ips signature release note v7.16 - sophos · 2019. 8. 16. · cve-2014-2782 browsers 2 . ......

April 2016 of 30

SOPHOS IPS Signature Update Release Notes Version: 7.16.17 Release Date : 08th August 2019

IPS Signature Update

August 2019 of 30

Release Information

Upgrade Applicable on

IPS Signature Release Version 7.16.16

Sophos Appliance Models XG-550, XG-750, XG-650

Upgrade Information

Upgrade type: Automatic

Compatibility Annotations: None

Introduction

The Release Note document for IPS Signature Database Version 7.16.17 includes support for the new

signatures. The following sections describe the release in detail.

New IPS Signatures

The Sophos Intrusion Prevention System shields the network from known attacks by matching the

network traffic against the signatures in the IPS Signature Database. These signatures are developed to

significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected] along with the application details.


August 2019 of 30

This IPS Release includes Two Hundred Forty Two(242) signatures to address Two Hundred Twelve (212)

vulnerabilities.

New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt

CVE-2009-3075

Browsers 2

BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt

CVE-2005-0752

Browsers 2

BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt

CVE-2006-0294

Browsers 2

BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds write attempt

CVE-2016-0193

Browsers 2

BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt

CVE-2016-0117

Browsers 2

BROWSER-IE Microsoft Edge defineGetter type confusion attempt

CVE-2017-11914

Browsers 2

BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt

CVE-2016-3295

Browsers 2


August 2019 of 30

BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt

CVE-2017-8734

Browsers 2

BROWSER-IE Microsoft Edge type confusion attempt

CVE-2017-11895

Browsers 2

BROWSER-IE Microsoft Edge white-space information disclosure attempt

CVE-2016-3247

Browsers 2

BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt

CVE-2014-6332

Browsers 2

BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt

CVE-2009-3672

Browsers 2

BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt

CVE-2013-0092

Browsers 2

BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt

CVE-2017-11907

Browsers 2

BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt

CVE-2015-2448

Browsers 2


August 2019 of 30

BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt

CVE-2016-0063

Browsers 2

BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt

CVE-2016-7201

Browsers 2

BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt

CVE-2015-1667

Browsers 2

BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt

CVE-2013-3124

Browsers 2

BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt

CVE-2016-0168

Browsers 2

BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt

CVE-2016-0168

Browsers 2

BROWSER-IE Microsoft Internet Explorer CSVGHelpers use-after-free attempt

CVE-2016-0111

Browsers 2

BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt

CVE-2014-2782

Browsers 2


August 2019 of 30

BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt

CVE-2015-1747

Browsers 2

BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt

CVE-2015-1705

Browsers 2

BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt

CVE-2015-2487

Browsers 2

BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution

CVE-2007-3892

Browsers 2

BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt

NA Browsers 2

BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt

CVE-2010-0483

Browsers 2

BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt

CVE-2005-0553

Browsers 2

BROWSER-IE Microsoft Internet Explorer html table column span width increase memory

CVE-2012-1876

Browsers 2


August 2019 of 30

corruption attempt

BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt

CVE-2004-1050

Browsers 2

BROWSER-IE Microsoft Internet Explorer malformed object type overflow attempt

CVE-2003-0344

Browsers 2

BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt

NA Browsers 2

BROWSER-IE Microsoft Internet Explorer MutationObserver use after free attempt

CVE-2015-2425

Browsers 2

BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt

CVE-2010-0491

Browsers 2

BROWSER-IE Microsoft Internet Explorer out of bounds read attempt

CVE-2016-7283

Browsers 2

BROWSER-IE Microsoft Internet Explorer protected mode request for atlthunk.dll over SMB attempt

