Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3205 (09/05/2019)

6 new signatures:

MEDIUMHTTP:EYOU-CMS-FILE-ULHTTP: Eyou CMS File Upload
HIGHHTTP:MISC:UNITRENDS-UEB-RCEHTTP: Unitrends UEB Remote Code Execution
HIGHAPP:MISC:DISKSAVVY-BOFAPP: Disksavvy Enterprise Server Remote Code Execution
HIGHHTTP:CTS:CVE-2018-8736-PRI-ESCHTTP: Nagios XI 5.2.x through 5.4.x before 5.4.13 privilege escalation
HIGHDOS:DIGIUM-PJSIP-DOSDOS: Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service
MEDIUMHTTP:STC:ADOBE:CVE-2019-8004-IDHTTP: Adobe Acrobat Reader CVE-2019-8004 Information Disclosure

1 updated signature:

MEDIUMHTTP:STC:ADOBE:CVE-2019-8106-IDHTTP: Adobe Acrobat CVE-2019-8106 Out Of Bounds Read

4 renamed signatures:

HTTP2:CVE-2019-0199-DOS->HTTP2:APACHE-CVE-2019-0199-DOS
HTTP2:HTTP2-HAPROXY-BO->HTTP2:HAPROXY-BO
HTTP2:TOMCAT-HTTP2-DOS->HTTP2:APACHE-TOMCAT-DOS
HTTP2:MICOSOFT-HTTP2-DOS->HTTP2:MICROSOFT-DOS


Details of the signatures included within this bulletin:

HTTP:EYOU-CMS-FILE-UL - HTTP: Eyou CMS File Upload

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against eyou CMS. A successful attack can lead to Information Disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:MISC:UNITRENDS-UEB-RCE - HTTP: Unitrends UEB Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Unitrends UEB. A successful attack can lead to Remote Code Execution

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://support.unitrends.com/UnitrendsBackup/s/article/000006002
  • url: https://support.unitrends.com/UnitrendsBackup/s/article/000001150
  • cve: CVE-2018-6328
  • url: http://blog.redactedsec.net/exploits/2018/01/29/UEB9.html

APP:MISC:DISKSAVVY-BOF - APP: Disksavvy Enterprise Server Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Disksavvy Enterprise Server. A successful attack can lead to Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-6481

HTTP:CTS:CVE-2018-8736-PRI-ESC - HTTP: Nagios XI 5.2.x through 5.4.x before 5.4.13 privilege escalation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Nagios XI. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-8736
  • url: http://blog.redactedsec.net/exploits/2018/04/26/nagios.html

HTTP2:MICROSOFT-DOS - HTTP2: Microsoft HTTP/2 Denial Of Services

Severity: HIGH

Description:

A denial-of-service vulnerability exists in Microsoft Windows' HTTP 2.0 protocol stack. Successful exploitation of this vulnerability can cause the target system to become unresponsive, resulting in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2016-0150

Affected Products:

  • Microsoft windows_10 -
  • Microsoft windows_10 1511

HTTP2:APACHE-TOMCAT-DOS - HTTP2: Apache Tomcat HTTP2 Connection Window Exhaustion Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HTTP/2 module of Apache Tomcat. A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-19.2, vsrx3bsd-19.2, srx-17.3, vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2

References:

  • bugtraq: 108874
  • cve: CVE-2019-10072

Affected Products:

  • Apache tomcat 9.0.4
  • Apache tomcat 8.5.33
  • Apache tomcat 8.5.25
  • Apache tomcat 9.0.13
  • Apache tomcat 9.0.5
  • Apache tomcat 8.5.30
  • Apache tomcat 8.5.24
  • Apache tomcat 8.5.6
  • Apache tomcat 9.0.2
  • Apache tomcat 8.5.31
  • Apache tomcat 8.5.13
  • Apache tomcat 8.5.7
  • Apache tomcat 8.5.36
  • Apache tomcat 8.5.15
  • Apache tomcat 9.0.3
  • Apache tomcat 8.5.10
  • Apache tomcat 8.5.40
  • Apache tomcat 8.5.4
  • Apache tomcat 9.0.0
  • Apache tomcat 8.5.37
  • Apache tomcat 8.5.21
  • Apache tomcat 8.5.5
  • Apache tomcat 8.5.9
  • Apache tomcat 9.0.1
  • Apache tomcat 8.5.34
  • Apache tomcat 8.5.20
  • Apache tomcat 8.5.2
  • Apache tomcat 8.5.35
  • Apache tomcat 8.5.23
  • Apache tomcat 9.0.19
  • Apache tomcat 8.5.22
  • Apache tomcat 8.5.0
  • Apache tomcat 8.5.16
  • Apache tomcat 8.5.1
  • Apache tomcat 8.5.11
  • Apache tomcat 8.5.27
  • Apache tomcat 8.5.3
  • Apache tomcat 8.5.38
  • Apache tomcat 9.0.14
  • Apache tomcat 9.0.8
  • Apache tomcat 8.5.29
  • Apache tomcat 8.5.39
  • Apache tomcat 8.5.26
  • Apache tomcat 9.0.15
  • Apache tomcat 9.0.9
  • Apache tomcat 8.5.28
  • Apache tomcat 8.5.18
  • Apache tomcat 9.0.16
  • Apache tomcat 8.5.19
  • Apache tomcat 8.5.12
  • Apache tomcat 9.0.17
  • Apache tomcat 8.5.17
  • Apache tomcat 8.5.32
  • Apache tomcat 9.0.10
  • Apache tomcat 9.0.6
  • Apache tomcat 9.0.11
  • Apache tomcat 9.0.12
  • Apache tomcat 9.0.7
  • Apache tomcat 8.5.14
  • Apache tomcat 8.5.8

