Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3303 (07/30/2020)

9 deprecated signatures:

CRITICALHTTP:HPE-CVE-2019-11941-ELHTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Pattern covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-EXP-LANG-INJHTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-EXPINJHTTP: HPE IMC devGroupSelect Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS-HPE-IMC-RCEHTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
CRITICALHTTP:MISC:HPE-IMC-ELINJHTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:HPE-IMCP-URL-RCEHTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:HPE-INJECTION-RCEHTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-FR-EL-CIHTTP: HPE IMC ForwardRedirect Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
CRITICALHTTP:MISC:HPE-IMC-OPETATOR-CEHTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/

Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups

2 new signatures:

MEDIUMHTTP:STC:MS-NET-SP-VS-INSEC-DESHTTP: Microsoft .NET Framework SharePoint and Visual Studio Insecure Deserialization
MEDIUMHTTP:INFO-LEAK:CITRIX-MUL-APPHTTP: Citrix ADC Gateway SDWAN WAN-OP Information Disclosure


Details of the signatures included within this bulletin:


HTTP:STC:MS-NET-SP-VS-INSEC-DES - HTTP: Microsoft .NET Framework SharePoint and Visual Studio Insecure Deserialization

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework, SharePoint and Visual Studio. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-1147

Affected Products:

  • Microsoft visual_studio_2019 16.3.8
  • Microsoft visual_studio_2019 16.0.4
  • Microsoft visual_studio_2019 16.5.2
  • Microsoft visual_studio_2019 16.0.2
  • Microsoft visual_studio_2017 15.3.5
  • Microsoft .net_framework 4.7.2
  • Microsoft visual_studio_2017 15.3
  • Microsoft visual_studio_2017 15.6.5
  • Microsoft visual_studio_2017 15.1
  • Microsoft .net_framework 3.0
  • Microsoft visual_studio_2017 15.3.1
  • Microsoft visual_studio_2017 15.6.7
  • Microsoft visual_studio_2019 16.3.0
  • Microsoft sharepoint_enterprise_server 2016
  • Microsoft visual_studio_2017 15.7
  • Microsoft sharepoint_server 2010
  • Microsoft visual_studio_2017 15.3.3
  • Microsoft visual_studio_2017 15.6.1
  • Microsoft visual_studio_2019 16.3.2
  • Microsoft visual_studio_2017 15.8.3
  • Microsoft visual_studio_2017 15.5
  • Microsoft visual_studio_2017 15.6.3
  • Microsoft visual_studio_2019 16.3.4
  • Microsoft visual_studio_2017 15.8.1
  • Microsoft visual_studio_2019 16.3.6
  • Microsoft visual_studio_2017 15.8.7
  • Microsoft visual_studio_2017 15.5.2
  • Microsoft visual_studio_2019 16.4.3
  • Microsoft visual_studio_2017 15.8.5
  • Microsoft .net_core 2.1
  • Microsoft .net_framework 4.5.2
  • Microsoft visual_studio_2019 16.4.1
  • Microsoft visual_studio_2017 15.5.6
  • Microsoft .net_framework 3.5.1
  • Microsoft visual_studio_2017 15.5.4
  • Microsoft visual_studio_2019 16.4.5
  • Microsoft visual_studio_2019 16.2.1
  • Microsoft visual_studio_2017 15.2.1
  • Microsoft visual_studio_2019 16.5.0
  • Microsoft visual_studio_2019 16.1.2
  • Microsoft visual_studio_2019 16.2.3
  • Microsoft visual_studio_2017 15.2.3
  • Microsoft visual_studio_2017 15.1.1
  • Microsoft visual_studio_2017 15.2.5
  • Microsoft .net_framework 4.6.2
  • Microsoft visual_studio_2017 15.4.4