CVE-2015-2368

Browsers 2

BROWSER-IE Microsoft Internet Explorer request for mapi32x.dll over SMB attempt

CVE-2016-0020

Browsers 2


August 2019 of 30

BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt

CVE-2006-1245

Browsers 2

BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt

CVE-2012-0171

Browsers 2

BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt

CVE-2017-0059

Browsers 2

BROWSER-IE Microsoft Internet Explorer type confusion attempt

CVE-2014-0271

Browsers 2

BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt

CVE-2016-7205

Browsers 2

BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt

CVE-2012-1858

Browsers 2

BROWSER-IE Microsoft Windows Edge memory corruption attempt

CVE-2017-8731

Browsers 2

FILE-IDENTIFY Lotus file attachment detected

NA Application and

Software 4

FILE-IDENTIFY Lotus file download request

NA Application and

Software 4

FILE-IDENTIFY Microsoft Windows WMF file

NA Application and

Software 4


August 2019 of 30

magic detected

FILE-IDENTIFY OpenType Font file download request

NA Application and

Software 4

FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt

CVE-2017-11227

Multimedia 2

FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt

CVE-2017-11238

Multimedia 2

FILE-OFFICE Microsoft Office Excel Information Disclosure Vulnerability CVE-2019-1110

CVE-2018-4901

Office Tools 1

FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt

CVE-2017-0039

Office Tools 3

FILE-OTHER Adobe Acrobat and Reader docID Stack Buffer Overflow leak CVE-2018-4901

CVE-2018-4901

Application and Software

1

OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt

CVE-2018-8584

Operating System and Services

2


August 2019 of 30

OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt

CVE-2010-3332


2

OS-WINDOWS Microsoft Windows Event Viewer Information Disclosure

CVE-2019-0948


2

OS-WINDOWS Microsoft Windows Event Viewer Information Disclosure

CVE-2019-0948


4

OS-WINDOWS Microsoft Windows kernel information disclosure attempt

CVE-2019-0621


3

OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt

CVE-2019-1014


2

OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt

CVE-2008-4029


3

OS-WINDOWS NETBIOS SMB repeated logon failure

NA Operating System

and Services 3

PROTOCOL-POP libcurl MD5 digest buffer overflow attempt

CVE-2013-0249


1

PROTOCOL-RPC FreeBSD NFS Server nfsrvd_readdirplus

CVE-2018-17159


2


August 2019 of 30

Denial-of-Service

PROTOCOL-RPC FreeBSD NFS Server NFSv4 Opcode Out-of-Bounds Write

CVE-2018-17157


2

PROTOCOL-SCADA Cogent unicode buffer overflow attempt

CVE-2011-3493

Industrial Control System

1

PROTOCOL-SCADA IEC 104 force on denial of service attempt

NA Industrial Control

System 3

PROTOCOL-SCADA IEC 61850 device connection enumeration attempt


System 3

PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt


System 3

PROTOCOL-SCADA Modbus value scan


System 3

PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt

CVE-2014-0781

Industrial Control System

1

PROTOCOL-TELNET login buffer overflow attempt

CVE-2001-0797


4

PROTOCOL-VOIP CANCEL flood

NA VoIP and Instant

Messaging 2

PROTOCOL-VOIP Cisco CVE- VoIP and Instant 3


August 2019 of 30

7940/7960 INVITE Remote-Party-ID Header Denial-Of-Service Attempt

2007-1542

Messaging

PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP INVITE message Content-Length header size of zero

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP Mr.SIP Options Request Denial-Of-Service Attempt

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood

NA VoIP and Instant

Messaging 1

PROTOCOL-VOIP Response code 420 Bad Extension response flood

NA VoIP and Instant

Messaging 3

SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt

NA Apache HTTP

Server 1

SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt

CVE-2016-0736

Apache HTTP Server

3

SERVER-APACHE Apache Struts remote code

CVE-2017-

Apache HTTP 1


August 2019 of 30

execution attempt 5638 Server

SERVER-IIS cmd.exe access

NA Microsoft IIS web

server 1

SERVER-IIS Microsoft IIS HTMLEncode Unicode String Buffer Overflow

CVE-2008-0075

Microsoft IIS web server

1

SERVER-IIS Microsoft IIS HTMLEncode Unicode String Buffer Overflow

CVE-2008-0075

Microsoft IIS web server

2

SERVER-MAIL AUTH LOGON Brute Force Attempt

NA Other Mail

Server 3

SERVER-MAIL Exim BDAT Use After Free

CVE-2017-16943

Other Mail Server

1

SERVER-MAIL Multiple IMAP servers CREATE Command Buffer Overflow Attempt

CVE-2005-1520

Other Mail Server

1

SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow

CVE-2007-6435

Other Mail Server

1

SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt

CVE-2012-2122

Database Management

System 3

SERVER-MYSQL MySQL/MariaDB Server Geometry Query Polygon Object Integer Overflow attempt

