Update Details

Update #3370 (04/01/2021)

5 new signatures:

HIGH	SSL:OPENSSL-TLS-SRVR-HNDLNG-DOS	SSL: OpenSSL TLS server Renegotiation Handling NULL Pointer Dereference
MEDIUM	LDAP:OPENLDAP-SLAPD-SR-DOS	LDAP: OpenLDAP slapd Denial of Service
HIGH	HTTP:XSS:ZOHO-PRGRM-ACTION-XSS	HTTP: Zoho ManageEngine Applications Manager Program Action Stored Cross-Site Scripting
CRITICAL	HTTP:STC:MS-VSCODE-RC-EXT-RCE	HTTP: Microsoft Visual Studio Code Remote-Containers Extension Remote Code Execution
MEDIUM	HTTP:CTS:PHP-LIBXSLT-SEC-BYPASS	HTTP: PHP libxslt CVE-2012-0057 Security Bypass

2 updated signatures:

HIGH	HTTP:CTS:CVE-2021-26855-RCE	HTTP: Microsoft Exchange Server CVE-2021-26855 Remote Code Execution
HIGH	DB:POSTGRESQL:DATETIME-BO	DB: PostgreSQL Database Datetime Buffer Overflow

Details of the signatures included within this bulletin:

SSL:OPENSSL-TLS-SRVR-HNDLNG-DOS - SSL: OpenSSL TLS server Renegotiation Handling NULL Pointer Dereference

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

cve: CVE-2021-3449

Affected Products:

Mcafee web_gateway_cloud_service 8.2.19
Mcafee web_gateway 10.1.1
Netapp santricity_smi-s_provider
Netapp storagegrid
Netapp ontap_select_deploy_administration_utility
Mcafee web_gateway_cloud_service 9.2.10
Tenable nessus 8.13.1
Mcafee web_gateway 8.2.19
Netapp e-series_performance_analyzer
Freebsd freebsd 12.2
Openssl openssl 1.1.1
Tenable tenable.sc 5.13.0-5.17.0
Netapp cloud_volumes_ontap_mediator
Mcafee web_gateway_cloud_service 10.1.1
Mcafee web_gateway 9.2.10
Debian debian_linux 10.0
Netapp oncommand_workflow_automation
Fedoraproject fedora 34

HTTP:CTS:CVE-2021-26855-RCE - HTTP: Microsoft Exchange Server CVE-2021-26855 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Exchange Server. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2021-26855

Affected Products:

Microsoft exchange_server 2019
Microsoft exchange_server 2016
Microsoft exchange_server 2013

DB:POSTGRESQL:DATETIME-BO - DB: PostgreSQL Database Datetime Buffer Overflow

Severity: HIGH

Description:

A code execution vulnerability has been found in PostgreSQL database server. The vulnerability is due to a stack buffer overflow when handling the Datetime string. A remote attacker can exploit the vulnerability by sending a malicious request to the target server. Successful exploitation could cause a stack buffer overflow resulting in code execution in the context of the the affected service. Unsuccessful attacks can crash the target service process to cause a denial of service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2014-0063

Affected Products:

Postgresql postgresql 9.1
Postgresql postgresql 9.0.11
Postgresql postgresql 8.4.11
Postgresql postgresql 9.1.3
Postgresql postgresql 9.0
Postgresql postgresql 9.0.10
Postgresql postgresql 9.0.5
Postgresql postgresql 9.0.13
Postgresql postgresql 9.1.1
Postgresql postgresql 9.0.12
Postgresql postgresql 9.0.15
Postgresql postgresql 9.0.6
Postgresql postgresql 9.1.4
Postgresql postgresql 9.0.14
Postgresql postgresql 9.0.9
Postgresql postgresql 8.4.8
Postgresql postgresql 9.0.8
Postgresql postgresql 8.4.9
Postgresql postgresql 8.4.18
Postgresql postgresql 8.4.6
Postgresql postgresql 8.4.19
Postgresql postgresql 8.4.7
Postgresql postgresql 9.1.8
Postgresql postgresql 8.4.4
Postgresql postgresql 9.1.9
Postgresql postgresql 9.1.6
Postgresql postgresql 8.4.5
Postgresql postgresql 9.1.5
Postgresql postgresql 8.4.16
Postgresql postgresql 8.4.2
Postgresql postgresql 8.4.17
Postgresql postgresql 8.4.3
Postgresql postgresql 8.4.14
Postgresql postgresql 9.0.3
Postgresql postgresql 9.1.2
Postgresql postgresql 8.4.15
Postgresql postgresql 9.0.2
Postgresql postgresql 8.4.1
Postgresql postgresql 8.4.12
Postgresql postgresql 9.0.1
Postgresql postgresql 9.0.4
Postgresql postgresql 9.1.10
Postgresql postgresql 8.4.13
Postgresql postgresql 9.1.7
Postgresql postgresql 9.1.11
Postgresql postgresql 8.4.10
Postgresql postgresql 9.0.7

LDAP:OPENLDAP-SLAPD-SR-DOS - LDAP: OpenLDAP slapd Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against OpenLDAP slapd. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

url: https://bugs.openldap.org/show_bug.cgi?id=9427
cve: CVE-2020-36228

Affected Products:

Debian debian_linux 10.0
Debian debian_linux 9.0
Openldap openldap

HTTP:XSS:ZOHO-PRGRM-ACTION-XSS - HTTP: Zoho ManageEngine Applications Manager Program Action Stored Cross-Site Scripting

Severity: HIGH

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against Zoho ManageEngine. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

url: https://www.manageengine.com/products/applications_manager/issues.html#v15060

HTTP:STC:MS-VSCODE-RC-EXT-RCE - HTTP: Microsoft Visual Studio Code Remote-Containers Extension Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Visual Studio Code. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2021-27083

Affected Products:

Microsoft remote_development

HTTP:CTS:PHP-LIBXSLT-SEC-BYPASS - HTTP: PHP libxslt CVE-2012-0057 Security Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against PHP libxslt. A successful attack can lead to security bypass.

Supported On:

References:

cve: CVE-2012-0057