SOPHOS IPS Signature Update Release Notes
Version : 9.16.41 Release Date : 31st October 2019 IPS Signature Update
Release Information
Upgrade Applicable on
IPS Signature Release Version 9.16.40 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650
Upgrade Information Upgrade type: Automatic
Compatibility Annotations: None
Introduction The Release Note document for IPS Signature Database Version 9.16.41 includes support for the new signatures. The following sections describe the release in detail.
New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected], along with the application details.
October 2019 Page 2 of 27 IPS Signature Update
This IPS Release includes Two Hundred and Fifteen(215) signatures to address One Hundred and Eighty One(181) vulnerabilities. New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-IE Microsoft Edge resource entry Browsers 1 same-origin-policy bypass attempt
BROWSER-IE Microsoft Internet Explorer CVE- 2015-6140 CVE-2015- Browsers 1 SComputedStyle 6140 destructor out of bounds read attempt
BROWSER-IE Microsoft Internet Explorer CVE-2015- GetPlainText negative Browsers 1 6084 start index out of bounds write attempt
BROWSER-IE Microsoft Internet Explorer CVE-2015- Browsers 1 TextBlock out of bounds 6159 read attempt
FILE-FLASH Adobe Flash CVE-2016-9163 Remote CVE-2016- Multimedia 1 Code Execution 9163 Vulnerability II
FILE-FLASH Adobe Flash Player AAC audio CVE-2016- Multimedia 1 memory corruption 0970 attempt
FILE-FLASH Adobe Flash CVE-2016- Multimedia 1 Player 4185 ABRControlParameters
October 2019 Page 3 of 27 IPS Signature Update
access memory corruption attempt
FILE-FLASH Adobe Flash Player ActiveX same CVE-2019- Application 1 origin method 8069 and Software execution attempt
FILE-FLASH Adobe Flash Player BitmapData CVE-2016- Multimedia 1 method memory 0969 corruption attempt
FILE-FLASH Adobe Flash Player BlurFilter CVE-2016- Multimedia 2 memory corruption 0964 attempt
FILE-FLASH Adobe Flash Player CVE-2015-8426 CVE-2015- Multimedia 1 TextField setter Use 8426 After Free Attempt
FILE-FLASH Adobe Flash Player CVE-2018-12824 CVE-2018- Multimedia 2 Information Disclosure 12827 Vulnerability
FILE-FLASH Adobe Flash CVE-2008- Player CVE-2018-15982 Multimedia 2 2992 Use After Free
FILE-FLASH Adobe Flash Player ExportAssets CVE-2016- Multimedia 1 count memory 1012 corruption attempt
FILE-FLASH Adobe Flash Player FLV invalid CVE-2016- reference frame count Multimedia 1 0972 memory corruption attempt
October 2019 Page 4 of 27 IPS Signature Update
FILE-FLASH Adobe Flash Player hitTest CVE-2016- BitmapData object Multimedia 1 0963 integer overflow attempt
FILE-FLASH Adobe Flash Player invalid CVE-2016- sourceRect copyPixels Multimedia 1 0968 heap corruption attempt
FILE-FLASH Adobe Flash Player JPEG handling CVE-2016- Multimedia 1 memory corruption 4229 attempt
FILE-FLASH Adobe Flash CVE-2016- Player list filter memory Multimedia 1 0965 corruption attempt
FILE-FLASH Adobe Flash Player M3U8 parser CVE-2015- Multimedia 1 logic memory 8457 corruption attempt
FILE-FLASH Adobe Flash Player malformed tag CVE-2016- Multimedia 1 out of bounds read 4176 attempt
FILE-FLASH Adobe Flash Player MP3 ID3 data CVE-2015- Multimedia 1 parsing heap buffer 8446 overflow attempt