CVE-2013-1861

Database Management

System 1

SERVER-MYSQL Oracle CVE- Database 2


August 2019 of 30

MySQL Pluggable Auth Denial-Of-Service Attempt

2017-3599

Management System

SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt

CVE-2013-1570

Database Management

System 2

SERVER-ORACLE Oracle Application Test Suite Server Authentication Bypass Attempt

CVE-2016-0492

Database Management

System 2

SERVER-ORACLE Oracle WebLogic Server Remote Command Execution Attempt

CVE-2017-10271

Database Management

System 1

SERVER-OTHER Active Directory Invalid OID Denial-Of-Service Attempt

CVE-2009-1139

Other Web Server

3

SERVER-OTHER Adobe ColdFusion JRun Error Page getWriter Denial-Of-Service Attempt

CVE-2013-3349

Other Web Server

2

SERVER-OTHER BGP Spoofed Connection Reset Attempt

CVE-2004-0230

Other Web Server

3

SERVER-OTHER Cisco IOS syslog Message Flood Denial-Of-Service Attempt

CVE-2001-1097

Other Web Server

2

SERVER-OTHER Flexense Syncbreeze buffer overflow attempt

CVE-2018-5262

Other Web Server

1


August 2019 of 30

SERVER-OTHER HP Data Protector OmniInet Service NULL Dereference Denial-Of-Service Attempt

NA Other Web

Server 2

SERVER-OTHER HP Intelligent Management Center dbman RestartDB Opcode Command Injection Attempt

CVE-2017-5816

Other Web Server

1

SERVER-OTHER HP JetDirect PJL path traversal attempt

CVE-2010-4107

Other Web Server

3

SERVER-OTHER HP LeftHand Virtual SAN Hydra Login Request Buffer Overflow Attempt

CVE-2013-2343

Other Web Server

1

SERVER-OTHER Iron Mountain Connected Backup Opcode 13 Processing Command Injection attempt

CVE-2011-2397

Other Web Server

1

SERVER-OTHER ISC BIND Malformed Control Channel Authentication Message Denial-Of-Service attempt

CVE-2016-1285

Other Web Server

3

SERVER-OTHER ISC DHCPD Remote Denial-Of-Service Attempt

CVE-2017-3144

Other Web Server

3

SERVER-OTHER McAfee E-Business Server Remote Preauth Code

NA Other Web

Server 1


August 2019 of 30

Execution Attempt

SERVER-OTHER Microsoft Windows DHCP Server Failover Remote Code Execution

CVE-2019-0785

Other Web Server

1

SERVER-OTHER Microsoft Windows DHCP Server Failover Remote Code Execution

CVE-2019-0785

Other Web Server

4

SERVER-OTHER Multiple Vendors Host Buffer Overflow Attempt

CVE-2003-0178

Other Web Server

1

SERVER-OTHER Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow Attempt

CVE-2009-1252

Other Web Server

1

SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt

CVE-2007-5637

Other Web Server

2

SERVER-OTHER Novell iPrint Server Remote Code Execution Attempt

CVE-2010-4328

Other Web Server

1

SERVER-OTHER NTP crypto-NAK Packet Flood Attempt

CVE-2015-7871

Other Web Server

3

SERVER-OTHER NTPD Zero Origin Timestamp Denial-Of-Service Attempt

CVE-2016-9042

Other Web Server

2

SERVER-OTHER ntp Monlist Denial-Of-

CVE-2013-

Other Web Server

3


August 2019 of 30

Service attempt 5211

SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt

CVE-2014-0221

Other Web Server

3

SERVER-OTHER OpenSSL OCSP Status Request Extension Denial-Of-Service Attempt

CVE-2016-6304

Other Web Server

3

SERVER-OTHER OpenSSL SSLv3 Warning Denial-Of-Service Attempt

CVE-2016-8610

Other Web Server

2

SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt

CVE-2014-3567

Other Web Server

2

SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt

CVE-2014-3567

Other Web Server

3

SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER OpenVPN OpenSSL

CVE-2014-

Other Web 2


August 2019 of 30

SSLv3 Heartbeat Read Overrun Attempt

0160 Server

SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

1

SERVER-OTHER OpenVPN OpenSSL TLSv1.1 Heartbeat Read Overrun Attempt

CVE-2014-0160

Other Web Server

2

SERVER-OTHER OpenVPN OpenSSL TLSv1.2 Heartbeat Read Overrun Attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

