IPS Signature Release Note V7.16
Transcript of IPS Signature Release Note V7.16
April 2016 Page 1 of 30
SOPHOS IPS Signature Update Release Notes Version: 7.16.17 Release Date : 08th August 2019
IPS Signature Update
August 2019 Page 2 of 30
Release Information
Upgrade Applicable on
IPS Signature Release Version 7.16.16
Sophos Appliance Models XG-550, XG-750, XG-650
Upgrade Information
Upgrade type: Automatic
Compatibility Annotations: None
Introduction
The Release Note document for IPS Signature Database Version 7.16.17 includes support for the new
signatures. The following sections describe the release in detail.
New IPS Signatures
The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are developed to
significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected] along with the application details.
IPS Signature Update
August 2019 Page 3 of 30
This IPS Release includes Two Hundred Forty Two(242) signatures to address Two Hundred Twelve (212)
vulnerabilities.
New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
CVE-2009-3075
Browsers 2
BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt
CVE-2005-0752
Browsers 2
BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt
CVE-2006-0294
Browsers 2
BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds write attempt
CVE-2016-0193
Browsers 2
BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt
CVE-2016-0117
Browsers 2
BROWSER-IE Microsoft Edge defineGetter type confusion attempt
CVE-2017-11914
Browsers 2
BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt
CVE-2016-3295
Browsers 2
IPS Signature Update
August 2019 Page 4 of 30
BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt
CVE-2017-8734
Browsers 2
BROWSER-IE Microsoft Edge type confusion attempt
CVE-2017-11895
Browsers 2
BROWSER-IE Microsoft Edge white-space information disclosure attempt
CVE-2016-3247
Browsers 2
BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt
CVE-2014-6332
Browsers 2
BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt
CVE-2009-3672
Browsers 2
BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt
CVE-2013-0092
Browsers 2
BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt
CVE-2017-11907
Browsers 2
BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt
CVE-2015-2448
Browsers 2
IPS Signature Update
August 2019 Page 5 of 30
BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt
CVE-2016-0063
Browsers 2
BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt
CVE-2016-7201
Browsers 2
BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt
CVE-2015-1667
Browsers 2
BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt
CVE-2013-3124
Browsers 2
BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt
CVE-2016-0168
Browsers 2
BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt
CVE-2016-0168
Browsers 2
BROWSER-IE Microsoft Internet Explorer CSVGHelpers use-after-free attempt
CVE-2016-0111
Browsers 2
BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt
CVE-2014-2782
Browsers 2
IPS Signature Update
August 2019 Page 6 of 30
BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt
CVE-2015-1747
Browsers 2
BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt
CVE-2015-1705
Browsers 2
BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt
CVE-2015-2487
Browsers 2
BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution
CVE-2007-3892
Browsers 2
BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt
NA Browsers 2
BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt
CVE-2010-0483
Browsers 2
BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt
CVE-2005-0553
Browsers 2
BROWSER-IE Microsoft Internet Explorer html table column span width increase memory
CVE-2012-1876
Browsers 2
IPS Signature Update
August 2019 Page 7 of 30
corruption attempt
BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
CVE-2004-1050
Browsers 2
