Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3228 (11/28/2019)

10 new signatures:

MEDIUMHTTP:CTS:OPEN-EMR-XSSHTTP: OpenEMR C-Document Cross-Site Scripting
CRITICALHTTP:APACHE:SOLR-DATIMPORT-RCEHTTP: Apache Solr DataImportHandler Remote Code Execution
CRITICALHTTP:CTS:HPE-BYTE-MSG-RCEHTTP: HPE Intelligent Management Center ByteMessageResource Insecure Deserialization Remote Code Execution
HIGHHTTP2:APACHE-SETTING-DNSHTTP2: Apache Traffic Server HTTP2 Settings Flood Denial of Service
MEDIUMHTTP:SQL:INJ:WIKID-SERVER-SQLIHTTP: WiKID 2FA Enterprise Server searchDevices.jsp SQL Injection
CRITICALHTTP:CISCO:IOS-XE-CIHTTP: Cisco IOS XE WebUI Privileged Command Injection
CRITICALHTTP:TOMCAT:CVE-2019-0232-RCEHTTP: Apache Tomcat CVE-2019-0232 Command Injection
CRITICALHTTP:STC:SCRIPT:UNESCAPE-RCEHTTP: Java Script Unescape Hex Encoded Remote Code Execution
MEDIUMHTTP:CTS:PULSE-SECURE-BOHTTP: Pulse Secure Platform Stack-Based Buffer Overflow
HIGHHTTP:SQL:INJ:ZOHO-ENGN-SQLIHTTP: Zoho ManageEngine SQL Injection

4 updated signatures:

HIGHSMTP:DOS:SMTP-BDAT-DOSSMTP: Exim BDAT Denial of Service
HIGHHTTP:MISC:NG-ARB-FLUPLOADHTTP: Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload
HIGHHTTP:STC:IE:DRAG-N-DRPHTTP: Internet Explorer Drag And Drop
LOWHTTP:STC:IE:IE-ACTIVEX-DRCTANIMHTTP: Internet Explorer ActiveX DirectAnimation


Details of the signatures included within this bulletin:

HTTP:CTS:OPEN-EMR-XSS - HTTP: OpenEMR C-Document Cross-Site Scripting

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against OpenEMR. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-3965
  • url: https://www.tenable.com/security/research/tra-2019-40
  • cve: CVE-2019-3963

Affected Products:

  • Open-emr openemr 5.0.1

HTTP:APACHE:SOLR-DATIMPORT-RCE - HTTP: Apache Solr DataImportHandler Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Apache Solr. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://issues.apache.org/jira/browse/solr-13669
  • cve: CVE-2019-0193

Affected Products:

  • Apache solr 6.0.0
  • Apache solr 6.2.1
  • Apache solr 4.6.0
  • Apache solr 3.6.0
  • Apache solr 4.6.1
  • Apache solr 3.6.2
  • Apache solr 4.5.0
  • Apache solr 4.2.0
  • Apache solr 7.0.0
  • Apache solr 4.8.0
  • Apache solr 7.4.0
  • Apache solr 7.3.0
  • Apache solr 6.6.2
  • Apache solr 8.0.0
  • Apache solr 1.1.0
  • Apache solr 5.4.1
  • Apache solr 6.6.4
  • Apache solr 7.5.0
  • Apache solr 5.0
  • Apache solr 7.7.1
  • Apache solr 4.3.0
  • Apache solr 5.2.1
  • Apache solr 1.4.1
  • Apache solr 4.9.0
  • Apache solr 7.7.0
  • Apache solr 7.2.0
  • Apache solr 3.2
  • Apache solr 6.4.2
  • Apache solr 8.1.0
  • Apache solr 6.1.0
  • Apache solr 6.3.0
  • Apache solr 5.1.0
  • Apache solr 6.4.1
  • Apache solr 5.5.4
  • Apache solr 4.10.1
  • Apache solr 4.10.3
  • Apache solr 5.5.0
  • Apache solr 7.1.0
  • Apache solr 5.5.2
  • Apache solr 5.2.0
  • Apache solr 3.6.1
  • Apache solr 6.6.1
  • Apache solr 5.3.2
  • Apache solr 6.2.0
  • Apache solr 6.5.0
  • Apache solr 4.2.1
  • Apache solr 5.3.0
  • Apache solr 4.7.1
  • Apache solr 7.7.2
  • Apache solr 4.5.1
  • Apache solr 4.8.1
  • Apache solr 7.3.1
  • Apache solr 1.2
  • Apache solr 6.5.1
  • Apache solr 6.6.0
  • Apache solr 6.6.3
  • Apache solr 7.0.1
  • Apache solr 5.4.0
  • Apache solr 6.6.5
  • Apache solr 6.0.1
  • Apache solr 3.5.0
  • Apache solr 5.1
  • Apache solr 4.0.0
  • Apache solr 4.7.2
  • Apache solr 7.6.0
  • Apache solr 5.3
  • Apache solr 4.7.0
  • Apache solr 1.4.0
  • Apache solr 1.3.0
  • Apache solr 4.3.1
  • Apache solr 4.9.1
  • Apache solr 7.2.1
  • Apache solr 5.3.1
  • Apache solr 3.3
  • Apache solr 4.1.0
  • Apache solr 8.1.1
  • Apache solr 3.1
  • Apache solr 3.4.0
  • Apache solr 4.4.0
  • Apache solr 5.5.5
  • Apache solr 6.4.0
  • Apache solr 4.10.0
  • Apache solr 5.5.1
  • Apache solr 4.10.2
  • Apache solr 5.5.3
  • Apache solr 4.10.4

