Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3313 (09/03/2020)

9 deprecated signatures:

CRITICALHTTP:HPE-CVE-2019-11941-ELHTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Pattern covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-EXP-LANG-INJHTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-EXPINJHTTP: HPE IMC devGroupSelect Expression Language Injection Removal Date: 09/07/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS-HPE-IMC-RCEHTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
CRITICALHTTP:MISC:HPE-IMC-ELINJHTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:HPE-IMCP-URL-RCEHTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:HPE-INJECTION-RCEHTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
HIGHHTTP:CTS:HPE-IMC-FR-EL-CIHTTP: HPE IMC ForwardRedirect Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/
CRITICALHTTP:MISC:HPE-IMC-OPETATOR-CEHTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection Removal Date: 09/08/2020 Reason For Deprecation: Covered in https://qnc-sigdb1.juniper.net/sigs/signature/20161/

Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups

3 new signatures:

MEDIUMHTTP:STC:ADOBE:CVE-2020-9716-IDHTTP: Adobe Acrobat and Reader CVE-2020-9716 Information disclosure
LOWHTTP:XSS:RCONFIG-NDCT-XSSHTTP: rConfig Network Device Configuration Tool devicemgmt.php Cross-Site Scripting
MEDIUMHTTP:CTS:MS-SHRPNT-WEBPRTS-RCEHTTP: Microsoft SharePoint Server Web Parts Remote Code Execution

1 updated signature:

CRITICALSHELLCODE:X86:UDP-ENCODERSHELLCODE: Multiple Encoder For UDP


Details of the signatures included within this bulletin:


HTTP:STC:ADOBE:CVE-2020-9716-ID - HTTP: Adobe Acrobat and Reader CVE-2020-9716 Information disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to sensitive information disclosure.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • url: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
  • cve: CVE-2020-9716

Affected Products:

  • Adobe acrobat_reader_dc 20.009.20074
  • Adobe acrobat_dc 15.006.30523
  • Adobe acrobat_dc 20.009.20074
  • Adobe acrobat_reader_dc 17.011.30171
  • Adobe acrobat_reader_dc 15.006.30523
  • Adobe acrobat_dc 17.011.30171
  • Adobe acrobat_reader_dc 17.012.20093
  • Adobe acrobat_reader_dc 15.016.20041
  • Adobe acrobat_reader_dc 15.006.30504
  • Adobe acrobat_reader_dc 15.006.30434
  • Adobe acrobat_dc 15.016.20041
  • Adobe acrobat_reader_dc 15.006.30416
  • Adobe acrobat_reader_dc 17.000.0000
  • Adobe acrobat_reader_dc 17.011.30078
  • Adobe acrobat_reader_dc 17.011.30102
  • Adobe acrobat_reader_dc 19.008.20074
  • Adobe acrobat_reader_dc 15.006.30173
  • Adobe acrobat_dc 17.011.30106
  • Adobe acrobat_dc 15.010.20059
  • Adobe acrobat_dc 17.011.30166
  • Adobe acrobat_reader_dc 20.006.20042
  • Adobe acrobat_reader_dc 15.017.20050
  • Adobe acrobat_dc 15.006.30413
  • Adobe acrobat_reader_dc 15.006.30418
  • Adobe acrobat_reader_dc 17.011.30059
  • Adobe acrobat_reader_dc 17.012.20098
  • Adobe acrobat_reader_dc 17.011.30080
  • Adobe acrobat_reader_dc 15.023.20056
  • Adobe acrobat_dc 19.010.20091
  • Adobe acrobat_reader_dc 17.011.30140
  • Adobe acrobat_dc 19.012.20036
  • Adobe acrobat_dc 15.023.20056
  • Adobe acrobat_dc 15.006.30097
  • Adobe acrobat_reader_dc 17.011.30127
  • Adobe acrobat_reader_dc 15.016.20039
  • Adobe acrobat_dc 17.011.30080
  • Adobe acrobat_reader_dc 15.006.30097
  • Adobe acrobat_reader_dc 15.006.30121
  • Adobe acrobat_reader_dc 18.011.20040
  • Adobe acrobat_dc 17.011.30127
  • Adobe acrobat_dc 17.011.30142
  • Adobe acrobat_dc 17.011.30068
  • Adobe acrobat_dc 15.008.20082
  • Adobe acrobat_reader_dc 19.010.20091
  • Adobe acrobat_reader_dc 17.011.30068
  • Adobe acrobat_dc 15.006.30482
  • Adobe acrobat_dc 15.006.30280
  • Adobe acrobat_reader_dc 15.006.30355
  • Adobe acrobat_dc 15.006.30173
  • Adobe acrobat_reader_dc 15.008.20082
  • Adobe acrobat_reader_dc 15.006.30464
  • Adobe acrobat_dc 17.012.20095
  • Adobe acrobat_reader_dc 17.011.30110
  • Adobe acrobat_dc 17.011.30099
  • Adobe acrobat_reader_dc 17.009.20044
  • Adobe acrobat_reader_dc 17.011.30099
  • Adobe acrobat_reader_dc 15.006.30482
  • Adobe acrobat_reader_dc 15.006.30518
  • Adobe acrobat_dc 17.011.30079
  • Adobe acrobat_dc 19.008.20071
  • Adobe acrobat_dc 15.006.30355
  • Adobe acrobat_dc 15.006.30457
  • Adobe acrobat_dc 15.010.20060
  • Adobe acrobat_reader_dc 15.006.30457
  • Adobe acrobat_reader_dc 19.008.20080
  • Adobe acrobat_reader_dc 15.006.30497
  • Adobe acrobat_dc 15.006.30518
  • Adobe acrobat_dc 19.008.20080
  • Adobe acrobat_reader_dc 18.011.20063
  • Adobe acrobat_dc 15.006.30418
  • Adobe acrobat_dc 15.006.30448
  • Adobe acrobat_dc 17.011.30066
  • Adobe acrobat_reader_dc 19.010.20069
  • Adobe acrobat_reader_dc 15.006.30495
  • Adobe acrobat_dc 15.017.20053
  • Adobe acrobat_dc 17.009.20044
  • Adobe acrobat_reader_dc 17.011.30079
  • Adobe acrobat_dc 19.010.20069
  • Adobe acrobat_dc 15.006.30493
  • Adobe acrobat_dc 15.006.30279
  • Adobe acrobat_dc 17.012.20096
  • Adobe acrobat_reader_dc 15.006.30493
  • Adobe acrobat_reader_dc 15.023.20070
  • Adobe acrobat_reader_dc 15.006.30172
  • Adobe acrobat_reader_dc 19.008.20081
  • Adobe acrobat_reader_dc 15.006.30505
  • Adobe acrobat_reader_dc 19.008.20071
  • Adobe acrobat_dc 15.006.30495