BROWSER-IE Microsoft Internet Explorer malformed object type overflow attempt
CVE-2003-0344
Browsers 2
BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt
NA Browsers 2
BROWSER-IE Microsoft Internet Explorer MutationObserver use after free attempt
CVE-2015-2425
Browsers 2
BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt
CVE-2010-0491
Browsers 2
BROWSER-IE Microsoft Internet Explorer out of bounds read attempt
CVE-2016-7283
Browsers 2
BROWSER-IE Microsoft Internet Explorer protected mode request for atlthunk.dll over SMB attempt
CVE-2015-2368
Browsers 2
BROWSER-IE Microsoft Internet Explorer request for mapi32x.dll over SMB attempt
CVE-2016-0020
Browsers 2
IPS Signature Update
August 2019 Page 8 of 30
BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt
CVE-2006-1245
Browsers 2
BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt
CVE-2012-0171
Browsers 2
BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt
CVE-2017-0059
Browsers 2
BROWSER-IE Microsoft Internet Explorer type confusion attempt
CVE-2014-0271
Browsers 2
BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt
CVE-2016-7205
Browsers 2
BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt
CVE-2012-1858
Browsers 2
BROWSER-IE Microsoft Windows Edge memory corruption attempt
CVE-2017-8731
Browsers 2
FILE-IDENTIFY Lotus file attachment detected
NA Application and
Software 4
FILE-IDENTIFY Lotus file download request
NA Application and
Software 4
FILE-IDENTIFY Microsoft Windows WMF file
NA Application and
Software 4
IPS Signature Update
August 2019 Page 9 of 30
magic detected
FILE-IDENTIFY OpenType Font file download request
NA Application and
Software 4
FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt
CVE-2017-11227
Multimedia 2
FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt
CVE-2017-11238
Multimedia 2
FILE-OFFICE Microsoft Office Excel Information Disclosure Vulnerability CVE-2019-1110
CVE-2018-4901
Office Tools 1
FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt
CVE-2017-0039
Office Tools 3
FILE-OTHER Adobe Acrobat and Reader docID Stack Buffer Overflow leak CVE-2018-4901
CVE-2018-4901
Application and Software
1
OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt
CVE-2018-8584
Operating System and Services
2
IPS Signature Update
August 2019 Page 10 of 30
OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt
CVE-2010-3332
Operating System and Services
2
OS-WINDOWS Microsoft Windows Event Viewer Information Disclosure
CVE-2019-0948
Operating System and Services
2
OS-WINDOWS Microsoft Windows Event Viewer Information Disclosure
CVE-2019-0948
Operating System and Services
4
OS-WINDOWS Microsoft Windows kernel information disclosure attempt
CVE-2019-0621
Operating System and Services
3
OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt
CVE-2019-1014
Operating System and Services
2
OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt
CVE-2008-4029
Operating System and Services
3
OS-WINDOWS NETBIOS SMB repeated logon failure
NA Operating System
and Services 3
PROTOCOL-POP libcurl MD5 digest buffer overflow attempt
CVE-2013-0249
Operating System and Services
1
PROTOCOL-RPC FreeBSD NFS Server nfsrvd_readdirplus
CVE-2018-17159
Operating System and Services
2
IPS Signature Update
August 2019 Page 11 of 30
Denial-of-Service
PROTOCOL-RPC FreeBSD NFS Server NFSv4 Opcode Out-of-Bounds Write
CVE-2018-17157
Operating System and Services
2
PROTOCOL-SCADA Cogent unicode buffer overflow attempt
CVE-2011-3493
Industrial Control System
1
PROTOCOL-SCADA IEC 104 force on denial of service attempt
NA Industrial Control
System 3
PROTOCOL-SCADA IEC 61850 device connection enumeration attempt
NA Industrial Control
System 3
PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt
NA Industrial Control
System 3
PROTOCOL-SCADA Modbus value scan
NA Industrial Control
System 3
PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt
