IPS Signature Release Note V9.16April 2016 Page 1 of 15 SOPHOS IPS Signature Update Release Notes...
Transcript of IPS Signature Release Note V9.16April 2016 Page 1 of 15 SOPHOS IPS Signature Update Release Notes...
April 2016 Page 1 of 15
SOPHOS IPS Signature Update Release Notes Version: 9.16.17 Release Date : 08th August 2019
IPS Signature Update
August 2019 Page 2 of 15
Release Information
Upgrade Applicable on
IPS Signature Release Version 9.16.17
Sophos Appliance Models
CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F
CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG-XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650
Upgrade Information
Upgrade type: Automatic
Compatibility Annotations: None
Introduction
The Release Note document for IPS Signature Database Version 9.16.17 includes support for the new
signatures. The following sections describe the release in detail.
New IPS Signatures
The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are developed to
significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected] along with the application details.
IPS Signature Update
August 2019 Page 3 of 15
This IPS Release includes Ninety Eight(98) signatures to address Eighty Eight(88) vulnerabilities.
New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
CVE-2009-3075
Browsers 2
BROWSER-IE Microsoft Edge defineGetter type confusion attempt
CVE-2017-11914
Browsers 2
BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt
CVE-2017-8734
Browsers 2
BROWSER-IE Microsoft Edge white-space information disclosure attempt
CVE-2016-3247
Browsers 2
BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt
CVE-2014-6332
Browsers 2
BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt
CVE-2013-0092
Browsers 2
BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt
CVE-2015-2448
Browsers 2
IPS Signature Update
August 2019 Page 4 of 15
BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt
CVE-2016-0063
Browsers 2
BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt
CVE-2016-7201
Browsers 2
BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt
CVE-2015-1667
Browsers 2
BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt
CVE-2013-3124
Browsers 2
BROWSER-IE Microsoft Internet Explorer CSVGHelpers use-after-free attempt
CVE-2016-0111
Browsers 2
BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt
CVE-2014-2782
Browsers 2
BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt
CVE-2015-1747
Browsers 2
BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt
CVE-2015-1705
Browsers 2
IPS Signature Update
August 2019 Page 5 of 15
BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt
CVE-2015-2487
Browsers 2
BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
CVE-2004-1050
Browsers 2
BROWSER-IE Microsoft Internet Explorer malformed object type overflow attempt
CVE-2003-0344
Browsers 2
BROWSER-IE Microsoft Internet Explorer MutationObserver use after free attempt
CVE-2015-2425
Browsers 2
BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt
CVE-2010-0491
Browsers 2
BROWSER-IE Microsoft Internet Explorer out of bounds read attempt
CVE-2016-7283
Browsers 2
BROWSER-IE Microsoft Internet Explorer request for mapi32x.dll over SMB attempt
CVE-2016-0020
Browsers 2
BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt
CVE-2006-1245
Browsers 2
IPS Signature Update
August 2019 Page 6 of 15
BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt
CVE-2017-0059
Browsers 2
BROWSER-IE Microsoft Internet Explorer type confusion attempt
CVE-2014-0271
Browsers 2
BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt
CVE-2016-7205
Browsers 2
BROWSER-IE Microsoft Windows Edge memory corruption attempt
CVE-2017-8731
Browsers 2
FILE-IDENTIFY Lotus file attachment detected
NA Application and
Software 4
FILE-IDENTIFY Microsoft Windows WMF file magic detected
NA Application and
Software 4
FILE-IDENTIFY OpenType Font file download request
NA Application and
Software 4
OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt
CVE-2018-8584
Operating System and Services
2
OS-WINDOWS NETBIOS SMB repeated logon failure
NA Operating System
and Services 3
PROTOCOL-POP libcurl MD5 digest buffer overflow attempt
CVE-2013-0249
Operating System and Services
1
IPS Signature Update
August 2019 Page 7 of 15
PROTOCOL-TELNET login buffer overflow attempt
CVE-2001-0797
Operating System and Services
4
SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt
NA Apache HTTP
Server 1
SERVER-APACHE Apache Struts remote code execution attempt
CVE-2017-5638
Apache HTTP Server
1
SERVER-IIS cmd.exe access
NA Microsoft IIS web
server 1
SERVER-MAIL AUTH LOGON Brute Force Attempt
NA Other Mail
Server 3
SERVER-MAIL Multiple IMAP servers CREATE Command Buffer Overflow Attempt
CVE-2005-1520
Other Mail Server
1
SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow
CVE-2007-6435
Other Mail Server
1
SERVER-ORACLE Oracle WebLogic Server Remote Command Execution Attempt
CVE-2017-10271
Database Management
System 1
SERVER-OTHER Active Directory Invalid OID Denial-Of-Service Attempt
CVE-2009-1139
Other Web Server
3
SERVER-OTHER BGP Spoofed Connection
CVE-2004-
Other Web Server
3
IPS Signature Update
August 2019 Page 8 of 15
Reset Attempt 0230
