SOPHOS IPS Signature Update Release Notes
Version : 7.16.82 Release Date : 25th February 2020 IPS Signature Update
Release Information
Upgrade Applicable on IPS Signature Release Version 7.16.81 Sophos Appliance Models XG-550, XG-750, XG-650
Upgrade Information Upgrade type: Automatic
Compatibility Annotations: None
Introduction The Release Note document for IPS Signature Database Version 7.16.82 includes support for the new signatures. The following sections describe the release in detail.
New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected], along with the application details.
February 2020 Page 2 of 31 IPS Signature Update
This IPS Release includes Two Hundred and Ninety One(291) signatures to address Two Hundred and Seventeen(217) vulnerabilities. New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-CHROME Google Chrome V8 Browsers 2 engine memory corruption attempt
BROWSER-CHROME V8 JavaScript engine Out- Browsers 2 of-Memory denial of service attempt
BROWSER-FIREFOX Mozilla Firefox CVE-2005- JavaScript engine Browsers 3 2705 integer overflow attempt
BROWSER-FIREFOX Mozilla Thunderbird CVE-2006- WYSIWIG Engine Browsers 2 0884 Filtering IFRAME JavaScript Execution
BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine CVE-2006- Browsers 2 filtering IFRAME 0884 JavaScript execution attempt
BROWSER-IE ActiveX drmstor.dll Microsoft CVE-2006- Windows DRM CVE- Browsers 1 5448 2006-5448 Code Execution
February 2020 Page 3 of 31 IPS Signature Update
BROWSER-IE Microsoft Edge Chakra JIT out of CVE-2018- Browsers 2 bounds information 8145 disclosure attempt
BROWSER-IE Microsoft CVE-2017- Edge out of bounds Browsers 2 11861 write attempt
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2019- Browsers 1 2019-1429 Use-After- 1429 Free Vulnerability
BROWSER-IE Microsoft Internet Explorer CVE-2019- Browsers 1 jscript.dll toJSON Use 1429 After Free
BROWSER-IE Microsoft Internet Explorer Select CVE-2010- Browsers 1 Element Memory 3345 Corruption
BROWSER-OTHER Cisco WebEx extension CVE-2017- Browsers 1 command execution 3823 attempt
BROWSER-OTHER HP Application Buffer Overflow CVE- 1 and Software 2008-0437
BROWSER-OTHER mIRC CVE-2003- Browsers 1 Buffer overflow 1336
BROWSER-OTHER WECON LeviStudio Application ShortMessage Module 1 and Software SMtext Stack Buffer Overflow
February 2020 Page 4 of 31 IPS Signature Update
BROWSER-OTHER WECON LeviStudio Application ShortMessage Module 4 and Software SMtext Stack Buffer Overflow
BROWSER-PLUGINS Hewlett Packard CVE- CVE-2007- 2007-2656 Browsers 2 2656 hpqvwocx.dll ActiveX Magview Overflow
BROWSER-PLUGINS HP Instant Support Browsers 2 DataManager ActiveX function call access
BROWSER-PLUGINS HP Operations Manager CVE-2010- Browsers 2 CVE-2010-1033 Buffer 1033 Overflow Vulnerability
BROWSER-PLUGINS IBM CVE-2015- SPSS Statistics ActiveX Browsers 2 8530 clsid access attempt
BROWSER-PLUGINS Microsoft Windows CVE-2010- Data Analyzer 3.5 Browsers 2 0252 ActiveX use-after-free attempt
BROWSER-PLUGINS Novell CVE-2008-2908 CVE-2008- iPrint Client ActiveX Browsers 4 2908 Control Stack Buffer Overflow
BROWSER-PLUGINS CVE-2008- Novell CVE-2008-2935 Browsers 2 iPrint Client ActiveX 2935 Control Stack Buffer
February 2020 Page 5 of 31 IPS Signature Update
Overflow
BROWSER-PLUGINS Novell Groupwise Client CVE-2009- Browsers 2 CVE-2009-3863 ActiveX 3863 Denial Of Service