FILE-FLASH Adobe Flash Player onSetFocus CVE-2017- Multimedia 1 movieclip use after free 2932 attempt
FILE-FLASH Adobe Flash CVE-2015- Multimedia 1
October 2019 Page 5 of 27 IPS Signature Update
Player oversize source 8419 bitmap memory corruption attempt
FILE-FLASH Adobe Flash Player Point object CVE-2016- Multimedia 1 integer overflow 0976 attempt
FILE-FLASH Adobe Flash Player Point object CVE-2016- Multimedia 1 integer overflow 0979 attempt
FILE-FLASH Adobe Flash Player ShaderParameter CVE-2015- Multimedia 1 integer overflow 8445 attempt
FILE-FLASH Adobe Flash Player SharedObject CVE-2015- Multimedia 1 send stack buffer 8407 overflow attempt
FILE-FLASH Adobe Flash Player CVE-2017- ShimContentResolver Multimedia 1 2996 out of bounds memory access attempt
FILE-FLASH Adobe Flash CVE-2016- Player si32 integer Multimedia 1 0993 overflow attempt
FILE-FLASH Adobe Flash Player String length CVE-2015- Multimedia 1 heap buffer overflow 8438 attempt
FILE-FLASH Adobe Flash CVE-2016- Player TextLine memory Multimedia 1 0966 corruption attempt
October 2019 Page 6 of 27 IPS Signature Update
FILE-FLASH Adobe Flash Player toString type CVE-2016- Multimedia 1 confusion memory 1019 corruption attempt
FILE-IDENTIFY Adobe Acrobat JOBOPTIONS CVE-2019- Application 4 File Parsing Out of 7111 and Software Bounds Write
FILE-IDENTIFY FDF file Application 4 download request and Software
FILE-IMAGE Adobe Acrobat CVE-2017- CVE-2017- 16399 XPS unicode Multimedia 2 16399 glyph pointer out of bounds
FILE-MULTIMEDIA Adobe Acrobat CVE-2017- ImageConversion EMF Multimedia 3 11227 Parsing Integer Overflow
FILE-OFFICE LibreOffice CVE-2018-6871 CVE-2018- Office Tools 2 WEBSERVICE 6871 Information Disclosure
FILE-OFFICE Microsoft CVE-2018- Excel out of bounds Office Tools 2 1030 read attempt
FILE-OFFICE Microsoft Office CVE-2018-1028 CVE-2018- Office Tools 2 Remote Code Execution 1028 Vulnerability
FILE-OFFICE Microsoft CVE-2017- Office Tools 1 Office Equation Editor 11882 object stack buffer
October 2019 Page 7 of 27 IPS Signature Update
overflow attempt
FILE-OFFICE Microsoft Office Word OGL CVE-2015- Office Tools 1 module out of bounds 6106 read attempt
FILE-OTHER Acrobat Reader CVE-2018-12761 CVE-2018- Application 1 Information Disclosure 12761 and Software Vulnerability
FILE-OTHER Acrobat Reader CVE-2018-12856 CVE-2018- Application 2 Information Disclosure 12856 and Software Vulnerability
FILE-OTHER Adobe Acrobat and Reader CVE-2018- Application docID Stack Buffer 2 4901 and Software Overflow crash CVE- 2018-4901
FILE-OTHER Adobe Acrobat and Reader CVE-2018- Application docID Stack Buffer 2 4901 and Software Overflow leak CVE- 2018-4901
FILE-OTHER Adobe Acrobat CVE-2018- CVE-2018- Application 2 15986 Memory 15986 and Software Corruption
FILE-OTHER Adobe Acrobat EMF CVE-2018- CVE-2018- Application 5067 EmfPlusDrawLines 2 5067 and Software Count Heap Buffer Overflow
FILE-OTHER Adobe CVE-2018- Application 2 Acrobat EMF 16020 and Software EMR_CREATEMONOBR
October 2019 Page 8 of 27 IPS Signature Update
USH out-of-bounds write attempt
FILE-OTHER Adobe Acrobat EMF file GIF CVE-2017- Application 2 sub-block memory 11260 and Software corruption attempt