  • Adobe acrobat_dc 15.023.20070
  • Adobe acrobat_dc 15.006.30174
  • Adobe acrobat_dc 17.012.20098
  • Adobe acrobat_dc 18.011.20063
  • Adobe acrobat_reader_dc 15.006.30174
  • Adobe acrobat_dc 15.006.30475
  • Adobe acrobat_reader_dc 17.012.20095
  • Adobe acrobat_dc 15.006.30497
  • Adobe acrobat_dc 15.006.30172
  • Adobe acrobat_dc 17.011.30152
  • Adobe acrobat_reader_dc 15.006.30279
  • Adobe acrobat_reader_dc 17.011.30156
  • Adobe acrobat_reader_dc 15.017.20053
  • Adobe acrobat_reader_dc 17.011.30105
  • Adobe acrobat_dc 17.011.30150
  • Adobe acrobat_reader_dc 17.011.30150
  • Adobe acrobat_dc 17.011.30156
  • Adobe acrobat_dc 15.006.30416
  • Adobe acrobat_reader_dc 17.011.30113
  • Adobe acrobat_dc 18.011.20040
  • Adobe acrobat_reader_dc 17.011.30152
  • Adobe acrobat_reader_dc 15.010.20056
  • Adobe acrobat_dc 19.010.20098
  • Adobe acrobat_reader_dc 20.001.30002
  • Adobe acrobat_reader_dc 15.006.30461
  • Adobe acrobat_reader_dc 15.006.30244
  • Adobe acrobat_dc 18.011.20055
  • Adobe acrobat_reader_dc 15.006.30201
  • Adobe acrobat_reader_dc 17.011.30065
  • Adobe acrobat_reader_dc 15.006.30417
  • Adobe acrobat_dc 17.000.0000
  • Adobe acrobat_dc 17.011.30113
  • Adobe acrobat_dc 15.010.20056
  • Adobe acrobat_dc 15.006.30244
  • Adobe acrobat_dc 15.006.30504
  • Adobe acrobat_dc 17.011.30143
  • Adobe acrobat_reader_dc 19.012.20035
  • Adobe acrobat_dc 15.009.20079
  • Adobe acrobat_dc 20.001.30002
  • Adobe acrobat_reader_dc 17.011.30143
  • Adobe acrobat_dc 15.023.20053
  • Adobe acrobat_dc 15.006.30094
  • Adobe acrobat_reader_dc 19.010.20098
  • Adobe acrobat_reader_dc 18.011.20055
  • Adobe acrobat_dc 20.006.20042
  • Adobe acrobat_dc 17.011.30065
  • Adobe acrobat_dc 19.012.20035
  • Adobe acrobat_dc 15.009.20069
  • Adobe acrobat_dc 15.006.30096
  • Adobe acrobat_dc 19.021.20058
  • Adobe acrobat_reader_dc 17.011.30096
  • Adobe acrobat_dc 17.011.30120
  • Adobe acrobat_reader_dc 15.009.20079
  • Adobe acrobat_dc 17.011.30096
  • Adobe acrobat_reader_dc 19.021.20047
  • Adobe acrobat_dc 15.020.20039
  • Adobe acrobat_dc 15.006.30060
  • Adobe acrobat_dc 17.011.30070
  • Adobe acrobat_reader_dc 15.023.20053
  • Adobe acrobat_dc 15.006.30198
  • Adobe acrobat_dc 15.006.30498
  • Adobe acrobat_dc 19.008.20074
  • Adobe acrobat_reader_dc 17.011.30106
  • Adobe acrobat_dc 17.011.30110
  • Adobe acrobat_dc 17.011.30102
  • Adobe acrobat_reader_dc 18.011.20038
  • Adobe acrobat_dc 19.008.20081
  • Adobe acrobat_dc 15.006.30417
  • Adobe acrobat_reader_dc 15.010.20059
  • Adobe acrobat_dc 18.011.20058
  • Adobe acrobat_reader_dc 15.006.30094
  • Adobe acrobat_reader_dc 18.009.20050
  • Adobe acrobat_reader_dc 15.006.30448
  • Adobe acrobat_dc 15.017.20050
  • Adobe acrobat_dc 17.009.20058
  • Adobe acrobat_reader_dc 17.011.30166
  • Adobe acrobat_reader_dc 15.006.30198
  • Adobe acrobat_dc 15.006.30464
  • Adobe acrobat_reader_dc 15.006.30475
  • Adobe acrobat_dc 17.011.30059
  • Adobe acrobat_reader_dc 15.009.20069
  • Adobe acrobat_reader_dc 15.010.20060
  • Adobe acrobat_dc 18.009.20044
  • Adobe acrobat_dc 15.006.30508
  • Adobe acrobat_dc 19.010.20099
  • Adobe acrobat_dc 15.006.30201
  • Adobe acrobat_reader_dc 15.006.30498
  • Adobe acrobat_dc 18.011.20038
  • Adobe acrobat_dc 15.006.30243
  • Adobe acrobat_dc 17.011.30140
  • Adobe acrobat_dc 19.010.20100