BROWSER-PLUGINS Novell GroupWise CVE-2012- Client for Windows Browsers 1 0439 ActiveX Code Execution (Published Exploit)
BROWSER-PLUGINS Novell iPrint ActiveX Browsers 1 function call access
BROWSER-PLUGINS Novell iPrint Client CVE- CVE-2009- Browsers 2 2009-1568 Buffer 1568 Overflow
BROWSER-PLUGINS Novell iPrint Client ExecuteRequest debug Browsers 1 Parameter Buffer Overflow
BROWSER-PLUGINS Novell iPrint Client Browsers 1 GetDriverSettings Stack Buffer Overflow
BROWSER-PLUGINS Oracle EasyMail Objects CVE-2007- Browsers 1 ActiveX clsid access 4607 attempt
BROWSER-PLUGINS Oracle EasyMail Objects CVE-2007- Browsers 4 ActiveX clsid access 4607 attempt
February 2020 Page 6 of 31 IPS Signature Update
BROWSER-WEBKIT Apple Safari WebKit CVE-2019- Browsers 2 cached page memory 8822 corruption attempt
BROWSER-WEBKIT Apple Safari Webkit css CVE-2012- title CVE-2012-3684 Browsers 2 3684 Memory corruption attempt
BROWSER-WEBKIT Apple Safari WebKit CVE-2018- Browsers 1 memory corruption 4368 attempt
BROWSER-WEBKIT Apple Safari WebKit CVE-2019- Browsers 1 out-of-bounds read 8689 attempt
BROWSER-WEBKIT Apple Safari Webkit CVE-2018- Browsers 2 WebCore memory 4200 corruption attempt
BROWSER-WEBKIT Apple Webkit CVE-2018- updateMinimumColum Browsers 2 4323 nHeight use-after-free attempt
FILE-IDENTIFY Microsoft Windows Graphics CVE-2008- Application Rendering Engine BMP 4 3015 and Software File Parsing Integer Overflow
FILE-IMAGE Adobe CVE-2012- Photoshop Camera Raw Multimedia 2 plug-in TIFF image 5679 processing buffer
February 2020 Page 7 of 31 IPS Signature Update
underflow attempt
FILE-IMAGE Mutiple products libpng extra CVE-2010- Multimedia 1 row heap overflow 1205 attempt
FILE-MULTIMEDIA Microsoft Windows CVE-2008- Visual Basic 6.0 Multimedia 1 4255 malformed AVI buffer overflow attempt
FILE-OFFICE Microsoft Office Excel CVE-2019- Office Tools 1 WorksheetOptions Use 1448 After Free
FILE-OFFICE Microsoft Office Outlook CVE- CVE-2006- Office Tools 1 2006-1193 Web Access 1193 Script Injection Attempt
FILE-OFFICE Microsoft Office Outlook Web CVE-2005- Office Tools 3 Access Cross-Site 0563 Scripting attempt
FILE-OFFICE Microsoft Office Word Document CVE-2009- Office Tools 1 remote code execution 3135 attempt
FILE-OFFICE Microsoft Office Word invalid CVE-2008- sprmTDefTable length Office Tools 1 4837 stack buffer overflow attempt
FILE-OFFICE Microsoft CVE-2011- Office Tools 3 Windows Wordpad 0028 Converter sprmT record
February 2020 Page 8 of 31 IPS Signature Update
heap overflow attempt
FILE-OTHER Adobe Acrobat DC invalid TIFF CVE-2016- Application 2 tagtype out of bounds 1080 and Software read attempt
FILE-OTHER Adobe Acrobat JOBOPTIONS CVE-2019- Application 2 File Parsing Out of 7109 and Software Bounds Read
FILE-OTHER Cisco CVE-2016- Application WebEx player remote 2 1464 and Software code execution attempt
FILE-OTHER Cisco Webex Teams CVE- CVE-2019- Application 2 2019-1636 URI Handler 1636 and Software Remote Code Execution
FILE-OTHER ClamAV CVE-2006- Application UPX FileHandling Heap 2 4018 and Software overflow attempt
FILE-OTHER IBM Lotus CVE-2011- Application Notes LZH Attachment 1 1213 and Software Viewer buffer overflow
FILE-OTHER IBM Lotus Application Notes MIF Attachment 3 and Software Viewer Buffer Overflow
FILE-OTHER Norton Anti-Virus Application decompression bomb 1 and Software denial of service attempt
