Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3206 (09/10/2019)

37 new signatures:

HIGHHTTP:STC:ADOBE:CVE-2019-8061-CEHTTP: Adobe Pdf CVE-2019-8061 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2019-8029-CEHTTP: Adobe Acrobat and Reader CVE-2019-8029 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2019-8055-CEHTTP: Adobe Pdf CVE-2019-8055 Remote Code Execution
MEDIUMHTTP:STC:ADOBE:CVE-2019-8102-IDHTTP: Adobe Acrobat and Reader CVE-2019-8102 Information Disclosure
MEDIUMHTTP:STC:ADOBE:CVE-2019-8002-IDHTTP: Adobe Acrobat and Reader CVE-2019-8002 Information Disclosure
HIGHHTTP:STC:ADOBE:CVE-2019-8008-CEHTTP: Adobe Acrobat and Reader CVE-2019-8008 Remote Code Execution
HIGHHTTP:STC:ADOBE:CVE-2019-8033-CEHTTP: Adobe Pdf CVE-2019-8033 Remote Code Execution
HIGHHTTP:CTS:CVE-2015-4624-CMD-INJHTTP: Hak5 WiFi Pineapple Preconfiguration Command Injection
HIGHHTTP:PHP:CMSMS-AUTH-RCEHTTP: Cmsms CVE-2018-1000094 Authenticated Remote Code Execution
HIGHHTTP:OVERFLOW:CVE-2017-14980-BOHTTP: Sync Breeze Enterprise CVE-2017-14980 Buffer Overflow
HIGHHTTP:MISC:GITLIST-RCEHTTP: Gitlist CVE-2018-1000533 Remote Code Execution
HIGHHTTP:PHP:BLUEIMP-JQUERY-FUPLDHTTP: Blueimp Jquery File Upload CVE-2018-9206 Arbitrary File Upload
HIGHHTTP:PULSE-PCS-CMD-INJHTTP: Pulse Secure Pulse Connect Secure Command Injection
HIGHHTTP:MISC:NUUO-NVRMINI2-RCEHTTP: Nuuo Nvrmini2 Remote Code Execution
HIGHHTTP2:PING-FLOOD-DOSHTTP2: Microsoft Windows HTTP2 Ping Flood Denial of Service
HIGHHTTP:STC:DL:CVE-2019-0788-CEHTTP: Microsoft Remote Desktop Services CVE-2019-0788 Remote Code Execution
HIGHHTTP:CTS:XPLICO-UNAUTH-CMD-INJHTTP: Xplico Unauthenticated Command Injection
HIGHHTTP:STC:ADOBE:CVE-2019-8070-CEHTTP: Adobe Flash CVE-2019-8070 Remote Code Execution
MEDIUMHTTP:STC:DL:CVE-2019-1281-EOPHTTP: Windows Common Log File System Driver CVE-2019-1281 Elevation of Privileges
MEDIUMHTTP:STC:DL:CVE-2019-1216-IDHTTP: Microsoft Windows Kernal ASLR CVE-2019-1216 Information Disclosure
MEDIUMHTTP:STC:DL:CVE-2019-1256-EOPHTTP: Microsoft Windows CVE-2019-1256 Elevation Of Privilege
MEDIUMHTTP:STC:DL:CVE-2019-1284-EOPHTTP: Microsoft Windows Kernel Driver CVE-2019-1284 Elevation of Privileges
MEDIUMHTTP:SCRIPT-INJ-VUL-78HTTP: SCRIPT-INJ Infection-78
MEDIUMHTTP:MAL-REDIRECT-VUL-79HTTP: MAL-REDIRECT Infection-79
MEDIUMHTTP:SUSP-HDR-REDRCT-VUL-80HTTP: SUSP-HDR-REDRCT Infection-80
MEDIUMHTTP:SCRIPT-INJ-VUL-81HTTP: SCRIPT-INJ Infection-81
MEDIUMHTTP:MAL-REDIRECT-VUL-82HTTP: MAL-REDIRECT Infection-82
HIGHHTTP:STC:CVE-2019-1296-RCEHTTP: Microsoft SharePoint CVE-2019-1296 Remote Code Execution
MEDIUMHTTP:STC:DL:CVE-2019-1279-EOPHTTP: Windows Common Log File System Driver CVE-2019-1279 Elevation of Privileges
MEDIUMHTTP:STC:DL:CVE-2019-1215-EOPHTTP: Microsoft Windows CVE-2019-1215 Elevation of Privilege
MEDIUMHTTP:SUSP-HDR-REDRCT-VUL-83HTTP: SUSP-HDR-REDRCT Infection-83
HIGHAPP:REMOTE:CVE-2019-0787-RCEAPP: Microsoft Windows Remote Desktop Services CVE-2019-0787 Remote Code Execution
MEDIUMHTTP:STC:DL:CVE-2019-1219-IDHTTP: Microsoft Windows CVE-2019-1219 Information Disclosure
MEDIUMHTTP:STC:DL:CVE-2019-1285-PEHTTP: Microsoft Windows CVE-2019-1285 Privilege Escalation
MEDIUMHTTP:STC:DL:CVE-2019-1214-EOPHTTP: Windows Common Log File System Driver CVE-2019-1214 Elevation of Privileges
HIGHHTTP:STC:ADOBE:CVE-2019-8015-CEHTTP: Adobe Acrobat and Reader CVE-2019-8015 Remote Code Execution
MEDIUMHTTP:STC:ADOBE:CVE-2019-8037-IDHTTP: Adobe Pdf CVE-2019-8037 Information Disclosure

