Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #2595 (12/22/2015)

4 new signatures:

HIGHHTTP:SQL:INJ:MANAGENGINE-RUNQRYHTTP: ManageEngine EventLog Analyzer runQuery guest user SQL Injection
MEDIUMHTTP:PHP:SEARCHBLOX-REQ-IDHTTP: SearchBlox Request Remote Information Disclosure
MEDIUMHTTP:SCRIPT-INJ-EXP-60HTTP:SCRIPT-INJ Infection-60
HIGHHTTP:SQL:INJ:MANAGENGINE-OPMANGHTTP: ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution

6 updated signatures:

MEDIUMAPP:MISC:ARCSERVE-GETBACKUPAPP: Arcserve GetBackupPolicy Information Disclosure
MEDIUMHTTP:SQL:INJ:REQ-VAR-4HTTP: SQL Injection Detected on HTTP Request Variable 4
HIGHAPP:NOVELL:PREBOOT-POLICY-BOAPP: Novell ZENworks Configuration Management Preboot Policy Service Buffer Overflow
HIGHHTTP:STC:ACTIVEX:PANASONIC-APIHTTP: Panasonic Security API SDK Unsafe ActiveX Control
HIGHHTTP:STC:IE:CVE-2015-6071-CEHTTP: Microsoft Internet Explorer CVE-2015-6071 Remote Code Execution
MEDIUMHTTP:STC:DL:EICARHTTP: EICAR Antivirus Test File Download


Details of the signatures included within this bulletin:


APP:MISC:ARCSERVE-GETBACKUP - APP: Arcserve GetBackupPolicy Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a vulnerability in Arcserve Unified Data Protection Management Service. This can lead to information disclosure.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • url: http://documentation.arcserve.com/arcserve-udp/available/v5/enu/bookshelf_files/html/update%204/udp_update4_releasenotes.html
  • cve: CVE-2015-4069

HTTP:SQL:INJ:REQ-VAR-4 - HTTP: SQL Injection Detected on HTTP Request Variable 4

Severity: MEDIUM

Description:

This signature detects specific characters, typically used in SQL procedures, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a SQL injection attack through a procedure. However, it can be a false positive. To reduce False Positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2014-3996
  • cve: CVE-2014-7867
  • cve: CVE-2014-7868

HTTP:PHP:SEARCHBLOX-REQ-ID - HTTP: SearchBlox Request Remote Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against SearchBlox. A successful attack can lead to information disclosure.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2015-0969
  • bugtraq: 74059

HTTP:SQL:INJ:MANAGENGINE-OPMANG - HTTP: ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known SQL Injection vulnerability in ManageEngine OpManager. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2015-7766

APP:NOVELL:PREBOOT-POLICY-BO - APP: Novell ZENworks Configuration Management Preboot Policy Service Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell. A successful exploit can lead to buffer overflow and remote code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2015-0786

HTTP:STC:ACTIVEX:PANASONIC-API - HTTP: Panasonic Security API SDK Unsafe ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in Panasonic Security API SDK. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client application.

Supported On:

DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2015-4648
  • cve: CVE-2015-4647
  • url: http://security.panasonic.com/pss/security/library/developer.html#sdk
  • url: http://www.zerodayinitiative.com/advisories/zdi-15-260/

HTTP:SQL:INJ:MANAGENGINE-RUNQRY - HTTP: ManageEngine EventLog Analyzer runQuery guest user SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known SQL Injection vulnerability in ManageEngine EventLog Analyzer. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2015-7387

HTTP:SCRIPT-INJ-EXP-60 - HTTP:SCRIPT-INJ Infection-60

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117


HTTP:STC:IE:CVE-2015-6071-CE - HTTP: Microsoft Internet Explorer CVE-2015-6071 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2015-6071

HTTP:STC:DL:EICAR - HTTP: EICAR Antivirus Test File Download

Severity: MEDIUM

Description:

This signature detects the EICAR antivirus test file downloaded through HTTP.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141421, idp-5.1.110151004, isg-3.5.141455, idp-5.1.110151117

References:

  • cve: CVE-2004-0932
  • bugtraq: 12832
  • cve: CVE-2005-0644
  • url: http://www.eicar.org/anti_virus_test_file.htm
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out