FILE-PDF Adobe Acrobat CVE-2019- Application 2 JOBOPTIONS File 7110 and Software Parsing Out of Bounds
February 2020 Page 9 of 31 IPS Signature Update
Read
FILE-PDF Adobe Acrobat CVE-2019- Application Pro DC AcroForm 1 8033 and Software setFocus Use After Free
FILE-PDF Adobe Acrobat Reader (Unix) Shell CVE-2004- Application 1 Metacharacter Code 0630 and Software Execution
FILE-PDF Adobe Reader and Acrobat CVE-2012- CVE-2012- Application 0774 TrueType Font 3 0774 and Software MINDEX Integer Overflow
Operating NETBIOS Session Service CVE-2004- System and 2 NetDDE attack 0206 Services
OS-OTHER VxWorks TCP Operating CVE-2019- URG Memory System and 1 12255 Corruption Attempt Services
OS-WINDOWS Microsoft Color Operating CVE-2008- Management System System and 1 2245 Crafted Path Name Services Buffer Overflow
OS-WINDOWS Microsoft Malware Operating CVE-2008- Protection Engine file System and 2 1437 processing denial of Services service attempt
OS-WINDOWS Microsoft Malware Operating CVE-2008- Protection Engine File System and 2 1437 Processing Denial Of Services Service
February 2020 Page 10 of 31 IPS Signature Update
OS-WINDOWS Operating Microsoft Win32k CVE-2020- System and 2 SendMinRectMessages 0726 Services use after free attempt
OS-WINDOWS Microsoft Windows CryptoAPI TLS server Operating CVE-2020- certificate public key System and 3 0601 with explicitly-defined Services ECC curve parameters attempt
OS-WINDOWS Microsoft Windows Operating CVE-2008- Graphics Rendering System and 2 3015 Engine BMP File Parsing Services Integer Overflow
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 1 Imaging API use after 1311 Services free attempt
OS-WINDOWS Operating Microsoft Windows Jet CVE-2019- System and 1 Database CVE-2019- 1406 Services 1406 Off By One
OS-WINDOWS Microsoft Windows Operating CVE-2019- MF3216 Component System and 1 1439 Heap-based Buffer Services Overflow
OS-WINDOWS Microsoft Windows Operating CVE-2019- MF3216 Component System and 4 1439 Heap-based Buffer Services Overflow
OS-WINDOWS CVE-2011- Operating 1
February 2020 Page 11 of 31 IPS Signature Update
Microsoft Windows 0096 System and MHTML XSS attempt Services
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 1 NtGdiPlgBlt out-of- 1438 Services bounds write attempt
OS-WINDOWS Operating Microsoft Windows OLE CVE-2017- System and 2 CVE-2017-8487 Global 8487 Services Buffer Overflow II
OS-WINDOWS Microsoft Windows Operating Remote Desktop CVE-2019- System and 1 Services license 1453 Services negotiation denial of service attempt
OS-WINDOWS Microsoft Windows Operating CVE-2004- Server 2000 WINS System and 1 0567 Remote Code Execution Services CVE-2004-0567
OS-WINDOWS Microsoft Windows Operating CVE-2007- Vista CVE-2007-1658 System and 2 1658 Windows Mail File Services Execution
OS-WINDOWS Microsoft Windows Operating CVE-2020- Win32k driver System and 1 0720 DestroyThreadsTimers Services use after free attempt
OS-WINDOWS Operating CVE-2020- Microsoft Windows System and 2 0720 Win32k driver Services DestroyThreadsTimers
February 2020 Page 12 of 31 IPS Signature Update
use after free attempt
OS-WINDOWS Microsoft Windows Operating CVE-2020- Win32k driver tagQ System and 1 0725 object use after free Services attempt
OS-WINDOWS Microsoft Windows Operating CVE-2019- Win32k kernel System and 1 1436 information disclosure Services attempt