CVE-2014-0781
Industrial Control System
1
PROTOCOL-TELNET login buffer overflow attempt
CVE-2001-0797
Operating System and Services
4
PROTOCOL-VOIP CANCEL flood
NA VoIP and Instant
Messaging 2
PROTOCOL-VOIP Cisco CVE- VoIP and Instant 3
IPS Signature Update
August 2019 Page 12 of 30
7940/7960 INVITE Remote-Party-ID Header Denial-Of-Service Attempt
2007-1542
Messaging
PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP INVITE message Content-Length header size of zero
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP Mr.SIP Options Request Denial-Of-Service Attempt
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood
NA VoIP and Instant
Messaging 1
PROTOCOL-VOIP Response code 420 Bad Extension response flood
NA VoIP and Instant
Messaging 3
SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt
NA Apache HTTP
Server 1
SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt
CVE-2016-0736
Apache HTTP Server
3
SERVER-APACHE Apache Struts remote code
CVE-2017-
Apache HTTP 1
IPS Signature Update
August 2019 Page 13 of 30
execution attempt 5638 Server
SERVER-IIS cmd.exe access
NA Microsoft IIS web
server 1
SERVER-IIS Microsoft IIS HTMLEncode Unicode String Buffer Overflow
CVE-2008-0075
Microsoft IIS web server
1
SERVER-IIS Microsoft IIS HTMLEncode Unicode String Buffer Overflow
CVE-2008-0075
Microsoft IIS web server
2
SERVER-MAIL AUTH LOGON Brute Force Attempt
NA Other Mail
Server 3
SERVER-MAIL Exim BDAT Use After Free
CVE-2017-16943
Other Mail Server
1
SERVER-MAIL Multiple IMAP servers CREATE Command Buffer Overflow Attempt
CVE-2005-1520
Other Mail Server
1
SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow
CVE-2007-6435
Other Mail Server
1
SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt
CVE-2012-2122
Database Management
System 3
SERVER-MYSQL MySQL/MariaDB Server Geometry Query Polygon Object Integer Overflow attempt
CVE-2013-1861
Database Management
System 1
SERVER-MYSQL Oracle CVE- Database 2
IPS Signature Update
August 2019 Page 14 of 30
MySQL Pluggable Auth Denial-Of-Service Attempt
2017-3599
Management System
SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt
CVE-2013-1570
Database Management
System 2
SERVER-ORACLE Oracle Application Test Suite Server Authentication Bypass Attempt
CVE-2016-0492
Database Management
System 2
SERVER-ORACLE Oracle WebLogic Server Remote Command Execution Attempt
CVE-2017-10271
Database Management
System 1
SERVER-OTHER Active Directory Invalid OID Denial-Of-Service Attempt
CVE-2009-1139
Other Web Server
3
SERVER-OTHER Adobe ColdFusion JRun Error Page getWriter Denial-Of-Service Attempt
CVE-2013-3349
Other Web Server
2
SERVER-OTHER BGP Spoofed Connection Reset Attempt
CVE-2004-0230
Other Web Server
3
SERVER-OTHER Cisco IOS syslog Message Flood Denial-Of-Service Attempt
CVE-2001-1097
Other Web Server
2
SERVER-OTHER Flexense Syncbreeze buffer overflow attempt
CVE-2018-5262
Other Web Server
1
IPS Signature Update
August 2019 Page 15 of 30
SERVER-OTHER HP Data Protector OmniInet Service NULL Dereference Denial-Of-Service Attempt
NA Other Web
Server 2
SERVER-OTHER HP Intelligent Management Center dbman RestartDB Opcode Command Injection Attempt
CVE-2017-5816
Other Web Server
1
SERVER-OTHER HP JetDirect PJL path traversal attempt
CVE-2010-4107
Other Web Server
3
SERVER-OTHER HP LeftHand Virtual SAN Hydra Login Request Buffer Overflow Attempt
CVE-2013-2343
Other Web Server
1
SERVER-OTHER Iron Mountain Connected Backup Opcode 13 Processing Command Injection attempt
CVE-2011-2397
Other Web Server
1
SERVER-OTHER ISC BIND Malformed Control Channel Authentication Message Denial-Of-Service attempt
CVE-2016-1285
Other Web Server
3
SERVER-OTHER ISC DHCPD Remote Denial-Of-Service Attempt
CVE-2017-3144
Other Web Server
3
SERVER-OTHER McAfee E-Business Server Remote Preauth Code
NA Other Web
Server 1
IPS Signature Update
August 2019 Page 16 of 30