FILE-OTHER Adobe Acrobat JavaScript CVE-2019- Application 2 engine security bypass 7041 and Software attempt
FILE-OTHER Adobe Acrobat JOBOPTIONS CVE-2019- Application 2 File Parsing Out of 7111 and Software Bounds Write
FILE-OTHER Adobe CVE-2019- Application Acrobat out-of-bounds 2 7122 and Software read attempt
FILE-OTHER Adobe CVE-2019- Application Acrobat out-of-bounds 2 7127 and Software read attempt
FILE-OTHER Adobe Acrobat PostScript file CVE-2019- Application 2 parsing TBuildCharDict 7084 and Software use after free attempt
FILE-OTHER Adobe Acrobat Pro CVE-2018- CVE-2018- Application 19704 XPS file image- 2 19704 and Software load out-of-bounds read attempt
FILE-OTHER Adobe Acrobat pro CVE-2018- CVE-2018- Application 1 4916 Out Of Bounds 4916 and Software Read Attempt
October 2019 Page 9 of 27 IPS Signature Update
FILE-OTHER Adobe CVE-2019- Application Acrobat type confusion 2 7069 and Software attempt
FILE-OTHER Adobe CVE-2019- Application Acrobat type confusion 2 7128 and Software attempt
FILE-OTHER Adobe Acrobat XPS Path CVE-2018- Application 1 Element Out of Bounds 4898 and Software Write CVE-2018-4898
FILE-OTHER Adobe Photoshop CVE-2016- CVE-2016- Application 0953 CC Bridge CC IFF 2 0953 and Software File Parsing Buffer Overflow
FILE-OTHER Adobe CVE-2019- Application Reader CVE-2019-7828 2 7828 and Software Heap Overflow
FILE-OTHER Adobe Reader EMF CVE-2018- CVE-2018- Application 2 15990 Remote Code 15990 and Software Execution
FILE-OTHER Adobe CVE-2018- Application Reader EMF CVE-2018- 2 16006 and Software 16006 Use After Free
FILE-OTHER Adobe CVE-2018- Application Reader XPS CVE-2018- 2 16015 and Software 16015 Out Of Bounds
FILE-OTHER Delta Industrial Automation CVE-2019- Application CNCSoft ScreenEditor 4 10947 and Software DPB wFontTextLen Stack Buffer Overflow
October 2019 Page 10 of 27 IPS Signature Update
FILE-OTHER Microsoft CVE-2017- Application Graphics remote code 2 11763 and Software execution attempt
FILE-OTHER Microsoft CVE-2018- Application Graphics remote code 2 8344 and Software execution attempt
FILE-OTHER Microsoft Windows Defender CVE-2018- Application malformed RAR 2 0986 and Software memory corruption attempt
FILE-OTHER Microsoft CVE-2017- Application Windows TTF file out of 1 0083 and Software bounds access attempt
FILE-OTHER TrueType Font Windows EOT font CVE-2018- Application 2 engine remote code 1016 and Software execution attempt
FILE-OTHER VMware CVE-2019- Application Fusion Guest VM 2 5514 and Software Remote Code Execution
FILE-PDF Acrobat Reader CVE-2018-12761 CVE-2018- Application 1 Information Disclosure 12761 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-12764 CVE-2018- Application 1 Information Disclosure 12764 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-12764 CVE-2018- Application 2 Information Disclosure 12764 and Software Vulnerability
October 2019 Page 11 of 27 IPS Signature Update