HTTP:CTS:HPE-BYTE-MSG-RCE - HTTP: HPE Intelligent Management Center ByteMessageResource Insecure Deserialization Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03930en_us
  • cve: CVE-2019-11956
  • url: http://www.zerodayinitiative.com/advisories/zdi-19-528/

Affected Products:

  • Hp intelligent_management_center 5.2
  • Hp intelligent_management_center 7.3
  • Hp intelligent_management_center 5.0
  • Hp intelligent_management_center 7.0
  • Hp intelligent_management_center 5.1
  • Hp intelligent_management_center 7.2

HTTP2:APACHE-SETTING-DNS - HTTP2: Apache Traffic Server HTTP2 Settings Flood Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apache Traffic Server. A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-19.2, vsrx3bsd-19.2, srx-17.3, vsrx-17.4, srx-branch-17.4, srx-17.4, vsrx-15.1, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2

References:

  • url: https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  • url: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/changelog-8.0.4
  • cve: CVE-2019-9515

Affected Products:

  • Apple swiftnio 1.2.1
  • Apple swiftnio 1.1.1
  • Apple swiftnio 1.2.2
  • Apache traffic_server 7.1.0
  • Apache traffic_server 8.0.0
  • Apache traffic_server 6.1.1
  • Apple swiftnio 1.4.0
  • Apache traffic_server 7.0.0
  • Apple swiftnio 1.3.1
  • Apache traffic_server 6.1.0
  • Apple swiftnio 1.3.0
  • Apache traffic_server 6.2.2
  • Apache traffic_server 6.2.3
  • Apache traffic_server 8.0.2
  • Apple swiftnio 1.3.2
  • Apache traffic_server 6.2.0
  • Apache traffic_server 6.0.0
  • Apache traffic_server 8.0.3
  • Apache traffic_server 6.2.1
  • Apache traffic_server 7.1.1
  • Apple swiftnio 1.0.0
  • Apache traffic_server 8.0.1
  • Apache traffic_server 6.0.3
  • Apache traffic_server 7.1.4
  • Apache traffic_server 7.1.5
  • Apache traffic_server 7.1.6
  • Apache traffic_server 7.1.3
  • Apple swiftnio 1.1.0
  • Apache traffic_server 7.1.2
  • Apple swiftnio 1.0.1
  • Apple swiftnio 1.2.0

HTTP:STC:IE:IE-ACTIVEX-DRCTANIM - HTTP: Internet Explorer ActiveX DirectAnimation

Severity: LOW

Description:

This signature detects Web pages containing dangerous ActiveX object. A malicious Web site can exploit a known vulnerability in Microsoft Internet Explorer and create a denial of service to the client browser.

