SOPHOS IPS Signature Update Release Notes

Version : 9.16.43 Release Date : 07th November 2019 IPS Signature Update

Release Information

Upgrade Applicable on

IPS Signature Release Version 9.16.42 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650

Upgrade Information Upgrade type: Automatic

Compatibility Annotations: None

Introduction The Release Note document for IPS Signature Database Version 9.16.43 includes support for the new signatures. The following sections describe the release in detail.

New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected], along with the application details.

November 2019 Page 2 of 37 IPS Signature Update

This IPS Release includes Two Hundred and Seventy Eight(278) signatures to address Two Hundred and Forty(240) vulnerabilities. New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-CHROME Google Chrome CVE- CVE-2015- Browsers 2 2015-6769 Universal 6769 Cross Site Scripting

BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5010 Universal 5010 Cross Site Scripting

BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5116 Type 5116 Confusion

BROWSER-CHROME CVE-2016- Google Chrome Denial Browsers 1 1669 Of Service Vulnerability

BROWSER-CHROME Google Chrome Out Of CVE-2017- Browsers 1 Bounds Read And Write 15401 Vulnerability

BROWSER-CHROME CVE-2017- Google Chrome Out-Of- Browsers 1 5053 Bounds Vulnerability

BROWSER-CHROME Google Chrome Remote CVE-2016- Browsers 1 Code Execution 9651 Vulnerability

BROWSER-CHROME CVE-2017- Browsers 1 Google Chrome Remote 5115 Code Execution

November 2019 Page 3 of 37 IPS Signature Update

Vulnerability

BROWSER-CHROME Google Chrome Remote CVE-2017- Browsers 1 Code Execution 5121 Vulnerability

BROWSER-CHROME Google Chrome Same CVE-2016- Browsers 1 Origin Policy Bypass 1668 Vulnerability

BROWSER-FIREFOX JavaScript library CVE-2019- OpenPGP.js improper Browsers 1 9153 signature verification attempt

BROWSER-IE Metasploit CVE-2010- Browsers 1 Aurora Exploit Attempt 0249

BROWSER-IE Metasploit CVE-2010- Aurora Exploit Header Browsers 1 0249 Fold Evasion Attempt

BROWSER-IE Microsoft ChakraCore scripting CVE-2017- Browsers 1 engine memory 11799 corruption attempt

BROWSER-IE Microsoft CVE-2019- Edge Address Bar Browsers 3 6251 Spoofing Vulnerability

BROWSER-IE Microsoft Edge CVE-2016-7288 CVE-2016- Browsers 1 TypedArray.sort Use 7288 After Free

BROWSER-IE Microsoft CVE-2017- Browsers 2 Edge CVE-2017-0135 0135 Same Origin Policy

November 2019 Page 4 of 37 IPS Signature Update

Bypass

BROWSER-IE Microsoft CVE-2017- Edge CVE-2017-11855 Browsers 2 11855 Memory Corruption

BROWSER-IE Microsoft CVE-2018- Edge CVE-2018-0871 Browsers 2 0871 Information Disclosure

BROWSER-IE Microsoft Edge CVE-2018-0934 CVE-2018- Scripting Engine Browsers 2 0934 Memory Corruption Attempt

BROWSER-IE Microsoft CVE-2018- Edge CVE-2018-8242 Browsers 2 8242 Remote Code Execution

BROWSER-IE Microsoft CVE-2018- Edge CVE-2018-8278 Browsers 2 8278 URL Spoofing

BROWSER-IE Microsoft CVE-2019- Edge CVE-2019-0658 Browsers 1 0658 Information Disclosure

BROWSER-IE Microsoft CVE-2019- Edge CVE-2019-0676 Browsers 2 0676 Information Disclosure

BROWSER-IE Microsoft Edge JavaScript engine CVE-2019- Browsers 1 memory corruption 1239 attempt

BROWSER-IE Microsoft CVE-2019- Edge MSXML memory Browsers 1 1060 corruption attempt

