Update Details
Update #3456 (01/13/2022)
2 new signatures:
| MEDIUM | HTTP:OVERFLOW:DOPSFT-XLS-MUL | HTTP: Delta Industrial Automation DOPSoft XLS Multiple Buffer Overflow |
| MEDIUM | HTTP:CTS:IVANTI-AVA-ES-CMD-INJ | HTTP: Ivanti Avalanche Enterprise Service Command Injection |
1 updated signature:
| HIGH | HTTP:DIR:NOVELL-GROUPWSE-DIRTRA | HTTP: Novell GroupWise Admin Service FileUploadServlet Directory Traversal |
Details of the signatures included within this bulletin:
HTTP:DIR:NOVELL-GROUPWSE-DIRTRA - HTTP: Novell GroupWise Admin Service FileUploadServlet Directory Traversal
Severity: HIGH
Description:
This signature detects directory traversal attempts in Administration Service of Novell GroupWise 2014.A successful attack can lead to gain access to restricted files. This may lead to disclosure of sensitive information.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-12.3, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.3, srx-branch-12.3, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2014-0600
HTTP:OVERFLOW:DOPSFT-XLS-MUL - HTTP: Delta Industrial Automation DOPSoft XLS Multiple Buffer Overflow
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Delta Industrial Automation DOPSoft. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-12.3, srx-12.3, srx-branch-12.3, vsrx-12.1, vsrx-15.1
References:
- url: http://www.zerodayinitiative.com/advisories/ZDI-21-956/
- url: http://www.zerodayinitiative.com/advisories/ZDI-21-957/
- cve: CVE-2021-38406
- url: http://www.zerodayinitiative.com/advisories/ZDI-21-960/
Affected Products:
- Deltaww dopsoft 2.00-2.00.07
HTTP:CTS:IVANTI-AVA-ES-CMD-INJ - HTTP: Ivanti Avalanche Enterprise Service Command Injection
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Ivanti Avalanche Enterprise Service. A successful attack can lead to command injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-12.3, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.3, srx-branch-12.3, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2021-42129
Affected Products:
- Ivanti avalanche