FILE-PDF Acrobat Reader CVE-2018-12774 CVE-2018- Application 1 Information Disclosure 12774 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-12774 CVE-2018- Application 1 Information Disclosure 12774 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5050 CVE-2018- Application 1 Information Disclosure 5050 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5050 CVE-2018- Application 1 Information Disclosure 5050 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5054 CVE-2018- Application 1 Information Disclosure 5054 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5054 CVE-2018- Application 1 Information Disclosure 5054 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5056 CVE-2018- Application 1 Information Disclosure 5056 and Software Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5056 CVE-2018- Application 1 Information Disclosure 5056 and Software Vulnerability
CVE-2018- Application FILE-PDF Acrobat 1 Reader CVE-2018-5063 5063 and Software
October 2019 Page 12 of 27 IPS Signature Update
Information Disclosure Vulnerability
FILE-PDF Acrobat Reader CVE-2018-5063 CVE-2018- Application 2 Information Disclosure 5063 and Software Vulnerability
FILE-PDF Adobe Acrobat and Reader JPEG2000 CVE-2018- Application 1 Parsing Out of Bounds 4990 and Software Read
FILE-PDF Adobe Acrobat and Reader Text Field CVE-2019- Application 2 Value Remote Code 7125 and Software Execution
FILE-PDF Adobe Acrobat CVE-2018- Application PDF out-of-bounds read 2 19717 and Software attempt
FILE-PDF Adobe Acrobat Reader CVE-2018-19717 CVE-2018- Application 2 Remote Code Execution 19717 and Software Vulnerability
FILE-PDF Adobe Acrobat Reader CVE-2019-7121 CVE-2019- Application 2 IFF Information 7121 and Software Disclosure
FILE-PDF Adobe Acrobat CVE-2019- Application Reader CVE-2019-7789 3 7789 and Software Out Of Bounds Read
FILE-PDF Adobe Acrobat CVE-2019- Application Reader CVE-2019-7811 4 7811 and Software Out Of Bounds Read
CVE-2017- Application FILE-PDF Adobe Acrobat 1 Reader embedded JPEG 3055 and Software
October 2019 Page 13 of 27 IPS Signature Update
2000 flst heap overflow attempt
FILE-PDF Adobe Acrobat Reader JPEG handling CVE-2016- Application 1 memory corruption 4252 and Software attempt
FILE-PDF Adobe Acrobat Reader malformed CVE-2016- Application embeded TTF file 2 4201 and Software memory corruption attempt
FILE-PDF Adobe Acrobat Reader malformed CVE-2016- Application embeded TTF file 1 4205 and Software memory corruption attempt
FILE-PDF Adobe Acrobat CVE-2018- Application Reader OCG heap 2 4910 and Software overflow attempt
FILE-PDF Adobe Acrobat Reader pdfshell preview CVE-2016- Application 1 mode - possible denial 0942 and Software of service attempt
FILE-PDF Adobe Acrobat U3D Bone Weight CVE-2016- Application 1 Modifier memory 0933 and Software corruption attempt
FILE-PDF Adobe Reader CTJPEGDecoderReadNe CVE-2016- Application 1 xtTile out of bounds 1077 and Software read attempt
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-4957 2 4957 and Software Information Disclosure
October 2019 Page 14 of 27 IPS Signature Update
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-4973 4 4973 and Software Information Disclosure
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-5017 Out Of 2 5017 and Software Bounds Read
FILE-PDF Adobe Reader CVE-2019- Application CVE-2019-7802 Out Of 2 7802 and Software Bounds Read
FILE-PDF Adobe Reader PDF embedded JPEG CVE-2016- Application 1 memory corruption 1088 and Software attempt