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 1 win32k.sys memory 1393 Services corruption attempt
OS-WINDOWS Microsoft Windows Operating CVE-2020- win32k.sys rectangle System and 1 0745 region use after free Services attempt
OS-WINDOWS MIT Kerberos ASN.1 Operating CVE-2009- asn1_decode_generalti System and 1 0846 me Uninitialized Pointer Services Reference
PROTOCOL-FTP ABB CVE-2019- IDAL FTP server Buffer FTP 1 7231 Overflow Vulnerability
PROTOCOL-FTP APPE CVE-2000- FTP 1 overflow attempt 0133
PROTOCOL-FTP CWD CVE-2003- Root directory traversal FTP 3 0392 attempt
February 2020 Page 13 of 31 IPS Signature Update
Operating PROTOCOL-IMAP lsub CVE-2000- System and 2 overflow attempt 0284 Services
PROTOCOL-OTHER TightVNC vncviewer CVE-2019- Misc 1 HandleCoRREBPP Global 8287 Buffer Overflow
PROTOCOL-OTHER TightVNC vncviewer CVE-2019- Misc 4 HandleCoRREBPP Global 8287 Buffer Overflow
PROTOCOL-OTHER TurboVNC Fence CVE-2019- Misc 1 Message Stack-based 15683 Buffer Overflow
PROTOCOL-OTHER TurboVNC Fence CVE-2019- Misc 4 Message Stack-based 15683 Buffer Overflow
PROTOCOL-SCADA Advantech WebAccess CVE-2019- Industrial SCADA BwPAlarm IOCTL 1 3951 Control System 70533 Stack-based Buffer Overflow
PROTOCOL-VOIP Digium VoIP and Asterisk Manager User CVE-2019- Instant 2 Shell Command 18610 Messaging Execution
PROTOCOL-VOIP Digium VoIP and Asterisk SIP CSeq Heap Instant 1 Buffer Overflow Messaging
VoIP and PROTOCOL-VOIP mIRC CVE-2002- Instant 1 Buffer Overflow 0231 Messaging
February 2020 Page 14 of 31 IPS Signature Update
SERVER-APACHE Apache Log4j CVE-2019- Apache HTTP 1 SocketServer Untrusted 17571 Server Deserialization
SERVER-APACHE Apache OFBiz CVE-2019- Apache HTTP 1 serviceContext XStream 0189 Server Insecure Deserialization
SERVER-APACHE Apache OFBiz CVE-2019- Apache HTTP 2 serviceContext XStream 0189 Server Insecure Deserialization
SERVER-APACHE Apache Olingo CVE- CVE-2019- Apache HTTP 2019-17554 XML 1 17554 Server Deserializer External Entity Injection
SERVER-APACHE Apache Solr Velocity Apache HTTP Response Writer CVE- 1 Server 2019-17558 Remote Code Execution
SERVER-MAIL Exim CVE-2019- Other Mail deliver_message 1 10149 Server Command Injection
SERVER-MAIL IISPOP Other Mail CVE-2002-2404 Remote 1 Server Buffer Overflow
SERVER-MAIL Novell Groupwise Internet CVE-2010- Other Mail 1 Agent - IMAP LIST 4711 Server Remote Code Execution
CVE-2006- Other Mail SERVER-MAIL Novell 1 NetMail IMAP 6761 Server
February 2020 Page 15 of 31 IPS Signature Update
SUBSCRIBE Buffer Overflow
SERVER-MAIL Novell CVE-2006- Apache HTTP NetMail IMAP Verb 2 6424 Server Literal Heap Overflow
SERVER-MAIL OpenSMTPD CVE-2020- Other Mail 1 smtp_session.c 7247 Server Command Execution
SERVER-ORACLE NUMTODSINTERVAL/N CVE-2003- Apache HTTP 1 UMTOYMINTERVAL 1208 Server buffer overflow attempt
SERVER-OTHER Advantech WebAccess CVE-2019- Other Web 1 SCADA bwdraw Out-of- 10987 Server Bounds Write
SERVER-OTHER Advantech WebAccess Other Web 2 SCADA BwOpcBs Stack- Server based Buffer Overflow
SERVER-OTHER Advantech WebAccess CVE-2019- Other Web SCADA bwrunrpt.exe 1 13556 Server Stack-based Buffer Overflow
SERVER-OTHER Cesanta CVE-2019- Other Web Mongoose parse_mqtt 2 19307 Server Denial Of Service
SERVER-OTHER Cisco Data Center Network CVE-2019- Other Web 1 Manager 15980 Server saveLicenseFileToServer Directory Traversal