BROWSER-IE Microsoft CVE-2018- Browsers 2

November 2019 Page 5 of 37 IPS Signature Update

Edge Scripting Engine 0769 CVE-2018-0769 Memory Corruption attempt

BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1307 attempt

BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1308 attempt

BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1335 attempt

BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1366 attempt

BROWSER-IE Microsoft Edge VBScript engine CVE-2019- Browsers 1 memory corruption 1238 attempt

BROWSER-IE Microsoft and CVE-2016- Browsers 1 Edge CVE-2016-3247 3247 Memory Corruption I

BROWSER-IE Microsoft Internet Explorer CVE-2015- Browsers 1 CDispContainer out of 6152 bounds read attempt

BROWSER-IE Microsoft CVE-2015- Browsers 1 Internet Explorer 6154 CMarkupPointer

November 2019 Page 6 of 37 IPS Signature Update

UnEmbed out of bounds read attempt

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2011- Browsers 2 20111-1993 onscroll 1993 DOS Attempt

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2013- 2013-3897 swapNode Browsers 2 3897 memory corruption attempt

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2015- Browsers 3 2015-6075 CElement 6075 Use After Free Attempt

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- Browsers 1 2016-0002 Edge 0002 Memory Corruption II

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- Browsers 1 2016-3288 Memory 3288 Corruption II

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- 2016-7241 Edge Browsers 1 7241 JSON.parse Type Confusion

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2017- Browsers 2 2017-0059 CStr Use 0059 After Free

BROWSER-IE Microsoft CVE-2019- Browsers 2 Internet Explorer CVE- 0676 2019-0676 information

November 2019 Page 7 of 37 IPS Signature Update

disclosure attempt

BROWSER-IE Microsoft Internet Explorer VML CVE-2014- Browsers 2 CVE-2014-1776 use 1776 after free attempt

BROWSER-IE Microsoft Internet Explorer XDR Browsers 1 Prototype Hijacking Denial of Service

BROWSER-IE PDF Library CVE-2016- Browsers 1 CVE-2016-3319 3319 Memory Corruption II

BROWSER-IE Microsoft Windows PDF Library CVE-2016- Browsers 1 CVE-2016-3319 3319 Memory Corruption I

BROWSER-OTHER Apple CVE-2017- Safari Denial Of Service Browsers 1 7061 Vulnerability

BROWSER-OTHER Apple CVE-2017- Safari Denial Of Browsers 1 2468 Vulnerability

BROWSER-OTHER Electron CVE-2018- Browsers 1 nodeIntegration bypass 1000136 exploit attempt

BROWSER-OTHER CVE-2017- jQuery Prototype Browsers 1 11358 Pollution Vulnerability

BROWSER-WEBKIT CVE-2017- Browsers 2 Apple Safari CVE-2017- 2367 2367 Universal Cross

November 2019 Page 8 of 37 IPS Signature Update

Site Scripting

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 2447 2447 Denial Of Service

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 7092 7092 Denial Of service

BROWSER-WEBKIT Apple Safari WebKit CVE-2017- Browsers 1 out-of-bounds write 2505 attempt

BROWSER-WEBKIT Google Chrome Same CVE-2016- Browsers 1 Origin Policy Bypass 1711 Vulnerability

FILE-FLASH Adobe Flash CVE-2016-9163 Remote CVE-2016- Multimedia 1 Code Execution 9163 Vulnerability I

FILE-FLASH Adobe Flash Player CVE-2016- ABRControlParameters Multimedia 1 4185 access memory corruption attempt

FILE-FLASH Adobe Flash Player AS3 multiple axis CVE-2016- Multimedia 1 attributes integer 0989 overflow attempt

FILE-FLASH Adobe Flash CVE-2016- Player ASnative memory Multimedia 1 0981 corruption attempt