FILE-PDF Adobe Reader XFA javascript out of CVE-2016- Application 1 bound memory 1072 and Software corruption attempt
MALWARE-OTHER Malware Malware 2 Worm.Win32.Wcry.A Communication Runtime Detection
OS-OTHER BusyBox Operating Project CVE-2018- CVE-2018- System and 2 1000517 BusyBox wget 1000517 Services Buffer Overflow
OS-OTHER multiple Operating operating systems DHCP CVE-2008- System and 1 option overflow 0084 Services attempt
OS-WINDOWS Microsoft Windows Operating CVE-2017- CVE-2017-0145 SMB System and 2 0145 Server SMBv1 Buffer Services Overflow
October 2019 Page 15 of 27 IPS Signature Update
OS-WINDOWS Microsoft Windows Operating CVE-2018- Defender CVE-2018- System and 2 0986 0986 Remote Code Services Execution Vulnerability
OS-WINDOWS Microsoft Windows Operating CVE-2018- Graphics Device CVE- System and 3 8424 2018-8424 Interface Services Information Disclosure
OS-WINDOWS Microsoft Windows Operating Remote Desktop CVE-2019- System and 1 Services CVE-2019-1182 1182 Services Remote Code Execution Vulnerability
OS-WINDOWS Microsoft Windows Operating CVE-2017- SMB Server SMBv1 CVE- System and 2 0144 2017-0144 Memory Services Corruption
OS-WINDOWS Microsoft Windows Operating SMBv1 WriteAndX and CVE-2017- System and 1 TransSecondaryRequest 0145 Services TotalDataCount out of bounds write attempt
PROTOCOL-DNS NLnet Labs Unbound NOTIFY CVE-2019- DNS 1 Queries Denial of 11779 Service Vulnerability
PROTOCOL-IMAP Dovecot and Pigeonhole CVE-2019- Other Mail 1 Remote Code Execution 11500 Server Vulnerability
October 2019 Page 16 of 27 IPS Signature Update
PROTOCOL-RPC Operating FreeBSD NFS Server CVE-2018- System and 2 NFSv4 Opcode Out-of- 17157 Services Bounds Write
PROTOCOL-RPC Linux kernel NFSv3 Operating CVE-2017- malformed WRITE System and 1 7895 arbitrary memory read Services attempt
SERVER-APACHE Apache httpd CVE-2018-8011 CVE-2018- Apache HTTP 2 mod_md Null Pointer 8011 Server Dereference
SERVER-APACHE Apache CVE-2015- Apache HTTP Qpid Sequence Set 1 0203 Server Denial of Service
SERVER-APACHE Apache CVE-2019- Apache HTTP Solr DataImportHandler 1 0193 Server Remote Code Execution
SERVER-APACHE Apache CVE-2015- Apache HTTP Subversion svn Protocol 1 5259 Server Parser Integer Overflow
SERVER-APACHE Apache Subversion svnserve CVE-2015- Apache HTTP 1 integer overflow 5259 Server attempt
SERVER-APACHE Apache Tomcat CVE-2017- CVE-2017- Apache HTTP 12615 HTTP PUT 2 12615 Server Windows Remote Code Execution
SERVER-APACHE Apache CVE-2017- Apache HTTP 2 Tomcat HTTP PUT CVE- 12615 Server 2017-12615 Windows
October 2019 Page 17 of 27 IPS Signature Update
Remote Code Execution
SERVER-MAIL IBM Domino IMAP Mailbox CVE-2017- Other Mail 3 Name Stack Buffer 1274 Server Overflow
SERVER-OTHER Adobe ColdFusion CVE-2017- CVE-2017- Other Web 11283 2 11283 Server DataServicesCFProxy Insecure Deserialization
SERVER-OTHER Adobe ColdFusion CVE-2018- 4939 CVE-2018- Other Web 3 DataServicesCFProxy 4939 Server ROME Framework Insecure Deserialization
SERVER-OTHER Advantech WebAccess CVE-2016- Other Web datacore Service 1 0857 Server Function 0x5228 strcpy Heap Buffer Overflow
SERVER-OTHER Advantech WebAccess CVE-2016- Other Web datacore Service 1 0856 Server Function 0x523a strcpy Buffer Overflow