Supported On:

idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 18902
  • cve: CVE-2006-3513

Affected Products:

  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1

HTTP:SQL:INJ:WIKID-SERVER-SQLI - HTTP: WiKID 2FA Enterprise Server searchDevices.jsp SQL Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against WiKID 2FA Enterprise Server. A successful attack can lead to SQL injection.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-16917

Affected Products:

  • Wikidsystems two_factor_authentication_enterprise_server 4.2.0-b2047

HTTP:CISCO:IOS-XE-CI - HTTP: Cisco IOS XE WebUI Privileged Command Injection

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against WebUI component of Cisco IOS XE. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-12651
  • cve: CVE-2019-12650

Affected Products:

  • Cisco ios_xe 16.6.5
  • Cisco ios 16.11.1
  • Cisco ios_xe 17.1.1

HTTP:TOMCAT:CVE-2019-0232-RCE - HTTP: Apache Tomcat CVE-2019-0232 Command Injection

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known command injection vulnerability in Apache Tomcat. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 107906
  • cve: CVE-2019-0232

Affected Products:

  • Apache tomcat 8.5.33
  • Apache tomcat 8.5.6
  • Apache tomcat 8.5.20
  • Apache tomcat 8.5.31
  • Apache tomcat 7.0.58
  • Apache tomcat 7.0.49
  • Apache tomcat 8.5.4
  • Apache tomcat 8.5.37
  • Apache tomcat 8.5.2
  • Apache tomcat 8.5.35
  • Apache tomcat 8.5.19
  • Apache tomcat 8.5.0
  • Apache tomcat 7.0.52
  • Apache tomcat 7.0.27
  • Apache tomcat 7.0.50
  • Apache tomcat 7.0.21
  • Apache tomcat 7.0.56
  • Apache tomcat 9.0.15
  • Apache tomcat 8.5.18
  • Apache tomcat 7.0.81
  • Apache tomcat 7.0.54
  • Apache tomcat 9.0.17
  • Apache tomcat 7.0.25
  • Apache tomcat 7.0.83
  • Apache tomcat 7.0.68
  • Apache tomcat 9.0.11
  • Apache tomcat 9.0.7
  • Apache tomcat 8.5.14
  • Apache tomcat 7.0.85
  • Apache tomcat 7.0.66
  • Apache tomcat 7.0.30
  • Apache tomcat 9.0.13
  • Apache tomcat 9.0.5
  • Apache tomcat 8.5.16
  • Apache tomcat 8.5.24
  • Apache tomcat 7.0.87
  • Apache tomcat 7.0.64
  • Apache tomcat 7.0.32
  • Apache tomcat 9.0.3
  • Apache tomcat 8.5.10
  • Apache tomcat 8.5.26
  • Apache tomcat 7.0.9
  • Apache tomcat 7.0.89
  • Apache tomcat 7.0.62
  • Apache tomcat 7.0.34
  • Apache tomcat 9.0.1
  • Apache tomcat 8.5.12
  • Apache tomcat 7.0.79
  • Apache tomcat 7.0.60
  • Apache tomcat 7.0.36
  • Apache tomcat 7.0.17
  • Apache tomcat 8.5.22
  • Apache tomcat 7.0.38
  • Apache tomcat 7.0.15
  • Apache tomcat 7.0.75
  • Apache tomcat 7.0.93
  • Apache tomcat 7.0.44
  • Apache tomcat 7.0.13
  • Apache tomcat 7.0.77
  • Apache tomcat 8.5.38
  • Apache tomcat 7.0.1
  • Apache tomcat 7.0.91
  • Apache tomcat 7.0.46
  • Apache tomcat 9.0.9
  • Apache tomcat 8.5.28
  • Apache tomcat 7.0.3
  • Apache tomcat 7.0.40
  • Apache tomcat 7.0.73
  • Apache tomcat 7.0.5
  • Apache tomcat 7.0.42
  • Apache tomcat 8.5.32
  • Apache tomcat 7.0.7
  • Apache tomcat 8.5.9
  • Apache tomcat 9.0.8
  • Apache tomcat 8.5.30
  • Apache tomcat 8.5.7
  • Apache tomcat 8.5.29
  • Apache tomcat 8.5.36
  • Apache tomcat 7.0.59
  • Apache tomcat 7.0.48
  • Apache tomcat 8.5.5
  • Apache tomcat 8.5.34
  • Apache tomcat 8.5.3
  • Apache tomcat 7.0.11
  • Apache tomcat 8.5.1
  • Apache tomcat 7.0.71
  • Apache tomcat 7.0.29
  • Apache tomcat 7.0.53
  • Apache tomcat 7.0.22
  • Apache tomcat 7.0.51
  • Apache tomcat 9.0.14
  • Apache tomcat 7.0.20
  • Apache tomcat 7.0.57
  • Apache tomcat 9.0.16
  • Apache tomcat 7.0.26
  • Apache tomcat 7.0.28
  • Apache tomcat 7.0.80
  • Apache tomcat 7.0.55
  • Apache tomcat 7.0.69
  • Apache tomcat 9.0.10
  • Apache tomcat 9.0.6
  • Apache tomcat 7.0.24
  • Apache tomcat 7.0.82
  • Apache tomcat 7.0.67
  • Apache tomcat 9.0.12
  • Apache tomcat 9.0.4
  • Apache tomcat 8.5.15
  • Apache tomcat 8.5.25
  • Apache tomcat 7.0.84
  • Apache tomcat 7.0.65
  • Apache tomcat 7.0.31
  • Apache tomcat 9.0.2
  • Apache tomcat 8.5.17
  • Apache tomcat 8.5.27
  • Apache tomcat 7.0.8
  • Apache tomcat 7.0.86
  • Apache tomcat 7.0.63
  • Apache tomcat 7.0.33
  • Apache tomcat 7.0.23
  • Apache tomcat 7.0.18
  • Apache tomcat 8.5.11
  • Apache tomcat 7.0.78
  • Apache tomcat 8.5.21
  • Apache tomcat 7.0.88
  • Apache tomcat 7.0.61
  • Apache tomcat 7.0.35
  • Apache tomcat 7.0.16
  • Apache tomcat 8.5.13
  • Apache tomcat 8.5.23
  • Apache tomcat 7.0.37
  • Apache tomcat 9.0.0
  • Apache tomcat 7.0.14
  • Apache tomcat 7.0.74
  • Apache tomcat 7.0.92
  • Apache tomcat 7.0.39
  • Apache tomcat 7.0.45
  • Apache tomcat 7.0.12
  • Apache tomcat 7.0.76
  • Apache tomcat 7.0.0
  • Apache tomcat 7.0.90
  • Apache tomcat 7.0.47
  • Apache tomcat 7.0.10
  • Apache tomcat 7.0.70
  • Apache tomcat 8.5.39
  • Apache tomcat 7.0.2
  • Apache tomcat 7.0.41
  • Apache tomcat 7.0.19
  • Apache tomcat 7.0.72
  • Apache tomcat 7.0.4
  • Apache tomcat 7.0.43
  • Apache tomcat 7.0.6
  • Apache tomcat 8.5.8

