SOPHOS IPS Signature Update Release Notes

Version : 9.16.41 Release Date : 31st October 2019 IPS Signature Update

Release Information

Upgrade Applicable on

IPS Signature Release Version 9.16.40 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650

Upgrade Information Upgrade type: Automatic

Compatibility Annotations: None

Introduction The Release Note document for IPS Signature Database Version 9.16.41 includes support for the new signatures. The following sections describe the release in detail.

New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected], along with the application details.

October 2019 Page 2 of 27 IPS Signature Update

This IPS Release includes Two Hundred and Fifteen(215) signatures to address One Hundred and Eighty One(181) vulnerabilities. New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-IE Microsoft Edge resource entry Browsers 1 same-origin-policy bypass attempt

BROWSER-IE Microsoft Internet Explorer CVE- 2015-6140 CVE-2015- Browsers 1 SComputedStyle 6140 destructor out of bounds read attempt

BROWSER-IE Microsoft Internet Explorer CVE-2015- GetPlainText negative Browsers 1 6084 start index out of bounds write attempt

BROWSER-IE Microsoft Internet Explorer CVE-2015- Browsers 1 TextBlock out of bounds 6159 read attempt

FILE-FLASH Adobe Flash CVE-2016-9163 Remote CVE-2016- Multimedia 1 Code Execution 9163 Vulnerability II

FILE-FLASH Adobe Flash Player AAC audio CVE-2016- Multimedia 1 memory corruption 0970 attempt

FILE-FLASH Adobe Flash CVE-2016- Multimedia 1 Player 4185 ABRControlParameters

October 2019 Page 3 of 27 IPS Signature Update

access memory corruption attempt

FILE-FLASH Adobe Flash Player ActiveX same CVE-2019- Application 1 origin method 8069 and execution attempt

FILE-FLASH Adobe Flash Player BitmapData CVE-2016- Multimedia 1 method memory 0969 corruption attempt

FILE-FLASH Adobe Flash Player BlurFilter CVE-2016- Multimedia 2 memory corruption 0964 attempt

FILE-FLASH Adobe Flash Player CVE-2015-8426 CVE-2015- Multimedia 1 TextField setter Use 8426 After Free Attempt

FILE-FLASH Adobe Flash Player CVE-2018-12824 CVE-2018- Multimedia 2 Information Disclosure 12827 Vulnerability

FILE-FLASH Adobe Flash CVE-2008- Player CVE-2018-15982 Multimedia 2 2992 Use After Free

FILE-FLASH Adobe Flash Player ExportAssets CVE-2016- Multimedia 1 count memory 1012 corruption attempt

FILE-FLASH Adobe Flash Player FLV invalid CVE-2016- reference frame count Multimedia 1 0972 memory corruption attempt

October 2019 Page 4 of 27 IPS Signature Update

FILE-FLASH Adobe Flash Player hitTest CVE-2016- BitmapData object Multimedia 1 0963 integer overflow attempt

FILE-FLASH Adobe Flash Player invalid CVE-2016- sourceRect copyPixels Multimedia 1 0968 heap corruption attempt

FILE-FLASH Adobe Flash Player JPEG handling CVE-2016- Multimedia 1 memory corruption 4229 attempt

FILE-FLASH Adobe Flash CVE-2016- Player list filter memory Multimedia 1 0965 corruption attempt

FILE-FLASH Adobe Flash Player M3U8 parser CVE-2015- Multimedia 1 logic memory 8457 corruption attempt

FILE-FLASH Adobe Flash Player malformed tag CVE-2016- Multimedia 1 out of bounds read 4176 attempt

FILE-FLASH Adobe Flash Player MP3 ID3 data CVE-2015- Multimedia 1 parsing heap buffer 8446 overflow attempt

FILE-FLASH Adobe Flash Player onSetFocus CVE-2017- Multimedia 1 movieclip use after free 2932 attempt