CVE-2016- FILE-FLASH Adobe Flash Multimedia 1 Player 0962

November 2019 Page 9 of 37 IPS Signature Update

BitmapData.paletteMap size mismatch integer overflow attempt

FILE-FLASH Adobe Flash Player CVE-2015-8644 CVE-2015- Multimedia 2 Multiple Remote Code 8644 Execution

FILE-FLASH Adobe Flash Player CVE-2016-1010 CVE-2016- Multimedia 1 Rectangle Width Integer 1010 Overflow

FILE-FLASH Adobe Flash Player CVE-2016-4177 CVE-2016- Multimedia 2 SceneAndFrameData 4177 Memory Corruption

FILE-FLASH Adobe Flash Player DefineBitsJPEG2 CVE-2016- Multimedia 1 invalid length memory 4179 corruption attempt

FILE-FLASH Adobe Flash Player hitTest CVE-2016- BitmapData object Multimedia 1 0963 integer overflow attempt

FILE-FLASH Adobe Flash Player invalid CVE-2016- sourceRect copyPixels Multimedia 1 0968 heap corruption attempt

FILE-FLASH Adobe Flash Player M3U8 parser CVE-2015- Multimedia 1 logic memory 8457 corruption attempt

FILE-FLASH Adobe Flash CVE-2015- Multimedia 1 Player MP3 ID3 data

November 2019 Page 10 of 37 IPS Signature Update

parsing heap buffer 8446 overflow attempt

FILE-FLASH Adobe Flash CVE-2015- Player PCRE parsing out Multimedia 1 8418 of bounds read attempt

FILE-FLASH Adobe Flash Player rectangle CVE-2016- auxiliary method Multimedia 1 0977 integer overflow attempt

FILE-FLASH Adobe Flash Player ShaderParameter CVE-2015- Multimedia 1 integer overflow 8445 attempt

FILE-IMAGE Adobe Acrobat Reader JPEG CVE-2017- Multimedia 2 2000 tile memory 11226 corruption attempt

FILE-IMAGE Adobe Pro DC Exif ModifyDate CVE-2016- Multimedia 1 metadata memory 1076 corruption attempt

FILE-IMAGE Adobe Pro DC Exif Software CVE-2016- Multimedia 1 metadata memory 1076 corruption attempt

FILE-IMAGE Adobe Reader EMF CVE-2017- EMR_MOVETOEX Multimedia 2 3123 memory corruption attempt

FILE-IMAGE CVE-2017- Application ImageMagick 2 WWWDecodeDelegate 15277 and Software command injection

November 2019 Page 11 of 37 IPS Signature Update

attempt

FILE-MULTIMEDIA Adobe Flash CVE-2017- CVE-2017- 3076 AVC Edge Multimedia 2 3076 Processing Out of Bounds Read

FILE-OFFICE CVE-2018-1026 CVE-2018- Office Tools 2 Remote Code Execution 1026 Vulnerability

FILE-OFFICE Microsoft Office Excel graphics CVE-2018- Office Tools 2 remote code execution 1028 attempt

FILE-OFFICE Microsoft CVE-2018- Office Excel remote Office Tools 2 1026 code execution attempt

FILE-OFFICE Microsoft Office Excel StyleXF CVE-2015- Office Tools 1 invalid icvXF out of 6122 bounds read attempt

FILE-OTHER Adobe Acrobat and Reader CVE-2018- Application docID Stack Buffer 1 4901 and Software Overflow leak CVE- 2018-4901

FILE-OTHER Adobe Acrobat and Reader CVE-2019- Application 4 JPEG2000 Parsing Out 7794 and Software of Bounds Read

FILE-OTHER Adobe CVE-2017- Application Acrobat EMF with 2 malformed embedded 11259 and Software JPEG memory

November 2019 Page 12 of 37 IPS Signature Update

corruption attempt

FILE-OTHER Adobe Acrobat ImageConversion EMF CVE-2018- Application 1 BMP Heap Buffer 4982 and Software Overflow CVE-2018- 4982

