Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3293 (06/25/2020)

3 new signatures:

MEDIUMHTTP:DIR:ZOHO-MEOMGR-MUL-DIRTRVHTTP: Zoho ManageEngine OpManager Multiple Directory Traversal
CRITICALHTTP:CTS:CNTRON-RRDB-CMD-INJHTTP: Centreon RRDdatabase_status_path Command Injection
HIGHHTTP:STC:DL:MS-NET-XPS-RCEHTTP: Microsoft .NET Framework XPS File Parsing Remote Code Execution

1 updated signature:

INFOAPP:REMOTE:RDP-CONNECTAPP: Microsoft Remote Desktop Protocol Connection

3 deleted signatures:

CHAT:YIM:LOGIN-ATTEMPTYMSG: Login Attempt
CHAT:AUDIT:YMSG:MESSAGE-SENDYMSG: Message Send
CHAT:YIM:FILE-TRANSFERCHAT: Yahoo! Messenger File Transfer


Details of the signatures included within this bulletin:

HTTP:DIR:ZOHO-MEOMGR-MUL-DIRTRV - HTTP: Zoho ManageEngine OpManager Multiple Directory Traversal

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine OpManager. A successful attack can lead to directory traversal and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-13818
  • url: https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125
  • cve: CVE-2020-12116

Affected Products:

  • Zohocorp manageengine_opmanager 12.3
  • Zohocorp manageengine_opmanager 12.4
  • Zohocorp manageengine_opmanager 12.5

HTTP:CTS:CNTRON-RRDB-CMD-INJ - HTTP: Centreon RRDdatabase_status_path Command Injection

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Centreon Web Application. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-13252

Affected Products:

  • Centreon centreon 19.04.12
  • Centreon centreon 19.04.7
  • Centreon centreon 19.04.2
  • Centreon centreon 19.04.9
  • Centreon centreon 19.04.6
  • Centreon centreon 19.04.11
  • Centreon centreon 19.04.8
  • Centreon centreon 19.04.1
  • Centreon centreon 19.04.10
  • Centreon centreon 19.04.5
  • Centreon centreon 19.04.0
  • Centreon centreon 19.04.13
  • Centreon centreon 19.04.4
  • Centreon centreon 19.04.3

HTTP:STC:DL:MS-NET-XPS-RCE - HTTP: Microsoft .NET Framework XPS File Parsing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework XPS File Parsing Logic. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-0605

Affected Products:

  • Microsoft .net_framework 3.5
  • Microsoft .net_framework 4.7
  • Microsoft .net_framework 4.5.2
  • Microsoft .net_framework 4.7.2
  • Microsoft .net_framework 4.6.2
  • Microsoft .net_framework 3.5.1
  • Microsoft .net_framework 4.7.1
  • Microsoft .net_framework 3.0
  • Microsoft .net_framework 4.8
  • Microsoft .net_framework 4.6.1
  • Microsoft .net_core 3.1
  • Microsoft .net_framework 4.6
  • Microsoft .net_core 1.0
  • Microsoft .net_core 3.0

CHAT:YIM:FILE-TRANSFER - CHAT: Yahoo! Messenger File Transfer

Severity: INFO

Description:

This signature detects file transfers using Yahoo Instant Messenger. Users sharing files can be a violation of your organization's acceptable use policy.

Supported On:

CHAT:YIM:LOGIN-ATTEMPT - YMSG: Login Attempt

Severity: INFO

Description:

This signature detects Yahoo Instant Messenger in "Firewall with no proxies," "HTTP Proxy," or "SOCKS Proxy" modes. These are proxy/tunneling methods to avoid firewalls and IPS filters. Depending on your corporate policies, Instant Messaging can be a violation of your end-user's network usage policy. Setting the action "Close Client and Server" blocks users from chatting on Yahoo over HTTP/SOCKS known proxy ports. This rule should only be applied to a WAN interface.

Supported On:

References:

  • url: http://www.venkydude.com/articles/yahoo.htm
  • url: http://messenger.yahoo.com/
  • url: http://libyahoo2.sourceforge.net/ymsg-9.txt

CHAT:AUDIT:YMSG:MESSAGE-SEND - YMSG: Message Send

Severity: INFO

Description:

This signature detects a Yahoo Messenger client sending a message to another user.

Supported On:

References:

  • url: http://messenger.yahoo.com/
  • url: http://www.venkydude.com/articles/yahoo.htm

APP:REMOTE:RDP-CONNECT - APP: Microsoft Remote Desktop Protocol Connection

Severity: INFO

Description:

This signature detects Microsoft Remote Desktop (RDP) traffic. RDP is a remote administration tool. Anomalous RDP traffic can indicate that the host is compromised.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx
  • url: http://www.microsoft.com/technet/security/bulletin/MS06-009.mspx
  • bugtraq: 16643
  • cve: CVE-2006-0008

Affected Products:

  • Microsoft windows_xp_media_center_edition SP2
  • Microsoft windows_xp_home
  • Microsoft office_2003 SP1
  • Microsoft office_2003 SP2
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_tablet_pc_edition
  • Microsoft windows_xp_home SP1
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_xp_professional SP1
  • Microsoft windows_server_2003_standard_x64_edition
  • Microsoft windows_server_2003_enterprise_x64_edition
  • Microsoft windows_server_2003_datacenter_x64_edition
  • Microsoft windows_xp_professional_x64_edition
  • Microsoft windows_server_2003_datacenter_edition SP1
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition SP1
  • Microsoft windows_server_2003_standard_edition SP1
  • Microsoft windows_server_2003_web_edition SP1
  • Microsoft office_2003
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_professional
  • Microsoft windows_server_2003_enterprise_edition
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_tablet_pc_edition SP1
  • Microsoft windows_xp_media_center_edition SP1
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out