FILE-FLASH Adobe Flash CVE-2015- Multimedia 1

October 2019 Page 5 of 27 IPS Signature Update

Player oversize source 8419 bitmap memory corruption attempt

FILE-FLASH Adobe Flash Player Point object CVE-2016- Multimedia 1 integer overflow 0976 attempt

FILE-FLASH Adobe Flash Player Point object CVE-2016- Multimedia 1 integer overflow 0979 attempt

FILE-FLASH Adobe Flash Player ShaderParameter CVE-2015- Multimedia 1 integer overflow 8445 attempt

FILE-FLASH Adobe Flash Player SharedObject CVE-2015- Multimedia 1 send stack buffer 8407 overflow attempt

FILE-FLASH Adobe Flash Player CVE-2017- ShimContentResolver Multimedia 1 2996 out of bounds memory access attempt

FILE-FLASH Adobe Flash CVE-2016- Player si32 integer Multimedia 1 0993 overflow attempt

FILE-FLASH Adobe Flash Player String length CVE-2015- Multimedia 1 heap buffer overflow 8438 attempt

FILE-FLASH Adobe Flash CVE-2016- Player TextLine memory Multimedia 1 0966 corruption attempt

October 2019 Page 6 of 27 IPS Signature Update

FILE-FLASH Adobe Flash Player toString type CVE-2016- Multimedia 1 confusion memory 1019 corruption attempt

FILE-IDENTIFY Adobe Acrobat JOBOPTIONS CVE-2019- Application 4 File Parsing Out of 7111 and Software Bounds Write

FILE-IDENTIFY FDF file Application 4 download request and Software

FILE-IMAGE Adobe Acrobat CVE-2017- CVE-2017- 16399 XPS unicode Multimedia 2 16399 glyph pointer out of bounds

FILE-MULTIMEDIA Adobe Acrobat CVE-2017- ImageConversion EMF Multimedia 3 11227 Parsing Integer Overflow

FILE-OFFICE LibreOffice CVE-2018-6871 CVE-2018- Office Tools 2 WEBSERVICE 6871 Information Disclosure

FILE-OFFICE Microsoft CVE-2018- Excel out of bounds Office Tools 2 1030 read attempt

FILE-OFFICE Microsoft Office CVE-2018-1028 CVE-2018- Office Tools 2 Remote Code Execution 1028 Vulnerability

FILE-OFFICE Microsoft CVE-2017- Office Tools 1 Office Equation Editor 11882 object stack buffer

October 2019 Page 7 of 27 IPS Signature Update

overflow attempt

FILE-OFFICE Microsoft Office Word OGL CVE-2015- Office Tools 1 module out of bounds 6106 read attempt

FILE-OTHER Acrobat Reader CVE-2018-12761 CVE-2018- Application 1 Information Disclosure 12761 and Software Vulnerability

FILE-OTHER Acrobat Reader CVE-2018-12856 CVE-2018- Application 2 Information Disclosure 12856 and Software Vulnerability

FILE-OTHER Adobe Acrobat and Reader CVE-2018- Application docID Stack Buffer 2 4901 and Software Overflow crash CVE- 2018-4901

FILE-OTHER Adobe Acrobat and Reader CVE-2018- Application docID Stack Buffer 2 4901 and Software Overflow leak CVE- 2018-4901

FILE-OTHER Adobe Acrobat CVE-2018- CVE-2018- Application 2 15986 Memory 15986 and Software Corruption

FILE-OTHER Adobe Acrobat EMF CVE-2018- CVE-2018- Application 5067 EmfPlusDrawLines 2 5067 and Software Count Heap Buffer Overflow

FILE-OTHER Adobe CVE-2018- Application 2 Acrobat EMF 16020 and Software EMR_CREATEMONOBR

October 2019 Page 8 of 27 IPS Signature Update

USH out-of-bounds write attempt

FILE-OTHER Adobe Acrobat EMF file GIF CVE-2017- Application 2 sub-block memory 11260 and Software corruption attempt