February 2020 Page 16 of 31 IPS Signature Update
(Decrypted Traffic)
SERVER-OTHER Cisco Data Center Network Manager CVE-2019- Other Web 1 saveLicenseFileToServer 15980 Server Directory Traversal (encrypted Traffic)
SERVER-OTHER Dameware Mini Remote CVE-2019- Other Web 1 Control agent access 3980 Server attempt
SERVER-OTHER HP OpenView Network Node Manager CVE-2010- Other Web 1 netmon.exe CGI Invalid 1555 Server Hostname Remote Code Execution
SERVER-OTHER HP OpenView Network CVE-2008- Other Web Node Manager 1 2438 Server ovalarmsrv Integer Overflow
SERVER-OTHER HP OpenView Network Node Manager CVE-2010- Other Web 1 webappmon.exe 2703 Server execvp_nc Buffer Overflow
SERVER-OTHER HP Openview NNM CVE- CVE-2009- Other Web 2 2009-3977 Invalid DB 3977 Server Error Code
SERVER-OTHER HP CVE-2010- Other Web 1 OpenView NNM 1552 Server snmpviewer.exe CGI
February 2020 Page 17 of 31 IPS Signature Update
Stack Buffer Overflow
SERVER-OTHER Memcached SASL auth CVE-2016- Other Web 2 opcode request heap 8706 Server buffer overflow attempt
SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh CVE-2014- Other Web 1 protocol bad sendauth 5355 Server version length denial of service attempt
SERVER-OTHER MIT CVE-2014- Other Web Kerberos 5 recvauth 1 5355 Server Invalid Memory Access
SERVER-OTHER Novell Client NetIdentity Agent CVE-2009-1350 Remote CVE-2009- Other Web 3 Arbitrary Pointer 1350 Server Dereference Code Execution
SERVER-OTHER Novell CVE-2009- Other Web eDirectory NDS Verb 2 0895 Server 0x01 Integer Overflow
SERVER-OTHER Novell Netware XNFS.NLM NFS CVE-2011- Other Web v3 xdrdecodeString 1 4191 Server heap buffer overflow attempt
SERVER-OTHER OpenVMS Finger CVE-2008- Other Web Service CVE-2008-5120 2 5120 Server Stack Based Buffer Overflow
SERVER-OTHER CVE-2006- Other Web 4
February 2020 Page 18 of 31 IPS Signature Update
Products Discovery 5143 Server Service Buffer Overflow
SERVER-OTHER Redis CONFIG SET Array CVE- CVE-2016- Other Web 2 2016-8339 Index Out Of 8339 Server Bounds
SERVER-OTHER Redis CVE-2019- Other Web HyperLogLog hllCount 4 10193 Server Stack Buffer Overflow
SERVER-OTHER Samba CVE-2018- Other Web Printer Server spoolss 2 1050 Server Denial Of Service
SERVER-OTHER Solarwinds Dameware CVE-2016- Other Web 3 Remote Command 2345 Server Execution
SERVER-OTHER Solarwinds Dameware CVE-2016- Other Web 4 Remote Command 2345 Server Execution
SERVER-OTHER Squid Proxy CVE-2020-8450 CVE-2020- Other Web HTTP Request 2 8450 Server Processing Buffer Overflow
SERVER-OTHER Squid Proxy SNMP Query Other Web 1 Rejection Denial of Server Service
SERVER-OTHER Tarantool CVE-2016- Other Web 1 xrow_header_decode 9037 Server Out of Bounds Read
February 2020 Page 19 of 31 IPS Signature Update
SERVER-OTHER vsFTPd CVE-2004- Other Web Denial-Of -Service 3 2259 Server Attempt
SERVER-SAMBA SAMBA Other Web CVE-2002-1318 Denial 1 Server Of Service
SERVER-WEBAPP Advantech WISE-PaaS Web Services CVE-2019- RMM DeviceMgmt and 1 18229 fuzzySearch SQL Applications Injection
SERVER-WEBAPP Advantech WISE-PaaS Web Services CVE-2019- RMM UpgradeMgmt and 1 13551 upload_ota Arbitrary Applications File Upload
SERVER-WEBAPP Advantech WISE-PaaS Web Services CVE-2019- RMM upload2eMap and 1 13551 LastMapName Arbitrary Applications File Upload