FILE-OTHER Adobe Acrobat Pro EMF CVE-2018- Application RegionNodeCount out- 2 5020 and Software of-bounds write attempt

FILE-OTHER Adobe CVE-2018- Application Acrobat Pro XPS heap 2 5015 and Software overflow attempt

FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12777 Out of 12777 and Software Bounds Read Access

FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12780 Out of 12780 and Software Bounds Read Access

FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12781 Out of 12781 and Software Bounds Read Access

FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12793 Type 12793 and Software Confusion

FILE-OTHER Adobe Flash CVE-2016- Application 1 Player unsupported 0967 and Software video encoding remote

November 2019 Page 13 of 37 IPS Signature Update

code execution attempt

FILE-OTHER Adobe InDesign Unsafe CVE-2019- Application 4 Hyperlink Processing 7107 and Software Remote Code Execution

FILE-OTHER Adobe Professional EMF file CVE-2017- Application 2 TIFF image size memory 11261 and Software corruption attempt

FILE-OTHER Adobe CVE-2018- Application Reader CVE-2018-15997 2 15997 and Software Information Disclosure

FILE-OTHER Apple IOS CVE-2017- Application CVE-2017-2416 2 2416 and Software Memory Corruption

FILE-OTHER Cisco WebEx Network CVE-2018- Application Recording Player for 1 0104 and Software ARF files dll-load exploit attempt

FILE-OTHER Microsoft Internet Explorer CVE- CVE-2016- Application 2016-7272 Malformed 2 7272 and Software Ico Integer Overflow Attempt

FILE-OTHER Microsoft JET Database Engine CVE-2019- Application CVE-2019-1359 Remote 2 1359 and Software Code Execution Vulnerability

FILE-OTHER Microsoft Windows BLF file local CVE-2016- Application 2 privilege escalation 3332 and Software attempt

November 2019 Page 14 of 37 IPS Signature Update

FILE-OTHER Microsoft Windows CVE-2016- CVE-2016- Application 1 7256 OTF Parsing 7256 and Software Memory Corruption

FILE-OTHER Microsoft Windows CVE-2016- 7274 GDI32.dll cmap CVE-2016- Application 1 numUVSMappings 7274 and Software overflow attempt vulnerabilty

FILE-OTHER Microsoft Windows Host Compute CVE-2018- Application 2 Service Shim remote 8115 and Software code execution attempt

CVE-2019- 0891,mapp unknown,v FILE-OTHER Microsoft endor Database Windows Jet Database Microsoft,v Management 4 CVE-2019-0891 Remote uln Code System Code Execution Exec,sfosca t 33,sigtype poc

CVE-2019- 0891,vendo r FILE-OTHER Microsoft Microsoft,v Database Windows Jet Database uln Code Management 1 CVE-2019-0891 Remote Exec,sfosca System Code Execution t 33,sigtype poc,mapp unknown

CVE-2019- FILE-OTHER Microsoft 1242,vendo Database Windows Jet Database r Management 1 CVE-2019-1242 Remote Microsoft,v System Code Execution uln Code Exec,sfosca

November 2019 Page 15 of 37 IPS Signature Update

t 33,sigtype poc,mapp unknown

CVE-2019- 1242,vendo r FILE-OTHER Microsoft Microsoft,v Database Windows Jet Database uln Code Management 4 CVE-2019-1242 Remote Exec,sfosca System Code Execution t 33,sigtype poc,mapp unknown

FILE-OTHER Microsoft Windows malformed CVE-2018- Application 2 TTF integer overflow 1013 and Software attempt

FILE-PDF Adobe Acrobat And Reader CVE-2017- CVE-2017- Application 11263 AcroForm 2 11263 and Software Encoding Code Execution II

FILE-PDF Adobe Acrobat And Reader CVE-2017- CVE-2017- Application 11263 AcroForm 2 11263 and Software Encoding Code Execution I