5 updated signatures:

HIGHSCADA:CITECT-OFSCADA: CitectSCADA Buffer Overflow
MEDIUMHTTP:SUSP-HDR-REDRCT-VUL-77HTTP: SUSP-HDR-REDRCT Infection-77
MEDIUMHTTP:STC:GIT-CLIENT-CEHTTP: GitHub Git Tree Handling Overwrite Arbitrary Command Execution
HIGHAPP:MISC:JENKINS-CI-SERVER-CEAPP: Jenkins CI Server Arbitrary Code Execution
MEDIUMHTTP:MISC:PALO-ALTO-AUTH-BYPASSHTTP: Palo Alto Networks Management Interface Authentication Bypass

1 renamed protocol anomaly:

IP:TYPE-MISMATCH->IP:INFLATE-TYPE-MISMATCH


Details of the signatures included within this bulletin:

HTTP:STC:ADOBE:CVE-2019-8061-CE - HTTP: Adobe Pdf CVE-2019-8061 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8061

HTTP:STC:ADOBE:CVE-2019-8029-CE - HTTP: Adobe Acrobat and Reader CVE-2019-8029 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8029

HTTP:SUSP-HDR-REDRCT-VUL-77 - HTTP: SUSP-HDR-REDRCT Infection-77

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:STC:ADOBE:CVE-2019-8055-CE - HTTP: Adobe Pdf CVE-2019-8055 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8055

HTTP:SUSP-HDR-REDRCT-VUL-83 - HTTP: SUSP-HDR-REDRCT Infection-83

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:STC:ADOBE:CVE-2019-8002-ID - HTTP: Adobe Acrobat and Reader CVE-2019-8002 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8002

HTTP:STC:ADOBE:CVE-2019-8008-CE - HTTP: Adobe Acrobat and Reader CVE-2019-8008 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8008

APP:MISC:JENKINS-CI-SERVER-CE - APP: Jenkins CI Server Arbitrary Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Jenkins CI Server. Successful exploitation can result in arbitrary code execution

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • bugtraq: 77636
  • url: https://wiki.jenkins-ci.org/display/security/jenkins+security+advisory+2015-11-11
  • cve: CVE-2015-8103

Affected Products:

  • Cloudbees jenkins 1.625.1
  • Cloudbees jenkins 1.637

HTTP:STC:ADOBE:CVE-2019-8033-CE - HTTP: Adobe Pdf CVE-2019-8033 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8033

HTTP:STC:GIT-CLIENT-CE - HTTP: GitHub Git Tree Handling Overwrite Arbitrary Command Execution

Severity: MEDIUM

Description:

This signature attempts to detect a known vulnerability against GitHub. A successful exploit can lead to remote command execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2014-9390

HTTP:MISC:PALO-ALTO-AUTH-BYPASS - HTTP: Palo Alto Networks Management Interface Authentication Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Palo Alto Networks. Attackers could bypass security restrictions to gain unauthorized access to user accounts