SERVER-WEBAPP Atlassian Jira Web Services CVE-2019- makeRequest server and 1 8451 side request forgery Applications attempt
SERVER-WEBAPP Cacti Web Services CVE-2019- Group Cacti graphs.php and 2 17357 SQL Injection Applications
SERVER-WEBAPP Web Services CVE-2019- Centreon formMibs.php and 2 15298 Command Injection Applications
CVE-2006- SERVER-WEBAPP Web Services 1 Chimera Web Portal 0136 and
February 2020 Page 20 of 31 IPS Signature Update
System cross site Applications scripting attempt
SERVER-WEBAPP Cisco Data Center Network Web Services CVE-2019- Manager getLicenses and 1 15984 SQL Injection Applications (Decrypted Traffic)
SERVER-WEBAPP Cisco Web Services Data Center Network CVE-2019- and 1 Manager getLicenses 15984 Applications SQL Injection
SERVER-WEBAPP Cisco Data Center Network Web Services CVE-2019- Manager getRestoreLog and 1 15980 Directory Traversal Applications (Decrypted Traffic)
SERVER-WEBAPP Cisco Web Services Data Center Network CVE-2019- and 1 Manager getRestoreLog 15980 Applications Directory Traversal
SERVER-WEBAPP Cisco Data Center Network Web Services Manager CVE-2019- and 1 SecurityManager 15976 Applications Authentication Bypass (Decrypted Traffic)
SERVER-WEBAPP Cisco Data Center Network Web Services CVE-2019- Manager and 1 15976 SecurityManager Applications Authentication Bypass
SERVER-WEBAPP Cisco Web Services Data Center Network CVE-2019- and 1 Manager 15975 TrustedClientTokenVali Applications dator Authentication
February 2020 Page 21 of 31 IPS Signature Update
Bypass (Decrypted Traffic)
SERVER-WEBAPP Cisco Data Center Network Manager Web Services CVE-2019- TrustedClientTokenVali and 1 15975 dator Authentication Applications Bypass (encrypted Traffic)
SERVER-WEBAPP Citrix Web Services ADC and Gateway CVE-2019- and 2 arbitrary code 19781 Applications execution attempt
SERVER-WEBAPP Citrix Application Delivery Web Services CVE-2019- Controller and Gateway and 1 19781 Directory Traversal Applications (Decrypted Traffic)
SERVER-WEBAPP Citrix Application Delivery Web Services CVE-2019- Controller and Gateway and 1 19781 Directory Traversal Applications (encrypted Traffic)
SERVER-WEBAPP D-Link DNS-320 ShareCenter CVE-2019- Apache HTTP 2 command injection 16057 Server attempt
SERVER-WEBAPP D-Link Web Services DNS-320 ShareCenter CVE-2019- and 2 command injection 16057 Applications attempt
SERVER-WEBAPP ELOG Web Services Project ELOG CVE-2019- and 2 retrieve_url Information 3993 Applications Disclosure
February 2020 Page 22 of 31 IPS Signature Update
SERVER-WEBAPP ELOG Project ELOG Web Services CVE-2019- show_uploader_json and 1 3995 NULL Pointer Applications Dereference
SERVER-WEBAPP Web Services eMerge E3 Access CVE-2019- and 1 Controller command 7256 Applications injection attempt
SERVER-WEBAPP Web Services CVE-2019- Enigma NMS command and 1 16072 injection attempt Applications
SERVER-WEBAPP Gila Web Services CVE-2020- CMS deleteAction Local and 1 5513 File Inclusion Applications
SERVER-WEBAPP Gila Web Services CVE-2020- CMS media-assets.php and 1 5512 Path Traversal Applications
SERVER-WEBAPP HPE Web Services IMC TvxlanLegendBean and 1 Expression Language Applications Injection
SERVER-WEBAPP HP OpenView NNM Web Services CVE-2011- nnmRptConfig and 1 0266 nameParams Buffer Applications Overflow
SERVER-WEBAPP HP Web Services CVE-2009- Power Manager remote and 1 2685 code execution attempt Applications