  • Microsoft .net_framework 4.6
  • Microsoft visual_studio_2019 16.1.6
  • Microsoft visual_studio_2017 15.4.2
  • Microsoft visual_studio_2019 16.1.4
  • Microsoft visual_studio_2019 16.2
  • Microsoft visual_studio_2019 16.0
  • Microsoft .net_core 3.1
  • Microsoft visual_studio_2017 15.7.2
  • Microsoft visual_studio_2017 15.8
  • Microsoft visual_studio_2019 16.0.7
  • Microsoft visual_studio_2019 16.6
  • Microsoft visual_studio_2017 15.7.4
  • Microsoft visual_studio_2019 16.0.5
  • Microsoft visual_studio_2019 16.4
  • Microsoft visual_studio_2019 16.3.9
  • Microsoft visual_studio_2017 15.7.6
  • Microsoft visual_studio_2019 16.0.3
  • Microsoft .net_framework 4.7.1
  • Microsoft visual_studio_2017 15.2
  • Microsoft visual_studio_2019 16.0.1
  • Microsoft visual_studio_2017 15.3.4
  • Microsoft visual_studio_2017 15.6.4
  • Microsoft visual_studio_2019 16.5.1
  • Microsoft sharepoint_enterprise_server 2013
  • Microsoft visual_studio_2017 15.0
  • Microsoft visual_studio_2017 15.6.6
  • Microsoft visual_studio_2017 15.6
  • Microsoft visual_studio_2019 16.3.1
  • Microsoft visual_studio_2017 15.8.2
  • Microsoft visual_studio_2017 15.4
  • Microsoft visual_studio_2017 15.3.2
  • Microsoft visual_studio_2017 15.6.2
  • Microsoft visual_studio_2019 16.3.3
  • Microsoft .net_framework 3.5
  • Microsoft visual_studio_2019 16.3.5
  • Microsoft visual_studio_2017 15.8.6
  • Microsoft visual_studio_2017 15.5.3
  • Microsoft visual_studio_2019 16.3.7
  • Microsoft visual_studio_2017 15.8.4
  • Microsoft visual_studio_2017 15.1.2
  • Microsoft visual_studio_2017 15.5.1
  • Microsoft visual_studio_2019 16.4.2
  • Microsoft visual_studio_2017 15.5.7
  • Microsoft visual_studio_2017 15.8.8
  • Microsoft visual_studio_2019 16.2.4
  • Microsoft .net_framework 2.0
  • Microsoft visual_studio_2017 15.5.5
  • Microsoft visual_studio_2019 16.4.6
  • Microsoft .net_framework 4.8
  • Microsoft visual_studio_2019 16.4.4
  • Microsoft visual_studio_2017 15.2.2
  • Microsoft .net_framework 4.6.1
  • Microsoft visual_studio_2019 16.1.3
  • Microsoft visual_studio_2019 16.2.2
  • Microsoft visual_studio_2017 15.2.4
  • Microsoft .net_framework 4.7
  • Microsoft visual_studio_2019 16.1.1
  • Microsoft visual_studio_2017 15.4.5
  • Microsoft sharepoint_server 2019
  • Microsoft visual_studio_2019 16.3
  • Microsoft visual_studio_2017 15.4.3
  • Microsoft visual_studio_2017 15.7.1
  • Microsoft visual_studio_2019 16.1.5
  • Microsoft visual_studio_2019 16.1
  • Microsoft visual_studio_2017 15.4.1
  • Microsoft visual_studio_2017 15.7.3
  • Microsoft visual_studio_2017 15.7.5
  • Microsoft visual_studio_2017 15.9
  • Microsoft visual_studio_2019 16.0.6
  • Microsoft visual_studio_2019 16.5

HTTP:INFO-LEAK:CITRIX-MUL-APP - HTTP: Citrix ADC Gateway SDWAN WAN-OP Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Citrix ADC,Gateway and SDWAN WAN-OP. A successful attack can lead to sensitive information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-8196
  • cve: CVE-2020-8195

Affected Products:

  • Citrix application_delivery_controller_firmware 13.0
  • Citrix application_delivery_controller_firmware 12.1
  • Citrix netscaler_gateway_firmware 10.5
  • Citrix netscaler_gateway_firmware 12.1
  • Citrix gateway_firmware 13.0
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out