Execution Attempt
SERVER-OTHER Microsoft Windows DHCP Server Failover Remote Code Execution
CVE-2019-0785
Other Web Server
1
SERVER-OTHER Microsoft Windows DHCP Server Failover Remote Code Execution
CVE-2019-0785
Other Web Server
4
SERVER-OTHER Multiple Vendors Host Buffer Overflow Attempt
CVE-2003-0178
Other Web Server
1
SERVER-OTHER Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow Attempt
CVE-2009-1252
Other Web Server
1
SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt
CVE-2007-5637
Other Web Server
2
SERVER-OTHER Novell iPrint Server Remote Code Execution Attempt
CVE-2010-4328
Other Web Server
1
SERVER-OTHER NTP crypto-NAK Packet Flood Attempt
CVE-2015-7871
Other Web Server
3
SERVER-OTHER NTPD Zero Origin Timestamp Denial-Of-Service Attempt
CVE-2016-9042
Other Web Server
2
SERVER-OTHER ntp Monlist Denial-Of-
CVE-2013-
Other Web Server
3
IPS Signature Update
August 2019 Page 17 of 30
Service attempt 5211
SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt
CVE-2014-0221
Other Web Server
3
SERVER-OTHER OpenSSL OCSP Status Request Extension Denial-Of-Service Attempt
CVE-2016-6304
Other Web Server
3
SERVER-OTHER OpenSSL SSLv3 Warning Denial-Of-Service Attempt
CVE-2016-8610
Other Web Server
2
SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt
CVE-2014-3567
Other Web Server
2
SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt
CVE-2014-3567
Other Web Server
3
SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER OpenVPN OpenSSL
CVE-2014-
Other Web 2
IPS Signature Update
August 2019 Page 18 of 30
SSLv3 Heartbeat Read Overrun Attempt
0160 Server
SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
1
SERVER-OTHER OpenVPN OpenSSL TLSv1.1 Heartbeat Read Overrun Attempt
CVE-2014-0160
Other Web Server
2
SERVER-OTHER OpenVPN OpenSSL TLSv1.2 Heartbeat Read Overrun Attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
1
SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
2
SERVER-OTHER Oracle Weblogic unsafe deserialization remote code execution attempt detected
CVE-2018-2628
Other Web Server
1
SERVER-OTHER SAP SQL Anywhere .NET Malformed Integer Buffer Overflow
CVE-2014-9264
Other Web Server
1
IPS Signature Update
August 2019 Page 19 of 30
Attempt
SERVER-OTHER Squid proxy DNS Response Spoofing Attempt
CVE-2005-1519
Other Web Server
3
SERVER-OTHER Squid Proxy Range Header Denial-Of-Service Attempt
CVE-2014-3609
Other Web Server
1
SERVER-OTHER Squid snmphandleUDP Off-By-One Buffer Overflow Attempt
CVE-2014-6270
Other Web Server
1
SERVER-OTHER TLSv1.0 Plaintext Recovery Attempt
CVE-2013-0169
Other Web Server
1
SERVER-OTHER TLSv1.2 Plaintext Recovery Attempt
CVE-2013-0169
Other Web Server
3
SERVER-OTHER TLSv1.2 POODLE CBC Padding Brute Force Attempt
CVE-2014-8730
Other Web Server
2
SERVER-SAMBA Samba LDAP Server libldb denial of service attempt
CVE-2015-3223
Operating System and Services
3
SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt
CVE-2007-5398
Operating System and Services
1
SERVER-SAMBA Samba WINS Server Name Registration Handling
CVE-2007-5398
Operating System and Services
1
IPS Signature Update
August 2019 Page 20 of 30
Stack Buffer Overflow Attempt
SERVER-WEBAPP Adobe ColdFusion CVE-2019-7839 Remote Code Execution
CVE-2019-7839
Web Services and Applications
1
SERVER-WEBAPP Adobe RoboHelp rx Cross Site Scripting Attempt
CVE-2008-2991
Web Services and Applications
1
SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt
CVE-2008-2991
Web Services and Applications
1
SERVER-WEBAPP Adobe RoboHelp rx SQL Injection Attempt
CVE-2008-2991
Web Services and Applications
1
SERVER-WEBAPP Airlive IP Camera CSRF Attempt
CVE-2013-3540
Web Services and Applications
2
SERVER-WEBAPP Airlive IP Camera directory traversal attempt
CVE-2013-3541
Web Services and Applications
3
SERVER-WEBAPP AT&T U-verse Modem Authentication Bypass Attempt
CVE-2017-14117