SERVER-OTHER Flexense Syncbreeze buffer overflow attempt
CVE-2018-5262
Other Web Server
1
SERVER-OTHER Iron Mountain Connected Backup Opcode 13 Processing Command Injection attempt
CVE-2011-2397
Other Web Server
1
SERVER-OTHER Multiple Vendors Host Buffer Overflow Attempt
CVE-2003-0178
Other Web Server
1
SERVER-OTHER Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow Attempt
CVE-2009-1252
Other Web Server
1
SERVER-OTHER Novell iPrint Server Remote Code Execution Attempt
CVE-2010-4328
Other Web Server
1
SERVER-OTHER NTPD Zero Origin Timestamp Denial-Of-Service Attempt
CVE-2016-9042
Other Web Server
2
SERVER-OTHER ntp Monlist Denial-Of-Service attempt
CVE-2013-5211
Other Web Server
3
SERVER-OTHER OpenSSL OCSP Status Request Extension Denial-Of-Service Attempt
CVE-2016-6304
Other Web Server
3
SERVER-OTHER OpenSSL SSLv3 Warning
CVE-2016-
Other Web Server
2
IPS Signature Update
August 2019 Page 9 of 15
Denial-Of-Service Attempt
8610
SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt
CVE-2014-3567
Other Web Server
2
SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt
CVE-2014-3567
Other Web Server
3
SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER Oracle Weblogic unsafe deserialization remote code execution attempt detected
CVE-2018-2628
Other Web Server
1
SERVER-OTHER SAP SQL Anywhere .NET Malformed Integer Buffer Overflow Attempt
CVE-2014-9264
Other Web Server
1
SERVER-OTHER Squid Proxy Range Header Denial-Of-Service Attempt
CVE-2014-3609
Other Web Server
1
IPS Signature Update
August 2019 Page 10 of 15
SERVER-OTHER Squid snmphandleUDP Off-By-One Buffer Overflow Attempt
CVE-2014-6270
Other Web Server
1
SERVER-OTHER TLSv1.0 Plaintext Recovery Attempt
CVE-2013-0169
Other Web Server
1
SERVER-OTHER TLSv1.2 Plaintext Recovery Attempt
CVE-2013-0169
Other Web Server
3
SERVER-OTHER TLSv1.2 POODLE CBC Padding Brute Force Attempt
CVE-2014-8730
Other Web Server
2
SERVER-WEBAPP Airlive IP Camera directory traversal attempt
CVE-2013-3541
Web Services and Applications
3
SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt
CVE-2012-3811
Web Services and Applications
1
SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt
CVE-2009-2765
Web Services and Applications
1
SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC Method Command Injection Attempt
CVE-2018-9866
Web Services and Applications
1
SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection
NA Web Services and
Applications 1
IPS Signature Update
August 2019 Page 11 of 15
attempt
SERVER-WEBAPP Drupal RESTWS restws_page_callback Command Injection Attempt
NA Web Services and
Applications 1
SERVER-WEBAPP Eaton VURemote denial of service attempt
NA Web Services and
Applications 1
SERVER-WEBAPP GPON Router authentication bypass and command injection attempt
CVE-2018-10562
Web Services and Applications
1
SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt
CVE-2010-1552
Web Services and Applications
1
SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt
CVE-2011-0276
Web Services and Applications
1
SERVER-WEBAPP HTTP request with negative Content-Length attempt
CVE-2004-0095
Web Services and Applications
1
SERVER-WEBAPP iPlanet Search directory traversal attempt
CVE-2002-1042
Web Services and Applications
3
SERVER-WEBAPP Linksys E-Series apply.cgi Cross Site Scripting Attempt
NA Web Services and
Applications 1
IPS Signature Update
August 2019 Page 12 of 15
SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl Function Buffer Overflow Attempt
CVE-2017-7269
Web Services and Applications
1
SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt
CVE-2018-7034
Web Services and Applications
1
SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt
NA Web Services and
Applications 1
SERVER-WEBAPP Novell Groupwise Messenger Parameter Memory Corruption Attempt
NA Web Services and
Applications 3
SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt
CVE-2016-1605
Web Services and Applications
3
SERVER-WEBAPP PHP htmlspecialchars htmlentities Function Buffer Overflow Attempt
NA Web Services and
Applications 2
SERVER-WEBAPP SkyBlueCanvas CMS contact page command injection attempt
CVE-2014-1683
Web Services and Applications
2
SERVER-WEBAPP Subversion HTTP Excessive REPORT Requests Denial-Of-
CVE-2015-0202
Web Services and Applications
3
IPS Signature Update
August 2019 Page 13 of 15
Service attempt
SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt
CVE-2015-5956
Web Services and Applications
2
SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt
CVE-2014-8361
Web Services and Applications
1
SERVER-WEBAPP WordPress login denial of service attempt
NA Web Services and
Applications 2
SERVER-WEBAPP WordPress XMLRPC Potential Port-Scan Attempt
CVE-2013-0235
Web Services and Applications
3
IPS Signature Update
August 2019 Page 14 of 15
• Name: Name of the Signature
• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
• Category: Class type according to threat
• Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
IPS Signature Update
August 2019 Page 15 of 15
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Reg. Office: Sophos House, Saigulshan Complex,
Beside White House, Panchvati Cross Road,
Ahmedabad – 380006, INDIA
Phone: +91-79-66216666
Fax: +91-79-26407640
Web site: www.sophos.com