Update #3303 (07/30/2020)
9 deprecated signatures:
CRITICAL | HTTP:HPE-CVE-2019-11941-EL | HTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection |
Removal Date: 09/07/2020 |
Reason For Deprecation: Pattern covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
HIGH | HTTP:CTS:HPE-IMC-EXP-LANG-INJ | HTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection |
Removal Date: 09/07/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
HIGH | HTTP:CTS:HPE-IMC-EXPINJ | HTTP: HPE IMC devGroupSelect Expression Language Injection |
Removal Date: 09/07/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
HIGH | HTTP:CTS-HPE-IMC-RCE | HTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection |
Removal Date: 09/08/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
CRITICAL | HTTP:MISC:HPE-IMC-ELINJ | HTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection |
Removal Date: 09/08/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
HIGH | HTTP:HPE-IMCP-URL-RCE | HTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection |
Removal Date: 09/08/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
HIGH | HTTP:HPE-INJECTION-RCE | HTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection |
Removal Date: 09/08/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
HIGH | HTTP:CTS:HPE-IMC-FR-EL-CI | HTTP: HPE IMC ForwardRedirect Expression Language Injection |
Removal Date: 09/08/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
CRITICAL | HTTP:MISC:HPE-IMC-OPETATOR-CE | HTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection |
Removal Date: 09/08/2020 |
Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups
2 new signatures:
MEDIUM | HTTP:STC:MS-NET-SP-VS-INSEC-DES | HTTP: Microsoft .NET Framework SharePoint and Visual Studio Insecure Deserialization |
MEDIUM | HTTP:INFO-LEAK:CITRIX-MUL-APP | HTTP: Citrix ADC Gateway SDWAN WAN-OP Information Disclosure |
Details of the signatures included within this bulletin:
HTTP:STC:MS-NET-SP-VS-INSEC-DES - HTTP: Microsoft .NET Framework SharePoint and Visual Studio Insecure Deserialization
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework, SharePoint and Visual Studio. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft visual_studio_2019 16.3.8
- Microsoft visual_studio_2019 16.0.4
- Microsoft visual_studio_2019 16.5.2
- Microsoft visual_studio_2019 16.0.2
- Microsoft visual_studio_2017 15.3.5
- Microsoft .net_framework 4.7.2
- Microsoft visual_studio_2017 15.3
- Microsoft visual_studio_2017 15.6.5
- Microsoft visual_studio_2017 15.1
- Microsoft .net_framework 3.0
- Microsoft visual_studio_2017 15.3.1
- Microsoft visual_studio_2017 15.6.7
- Microsoft visual_studio_2019 16.3.0
- Microsoft sharepoint_enterprise_server 2016
- Microsoft visual_studio_2017 15.7
- Microsoft sharepoint_server 2010
- Microsoft visual_studio_2017 15.3.3
- Microsoft visual_studio_2017 15.6.1
- Microsoft visual_studio_2019 16.3.2
- Microsoft visual_studio_2017 15.8.3
- Microsoft visual_studio_2017 15.5
- Microsoft visual_studio_2017 15.6.3
- Microsoft visual_studio_2019 16.3.4
- Microsoft visual_studio_2017 15.8.1
- Microsoft visual_studio_2019 16.3.6
- Microsoft visual_studio_2017 15.8.7
- Microsoft visual_studio_2017 15.5.2
- Microsoft visual_studio_2019 16.4.3
- Microsoft visual_studio_2017 15.8.5
- Microsoft .net_core 2.1
- Microsoft .net_framework 4.5.2
- Microsoft visual_studio_2019 16.4.1
- Microsoft visual_studio_2017 15.5.6
- Microsoft .net_framework 3.5.1
- Microsoft visual_studio_2017 15.5.4