Web Services and Applications
1
SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt
CVE-2012-3811
Web Services and Applications
1
SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt
CVE-2012-3811
Web Services and Applications
3
IPS Signature Update
August 2019 Page 21 of 30
SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles Stored Procedure POST SQL Injection Attempt
CVE-2011-1653
Web Services and Applications
2
SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles Stored Procedure SQL Injection Attempt
CVE-2011-1653
Web Services and Applications
2
SERVER-WEBAPP CGit cgit_clone_objects Function Directory Traversal Attempt
CVE-2018-14912
Web Services and Applications
3
SERVER-WEBAPP Cisco Identity Services Engine LiveLogSettingsServlet Stored Cross Site Scripting
CVE-2018-15440
Web Services and Applications
2
SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt
CVE-2009-2765
Web Services and Applications
1
SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC Method Command Injection Attempt
CVE-2018-9866
Web Services and Applications
1
SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt
CVE-2018-6211
Web Services and Applications
2
IPS Signature Update
August 2019 Page 22 of 30
SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt
NA Web Services and
Applications 1
SERVER-WEBAPP Drupal RESTWS restws_page_callback Command Injection Attempt
NA Web Services and
Applications 1
SERVER-WEBAPP Eaton VURemote denial of service attempt
NA Web Services and
Applications 1
SERVER-WEBAPP GPON Router authentication bypass and command injection attempt
CVE-2018-10562
Web Services and Applications
1
SERVER-WEBAPP GPON Router Authentication Bypass And Command Injection attempt
CVE-2018-10562
Web Services and Applications
1
SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt
NA Web Services and
Applications 1
SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt
CVE-2013-4826
Web Services and Applications
3
SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string
CVE-2011-0270
Web Services and Applications
1
IPS Signature Update
August 2019 Page 23 of 30
code execution attempt
SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt
CVE-2010-1552
Web Services and Applications
1
SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt
CVE-2011-0276
Web Services and Applications
1
SERVER-WEBAPP HTTP request with negative Content-Length attempt
CVE-2004-0095
Web Services and Applications
1
SERVER-WEBAPP iPlanet Search directory traversal attempt
CVE-2002-1042
Web Services and Applications
3
SERVER-WEBAPP Java Groovy Library unauthorized serialized object attempt
CVE-2015-3253
Web Services and Applications
1
SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt
CVE-2015-3253
Web Services and Applications
1
SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt
CVE-2018-7178
Web Services and Applications
1
SERVER-WEBAPP Linksys E-Series apply.cgi Cross Site Scripting Attempt
NA Web Services and
Applications 1
IPS Signature Update
August 2019 Page 24 of 30
SERVER-WEBAPP McAfee Virus Scan Linux Authentication Token Brute Force Attempt
CVE-2016-8023
Web Services and Applications
2
SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl Function Buffer Overflow Attempt
CVE-2017-7269
Web Services and Applications
1
SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt
CVE-2018-7034
Web Services and Applications
1
SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt
NA Web Services and
Applications 1
SERVER-WEBAPP Novell Groupwise Messenger Parameter Memory Corruption Attempt
NA Web Services and
Applications 3
SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt
CVE-2016-1605
Web Services and Applications
3
SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt
NA Web Services and
Applications 1
SERVER-WEBAPP PHP htmlspecialchars htmlentities Function Buffer Overflow