SERVER-OTHER Advantech WebAccess Other Web Node spchapi and 2 Server tv_enua Stack Buffer Overflow
SERVER-OTHER CVE-2016- Other Web Advantech WebAccess 1 webvrpcs Service 0856 Server BwWebSvc.dll Buffer
October 2019 Page 18 of 27 IPS Signature Update
Overflow
SERVER-OTHER Apple CUPS Text-to-PostScript CVE-2008- Other Web 4 texttops Filter Integer 3640 Server Overflow
SERVER-OTHER Atvise Other Web SCADA arbitrary file 4 Server disclosure attempt
SERVER-OTHER Cesanta CVE-2019- Other Web Mongoose parse_mqtt 1 12951 Server Out of Bounds Read
SERVER-OTHER Cesanta CVE-2019- Other Web Mongoose parse_mqtt 2 12951 Server Out of Bounds Read
SERVER-OTHER Cisco Prime Infrastructure CVE-2019- Other Web and EPNM 2 1821 Server UploadServlet Tar Directory Traversal
SERVER-OTHER Eclipse Mosquitto MQTT CVE-2019- Other Web 1 SUBSCRIBE Topic Stack 11779 Server Overflow Vulnerability
SERVER-OTHER Eclipse Mosquitto MQTT CVE-2019- Other Web 4 SUBSCRIBE Topic Stack 11779 Server Overflow Vulnerability
SERVER-OTHER libVNC LibVNCClient CoRRE CVE-2018- Other Web Heap-based Buffer 4 20020 Server Overflow CVE-2018- 20020
SERVER-OTHER libVNC CVE-2018- Other Web 2
October 2019 Page 19 of 27 IPS Signature Update
LibVNCServer File 15127 Server Transfer Extension Heap-based Buffer Overflow
SERVER-OTHER libVNC LibVNCServer File CVE-2018- Other Web Transfer Extension 4 15127 Server Heap-based Buffer Overflow
SERVER-OTHER Lighttpd CVE-2019- Other Web url-path-2f-decode 4 11072 Server Denial-Of-Service
SERVER-OTHER Microsoft Exchange CVE-2018- Other Web Server NTLM CVE-2018- 3 8581 Server 8581 CVE-2019-0686 relay attack attempt
SERVER-OTHER Netatalk dsi_opensession CVE-2018- Other Web Attention Quantum 1 1160 Server Out-of-bounds Write (Published Exploit)
SERVER-OTHER NTPsec ntpd CVE-2019-6443 CVE-2019- Other Web 2 ctl_getitem Out of 6443 Server Bounds Read
SERVER-OTHER NTPsec ntpd CVE-2019-6443 CVE-2019- Other Web 3 ctl_getitem Out of 6443 Server Bounds Read
SERVER-OTHER Pivotal Spring Framework CVE- CVE-2018- Other Web 2018-1273 2 1273 Server isWritableProperty SpEL Injection
October 2019 Page 20 of 27 IPS Signature Update
SERVER-OTHER Rockwell Automation CVE-2019- Other Web RSLinx Classic Forward 2 6553 Server Open Electronic Key Stack Buffer Overflow
SERVER-OTHER UltraVNC VNC Server CVE-2019-8274 File CVE-2019- Other Web 4 Transfer Offer Handler 8274 Server Heap-based Buffer Overflow
SERVER-OTHER WordPress Web Services wp_user_roles and 1 configuration change Applications attempt
SERVER-WEBAPP Web Services CVE-2016- Apache TomEE java and 1 0779 deserialization attempt Applications
SERVER-WEBAPP CA Web Services CVE-2016- eHealth command and 2 6152 injection attempt Applications
SERVER-WEBAPP Cisco Web Services IOS XE WebUI Privileged CVE-2019- and 1 Command Injection 12650 Applications Vulnerability
SERVER-WEBAPP Cisco Prime Data Center Web Services Network Manager CVE-2019- and 1 fileUpload Arbitrary File 1620 Applications Upload (Decrypted Traffic)
Web Services SERVER-WEBAPP Cisco CVE-2019- and 3 Prime Data Center 1620 Network Manager Applications
October 2019 Page 21 of 27 IPS Signature Update
fileUpload Arbitrary File Upload (encrypted Traffic)
SERVER-WEBAPP Dell EMC VMAX CVE-2018- Web Services 1216 Virtual Appliance CVE-2018- and 2 Manager 1216 Applications Authentication Bypass (Decrypted Traffic)