SMTP:DOS:SMTP-BDAT-DOS - SMTP: Exim BDAT Denial of Service

Severity: HIGH

Description:

A denial-of-service vulnerability has been reported in the Exim message transfer agent. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request. Successful exploitation could result in denial-of-service conditions.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2017-16944

Affected Products:

  • Exim exim 4.89
  • Exim exim 4.88
  • Debian debian_linux 9.0

HTTP:MISC:NG-ARB-FLUPLOAD - HTTP: Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Netgear ProSAFE. Successful exploitation could allow an attacker to upload arbitrary files which could lead to further attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://seclists.org/fulldisclosure/2016/feb/30
  • cve: CVE-2016-1524
  • bugtraq: 82630
  • url: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear_nms_rce.txt
  • url: http://seclists.org/fulldisclosure/2016/Feb/30

Affected Products:

  • Netgear prosafe_network_management_software_300 1.5.0.11

HTTP:STC:SCRIPT:UNESCAPE-RCE - HTTP: Java Script Unescape Hex Encoded Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2016-3210
  • cve: CVE-2018-8174

Affected Products:

  • Microsoft internet_explorer 11

HTTP:CTS:PULSE-SECURE-BO - HTTP: Pulse Secure Platform Stack-Based Buffer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Pulse Secure. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Pulse Secure Server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 108073
  • url: https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44101/
  • cve: CVE-2019-11542

Affected Products:

  • Pulsesecure pulse_policy_secure 5.3r5.0
  • Pulsesecure pulse_policy_secure 9.0r2.1
  • Pulsesecure pulse_policy_secure 5.3r2.0
  • Pulsesecure pulse_policy_secure 5.4r6
  • Pulsesecure pulse_policy_secure 5.3r8.1
  • Pulsesecure pulse_connect_secure 8.2r1.0
  • Pulsesecure pulse_policy_secure 5.3r5.2
  • Pulsesecure pulse_connect_secure 9.0r2
  • Pulsesecure pulse_policy_secure 5.1r1.1
  • Pulsesecure pulse_connect_secure 8.2r9.0
  • Pulsesecure pulse_connect_secure 8.1r9.2
  • Pulsesecure pulse_connect_secure 8.3r5.2
  • Pulsesecure pulse_policy_secure 5.2r3.0
  • Pulsesecure pulse_policy_secure 5.2rx
  • Pulsesecure pulse_policy_secure 5.1r10.0
  • Pulsesecure pulse_policy_secure 5.2r7.0
  • Pulsesecure pulse_connect_secure 9.0rx
  • Pulsesecure pulse_policy_secure 9.0r2
  • Pulsesecure pulse_connect_secure 8.1r3.2
  • Pulsesecure pulse_policy_secure 5.3r1.1
  • Pulsesecure pulse_policy_secure 5.2r9.0
  • Pulsesecure pulse_policy_secure 5.1r2.1
  • Pulsesecure pulse_connect_secure 8.2r2.0
  • Pulsesecure pulse_policy_secure 5.1r12.0
  • Pulsesecure pulse_policy_secure 5.1r1.0
  • Pulsesecure pulse_connect_secure 8.1r12.0
  • Pulsesecure pulse_policy_secure 5.1r9.0
  • Pulsesecure pulse_policy_secure 5.3r9.0
  • Pulsesecure pulse_connect_secure 8.1r11.0
  • Pulsesecure pulse_policy_secure 5.1r2.0
  • Pulsesecure pulse_connect_secure 9.0r2.1
  • Pulsesecure pulse_policy_secure 5.3r3.0
  • Pulsesecure pulse_connect_secure 8.2r5.0
  • Pulsesecure pulse_policy_secure 5.2r8.0
  • Pulsesecure pulse_policy_secure 5.2r3.2
  • Pulsesecure pulse_policy_secure 5.1r7.0
  • Pulsesecure pulse_policy_secure 5.2r6.0
  • Pulsesecure pulse_policy_secure 5.3r3.1
  • Pulsesecure pulse_connect_secure 8.2r7.1
  • Pulsesecure pulse_policy_secure 5.1r11.1
  • Pulsesecure pulse_connect_secure 8.3rx
  • Pulsesecure pulse_connect_secure 8.1r2.0
  • Pulsesecure pulse_policy_secure 5.3r11.0
  • Pulsesecure pulse_connect_secure 8.3r6.1
  • Pulsesecure pulse_policy_secure 5.2r2.0
  • Pulsesecure pulse_connect_secure 8.3r2
  • Pulsesecure pulse_policy_secure 5.3r4.1
  • Pulsesecure pulse_policy_secure 5.4r7
  • Pulsesecure pulse_policy_secure 5.1r5.0
  • Pulsesecure pulse_connect_secure 8.3r4
  • Pulsesecure pulse_connect_secure 8.1r3.0
  • Pulsesecure pulse_connect_secure 8.2r8.1
  • Pulsesecure pulse_connect_secure 8.3r6
  • Pulsesecure pulse_connect_secure 8.1r1.1
  • Pulsesecure pulse_policy_secure 5.2r9.1
  • Pulsesecure pulse_connect_secure 9.0r3.2
  • Pulsesecure pulse_policy_secure 5.2r5.0
  • Pulsesecure pulse_connect_secure 8.2r3.0
  • Pulsesecure pulse_policy_secure 5.4r2.1
  • Pulsesecure pulse_connect_secure 8.1r9.0
  • Pulsesecure pulse_policy_secure 5.4r4
  • Pulsesecure pulse_policy_secure 5.2r10.0
  • Pulsesecure pulse_policy_secure 5.2r4.0
  • Pulsesecure pulse_policy_secure 5.3r7.0
  • Pulsesecure pulse_policy_secure 5.1r11.0
  • Pulsesecure pulse_connect_secure 8.1r4.0
  • Pulsesecure pulse_connect_secure 8.1r5.0
  • Pulsesecure pulse_connect_secure 8.1r9.1