NA Web Services and
Applications 2
IPS Signature Update
August 2019 Page 25 of 30
Attempt
SERVER-WEBAPP PHPMailer Command Injection Remote Code Execution Attempt
CVE-2016-10033
Web Services and Applications
1
SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt
CVE-2007-1061
Web Services and Applications
2
SERVER-WEBAPP PHP-Nuke index.php SQL Injection Attempt
CVE-2007-1061
Web Services and Applications
2
SERVER-WEBAPP PHP phpinfo cross site scripting attempt
CVE-2007-1287
Web Services and Applications
1
SERVER-WEBAPP PHP truncated crypt function attempt
CVE-2012-2143
Web Services and Applications
1
SERVER-WEBAPP PHP truncated crypt function attempt
CVE-2012-2143
Web Services and Applications
3
SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt
CVE-2014-3515
Web Services and Applications
1
SERVER-WEBAPP PHP Unserialize Integer Overflow Attempt
CVE-2017-5340
Web Services and Applications
1
SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection
CVE-2014-3915
Web Services and Applications
1
IPS Signature Update
August 2019 Page 26 of 30
attempt
SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt
CVE-2014-3915
Web Services and Applications
1
SERVER-WEBAPP Ruby on Rails arbitrary Ruby object deserialization attempt
CVE-2014-6140
Other Web Server
1
SERVER-WEBAPP SkyBlueCanvas CMS contact page command injection attempt
CVE-2014-1683
Web Services and Applications
2
SERVER-WEBAPP SQL use of sleep function in HTTP header - likely SQL injection attempt
NA Web Services and
Applications 1
SERVER-WEBAPP Subversion HTTP Excessive REPORT Requests Denial-Of-Service attempt
CVE-2015-0202
Web Services and Applications
3
SERVER-WEBAPP Trend Micro proxy_controller.php Command Injection Attempt
CVE-2017-11394
Web Services and Applications
1
SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt
CVE-2017-11394
Web Services and Applications
2
SERVER-WEBAPP truncated crypt function
CVE-2012-
Web Services and 1
IPS Signature Update
August 2019 Page 27 of 30
attempt 2143 Applications
SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt
CVE-2015-5956
Web Services and Applications
2
SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt
CVE-2014-8361
Web Services and Applications
1
SERVER-WEBAPP Viber for Desktop URI Handler Remote Code Execution
CVE-2019-12569
Web Services and Applications
1
SERVER-WEBAPP WordPress login denial of service attempt
NA Web Services and
Applications 2
SERVER-WEBAPP WordPress Overly Large Password class-phpass.php Denial-Of-Service Attempt
CVE-2014-9034
Web Services and Applications
3
SERVER-WEBAPP WordPress Quick-Post Widget GET Request Using Body Cross-Site Scripting
CVE-2012-4226
Web Services and Applications
1
SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting
CVE-2012-4226
Web Services and Applications
3
SERVER-WEBAPP WordPress Ultimate Form Builder Plugin SQL Injection Attempt
CVE-2017-15919
Web Services and Applications
1
IPS Signature Update
August 2019 Page 28 of 30
SERVER-WEBAPP Wordpress username enumeration attempt
NA Web Services and
Applications 3
SERVER-WEBAPP WordPress XMLRPC Pingback DDOS Attempt
CVE-2013-0235
Web Services and Applications
1
SERVER-WEBAPP WordPress XMLRPC Potential Port-Scan Attempt
CVE-2013-0235
Web Services and Applications
3
SERVER-WEBAPP Zoom Client Information Disclosure Attempt
CVE-2019-13449
Web Services and Applications
1
IPS Signature Update
August 2019 Page 29 of 30
• Name: Name of the Signature
• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
• Category: Class type according to threat
• Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
IPS Signature Update
August 2019 Page 30 of 30
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Reg. Office: Sophos House, Saigulshan Complex,
Beside White House, Panchvati Cross Road,
Ahmedabad – 380006, INDIA
Phone: +91-79-66216666
Fax: +91-79-26407640
Web site: www.sophos.com