1

SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

2

SERVER-OTHER Oracle Weblogic unsafe deserialization remote code execution attempt detected

CVE-2018-2628

Other Web Server

1

SERVER-OTHER SAP SQL Anywhere .NET Malformed Integer Buffer Overflow

CVE-2014-9264

Other Web Server

1


August 2019 of 30

Attempt

SERVER-OTHER Squid proxy DNS Response Spoofing Attempt

CVE-2005-1519

Other Web Server

3

SERVER-OTHER Squid Proxy Range Header Denial-Of-Service Attempt

CVE-2014-3609

Other Web Server

1

SERVER-OTHER Squid snmphandleUDP Off-By-One Buffer Overflow Attempt

CVE-2014-6270

Other Web Server

1

SERVER-OTHER TLSv1.0 Plaintext Recovery Attempt

CVE-2013-0169

Other Web Server

1

SERVER-OTHER TLSv1.2 Plaintext Recovery Attempt

CVE-2013-0169

Other Web Server

3

SERVER-OTHER TLSv1.2 POODLE CBC Padding Brute Force Attempt

CVE-2014-8730

Other Web Server

2

SERVER-SAMBA Samba LDAP Server libldb denial of service attempt

CVE-2015-3223


3

SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt

CVE-2007-5398


1

SERVER-SAMBA Samba WINS Server Name Registration Handling

CVE-2007-5398


1


August 2019 of 30

Stack Buffer Overflow Attempt

SERVER-WEBAPP Adobe ColdFusion CVE-2019-7839 Remote Code Execution

CVE-2019-7839

Web Services and Applications

1

SERVER-WEBAPP Adobe RoboHelp rx Cross Site Scripting Attempt

CVE-2008-2991


1

SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt

CVE-2008-2991


1

SERVER-WEBAPP Adobe RoboHelp rx SQL Injection Attempt

CVE-2008-2991


1

SERVER-WEBAPP Airlive IP Camera CSRF Attempt

CVE-2013-3540


2

SERVER-WEBAPP Airlive IP Camera directory traversal attempt

CVE-2013-3541


3

SERVER-WEBAPP AT&T U-verse Modem Authentication Bypass Attempt

CVE-2017-14117


1

SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt

CVE-2012-3811


1

SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt

CVE-2012-3811


3


August 2019 of 30

SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles Stored Procedure POST SQL Injection Attempt

CVE-2011-1653


2

SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles Stored Procedure SQL Injection Attempt

CVE-2011-1653


2

SERVER-WEBAPP CGit cgit_clone_objects Function Directory Traversal Attempt

CVE-2018-14912


3

SERVER-WEBAPP Cisco Identity Services Engine LiveLogSettingsServlet Stored Cross Site Scripting

CVE-2018-15440


2

SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt

CVE-2009-2765


1

SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC Method Command Injection Attempt

CVE-2018-9866


1

SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt

CVE-2018-6211


2


August 2019 of 30

SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt

NA Web Services and

Applications 1

SERVER-WEBAPP Drupal RESTWS restws_page_callback Command Injection Attempt

NA Web Services and

Applications 1

SERVER-WEBAPP Eaton VURemote denial of service attempt

NA Web Services and

Applications 1

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

CVE-2018-10562


1

SERVER-WEBAPP GPON Router Authentication Bypass And Command Injection attempt

CVE-2018-10562


1

SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt

NA Web Services and

Applications 1

SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt

CVE-2013-4826


3

SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string

CVE-2011-0270


1


August 2019 of 30

code execution attempt

SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt

CVE-2010-1552


1

SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt

CVE-2011-0276


1

SERVER-WEBAPP HTTP request with negative Content-Length attempt

CVE-2004-0095


1

SERVER-WEBAPP iPlanet Search directory traversal attempt

CVE-2002-1042


3

SERVER-WEBAPP Java Groovy Library unauthorized serialized object attempt

CVE-2015-3253


1

SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt

CVE-2015-3253


1

SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt

CVE-2018-7178


1

SERVER-WEBAPP Linksys E-Series apply.cgi Cross Site Scripting Attempt

NA Web Services and

Applications 1


August 2019 of 30

SERVER-WEBAPP McAfee Virus Scan Linux Authentication Token Brute Force Attempt

CVE-2016-8023


2

SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl Function Buffer Overflow Attempt