FILE-OTHER Adobe Acrobat JavaScript CVE-2019- Application 2 engine security bypass 7041 and Software attempt

FILE-OTHER Adobe Acrobat JOBOPTIONS CVE-2019- Application 2 File Parsing Out of 7111 and Software Bounds Write

FILE-OTHER Adobe CVE-2019- Application Acrobat out-of-bounds 2 7122 and Software read attempt

FILE-OTHER Adobe CVE-2019- Application Acrobat out-of-bounds 2 7127 and Software read attempt

FILE-OTHER Adobe Acrobat PostScript file CVE-2019- Application 2 parsing TBuildCharDict 7084 and Software use after free attempt

FILE-OTHER Adobe Acrobat Pro CVE-2018- CVE-2018- Application 19704 XPS file image- 2 19704 and Software load out-of-bounds read attempt

FILE-OTHER Adobe Acrobat pro CVE-2018- CVE-2018- Application 1 4916 Out Of Bounds 4916 and Software Read Attempt

October 2019 Page 9 of 27 IPS Signature Update

FILE-OTHER Adobe CVE-2019- Application Acrobat type confusion 2 7069 and Software attempt

FILE-OTHER Adobe CVE-2019- Application Acrobat type confusion 2 7128 and Software attempt

FILE-OTHER Adobe Acrobat XPS Path CVE-2018- Application 1 Element Out of Bounds 4898 and Software Write CVE-2018-4898

FILE-OTHER Adobe Photoshop CVE-2016- CVE-2016- Application 0953 CC Bridge CC IFF 2 0953 and Software File Parsing Buffer Overflow

FILE-OTHER Adobe CVE-2019- Application Reader CVE-2019-7828 2 7828 and Software Heap Overflow

FILE-OTHER Adobe Reader EMF CVE-2018- CVE-2018- Application 2 15990 Remote Code 15990 and Software Execution

FILE-OTHER Adobe CVE-2018- Application Reader EMF CVE-2018- 2 16006 and Software 16006 Use After Free

FILE-OTHER Adobe CVE-2018- Application Reader XPS CVE-2018- 2 16015 and Software 16015 Out Of Bounds

FILE-OTHER Delta Industrial Automation CVE-2019- Application CNCSoft ScreenEditor 4 10947 and Software DPB wFontTextLen Stack Buffer Overflow

October 2019 Page 10 of 27 IPS Signature Update

FILE-OTHER Microsoft CVE-2017- Application Graphics remote code 2 11763 and Software execution attempt

FILE-OTHER Microsoft CVE-2018- Application Graphics remote code 2 8344 and Software execution attempt

FILE-OTHER Defender CVE-2018- Application malformed RAR 2 0986 and Software memory corruption attempt

FILE-OTHER Microsoft CVE-2017- Application Windows TTF file out of 1 0083 and Software bounds access attempt

FILE-OTHER TrueType Font Windows EOT font CVE-2018- Application 2 engine remote code 1016 and Software execution attempt

FILE-OTHER VMware CVE-2019- Application Fusion Guest VM 2 5514 and Software Remote Code Execution

FILE-PDF Acrobat Reader CVE-2018-12761 CVE-2018- Application 1 Information Disclosure 12761 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-12764 CVE-2018- Application 1 Information Disclosure 12764 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-12764 CVE-2018- Application 2 Information Disclosure 12764 and Software Vulnerability

October 2019 Page 11 of 27 IPS Signature Update

FILE-PDF Acrobat Reader CVE-2018-12774 CVE-2018- Application 1 Information Disclosure 12774 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-12774 CVE-2018- Application 1 Information Disclosure 12774 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5050 CVE-2018- Application 1 Information Disclosure 5050 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5050 CVE-2018- Application 1 Information Disclosure 5050 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5054 CVE-2018- Application 1 Information Disclosure 5054 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5054 CVE-2018- Application 1 Information Disclosure 5054 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5056 CVE-2018- Application 1 Information Disclosure 5056 and Software Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5056 CVE-2018- Application 1 Information Disclosure 5056 and Software Vulnerability