  • Adobe acrobat_reader_dc 15.006.30508
  • Adobe acrobat_reader_dc 17.011.30066
  • Adobe acrobat_reader_dc 19.012.20036
  • Adobe acrobat_dc 18.009.20050
  • Adobe acrobat_dc 17.011.30105
  • Adobe acrobat_reader_dc 15.006.30243
  • Adobe acrobat_reader_dc 17.011.30144
  • Adobe acrobat_dc 15.016.20039
  • Adobe acrobat_reader_dc 17.009.20058
  • Adobe acrobat_reader_dc 19.010.20099
  • Adobe acrobat_reader_dc 19.010.20100
  • Adobe acrobat_reader_dc 19.012.20034
  • Adobe acrobat_dc 15.006.30121
  • Adobe acrobat_reader_dc 15.020.20042
  • Adobe acrobat_reader_dc 17.011.30142
  • Adobe acrobat_dc 19.012.20034
  • Adobe acrobat_reader_dc 15.006.30096
  • Adobe acrobat_dc 19.021.20047
  • Adobe acrobat_reader_dc 15.009.20077
  • Adobe acrobat_reader_dc 17.011.30120
  • Adobe acrobat_reader_dc 15.006.30280
  • Adobe acrobat_dc 15.009.20071
  • Adobe acrobat_reader_dc 18.009.20044
  • Adobe acrobat_reader_dc 15.020.20039
  • Adobe acrobat_dc 19.010.20064
  • Adobe acrobat_reader_dc 15.006.30354
  • Adobe acrobat_dc 15.006.30352
  • Adobe acrobat_reader_dc 19.021.20058
  • Adobe acrobat_reader_dc 15.006.30060
  • Adobe acrobat_dc 15.006.30119
  • Adobe acrobat_dc 15.006.30306
  • Adobe acrobat_reader_dc 19.021.20056
  • Adobe acrobat_reader_dc 15.016.20045
  • Adobe acrobat_reader_dc 17.011.30070
  • Adobe acrobat_reader_dc 15.009.20071
  • Adobe acrobat_dc 17.011.30155
  • Adobe acrobat_reader_dc 15.006.30392
  • Adobe acrobat_reader_dc 15.006.30452
  • Adobe acrobat_dc 17.011.30078
  • Adobe acrobat_dc 15.009.20077
  • Adobe acrobat_reader_dc 19.010.20064
  • Adobe acrobat_dc 15.006.30394
  • Adobe acrobat_dc 15.006.30456
  • Adobe acrobat_reader_dc 15.006.30352
  • Adobe acrobat_reader_dc 15.006.30306
  • Adobe acrobat_reader_dc 15.006.30394
  • Adobe acrobat_reader_dc 17.011.30138
  • Adobe acrobat_dc 15.016.20045
  • Adobe acrobat_dc 15.006.30354
  • Adobe acrobat_dc 15.006.30392
  • Adobe acrobat_dc 15.006.30434
  • Adobe acrobat_dc 19.021.20056
  • Adobe acrobat_reader_dc 15.006.30456
  • Adobe acrobat_dc 17.012.20093
  • Adobe acrobat_dc 15.020.20042
  • Adobe acrobat_reader_dc 15.006.30119
  • Adobe acrobat_dc 15.006.30452
  • Adobe acrobat_dc 17.011.30138

HTTP:XSS:RCONFIG-NDCT-XSS - HTTP: rConfig Network Device Configuration Tool devicemgmt.php Cross-Site Scripting

Severity: LOW

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability against rConfig. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attack.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-12259
  • cve: CVE-2020-12256

Affected Products:

  • Rconfig rconfig 3.9.4

SHELLCODE:X86:UDP-ENCODER - SHELLCODE: Multiple Encoder For UDP

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been encoded using the x86/nonupper or x86/nonalpha encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.eeye.com/html/Research/Advisories/AD20040318.html

HTTP:CTS:MS-SHRPNT-WEBPRTS-RCE - HTTP: Microsoft SharePoint Server Web Parts Remote Code Execution

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Server. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-1181

Affected Products:

  • Microsoft sharepoint_foundation 2013
  • Microsoft sharepoint_foundation 2010
  • Microsoft sharepoint_enterprise_server 2016
  • Microsoft sharepoint_server 2019
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out