HTTP2:HAPROXY-BO - HTTP2: HAProxy HTTP/2 Frame Size Heap Buffer Overflow

Severity: HIGH

Description:

A heap-based buffer overflow vulnerability exists in HAProxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server. Successful exploitation may result in denial of service conditions.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-10184

Affected Products:

  • Haproxy haproxy 1.4.7
  • Haproxy haproxy 1.4.6
  • Haproxy haproxy 1.4.15
  • Haproxy haproxy 1.4.5
  • Haproxy haproxy 1.4.14
  • Haproxy haproxy 1.4.4
  • Haproxy haproxy 1.4.17
  • Haproxy haproxy 1.4.3
  • Haproxy haproxy 1.4.16
  • Haproxy haproxy 1.4.24
  • Haproxy haproxy 1.4.2
  • Haproxy haproxy 1.4.11
  • Haproxy haproxy 1.4.1
  • Haproxy haproxy 1.4.10
  • Haproxy haproxy 1.4.0
  • Haproxy haproxy 1.4.13
  • Redhat enterprise_linux 7.5
  • Haproxy haproxy 1.4.12
  • Haproxy haproxy 1.4.20
  • Redhat enterprise_linux 7.4
  • Haproxy haproxy 1.4.21
  • Haproxy haproxy 1.4.22
  • Haproxy haproxy 1.4.23
  • Haproxy haproxy 1.4.9
  • Redhat enterprise_linux 7.0
  • Redhat enterprise_linux 7.3
  • Haproxy haproxy 1.4.8
  • Haproxy haproxy 1.5
  • Haproxy haproxy 1.4.19
  • Haproxy haproxy 1.4
  • Haproxy haproxy 1.4.18

HTTP:STC:ADOBE:CVE-2019-8004-ID - HTTP: Adobe Acrobat Reader CVE-2019-8004 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to Information Disclosure.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8004

HTTP:STC:ADOBE:CVE-2019-8106-ID - HTTP: Adobe Acrobat CVE-2019-8106 Out Of Bounds Read

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8106

HTTP2:APACHE-CVE-2019-0199-DOS - HTTP2: Apache Tomcat HTTP2 Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-19.2, vsrx3bsd-19.2, srx-17.3, vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2

References:

  • url: https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.38
  • cve: CVE-2019-0199

Affected Products:

  • Apache tomcat 9.0.4
  • Apache tomcat 8.5.33
  • Apache tomcat 8.5.25
  • Apache tomcat 9.0.13
  • Apache tomcat 9.0.5
  • Apache tomcat 8.5.30
  • Apache tomcat 8.5.24
  • Apache tomcat 8.5.6
  • Apache tomcat 9.0.2
  • Apache tomcat 8.5.31
  • Apache tomcat 8.5.13
  • Apache tomcat 8.5.7
  • Apache tomcat 8.5.36
  • Apache tomcat 8.5.15
  • Apache tomcat 9.0.3
  • Apache tomcat 8.5.10
  • Apache tomcat 8.5.26
  • Apache tomcat 8.5.4
  • Apache tomcat 9.0.0
  • Apache tomcat 8.5.37
  • Apache tomcat 8.5.21
  • Apache tomcat 8.5.5
  • Apache tomcat 8.5.9
  • Apache tomcat 9.0.1
  • Apache tomcat 8.5.34
  • Apache tomcat 8.5.20
  • Apache tomcat 8.5.2
  • Apache tomcat 8.5.35
  • Apache tomcat 8.5.23
  • Apache tomcat 8.5.3
  • Apache tomcat 8.5.22
  • Apache tomcat 8.5.0
  • Apache tomcat 8.5.16
  • Apache tomcat 8.5.1
  • Apache tomcat 8.5.11
  • Apache tomcat 8.5.27
  • Apache tomcat 9.0.14
  • Apache tomcat 9.0.8
  • Apache tomcat 8.5.29
  • Apache tomcat 9.0.9
  • Apache tomcat 8.5.28
  • Apache tomcat 8.5.18
  • Apache tomcat 8.5.19
  • Apache tomcat 8.5.12
  • Apache tomcat 8.5.17
  • Apache tomcat 8.5.32
  • Apache tomcat 9.0.10
  • Apache tomcat 9.0.6
  • Apache tomcat 9.0.11
  • Apache tomcat 9.0.12
  • Apache tomcat 9.0.7
  • Apache tomcat 8.5.14
  • Apache tomcat 8.5.8

DOS:DIGIUM-PJSIP-DOS - DOS: Digium Asterisk PJSIP In-Dialog MESSAGE Request Denial-of-Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can lead to Denial of Service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://downloads.digium.com/pub/security/AST-2019-002.html
  • url: https://issues.asterisk.org/jira/browse/ASTERISK-28447
  • cve: CVE-2019-12827
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out