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 102079
  • cve: CVE-2017-15944

Affected Products:

  • Paloaltonetworks pan-os 4.0.11
  • Paloaltonetworks pan-os 5.0.4
  • Paloaltonetworks pan-os 4.1.10
  • Paloaltonetworks pan-os 6.1.12
  • Paloaltonetworks pan-os 4.1.12
  • Paloaltonetworks pan-os 6.1.10
  • Paloaltonetworks pan-os 4.0.3
  • Paloaltonetworks pan-os 5.1.7
  • Paloaltonetworks pan-os 6.1.9
  • Paloaltonetworks pan-os 4.0.1
  • Paloaltonetworks pan-os 5.1.5
  • Paloaltonetworks pan-os 4.0.7
  • Paloaltonetworks pan-os 5.1.3
  • Paloaltonetworks pan-os 6.1.5
  • Paloaltonetworks pan-os 4.0.5
  • Paloaltonetworks pan-os 7.1.3
  • Paloaltonetworks pan-os 6.1.7
  • Paloaltonetworks pan-os 3.1.11
  • Paloaltonetworks pan-os 6.1.1
  • Paloaltonetworks pan-os 6.1.3
  • Paloaltonetworks pan-os 5.1.10
  • Paloaltonetworks pan-os 5.1.9
  • Paloaltonetworks pan-os 6.0.8
  • Paloaltonetworks pan-os 5.0.0-h1
  • Paloaltonetworks pan-os 4.1.9
  • Paloaltonetworks pan-os 5.0.15
  • Paloaltonetworks pan-os 4.1.7
  • Paloaltonetworks pan-os 5.0.17
  • Paloaltonetworks pan-os 7.0.9
  • Paloaltonetworks pan-os 7.1.4
  • Paloaltonetworks pan-os 4.1.5
  • Paloaltonetworks pan-os 4.1.3
  • Paloaltonetworks pan-os 4.1.1
  • Paloaltonetworks pan-os 6.0
  • Paloaltonetworks pan-os 6.0.2
  • Paloaltonetworks pan-os 7.0.12
  • Paloaltonetworks pan-os 5.0.3
  • Paloaltonetworks pan-os 6.0.4
  • Paloaltonetworks pan-os 6.0.10
  • Paloaltonetworks pan-os 6.0.6
  • Paloaltonetworks pan-os 6.0.12
  • Paloaltonetworks pan-os 4.0.8
  • Paloaltonetworks pan-os 4.0.12
  • Paloaltonetworks pan-os 3.1.9
  • Paloaltonetworks pan-os 4.0.10
  • Paloaltonetworks pan-os 5.0.5
  • Paloaltonetworks pan-os 4.1.11
  • Paloaltonetworks pan-os 6.1.13
  • Paloaltonetworks pan-os 7.1.4-h2
  • Paloaltonetworks pan-os 4.1.13
  • Paloaltonetworks pan-os 5.0.2
  • Paloaltonetworks pan-os 6.1.8
  • Paloaltonetworks pan-os 4.0.2
  • Paloaltonetworks pan-os 5.1.6
  • Paloaltonetworks pan-os 4.1.8-h3
  • Paloaltonetworks pan-os 4.0.0
  • Paloaltonetworks pan-os 5.1.4
  • Paloaltonetworks pan-os 6.1.4
  • Paloaltonetworks pan-os 6.1.15
  • Paloaltonetworks pan-os 4.0.6
  • Paloaltonetworks pan-os 7.1.0
  • Paloaltonetworks pan-os 7.1.7
  • Paloaltonetworks pan-os 6.1.6
  • Paloaltonetworks pan-os 4.0.4
  • Paloaltonetworks pan-os 7.1.2
  • Paloaltonetworks pan-os 6.1.0
  • Paloaltonetworks pan-os 3.1.10
  • Paloaltonetworks pan-os 6.1.2
  • Paloaltonetworks pan-os 3.1.12
  • Paloaltonetworks pan-os 7.1.1
  • Paloaltonetworks pan-os 7.1.8
  • Paloaltonetworks pan-os 6.0.9
  • Paloaltonetworks pan-os 5.1.8
  • Paloaltonetworks pan-os 4.1.8
  • Paloaltonetworks pan-os 5.0.14
  • Paloaltonetworks pan-os 4.1.6
  • Paloaltonetworks pan-os 5.1.2
  • Paloaltonetworks pan-os 7.0.8
  • Paloaltonetworks pan-os 4.1.4
  • Paloaltonetworks pan-os 5.1
  • Paloaltonetworks pan-os 4.1.2
  • Paloaltonetworks pan-os 6.0.1
  • Paloaltonetworks pan-os 4.1.0
  • Paloaltonetworks pan-os 6.0.3
  • Paloaltonetworks pan-os 5.1.1
  • Paloaltonetworks pan-os 6.0.5
  • Paloaltonetworks pan-os 6.0.11
  • Paloaltonetworks pan-os 7.1.6
  • Paloaltonetworks pan-os 6.0.7
  • Paloaltonetworks pan-os 5.0.0
  • Paloaltonetworks pan-os 7.0.11
  • Paloaltonetworks pan-os 7.0.5-h2
  • Paloaltonetworks pan-os 4.0.9
  • Paloaltonetworks pan-os 4.0.13
  • Paloaltonetworks pan-os 7.0.4

