19.010.20091
  • Adobe acrobat_reader_dc 15.023.20056
  • Adobe acrobat_reader_dc 17.011.30080
  • Adobe acrobat_reader_dc 17.012.20098
  • Adobe acrobat_dc 19.012.20034
  • Adobe acrobat_reader_dc 17.011.30142
  • Adobe acrobat_reader_dc 15.020.20042
  • Adobe acrobat_dc 15.006.30121
  • Adobe acrobat_reader_dc 19.012.20034
  • Adobe acrobat_reader_dc 19.010.20100
  • Adobe acrobat_reader_dc 19.010.20099
  • Adobe acrobat_reader_dc 17.009.20058
  • Adobe acrobat_dc 15.016.20039
  • Adobe acrobat_reader_dc 15.006.30243
  • Adobe acrobat_reader_dc 15.006.30464
  • Adobe acrobat_dc 18.009.20050
  • Adobe acrobat_reader_dc 17.011.30066
  • Adobe acrobat_reader_dc 15.006.30508
  • Adobe acrobat_dc 19.010.20100
  • Adobe acrobat_dc 17.011.30140
  • Adobe acrobat_dc 15.006.30243
  • Adobe acrobat_dc 18.011.20038
  • Adobe acrobat_reader_dc 15.006.30498
  • Adobe acrobat_dc 15.006.30201
  • Adobe acrobat_dc 19.010.20099
  • Adobe acrobat_dc 15.006.30508
  • Adobe acrobat_dc 18.009.20044
  • Adobe acrobat_reader_dc 15.010.20060
  • Adobe acrobat_reader_dc 15.009.20069
  • Adobe acrobat_dc 17.011.30059
  • Adobe acrobat_reader_dc 15.006.30475
  • Adobe acrobat_dc 15.006.30464
  • Adobe acrobat_reader_dc 15.006.30198
  • Adobe acrobat_dc 17.009.20058
  • Adobe acrobat_dc 15.017.20050
  • Adobe acrobat_reader_dc 15.006.30448
  • Adobe acrobat_reader_dc 18.009.20050
  • Adobe acrobat_reader_dc 15.006.30094
  • Adobe acrobat_dc 18.011.20058
  • Adobe acrobat_reader_dc 15.010.20059
  • Adobe acrobat_dc 15.006.30417
  • Adobe acrobat_dc 19.008.20081
  • Adobe acrobat_reader_dc 18.011.20038
  • Adobe acrobat_dc 17.011.30102
  • Adobe acrobat_dc 17.011.30110
  • Adobe acrobat_reader_dc 17.011.30106
  • Adobe acrobat_dc 19.008.20074
  • Adobe acrobat_dc 15.006.30498
  • Adobe acrobat_dc 15.006.30198
  • Adobe acrobat_reader_dc 17.011.30059
  • Adobe acrobat_reader_dc 15.006.30418
  • Adobe acrobat_dc 15.006.30413
  • Adobe acrobat_reader_dc 15.017.20050
  • Adobe acrobat_reader_dc 15.016.20045
  • Adobe acrobat_dc 15.010.20059
  • Adobe acrobat_dc 17.011.30106
  • Adobe acrobat_reader_dc 15.006.30173
  • Adobe acrobat_reader_dc 19.008.20074
  • Adobe acrobat_reader_dc 17.011.30102
  • Adobe acrobat_reader_dc 17.011.30078
  • Adobe acrobat_reader_dc 17.000.0000
  • Adobe acrobat_reader_dc 15.006.30416
  • Adobe acrobat_dc 15.016.20041
  • Adobe acrobat_reader_dc 15.006.30434
  • Adobe acrobat_reader_dc 15.006.30504
  • Adobe acrobat_reader_dc 15.016.20041
  • Adobe acrobat_reader_dc 17.012.20093
  • Adobe acrobat_reader_dc 19.012.20035
  • Adobe acrobat_reader_dc 17.011.30144
  • Adobe acrobat_dc 19.012.20036
  • Adobe acrobat_reader_dc 19.012.20036
  • Adobe acrobat_dc 19.012.20035
  • Adobe acrobat_reader_dc 17.011.30143

LPR:ERROR:INVALID_FILE_SIZE - LPR:Invalid FileSize

Severity: MEDIUM

Description:

This anomaly triggers when LPR message receives file with Invalid size is detected.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

HTTP:IIS:CVE-2017-7269-RCE - HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 97127
  • cve: CVE-2017-7269

Affected Products:

  • Microsoft internet_information_server 6.0

HTTP:OVERFLOW:SOAPACTION - HTTP:Soapaction Header Overflow

Severity: MEDIUM

Description:

This anomaly triggers when a suspiciously long soapaction header is detected.The maximum length of this header, specified in the Sensor Setting Rulebase and can be configured in the Sensor Settings of the policy.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

HTTP:CTS:CITRIX-APP-DEL-AUTH-BY - HTTP: Citrix Application Delivery Controller Authorization bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Citrix Application Delivery Controller. A successful attack can lead to Authentication bypass.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-8193

Affected Products:

  • Citrix application_delivery_controller_firmware 13.0
  • Citrix application_delivery_controller_firmware 12.1
  • Citrix netscaler_gateway_firmware 10.5
  • Citrix netscaler_gateway_firmware 12.1
  • Citrix gateway_firmware 13.0

HTTP:CTS:SAP-NETW-UN-AUTH-UC - HTTP: SAP NetWeaver Unauthenticated User Creation

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against SAP NetWeaver. A successful attack can lead to unauthenticated user creation.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-6287

Affected Products:

  • Sap netweaver_application_server_java 7.50
  • Sap netweaver_application_server_java 7.31
  • Sap netweaver_application_server_java 7.30
  • Sap netweaver_application_server_java 7.40

HTTP:OVERFLOW:PROXY_AUTH - HTTP:Proxy authorization Header Overflow

Severity: MEDIUM

Description:

This anomaly triggers when a suspiciously long proxy-authorization header is detected. The maximum length of this header, specified in the Sensor Setting Rulebase and can be configured in the Sensor Settings of the policy.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

HTTP:FIRST-CHUNK-PREPADDING - HTTP:First Chunk Prepadding

Severity: MEDIUM

Description:

This protocol anomaly triggers when it detects extra characters before the 1st chunk of the chunked payload, which may indicate an evasion attempt

Supported On:

vsrx-12.1, vsrx-15.1, vsrx-17.4, vsrx-19.1, vsrx-19.2, vsrx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

MSN:ERROR:INVALID_CONTENT_LEN - MSN:Invalid Content Length Value

Severity: MEDIUM

Description:

This anomaly triggers when MSN receives message with Invalid content length value detected.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

MSN:ERROR:INVALID_APP_ID - MSN:Invalid AppID

Severity: MEDIUM

Description:

This anomaly triggers when MSN receives message with Invalid AppID value detected.

Supported On:

vsrx-12.1, vsrx-15.1, srx-12.1, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-19.2, vsrx3bsd-19.2, vsrx-19.2, srx-17.3, vsrx-19.4, vsrx3bsd-19.4, srx-19.4, srx-branch-12.1, srx-branch-17.4, srx-branch-19.1, srx-branch-19.2, srx-branch-19.4

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out