FILE-PDF Adobe Acrobat and Reader JPEG2000 CVE-2018- Application 4 Parsing Out of Bounds 4990 and Software Read

FILE-PDF Adobe Acrobat and Reader Text Field CVE-2019- Application 2 Value Remote Code 7125 and Software Execution

FILE-PDF Adobe Acrobat CVE-2016- Application 1 CoolType font

November 2019 Page 16 of 37 IPS Signature Update

representation 0944 and Software decoding memory corruption attempt

FILE-PDF Adobe Acrobat CVE-2016- Application memory corruption 1 1081 and Software vulnerability attempt

FILE-PDF Adobe Acrobat PDF Reader CVE-2018- CVE-2018- Application 2 4979 URL Security 4979 and Software Bypass

FILE-PDF Adobe Acrobat Reader CVE-2016-1043 CVE-2016- Application 1 XFA FormCalc replace 1043 and Software Integer Overflow

FILE-PDF Adobe Acrobat Reader CVE-2018-12782 CVE-2018- Application 2 Double Free Memory 12782 and Software Corruption

FILE-PDF Adobe Acrobat Reader CVE-2018-12783 CVE-2018- Application 2 Use After Free Memory 12783 and Software Corruption

FILE-PDF Adobe Acrobat Reader duplicate U3D CVE-2017- Application 1 header memory 11222 and Software corruption attempt

FILE-PDF Adobe Acrobat Reader embedded TTF CVE-2016- Application 1 name record out of 4203 and Software bounds read attempt

FILE-PDF Adobe Acrobat Reader embedded TTF CVE-2016- Application 2 name record out of 4203 and Software bounds read attempt

November 2019 Page 17 of 37 IPS Signature Update

FILE-PDF Adobe Acrobat Reader malformed TTF CVE-2017- Application 2 memory corruption 3116 and Software attempt

FILE-PDF Adobe Acrobat Reader pdfshell preview CVE-2016- Application 1 mode - possible denial 0942 and Software of service attempt

FILE-PDF Adobe Professional JPEG ICC CVE-2017- Application 2 profile heap overflow 11211 and Software attempt

FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-16033 Out Of 2 16033 and Software Bounds

FILE-PDF Adobe Reader DC JPEG2000 CVE-2016- CVE-2016- Application 1 7854 Out-of-Bounds 7854 and Software Read

FILE-PDF Adobe Reader CVE-2016- Application embedded TTF heap 1 4204 and Software overflow attempt

FILE-PDF Adobe Reader CVE-2018- Application JavaScript CVE-2018- 2 4954 and Software 4954 Use After Free

FILE-PDF Adobe Reader CVE-2016- Application submitForm read out of 1 1064 and Software bounds attempt

FILE-PDF Foxit Reader CVE-2018-14304 CVE-2018- Application 3 Annotations noteIcon 14304 and Software Use After Free

FILE-PDF Application 1

November 2019 Page 18 of 37 IPS Signature Update

TRUFFLEHUNTER and Software TALOS-2019-0796 attack attempt

INDICATOR- OBFUSCATION Microsoft Windows OLE Operating CVE-2014- CVE-2014-6332 System and 2 6332 Automation Array Services Remote Code Execution III

INDICATOR- OBFUSCATION Microsoft Windows OLE Operating CVE-2014- CVE-2014-6332 System and 2 6332 Automation Array Services Remote Code Execution II

OS-LINUX Linux Kernel Operating CVE-2016- USBIP out of bounds System and 1 3955 write attempt Services

OS-WINDOWS Microsoft Operating CVE-2018- CVE-2018-1010 Remote System and 2 1010 Code Execution Services Vulnerability

OS-WINDOWS Microsoft Windows 10 Operating CVE-2018- CVE-2018-1015 Remote System and 2 1015 Code Execution Services Vulnerability

OS-WINDOWS Microsoft Windows CVE Operating CVE-2016- 2016-3393 Graphics System and 1 3393 engine EMF rendering Services vulnerability