SCADA:CITECT-OF - SCADA: CitectSCADA Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in CitectSCADA. A successful attack can lead to a buffer overflow and allow attackers to execute remote code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 29634
  • url: http://www.coresecurity.com/?action=item&id=2186
  • cve: CVE-2008-2639
  • url: http://www.coresecurity.com/content/citect-scada-odbc-service-vulnerability
  • url: http://www.auscert.org.au/render.html?it=9433
  • url: http://www.citect.com/documents/news_and_media/pr-citect-address-security.pdf

Affected Products:

  • Citect citectscada 6
  • Citect citectscada 7
  • Citect citectfacilities 7

HTTP:CTS:CVE-2015-4624-CMD-INJ - HTTP: Hak5 WiFi Pineapple Preconfiguration Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Wifi Pineapple. A successful attack can lead to Command Injection.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 20150811
  • cve: CVE-2015-4624

HTTP:PHP:CMSMS-AUTH-RCE - HTTP: Cmsms CVE-2018-1000094 Authenticated Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against CMSMS. A successful attack can lead to Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-1000094
  • url: http://dev.cmsmadesimple.org/bug/view/11741

HTTP:OVERFLOW:CVE-2017-14980-BO - HTTP: Sync Breeze Enterprise CVE-2017-14980 Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Sync Breeze Enterprise. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2017-14980

HTTP:MISC:GITLIST-RCE - HTTP: Gitlist CVE-2018-1000533 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against klaussilveira GitList. A successful attack can lead to Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322
  • cve: CVE-2018-1000533

HTTP:PHP:BLUEIMP-JQUERY-FUPLD - HTTP: Blueimp Jquery File Upload CVE-2018-9206 Arbitrary File Upload

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Blueimp jQueryFileUpload. A successful attack can lead to arbitrary file upload.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 106629
  • bugtraq: 105679
  • cve: CVE-2018-9206
  • url: https://httpd.apache.org/docs/current/mod/core.html#allowoverride

HTTP:PULSE-PCS-CMD-INJ - HTTP: Pulse Secure Pulse Connect Secure Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Pulse Secure Pulse Connect Secure. A successful attack can lead to Command Injection.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
  • bugtraq: 108073
  • cve: CVE-2019-11539

HTTP:MISC:NUUO-NVRMINI2-RCE - HTTP: Nuuo Nvrmini2 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Nuuo NVR Mini2. A successful attack can lead to Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-1149
  • url: https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf
  • bugtraq: 105720

HTTP2:PING-FLOOD-DOS - HTTP2: Microsoft Windows HTTP2 Ping Flood Denial of Service

Severity: HIGH

Description:

A denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to resource exhaustion when continually sending HTTP2 Ping frames to the web server. A remote unauthenticated attacker can exploit this vulnerability by sending a flood of HTTP2 Ping frames. Successful exploitation could cause a denial of service conditions on the target system.