SERVER-WEBAPP HPE IMC Web Services CVE-2019- OperatorGroupTreeSele and 1 5374 ctBean Expression Applications Language Injection
SERVER-WEBAPP HPE Intelligent Management Web Services Center CVE-2017- and 2 FileDownloadServlet 5795 Applications fileName Directory Traversal
SERVER-WEBAPP HPE Intelligent Management Web Services Center CVE-2019- and 2 ViewBatchTaskResultDe 5386 Applications tailBean Language Injection
SERVER-WEBAPP HP Web Services IMC TopoMsgServlet CVE-2017- and 1 arbitrary Java object 8966 Applications deserialization attempt
SERVER-WEBAPP Web Services Joomla! CMS CVE-2018- CVE-2018- and 2 8045 User Notes List 8045 Applications View SQL Injection
SERVER-WEBAPP Web Services CVE-2017- 2 Joomla! com_fields SQL and
October 2019 Page 22 of 27 IPS Signature Update
Injection 8917 Applications
SERVER-WEBAPP ManageEngine Web Services CVE-2017- Applications Manager and 2 16849 mypage.do SQL Applications injection attempt
SERVER-WEBAPP ManageEngine Web Services Applications Manager CVE-2018- and 1 testCredential.do 7890 Applications command injection attempt
SERVER-WEBAPP Mitsubishi Electric CVE- Web Services CVE-2017- 2017-9638 E-Designer and 4 9638 SetupAlarm Font Stack Applications Buffer Overflow
SERVER-WEBAPP Nagios Web Services CVE-2018- XI Magpie cURL and 2 15708 Argument Injection Applications
SERVER-WEBAPP OpenEMR Web Services CVE-2019- C_Document.class.php and 1 3964 view_action doc_id Applications Cross-Site Scripting
SERVER-WEBAPP PHP Web Services CVE-2016- phar extension remote and 2 4072 code execution attempt Applications
SERVER-WEBAPP PHP Web Services CVE-2017- Unserialize Integer and 1 5340 Overflow Attempt Applications
SERVER-WEBAPP PHP Web Services CVE-2016- ZipArchive and 2 3078 getFromIndex and Applications getFromName Integer
October 2019 Page 23 of 27 IPS Signature Update
Overflow
SERVER-WEBAPP Quest KACE Systems Management Appliance Web Services CVE-2018- CVE-2018-11138 and 3 11138 download_agent_install Applications er.php Command Injection Attempt
SERVER-WEBAPP SoftNAS StorageCenter Web Services CVE-2018- snserv.php command and 2 14417 injection attempt CVE- Applications 2018-14417
SERVER-WEBAPP Trend Web Services CVE-2018- Micro Control Manager and 1 3606 SQL injection attempt Applications
SERVER-WEBAPP Trend Web Services Micro DDEI directory and 1 traversal attempt Applications
SERVER-WEBAPP Web Services Wordpress Admin panel and 1 delete action cross site Applications scripting attempt
SERVER-WEBAPP Web Services WordPress Rencontre CVE-2019- and 1 plugin cross site 13413 Applications scripting attempt
SERVER-WEBAPP Web Services WordPress Rencontre CVE-2019- and 1 plugin SQL injection 13413 Applications attempt
SERVER-WEBAPP Web Services CVE-2017- WP_Query plugin SQL and 1 5611 injection attempt Applications
October 2019 Page 24 of 27 IPS Signature Update
SERVER-WEBAPP WP Web Services Statistics cross site and 1 scripting attempt Applications
October 2019 Page 25 of 27 IPS Signature Update
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
October 2019 Page 26 of 27 IPS Signature Update
Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com
October 2019 Page 27 of 27