November 2019 Page 19 of 37 IPS Signature Update

OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 3 CVE-2019-1108 1108 Services Information Disclosure

OS-WINDOWS Operating Microsoft Windows CVE-2018- System and 1 DNSAPI remote code 8225 Services execution attempt

OS-WINDOWS Operating Microsoft Windows CVE-2018- System and 2 Font Library Remote 1015 Services Code Execution

OS-WINDOWS Operating Microsoft Windows GDI CVE-2019- System and 2 CVE-2019-0758 0758 Services Information Disclosure

OS-WINDOWS Operating Microsoft Windows GDI CVE-2019- System and 2 CVE-2019-0882 0882 Services Information Disclosure

OS-WINDOWS Microsoft Windows Operating CVE-2018- Graphics Device CVE- System and 3 8424 2018-8424 Interface Services Information Disclosure

OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 2 HTTP2 Ping Flood Denial 9512 Services of Service

OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 4 HTTP2 Ping Flood Denial 9512 Services of Service

OS-WINDOWS CVE-2019- Operating 1

November 2019 Page 20 of 37 IPS Signature Update

Microsoft Windows 9514 System and HTTP2 Reset Flood Services Denial of Service

OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 4 HTTP2 Reset Flood 9514 Services Denial of Service

CVE-2019- 9513,mapp unknown,v endor OS-WINDOWS Microsoft,v Web Services Microsoft Windows uln Denial and 2 HTTP2 Resource Loop Of Applications Denial of Service Service,sfos cat 50,sigtype poc

CVE-2019- 9513,mapp unknown,v endor OS-WINDOWS Microsoft,v Web Services Microsoft Windows uln Denial and 4 HTTP2 Resource Loop Of Applications Denial of Service Service,sfos cat 50,sigtype poc

CVE-2019- 9513,vendo r OS-WINDOWS Microsoft,v Microsoft Windows uln Denial Microsoft IIS 4 HTTP2 Resource Loop Of web server Denial of Service Service,sfos cat 40,sigtype generic,ma pp

November 2019 Page 21 of 37 IPS Signature Update

unknown

OS-WINDOWS Microsoft Windows Jet Operating CVE-2019- Database CVE-2019- System and 1 1358 1358 Remote Code Services Execution

CVE-2019- 1181,mapp unknown, mapp unknown, mapp OS-WINDOWS unknown, Microsoft Windows mapp Operating Remote Desktop unknown,,v System and 1 Services DVC endor Services Decompression Heap Microsoft,v Buffer Overflow uln Overflow,sf oscat 44,sigtype poc,mapp unknown

CVE-2019- 1181,mapp unknown, mapp unknown, OS-WINDOWS mapp Microsoft Windows unknown, Operating Remote Desktop mapp System and 1 Services DVC unknown,v Services Decompression Heap endor Buffer Overflow Microsoft,v uln Overflow,sf oscat 44,sigtype poc

November 2019 Page 22 of 37 IPS Signature Update

CVE-2019- 1181,mapp unknown, mapp unknown, OS-WINDOWS mapp Microsoft Windows unknown,v Operating Remote Desktop endor System and 1 Services DVC Microsoft,v Services Decompression Heap uln Buffer Overflow Overflow,sf oscat 44,sigtype poc,mapp unknown

CVE-2019- 1181,mapp unknown, OS-WINDOWS mapp Microsoft Windows unknown,v Operating Remote Desktop endor System and 4 Services DVC Microsoft,v Services Decompression Heap uln Code Buffer Overflow Exec,sfosca t 44,sigtype poc

OS-WINDOWS Operating Microsoft Windows CVE-2017- System and 2 RRAS Service Out of 11885 Services Bounds Access II

OS-WINDOWS Operating Microsoft Windows CVE-2017- System and 2 RRAS Service Out of 11885 Services Bounds Access I

OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 2 SMB remote code 0633 Services execution attempt

November 2019 Page 23 of 37 IPS Signature Update

OS-WINDOWS Operating Microsoft Windows CVE-2015- System and 1 Uniscribe Integer 6130 Services Underflow

PROTOCOL-FTP ProFTPD CVE-2019- Infinite Loop Denial of FTP 2 18217 Service

Operating PROTOCOL-RPC System and 2 portmap listing UDP 111 Services

SERVER-APACHE Apache Continuum Apache HTTP 1 saveInstallation.action Server Command Injection

SERVER-APACHE Apache CVE-2019- Apache HTTP Solr Config API Insecure 1 0192 Server Deserialization

SERVER-APACHE Apache CVE-2015- Apache HTTP Subversion svn Protocol 1 5259 Server Parser Integer Overflow

SERVER-APACHE Apache Subversion svnserve CVE-2015- Apache HTTP 1 integer overflow 5259 Server attempt

SERVER-APACHE Apache Tomcat CVE-2017- CVE-2017- Apache HTTP 2 12617 HTTP PUT 12617 Server Remote Code Execution

SERVER-APACHE Apache Tomcat HTTP PUT CVE- CVE-2017- Apache HTTP 2 2017-12615 Windows 12615 Server Remote Code Execution

SERVER-APACHE Apache CVE-2019- Apache HTTP 1

November 2019 Page 24 of 37 IPS Signature Update

Traffic Server HTTP2 9515,vendo Server Settings Flood Denial of r Service Apache,vul n Denial Of Service,sfos cat 30,sigtype generic

CVE-2019- 9515,vendo r SERVER-APACHE Apache Apache,vul Traffic Server HTTP2 Apache HTTP n Denial Of 4 Settings Flood Denial of Server Service,sfos Service cat 30,sigtype generic

CVE-2019- 9515,,,vend or SERVER-APACHE Apache Apache,vul Traffic Server HTTP2 Other Web n Denial Of 1 Settings Flood Denial of Server Service,sfos Service cat 46,sigtype poc

SERVER-MAIL IBM Domino IMAP Mailbox CVE-2017- Other Mail 3 Name Stack Buffer 1274 Server Overflow

SERVER-MSSQL Microsoft SQL RDBMS Database CVE-2016- Engine CVE-2016-7250 Management 1 7250 UNC Path Injection System Privilege Escalation II

Database SERVER-MSSQL CVE-2016- Management 1 Microsoft SQL RDBMS 7250 Engine UNC Path System

November 2019 Page 25 of 37 IPS Signature Update

Injection Privilege Escalation (Published Exploit)

SERVER-OTHER CVE-2016- Other Web Advantech WebAccess 1 0851 Server buffer overflow attempt

SERVER-OTHER Advantech WebAccess Other Web Node spchapi and 2 Server tv_enua Stack Buffer Overflow

SERVER-OTHER Advantech WebAccess CVE-2016- Other Web webvrpcs Service 1 0856 Server Function 0x013C71 Buffer Overflow

SERVER-OTHER Advantech WebAccess CVE-2016- Other Web webvrpcs Service 2 0856 Server Function 0x013C80 Buffer Overflow

SERVER-OTHER Advantech WebAccess CVE-2016- Other Web 1 webvrpcs Service 0856 Server strncpy Buffer Overflow

SERVER-OTHER Microsoft Windows CVE-2019- Other Web DHCP Server Failover 1 1206 Server CVE-2019-1206 Denial of Service

SERVER-OTHER Microsoft Windows CVE-2019- Other Web DHCP Server Failover 4 1206 Server CVE-2019-1206 Denial of Service

November 2019 Page 26 of 37 IPS Signature Update

SERVER-OTHER Microsoft Windows CVE-2019- Other Web 4 DHCP Server Failover 0785 Server Remote Code Execution

SERVER-OTHER Microsoft Windows CVE-2019- Other Web 4 DHCP Server Remote 0725 Server Code Execution