SERVER-WEBAPP Web Services iSharer and upRedSun CVE-2019- and 1 File Sharing Wizard 5129 Applications Buffer Overflow
February 2020 Page 23 of 31 IPS Signature Update
SERVER-WEBAPP Web Services Jenkins CI Server Gitlab CVE-2020- and 1 Hook Cross-Site 2096 Applications Scripting
SERVER-WEBAPP Jenkins Stapler web Web Services framework Accept- CVE-2018- and 2 Language Header 1999002 Applications directory traversal attempt
SERVER-WEBAPP Web Services Joomla Jimtawl id CVE-2018- and 1 parameter SQL injection 17399 Applications attempt
SERVER-WEBAPP Web Services LibreNMS addhost CVE-2018- and 1 command injection 20434 Applications attempt
SERVER-WEBAPP LOCK Web Services CVE-2003- WebDAV Stack Buffer and 3 0109 Overflow attempt Applications
SERVER-WEBAPP Web Services MDaemon auto and 2 responder remote code Applications execution attempt
SERVER-WEBAPP Web Services Microsoft SharePoint CVE-2019- and 1 CVE-2019-1443 1443 Applications Information Disclosure
SERVER-WEBAPP mIRC Web Services CVE-2019- URI Handler Remote and 1 6453 Code Execution Applications
CVE-2019- SERVER-WEBAPP Nagios Web Services 1 XI nocscreenapi.php 20139 and
February 2020 Page 24 of 31 IPS Signature Update
Cross-Site Scripting Applications
SERVER-WEBAPP Nginx CVE-2019- Other Web 0-Length Headers Leak 1 9516 Server Denial of Service
SERVER-WEBAPP Nginx Web Services CVE-2019- 0-Length Headers Leak and 1 9516 Denial of Service Applications
SERVER-WEBAPP Nginx Web Services CVE-2019- 0-Length Headers Leak and 4 9516 Denial of Service Applications
SERVER-WEBAPP Nginx Web Services CVE-2009- CVE-2009-3896 Denial and 1 3896 Of Service Applications
SERVER-WEBAPP Novell eDirectory CVE-2006- Web Services CVE-2006- 5478 HTTP Server and 1 5478 Redirection Buffer Applications Overflow
SERVER-WEBAPP Novell eDirectory iMonitor Web Services CVE-2009- Accept-Language and 1 0192 Request Buffer Applications Overflow Vulnerability
SERVER-WEBAPP Novell Web Services SUSE Linux Enterprise CVE-2005- and 1 Server Remote Manager 3655 Applications Heap Overflow
SERVER-WEBAPP Novell Web Services ZENworks Asset CVE-2019- and 1 Management Remote 7231 Applications Execution
SERVER-WEBAPP Novell Web Services 1 ZENworks Configuration and
February 2020 Page 25 of 31 IPS Signature Update
Management CVE-2010- Applications 5323 Remote Execution
SERVER-WEBAPP Novell Web Services ZENworks Configuration CVE-2010- and 1 Management fileupload 5324 Applications code execution attempt
SERVER-WEBAPP Oracle Web Services E-Business Suite CVE-2019- and 2 General Ledger SQL 2638 Applications Injection
SERVER-WEBAPP Oracle Web Services E-Business Suite CVE-2019- and 4 General Ledger SQL 2638 Applications Injection
SERVER-WEBAPP Oracle Web Services E-Business Suite Human CVE-2020- and 1 Resources CVE-2020- 2586 Applications 2586 SQL Injection
SERVER-WEBAPP Oracle Web Services E-Business Suite Human CVE-2020- and 4 Resources CVE-2020- 2586 Applications 2586 SQL Injection
SERVER-WEBAPP Oracle Web Services E-Business Suite Human CVE-2020- and 1 Resources CVE-2020- 2587 Applications 2587 SQL Injection
SERVER-WEBAPP Oracle Web Services E-Business Suite Human CVE-2020- and 4 Resources CVE-2020- 2587 Applications 2587 SQL Injection
SERVER-WEBAPP Oracle Web Services JDeveloper ADF Faces CVE-2019- and 1 Untrusted 2904 Applications Deserialization