- Microsoft visual_studio_2019 16.4.5
- Microsoft visual_studio_2019 16.2.1
- Microsoft visual_studio_2017 15.2.1
- Microsoft visual_studio_2019 16.5.0
- Microsoft visual_studio_2019 16.1.2
- Microsoft visual_studio_2019 16.2.3
- Microsoft visual_studio_2017 15.2.3
- Microsoft visual_studio_2017 15.1.1
- Microsoft visual_studio_2017 15.2.5
- Microsoft .net_framework 4.6.2
- Microsoft visual_studio_2017 15.4.4
- Microsoft .net_framework 4.6
- Microsoft visual_studio_2019 16.1.6
- Microsoft visual_studio_2017 15.4.2
- Microsoft visual_studio_2019 16.1.4
- Microsoft visual_studio_2019 16.2
- Microsoft visual_studio_2019 16.0
- Microsoft .net_core 3.1
- Microsoft visual_studio_2017 15.7.2
- Microsoft visual_studio_2017 15.8
- Microsoft visual_studio_2019 16.0.7
- Microsoft visual_studio_2019 16.6
- Microsoft visual_studio_2017 15.7.4
- Microsoft visual_studio_2019 16.0.5
- Microsoft visual_studio_2019 16.4
- Microsoft visual_studio_2019 16.3.9
- Microsoft visual_studio_2017 15.7.6
- Microsoft visual_studio_2019 16.0.3
- Microsoft .net_framework 4.7.1
- Microsoft visual_studio_2017 15.2
- Microsoft visual_studio_2019 16.0.1
- Microsoft visual_studio_2017 15.3.4
- Microsoft visual_studio_2017 15.6.4
- Microsoft visual_studio_2019 16.5.1
- Microsoft sharepoint_enterprise_server 2013
- Microsoft visual_studio_2017 15.0
- Microsoft visual_studio_2017 15.6.6
- Microsoft visual_studio_2017 15.6
- Microsoft visual_studio_2019 16.3.1
- Microsoft visual_studio_2017 15.8.2
- Microsoft visual_studio_2017 15.4
- Microsoft visual_studio_2017 15.3.2
- Microsoft visual_studio_2017 15.6.2
- Microsoft visual_studio_2019 16.3.3
- Microsoft .net_framework 3.5
- Microsoft visual_studio_2019 16.3.5
- Microsoft visual_studio_2017 15.8.6
- Microsoft visual_studio_2017 15.5.3
- Microsoft visual_studio_2019 16.3.7
- Microsoft visual_studio_2017 15.8.4
- Microsoft visual_studio_2017 15.1.2
- Microsoft visual_studio_2017 15.5.1
- Microsoft visual_studio_2019 16.4.2
- Microsoft visual_studio_2017 15.5.7
- Microsoft visual_studio_2017 15.8.8
- Microsoft visual_studio_2019 16.2.4
- Microsoft .net_framework 2.0
- Microsoft visual_studio_2017 15.5.5
- Microsoft visual_studio_2019 16.4.6
- Microsoft .net_framework 4.8
- Microsoft visual_studio_2019 16.4.4
- Microsoft visual_studio_2017 15.2.2
- Microsoft .net_framework 4.6.1
- Microsoft visual_studio_2019 16.1.3
- Microsoft visual_studio_2019 16.2.2
- Microsoft visual_studio_2017 15.2.4
- Microsoft .net_framework 4.7
- Microsoft visual_studio_2019 16.1.1
- Microsoft visual_studio_2017 15.4.5
- Microsoft sharepoint_server 2019
- Microsoft visual_studio_2019 16.3
- Microsoft visual_studio_2017 15.4.3
- Microsoft visual_studio_2017 15.7.1
- Microsoft visual_studio_2019 16.1.5
- Microsoft visual_studio_2019 16.1
- Microsoft visual_studio_2017 15.4.1
- Microsoft visual_studio_2017 15.7.3
- Microsoft visual_studio_2017 15.7.5
- Microsoft visual_studio_2017 15.9
- Microsoft visual_studio_2019 16.0.6
- Microsoft visual_studio_2019 16.5
HTTP:INFO-LEAK:CITRIX-MUL-APP - HTTP: Citrix ADC Gateway SDWAN WAN-OP Information Disclosure
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Citrix ADC,Gateway and SDWAN WAN-OP. A successful attack can lead to sensitive information disclosure.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Citrix application_delivery_controller_firmware 13.0
- Citrix application_delivery_controller_firmware 12.1
- Citrix netscaler_gateway_firmware 10.5
- Citrix netscaler_gateway_firmware 12.1
- Citrix gateway_firmware 13.0