  • Pulsesecure pulse_policy_secure 5.2r7.1
  • Pulsesecure pulse_policy_secure 5.1r14.0
  • Pulsesecure pulse_connect_secure 8.2r4.1
  • Pulsesecure pulse_connect_secure 8.2r1.1
  • Pulsesecure pulse_connect_secure 8.2r12.0
  • Pulsesecure pulse_policy_secure 5.3r5.1
  • Pulsesecure pulse_connect_secure 9.0r3
  • Pulsesecure pulse_policy_secure 5.3r6.0
  • Pulsesecure pulse_policy_secure 5.3r8.0
  • Pulsesecure pulse_connect_secure 8.2r11.0
  • Pulsesecure pulse_connect_secure 9.0r1
  • Pulsesecure pulse_connect_secure 8.2r6.0
  • Pulsesecure pulse_policy_secure 5.3r8.2
  • Pulsesecure pulse_connect_secure 8.1r13.0
  • Pulsesecure pulse_connect_secure 8.1r3.1
  • Pulsesecure pulse_policy_secure 5.3r1.0
  • Pulsesecure pulse_policy_secure 5.1r4.0
  • Pulsesecure pulse_policy_secure 9.0r3
  • Pulsesecure pulse_policy_secure 5.1r12.1
  • Pulsesecure pulse_policy_secure 9.0r1
  • Pulsesecure pulse_connect_secure 8.1r12.1
  • Pulsesecure pulse_policy_secure 5.3rx
  • Pulsesecure pulse_connect_secure 8.1r14.0
  • Pulsesecure pulse_policy_secure 5.4r2
  • Pulsesecure pulse_connect_secure 8.2r5.1
  • Pulsesecure pulse_connect_secure 8.1r11.1
  • Pulsesecure pulse_policy_secure 5.3r10.
  • Pulsesecure pulse_policy_secure 5.4rx
  • Pulsesecure pulse_policy_secure 5.1r9.1
  • Pulsesecure pulse_policy_secure 5.1r3.0
  • Pulsesecure pulse_policy_secure 5.1r8.0
  • Pulsesecure pulse_connect_secure 8.3r3
  • Pulsesecure pulse_connect_secure 8.2r7.2
  • Pulsesecure pulse_policy_secure 5.1r3.2
  • Pulsesecure pulse_policy_secure 5.2r11.0
  • Pulsesecure pulse_connect_secure 8.3r2.1
  • Pulsesecure pulse_connect_secure 8.1r2.1
  • Pulsesecure pulse_connect_secure 8.3r1
  • Pulsesecure pulse_connect_secure 8.2r7.0
  • Pulsesecure pulse_policy_secure 5.3r12.0
  • Pulsesecure pulse_policy_secure 5.4r5.2
  • Pulsesecure pulse_policy_secure 9.0r3.1
  • Pulsesecure pulse_connect_secure 8.2rx
  • Pulsesecure pulse_policy_secure 5.1r13.0
  • Pulsesecure pulse_connect_secure 8.3r5
  • Pulsesecure pulse_policy_secure 5.3r4.0
  • Pulsesecure pulse_policy_secure 5.4r6.1
  • Pulsesecure pulse_connect_secure 8.2r8.0
  • Pulsesecure pulse_connect_secure 8.3r7
  • Pulsesecure pulse_connect_secure 8.1r6.0
  • Pulsesecure pulse_connect_secure 8.2r8.2
  • Pulsesecure pulse_connect_secure 8.1r1.0
  • Pulsesecure pulse_policy_secure 9.0rx
  • Pulsesecure pulse_connect_secure 9.0r3.1
  • Pulsesecure pulse_connect_secure 8.1r7.0
  • Pulsesecure pulse_connect_secure 8.2r3.1
  • Pulsesecure pulse_connect_secure 8.1r10.0
  • Pulsesecure pulse_policy_secure 5.1r6.0
  • Pulsesecure pulse_policy_secure 5.2r1.0
  • Pulsesecure pulse_policy_secure 5.4r5
  • Pulsesecure pulse_connect_secure 8.1r4.1
  • Pulsesecure pulse_policy_secure 5.4r3
  • Pulsesecure pulse_connect_secure 8.1r8.0
  • Pulsesecure pulse_connect_secure 8.3r5.1
  • Pulsesecure pulse_connect_secure 8.2r10.0
  • Pulsesecure pulse_policy_secure 5.4r1
  • Pulsesecure pulse_connect_secure 8.2r4.0