CVE-2017-7269


1

SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt

CVE-2018-7034


1

SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt

NA Web Services and

Applications 1

SERVER-WEBAPP Novell Groupwise Messenger Parameter Memory Corruption Attempt

NA Web Services and

Applications 3

SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt

CVE-2016-1605


3

SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt

NA Web Services and

Applications 1

SERVER-WEBAPP PHP htmlspecialchars htmlentities Function Buffer Overflow

NA Web Services and

Applications 2


August 2019 of 30

Attempt

SERVER-WEBAPP PHPMailer Command Injection Remote Code Execution Attempt

CVE-2016-10033


1

SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt

CVE-2007-1061


2

SERVER-WEBAPP PHP-Nuke index.php SQL Injection Attempt

CVE-2007-1061


2

SERVER-WEBAPP PHP phpinfo cross site scripting attempt

CVE-2007-1287


1

SERVER-WEBAPP PHP truncated crypt function attempt

CVE-2012-2143


1

SERVER-WEBAPP PHP truncated crypt function attempt

CVE-2012-2143


3

SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt

CVE-2014-3515


1

SERVER-WEBAPP PHP Unserialize Integer Overflow Attempt

CVE-2017-5340


1

SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection

CVE-2014-3915


1


August 2019 of 30

attempt

SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt

CVE-2014-3915


1

SERVER-WEBAPP Ruby on Rails arbitrary Ruby object deserialization attempt

CVE-2014-6140

Other Web Server

1

SERVER-WEBAPP SkyBlueCanvas CMS contact page command injection attempt

CVE-2014-1683


2

SERVER-WEBAPP SQL use of sleep function in HTTP header - likely SQL injection attempt

NA Web Services and

Applications 1

SERVER-WEBAPP Subversion HTTP Excessive REPORT Requests Denial-Of-Service attempt

CVE-2015-0202


3

SERVER-WEBAPP Trend Micro proxy_controller.php Command Injection Attempt

CVE-2017-11394


1

SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt

CVE-2017-11394


2

SERVER-WEBAPP truncated crypt function

CVE-2012-

Web Services and 1


August 2019 of 30

attempt 2143 Applications

SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt

CVE-2015-5956


2

SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt

CVE-2014-8361


1

SERVER-WEBAPP Viber for Desktop URI Handler Remote Code Execution

CVE-2019-12569


1

SERVER-WEBAPP WordPress login denial of service attempt

NA Web Services and

Applications 2

SERVER-WEBAPP WordPress Overly Large Password class-phpass.php Denial-Of-Service Attempt

CVE-2014-9034


3

SERVER-WEBAPP WordPress Quick-Post Widget GET Request Using Body Cross-Site Scripting

CVE-2012-4226


1

SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting

CVE-2012-4226


3

SERVER-WEBAPP WordPress Ultimate Form Builder Plugin SQL Injection Attempt

CVE-2017-15919


1


August 2019 of 30

SERVER-WEBAPP Wordpress username enumeration attempt

NA Web Services and

Applications 3

SERVER-WEBAPP WordPress XMLRPC Pingback DDOS Attempt

CVE-2013-0235


1

SERVER-WEBAPP WordPress XMLRPC Potential Port-Scan Attempt

CVE-2013-0235


3

SERVER-WEBAPP Zoom Client Information Disclosure Attempt

CVE-2019-13449


1


August 2019 of 30

• Name: Name of the Signature

• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

• Category: Class type according to threat

• Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical


August 2019 of 30

Important Notice

Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved.

All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters

Sophos Technologies Pvt. Ltd.

Reg. Office: Sophos House, Saigulshan Complex,

Beside White House, Panchvati Cross Road,

Ahmedabad – 380006, INDIA

Phone: +91-79-66216666

Fax: +91-79-26407640

Web site: www.sophos.com

http://www.cyberoam.com/

ips signature release note v7.16 - sophos · 2019. 8. 16. · cve-2014-2782 browsers 2 . ......

Documents