CVE-2018- Application FILE-PDF Acrobat 1 Reader CVE-2018-5063 5063 and Software

October 2019 Page 12 of 27 IPS Signature Update

Information Disclosure Vulnerability

FILE-PDF Acrobat Reader CVE-2018-5063 CVE-2018- Application 2 Information Disclosure 5063 and Software Vulnerability

FILE-PDF Adobe Acrobat and Reader JPEG2000 CVE-2018- Application 1 Parsing Out of Bounds 4990 and Software Read

FILE-PDF Adobe Acrobat and Reader Text Field CVE-2019- Application 2 Value Remote Code 7125 and Software Execution

FILE-PDF Adobe Acrobat CVE-2018- Application PDF out-of-bounds read 2 19717 and Software attempt

FILE-PDF Adobe Acrobat Reader CVE-2018-19717 CVE-2018- Application 2 Remote Code Execution 19717 and Software Vulnerability

FILE-PDF Adobe Acrobat Reader CVE-2019-7121 CVE-2019- Application 2 IFF Information 7121 and Software Disclosure

FILE-PDF Adobe Acrobat CVE-2019- Application Reader CVE-2019-7789 3 7789 and Software Out Of Bounds Read

FILE-PDF Adobe Acrobat CVE-2019- Application Reader CVE-2019-7811 4 7811 and Software Out Of Bounds Read

CVE-2017- Application FILE-PDF Adobe Acrobat 1 Reader embedded JPEG 3055 and Software

October 2019 Page 13 of 27 IPS Signature Update

2000 flst heap overflow attempt

FILE-PDF Adobe Acrobat Reader JPEG handling CVE-2016- Application 1 memory corruption 4252 and Software attempt

FILE-PDF Adobe Acrobat Reader malformed CVE-2016- Application embeded TTF file 2 4201 and Software memory corruption attempt

FILE-PDF Adobe Acrobat Reader malformed CVE-2016- Application embeded TTF file 1 4205 and Software memory corruption attempt

FILE-PDF Adobe Acrobat CVE-2018- Application Reader OCG heap 2 4910 and Software overflow attempt

FILE-PDF Adobe Acrobat Reader pdfshell preview CVE-2016- Application 1 mode - possible denial 0942 and Software of service attempt

FILE-PDF Adobe Acrobat U3D Bone Weight CVE-2016- Application 1 Modifier memory 0933 and Software corruption attempt

FILE-PDF Adobe Reader CTJPEGDecoderReadNe CVE-2016- Application 1 xtTile out of bounds 1077 and Software read attempt

FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-4957 2 4957 and Software Information Disclosure

October 2019 Page 14 of 27 IPS Signature Update

FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-4973 4 4973 and Software Information Disclosure

FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-5017 Out Of 2 5017 and Software Bounds Read

FILE-PDF Adobe Reader CVE-2019- Application CVE-2019-7802 Out Of 2 7802 and Software Bounds Read

FILE-PDF Adobe Reader PDF embedded JPEG CVE-2016- Application 1 memory corruption 1088 and Software attempt

FILE-PDF Adobe Reader XFA javascript out of CVE-2016- Application 1 bound memory 1072 and Software corruption attempt

MALWARE-OTHER Malware Malware 2 Worm.Win32.Wcry.A Communication Runtime Detection

OS-OTHER BusyBox Operating Project CVE-2018- CVE-2018- System and 2 1000517 BusyBox wget 1000517 Services Buffer Overflow

OS-OTHER multiple Operating operating systems DHCP CVE-2008- System and 1 option overflow 0084 Services attempt

OS-WINDOWS Microsoft Windows Operating CVE-2017- CVE-2017-0145 SMB System and 2 0145 Server SMBv1 Buffer Services Overflow