February 2020 Page 26 of 31 IPS Signature Update
SERVER-WEBAPP Red Web Services Lion Crimson CD3 CVE-2019- and 3 ItemIndexList Type 10984 Applications Confusion
SERVER-WEBAPP Red Web Services Lion Crimson CD3 CVE-2019- and 4 ItemIndexList Type 10984 Applications Confusion
SERVER-WEBAPP Shenzhen TVT Digital Web Services Technology API OS and 1 command injection Applications attempt
SERVER-WEBAPP SolarWinds Serv-U FTP Web Services Server CVE-2019- and 1 USER_FULL_NAME 13182 Applications Stored Cross-Site Scripting
SERVER-WEBAPP Web Services Sourceforge Gallery CVE-2003- and 3 search engine cross-site 0614 Applications scripting attempt
SERVER-WEBAPP Squid Proxy URN Response CVE-2019- Other Web 1 Processing Heap Buffer 12526 Server Overflow
SERVER-WEBAPP Squid Web Services Proxy URN Response CVE-2019- and 1 Processing Heap Buffer 12526 Applications Overflow
SERVER-WEBAPP Squid Web Services Proxy URN Response CVE-2019- and 4 Processing Heap Buffer 12526 Applications Overflow
February 2020 Page 27 of 31 IPS Signature Update
SERVER-WEBAPP Technicolor TD5130v2 Web Services CVE-2017- TD5336 routers and 1 14127 command injection Applications attempt
SERVER-WEBAPP Technicolor TD5130v2 Web Services CVE-2017- TD5336 routers and 2 14127 command injection Applications attempt
SERVER-WEBAPP Trend Web Services Micro OfficeScan Zip CVE-2019- and 1 Directory Traversal 18187 Applications (Decrypted Traffic)
SERVER-WEBAPP Trend Web Services Micro OfficeScan Zip CVE-2019- and 4 Directory Traversal 18187 Applications (Decrypted Traffic)
SERVER-WEBAPP WiKID Web Services 2FA Enterprise Server CVE-2019- and 2 GetDomainHash Stored 17115 Applications Cross-Site Scripting
SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- InitDevice Stored Cross- and 1 17115 Site Scripting Applications (Decrypted Traffic)
SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- InitDevice Stored Cross- and 2 17115 Site Scripting Applications (Decrypted Traffic)
Web Services SERVER-WEBAPP WiKID CVE-2019- and 1 2FA Enterprise Server 17115 InitDevice Stored Cross- Applications
February 2020 Page 28 of 31 IPS Signature Update
Site Scripting (encrypted Traffic)
SERVER-WEBAPP WiKID Web Services 2FA Enterprise Server CVE-2019- and 1 Log.jsp SQL Injection 17119 Applications (Decrypted Traffic)
SERVER-WEBAPP WiKID Web Services CVE-2019- 2FA Enterprise Server and 1 17119 Log.jsp SQL Injection Applications
SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- PreRegister Stored and 1 17115 Cross-Site Scripting Applications (Decrypted Traffic)
SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- PreRegister Stored and 1 17115 Cross-Site Scripting Applications (encrypted Traffic)
SERVER-WEBAPP Web Services WordPress Comment CVE-2019- and 2 Content Filter Remote 9787 Applications Code Execution
SERVER-WEBAPP Wordpress Plainview Web Services Activity Monitor CVE-2018- and 2 activities_overview.php 15877 Applications command injection attempt
SERVER-WEBAPP Web Services YouPHPTube Encoder CVE-2019- and 1 getImageMP4.php 5129 Applications Command Injection
February 2020 Page 29 of 31 IPS Signature Update
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
February 2020 Page 30 of 31 IPS Signature Update
Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2020 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com
February 2020 Page 31 of 31