Update Details
Update #3313 (09/03/2020)
9 deprecated signatures:
| CRITICAL | HTTP:HPE-CVE-2019-11941-EL | HTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection | Removal Date: 09/07/2020 | Reason For Deprecation: Pattern covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| HIGH | HTTP:CTS:HPE-IMC-EXP-LANG-INJ | HTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection | Removal Date: 09/07/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| HIGH | HTTP:CTS:HPE-IMC-EXPINJ | HTTP: HPE IMC devGroupSelect Expression Language Injection | Removal Date: 09/07/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| HIGH | HTTP:CTS-HPE-IMC-RCE | HTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection | Removal Date: 09/08/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| CRITICAL | HTTP:MISC:HPE-IMC-ELINJ | HTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection | Removal Date: 09/08/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| HIGH | HTTP:HPE-IMCP-URL-RCE | HTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection | Removal Date: 09/08/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| HIGH | HTTP:HPE-INJECTION-RCE | HTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection | Removal Date: 09/08/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| HIGH | HTTP:CTS:HPE-IMC-FR-EL-CI | HTTP: HPE IMC ForwardRedirect Expression Language Injection | Removal Date: 09/08/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
| CRITICAL | HTTP:MISC:HPE-IMC-OPETATOR-CE | HTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection | Removal Date: 09/08/2020 | Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/ |
Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups
3 new signatures:
| MEDIUM | HTTP:STC:ADOBE:CVE-2020-9716-ID | HTTP: Adobe Acrobat and Reader CVE-2020-9716 Information disclosure |
| LOW | HTTP:XSS:RCONFIG-NDCT-XSS | HTTP: rConfig Network Device Configuration Tool devicemgmt.php Cross-Site Scripting |
| MEDIUM | HTTP:CTS:MS-SHRPNT-WEBPRTS-RCE | HTTP: Microsoft SharePoint Server Web Parts Remote Code Execution |
1 updated signature:
| CRITICAL | SHELLCODE:X86:UDP-ENCODER | SHELLCODE: Multiple Encoder For UDP |
Details of the signatures included within this bulletin:
HTTP:STC:ADOBE:CVE-2020-9716-ID - HTTP: Adobe Acrobat and Reader CVE-2020-9716 Information disclosure
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to sensitive information disclosure.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 20.009.20074
- Adobe acrobat_dc 15.006.30523
- Adobe acrobat_dc 20.009.20074
- Adobe acrobat_reader_dc 17.011.30171
- Adobe acrobat_reader_dc 15.006.30523
- Adobe acrobat_dc 17.011.30171
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30504
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 17.011.30166
- Adobe acrobat_reader_dc 20.006.20042
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 19.012.20036
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30518
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 15.006.30518
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_reader_dc 15.006.30505
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_dc 17.011.30152
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 17.011.30156
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_dc 17.011.30150
- Adobe acrobat_reader_dc 17.011.30150
- Adobe acrobat_dc 17.011.30156
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 17.011.30152
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 20.001.30002
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.006.30504
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_reader_dc 19.012.20035
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 20.001.30002
- Adobe acrobat_reader_dc 17.011.30143
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 20.006.20042
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 19.012.20035
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 19.021.20058
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_reader_dc 19.021.20047
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 17.011.30166
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.006.30508
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 15.006.30508
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 19.012.20036
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_reader_dc 17.011.30144
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_dc 19.021.20047
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 19.021.20058
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 19.021.20056
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 17.011.30155
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_dc 19.021.20056
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
HTTP:XSS:RCONFIG-NDCT-XSS - HTTP: rConfig Network Device Configuration Tool devicemgmt.php Cross-Site Scripting
Severity: LOW
Description:
This signature detects attempts to exploit a known cross-site scripting vulnerability against rConfig. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attack.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-12259
- cve: CVE-2020-12256
Affected Products:
- Rconfig rconfig 3.9.4
SHELLCODE:X86:UDP-ENCODER - SHELLCODE: Multiple Encoder For UDP
Severity: CRITICAL
Description:
This signature detects payloads being transferred over network that have been encoded using the x86/nonupper or x86/nonalpha encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
HTTP:CTS:MS-SHRPNT-WEBPRTS-RCE - HTTP: Microsoft SharePoint Server Web Parts Remote Code Execution
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Server. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-1181
Affected Products:
- Microsoft sharepoint_foundation 2013
- Microsoft sharepoint_foundation 2010
- Microsoft sharepoint_enterprise_server 2016
- Microsoft sharepoint_server 2019