October 2019 Page 15 of 27 IPS Signature Update

OS-WINDOWS Microsoft Windows Operating CVE-2018- Defender CVE-2018- System and 2 0986 0986 Remote Code Services Execution Vulnerability

OS-WINDOWS Microsoft Windows Operating CVE-2018- Graphics Device CVE- System and 3 8424 2018-8424 Interface Services Information Disclosure

OS-WINDOWS Microsoft Windows Operating Remote Desktop CVE-2019- System and 1 Services CVE-2019-1182 1182 Services Remote Code Execution Vulnerability

OS-WINDOWS Microsoft Windows Operating CVE-2017- SMB Server SMBv1 CVE- System and 2 0144 2017-0144 Memory Services Corruption

OS-WINDOWS Microsoft Windows Operating SMBv1 WriteAndX and CVE-2017- System and 1 TransSecondaryRequest 0145 Services TotalDataCount out of bounds write attempt

PROTOCOL-DNS NLnet Labs Unbound NOTIFY CVE-2019- DNS 1 Queries Denial of 11779 Service Vulnerability

PROTOCOL-IMAP Dovecot and Pigeonhole CVE-2019- Other Mail 1 Remote Code Execution 11500 Server Vulnerability

October 2019 Page 16 of 27 IPS Signature Update

PROTOCOL-RPC Operating FreeBSD NFS Server CVE-2018- System and 2 NFSv4 Opcode Out-of- 17157 Services Bounds Write

PROTOCOL-RPC Linux kernel NFSv3 Operating CVE-2017- malformed WRITE System and 1 7895 arbitrary memory read Services attempt

SERVER-APACHE Apache httpd CVE-2018-8011 CVE-2018- Apache HTTP 2 mod_md Null Pointer 8011 Server Dereference

SERVER-APACHE Apache CVE-2015- Apache HTTP Qpid Sequence Set 1 0203 Server Denial of Service

SERVER-APACHE Apache CVE-2019- Apache HTTP Solr DataImportHandler 1 0193 Server Remote Code Execution

SERVER-APACHE Apache CVE-2015- Apache HTTP Subversion svn Protocol 1 5259 Server Parser Integer Overflow

SERVER-APACHE Apache Subversion svnserve CVE-2015- Apache HTTP 1 integer overflow 5259 Server attempt

SERVER-APACHE CVE-2017- CVE-2017- Apache HTTP 12615 HTTP PUT 2 12615 Server Windows Remote Code Execution

SERVER-APACHE Apache CVE-2017- Apache HTTP 2 Tomcat HTTP PUT CVE- 12615 Server 2017-12615 Windows

October 2019 Page 17 of 27 IPS Signature Update

Remote Code Execution

SERVER-MAIL IBM Domino IMAP Mailbox CVE-2017- Other Mail 3 Name Stack Buffer 1274 Server Overflow

SERVER-OTHER Adobe ColdFusion CVE-2017- CVE-2017- Other Web 11283 2 11283 Server DataServicesCFProxy Insecure Deserialization

SERVER-OTHER Adobe ColdFusion CVE-2018- 4939 CVE-2018- Other Web 3 DataServicesCFProxy 4939 Server ROME Framework Insecure Deserialization

SERVER-OTHER Advantech WebAccess CVE-2016- Other Web datacore Service 1 0857 Server Function 0x5228 strcpy Heap Buffer Overflow

SERVER-OTHER Advantech WebAccess CVE-2016- Other Web datacore Service 1 0856 Server Function 0x523a strcpy Buffer Overflow

SERVER-OTHER Advantech WebAccess Other Web Node spchapi and 2 Server tv_enua Stack Buffer Overflow

SERVER-OTHER CVE-2016- Other Web Advantech WebAccess 1 webvrpcs Service 0856 Server BwWebSvc.dll Buffer