HTTP:STC:IE:DRAG-N-DRP - HTTP: Internet Explorer Drag And Drop

Severity: HIGH

Description:

This signature detects Web pages with Web folders pointing to a client-side folder using the shell URI scheme. Attackers can use a malicious Web page containing a client-side Web folder to install arbitrary files in sensitive locations on the client filesystem, such as the startup folder. However, a specially crafted Web site could be using a client-side Web folder legitimately.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://seclists.org/lists/bugtraq/2004/Aug/0324.html
  • url: http://msdn.microsoft.com/workshop/author/behaviors/reference/behaviors/anchor.asp
  • bugtraq: 10973
  • cve: CVE-2004-0839
  • bugtraq: 11466
  • cve: CVE-2005-0053

Affected Products:

  • Microsoft windows_xp_professional
  • Microsoft windows_xp_home
  • Microsoft windows_98se
  • Microsoft windows_2000_professional SP3
  • Microsoft windows_2000_server SP3
  • Microsoft windows_2000_advanced_server SP3
  • Microsoft internet_explorer 6.0
  • Microsoft windows_2000_datacenter_server SP3
  • Microsoft windows_xp_64-bit_edition SP1
  • Microsoft internet_explorer 5.0.1
  • Microsoft windows_2000_datacenter_server SP1
  • Microsoft windows_2000_datacenter_server
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Microsoft windows_2000_professional
  • Microsoft .net_framework 1.1
  • Nortel_networks mobile_voice_client_2050
  • Microsoft windows_2000_server
  • Microsoft windows_2000_professional SP1
  • Microsoft windows_2000_advanced_server SP1
  • Microsoft internet_explorer 5.5 SP1
  • Nortel_networks optivity_telephony_manager_(otm)
  • Microsoft internet_explorer 5.0.1 SP4
  • Microsoft windows_2000_datacenter_server SP4
  • Microsoft windows_2000_professional SP4
  • Microsoft windows_2000_server SP4
  • Microsoft windows_xp_media_center_edition SP1
  • Microsoft internet_explorer 6.0 SP1
  • Microsoft windows_xp_64-bit_edition_version_2003
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_tablet_pc_edition
  • Microsoft windows_2000_server SP1
  • Microsoft internet_explorer 5.0.1 SP2
  • Microsoft windows_2000_advanced_server
  • Microsoft windows_me
  • Microsoft windows_xp_64-bit_edition
  • Microsoft windows_xp_media_center_edition SP2
  • Nortel_networks symposium_web_client
  • Microsoft windows_xp_home SP1
  • Microsoft windows_xp_professional SP1
  • Nortel_networks ip_softphone_2050
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_2000_advanced_server SP4
  • Microsoft internet_explorer 5.5 SP2
  • Microsoft windows_2000_advanced_server SP2
  • Microsoft windows_2000_datacenter_server SP2
  • Microsoft windows_2000_professional SP2
  • Microsoft windows_2000_server SP2
  • Nortel_networks symposium_web_center_portal_(swcp)
  • Microsoft windows_98
  • Microsoft windows_server_2003_enterprise_edition
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft internet_explorer 5.0.1 SP3
  • Microsoft internet_explorer 5.5
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_tablet_pc_edition SP1
  • Microsoft internet_explorer 5.0.1 SP1

HTTP:SQL:INJ:ZOHO-ENGN-SQLI - HTTP: Zoho ManageEngine SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine Applications Manager. A successful attack can lead to SQL injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2019-17602

Affected Products:

  • Zohocorp manageengine_opmanager 12.3
  • Zohocorp manageengine_opmanager 12.2
  • Zohocorp manageengine_opmanager 11.4
  • Zohocorp manageengine_opmanager -
  • Zohocorp manageengine_opmanager 11.5
  • Zohocorp manageengine_opmanager 12.4
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out