Supported On:

srx-branch-19.2, vsrx3bsd-19.2, srx-17.3, vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2

References:

  • url: https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  • cve: CVE-2019-9512

HTTP:STC:DL:CVE-2019-0788-CE - HTTP: Microsoft Remote Desktop Services CVE-2019-0788 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Remote Desktop Service. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-0788

HTTP:CTS:XPLICO-UNAUTH-CMD-INJ - HTTP: Xplico Unauthenticated Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Xplico. A successful attack can lead to Command Injection.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2017-16666
  • url: https://www.xplico.org/archives/1538

HTTP:STC:ADOBE:CVE-2019-8070-CE - HTTP: Adobe Flash CVE-2019-8070 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • cve: CVE-2019-8070

HTTP:STC:DL:CVE-2019-1281-EOP - HTTP: Windows Common Log File System Driver CVE-2019-1281 Elevation of Privileges

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Windows Common Log File System Driver. A successful attack can lead to elevation of privilege.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1281

HTTP:STC:DL:CVE-2019-1216-ID - HTTP: Microsoft Windows Kernal ASLR CVE-2019-1216 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Kernal. A successful attack can lead to Information Disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1216

HTTP:STC:DL:CVE-2019-1256-EOP - HTTP: Microsoft Windows CVE-2019-1256 Elevation Of Privilege

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Windows. A successful attack can lead to elevation of privilege.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1256

HTTP:STC:DL:CVE-2019-1284-EOP - HTTP: Microsoft Windows Kernel Driver CVE-2019-1284 Elevation of Privileges

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Kernel Driver. A successful attack can lead to elevation of privilege.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1284

HTTP:SCRIPT-INJ-VUL-78 - HTTP: SCRIPT-INJ Infection-78

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:MAL-REDIRECT-VUL-79 - HTTP: MAL-REDIRECT Infection-79

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:SUSP-HDR-REDRCT-VUL-80 - HTTP: SUSP-HDR-REDRCT Infection-80

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:SCRIPT-INJ-VUL-81 - HTTP: SCRIPT-INJ Infection-81

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:MAL-REDIRECT-VUL-82 - HTTP: MAL-REDIRECT Infection-82

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

vsrx3bsd-19.2, srx-12.1, srx-17.3, vsrx-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2

HTTP:STC:CVE-2019-1296-RCE - HTTP: Microsoft SharePoint CVE-2019-1296 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against SharePoint. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1296

HTTP:STC:DL:CVE-2019-1279-EOP - HTTP: Windows Common Log File System Driver CVE-2019-1279 Elevation of Privileges

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Windows Common Log File System Driver. A successful attack can lead to elevation of privilege.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1279

HTTP:STC:DL:CVE-2019-1215-EOP - HTTP: Microsoft Windows CVE-2019-1215 Elevation of Privilege

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to elevation of privilege.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1215

HTTP:STC:ADOBE:CVE-2019-8102-ID - HTTP: Adobe Acrobat and Reader CVE-2019-8102 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8102

IP:INFLATE-TYPE-MISMATCH - HTTP: Inflate format type mismatch

Severity: MEDIUM

Description:

This anomaly triggers, if the actual compression algorithm used to compress data is different from content encoding specified by the header. This mismatch could indicate evasion type of attack.

Supported On:

srx-17.3, srx-17.4, srx-18.2, srx-19.1, srx-12.1, srx-19.2

APP:REMOTE:CVE-2019-0787-RCE - APP: Microsoft Windows Remote Desktop Services CVE-2019-0787 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Remote Desktop Services. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2019-0787

HTTP:STC:DL:CVE-2019-1219-ID - HTTP: Microsoft Windows CVE-2019-1219 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to sensitive information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1219

HTTP:STC:DL:CVE-2019-1285-PE - HTTP: Microsoft Windows CVE-2019-1285 Privilege Escalation

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to Privilege Escalation.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1285

HTTP:STC:DL:CVE-2019-1214-EOP - HTTP: Windows Common Log File System Driver CVE-2019-1214 Elevation of Privileges

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Windows Common Log File System Driver. A successful attack can lead to elevation of privilege.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-1214

HTTP:STC:ADOBE:CVE-2019-8015-CE - HTTP: Adobe Acrobat and Reader CVE-2019-8015 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8015

HTTP:STC:ADOBE:CVE-2019-8037-ID - HTTP: Adobe Pdf CVE-2019-8037 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to information disclosure.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
  • cve: CVE-2019-8037
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out