October 2019 Page 18 of 27 IPS Signature Update

Overflow

SERVER-OTHER Apple CUPS Text-to-PostScript CVE-2008- Other Web 4 texttops Filter Integer 3640 Server Overflow

SERVER-OTHER Atvise Other Web SCADA arbitrary file 4 Server disclosure attempt

SERVER-OTHER Cesanta CVE-2019- Other Web Mongoose parse_mqtt 1 12951 Server Out of Bounds Read

SERVER-OTHER Cesanta CVE-2019- Other Web Mongoose parse_mqtt 2 12951 Server Out of Bounds Read

SERVER-OTHER Cisco Prime Infrastructure CVE-2019- Other Web and EPNM 2 1821 Server UploadServlet Tar Directory Traversal

SERVER-OTHER Eclipse Mosquitto MQTT CVE-2019- Other Web 1 SUBSCRIBE Topic Stack 11779 Server Overflow Vulnerability

SERVER-OTHER Eclipse Mosquitto MQTT CVE-2019- Other Web 4 SUBSCRIBE Topic Stack 11779 Server Overflow Vulnerability

SERVER-OTHER libVNC LibVNCClient CoRRE CVE-2018- Other Web Heap-based Buffer 4 20020 Server Overflow CVE-2018- 20020

SERVER-OTHER libVNC CVE-2018- Other Web 2

October 2019 Page 19 of 27 IPS Signature Update

LibVNCServer File 15127 Server Transfer Extension Heap-based Buffer Overflow

SERVER-OTHER libVNC LibVNCServer File CVE-2018- Other Web Transfer Extension 4 15127 Server Heap-based Buffer Overflow

SERVER-OTHER CVE-2019- Other Web url-path-2f-decode 4 11072 Server Denial-Of-Service

SERVER-OTHER Microsoft Exchange CVE-2018- Other NTLM CVE-2018- 3 8581 Server 8581 CVE-2019-0686 relay attack attempt

SERVER-OTHER Netatalk dsi_opensession CVE-2018- Other Web Attention Quantum 1 1160 Server Out-of-bounds Write (Published Exploit)

SERVER-OTHER NTPsec ntpd CVE-2019-6443 CVE-2019- Other Web 2 ctl_getitem Out of 6443 Server Bounds Read

SERVER-OTHER NTPsec ntpd CVE-2019-6443 CVE-2019- Other Web 3 ctl_getitem Out of 6443 Server Bounds Read

SERVER-OTHER Pivotal Spring Framework CVE- CVE-2018- Other Web 2018-1273 2 1273 Server isWritableProperty SpEL Injection

October 2019 Page 20 of 27 IPS Signature Update

SERVER-OTHER Rockwell Automation CVE-2019- Other Web RSLinx Classic Forward 2 6553 Server Open Electronic Key Stack Buffer Overflow

SERVER-OTHER UltraVNC VNC Server CVE-2019-8274 File CVE-2019- Other Web 4 Transfer Offer Handler 8274 Server Heap-based Buffer Overflow

SERVER-OTHER WordPress Web Services wp_user_roles and 1 configuration change Applications attempt

SERVER-WEBAPP Web Services CVE-2016- Apache TomEE java and 1 0779 deserialization attempt Applications

SERVER-WEBAPP CA Web Services CVE-2016- eHealth command and 2 6152 injection attempt Applications

SERVER-WEBAPP Cisco Web Services IOS XE WebUI Privileged CVE-2019- and 1 Command Injection 12650 Applications Vulnerability

SERVER-WEBAPP Cisco Prime Data Center Web Services Network Manager CVE-2019- and 1 fileUpload Arbitrary File 1620 Applications Upload (Decrypted Traffic)

Web Services SERVER-WEBAPP Cisco CVE-2019- and 3 Prime Data Center 1620 Network Manager Applications

October 2019 Page 21 of 27 IPS Signature Update

fileUpload Arbitrary File Upload (encrypted Traffic)

SERVER-WEBAPP Dell EMC VMAX CVE-2018- Web Services 1216 Virtual Appliance CVE-2018- and 2 Manager 1216 Applications Authentication Bypass (Decrypted Traffic)

SERVER-WEBAPP HPE IMC Web Services CVE-2019- OperatorGroupTreeSele and 1 5374 ctBean Expression Applications Language Injection

SERVER-WEBAPP HPE Intelligent Management Web Services Center CVE-2017- and 2 FileDownloadServlet 5795 Applications fileName Directory Traversal

SERVER-WEBAPP HPE Intelligent Management Web Services Center CVE-2019- and 2 ViewBatchTaskResultDe 5386 Applications tailBean Language Injection

SERVER-WEBAPP HP Web Services IMC TopoMsgServlet CVE-2017- and 1 arbitrary Java object 8966 Applications deserialization attempt

SERVER-WEBAPP Web Services Joomla! CMS CVE-2018- CVE-2018- and 2 8045 User Notes List 8045 Applications View SQL Injection

SERVER-WEBAPP Web Services CVE-2017- 2 Joomla! com_fields SQL and

October 2019 Page 22 of 27 IPS Signature Update

Injection 8917 Applications

SERVER-WEBAPP ManageEngine Web Services CVE-2017- Applications Manager and 2 16849 mypage.do SQL Applications injection attempt

SERVER-WEBAPP ManageEngine Web Services Applications Manager CVE-2018- and 1 testCredential.do 7890 Applications command injection attempt

SERVER-WEBAPP Mitsubishi Electric CVE- Web Services CVE-2017- 2017-9638 E-Designer and 4 9638 SetupAlarm Font Stack Applications Buffer Overflow

SERVER-WEBAPP Nagios Web Services CVE-2018- XI Magpie cURL and 2 15708 Argument Injection Applications

SERVER-WEBAPP OpenEMR Web Services CVE-2019- C_Document.class.php and 1 3964 view_action doc_id Applications Cross-Site Scripting

SERVER-WEBAPP PHP Web Services CVE-2016- phar extension remote and 2 4072 code execution attempt Applications

SERVER-WEBAPP PHP Web Services CVE-2017- Unserialize Integer and 1 5340 Overflow Attempt Applications

SERVER-WEBAPP PHP Web Services CVE-2016- ZipArchive and 2 3078 getFromIndex and Applications getFromName Integer

October 2019 Page 23 of 27 IPS Signature Update

Overflow

SERVER-WEBAPP Quest KACE Systems Management Appliance Web Services CVE-2018- CVE-2018-11138 and 3 11138 download_agent_install Applications er.php Command Injection Attempt

SERVER-WEBAPP SoftNAS StorageCenter Web Services CVE-2018- snserv.php command and 2 14417 injection attempt CVE- Applications 2018-14417

SERVER-WEBAPP Trend Web Services CVE-2018- Micro Control Manager and 1 3606 SQL injection attempt Applications

SERVER-WEBAPP Trend Web Services Micro DDEI directory and 1 traversal attempt Applications

SERVER-WEBAPP Web Services Wordpress Admin panel and 1 delete action cross site Applications scripting attempt

SERVER-WEBAPP Web Services WordPress Rencontre CVE-2019- and 1 plugin cross site 13413 Applications scripting attempt

SERVER-WEBAPP Web Services WordPress Rencontre CVE-2019- and 1 plugin SQL injection 13413 Applications attempt

SERVER-WEBAPP Web Services CVE-2017- WP_Query plugin SQL and 1 5611 injection attempt Applications

October 2019 Page 24 of 27 IPS Signature Update

SERVER-WEBAPP WP Web Services Statistics cross site and 1 scripting attempt Applications

October 2019 Page 25 of 27 IPS Signature Update

 Name: Name of the Signature

 CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

 Category: Class type according to threat

 Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical

October 2019 Page 26 of 27 IPS Signature Update

Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com

October 2019 Page 27 of 27