SERVER-OTHER ntpq CVE-2018- Other Web decode array buffer 1 7183 Server overflow attempt

SERVER-OTHER OpenSSL SSLv3 large CVE-2014- Other Web heartbeat response - 1 0160 Server possible ssl heartbleed attempt

SERVER-OTHER OpenSSL TLSv1.1 large CVE-2014- Other Web heartbeat response - 1 0160 Server possible ssl heartbleed attempt

SERVER-OTHER OpenSSL TLSv1 large CVE-2014- Other Web heartbeat response - 1 0160 Server possible ssl heartbleed attempt

SERVER-OTHER Unitrends Enterprise Other Web Backup CVE-2017-7282 2 Server Local File Inclusion attempt

SERVER-OTHER ZeroMQ libzmq curve_server CVE-2019- Other Web 1 Stack-based Buffer 13132 Server Overflow

November 2019 Page 27 of 37 IPS Signature Update

SERVER-OTHER ZeroMQ libzmq curve_server CVE-2019- Other Web 4 Stack-based Buffer 13132 Server Overflow

SERVER-SAMBA Samba Operating NDR Parsing CVE-2016- System and 2 ndr_pull_dnsp_name 2123 Services Integer Overflow

SERVER-WEBAPP Web Services Advantech WebAccess CVE-2017- and 2 updateTemplate.aspx 5154 Applications SQL Injection

SERVER-WEBAPP Web Services Advantech WebAccess CVE-2017- and 2 updateTemplate SQL 5154 Applications injection attempt

SERVER-WEBAPP Web Services awstats.pl configdir CVE-2005- and 1 command injection 0116 Applications attempt

SERVER-WEBAPP CA Web Services CVE-2016- eHealth command and 2 6152 injection attempt Applications

SERVER-WEBAPP Cisco Web Services Elastic Services CVE-2019- and 2 Controller REST API 1867 Applications Authentication Bypass

SERVER-WEBAPP Cisco Web Services CVE-2019- Security Manager RMI and 1 12630 Insecure Deserialization Applications

SERVER-WEBAPP Cisco Web Services CVE-2019- Security Manager RMI and 4 12630 Insecure Deserialization Applications

November 2019 Page 28 of 37 IPS Signature Update

SERVER-WEBAPP Cobub Web Services CVE-2018- Razor channel name and 1 8057 SQL injection attempt Applications

SERVER-WEBAPP Drupal Web Services Core Web Services CVE- CVE-2019- and 3 2019-6340 Remote 6340 Applications Code Execution

SERVER-WEBAPP Elastic Web Services CVE-2019- Kibana Timelion and 1 7609 Prototype Pollution Applications

SERVER-WEBAPP Fortinet FortiOS SSL Web Services CVE-2018- VPN web portal and 1 13379 directory traversal Applications attempt

SERVER-WEBAPP GPON Web Services Router authentication CVE-2018- and 1 bypass and command 10562 Applications injection attempt

SERVER-WEBAPP HPE Web Services System Management CVE-2017- and 1 Homepage cross site 12544 Applications scripting attempt

SERVER-WEBAPP Web Services Jenkins Git Client CVE-2019- and 1 Remote Command 10392 Applications Execution

SERVER-WEBAPP Jenkins Java Web Services SignedObject CVE-2017- and 1 deserialization 1000353 Applications command execution attempt

SERVER-WEBAPP CVE-2017- Web Services 1

November 2019 Page 29 of 37 IPS Signature Update

Joomla 3.7.0 com_fields 8917 and view SQL injection Applications attempt

SERVER-WEBAPP ManageEngine Web Services Applications Manager CVE-2018- and 1 testCredential.do 7890 Applications command injection attempt

CVE-2019- 9511,mapp unknown, mapp SERVER-WEBAPP unknown,v Microsoft Windows endor Web Services HTTP2 Resource Loop Microsoft,v and 1 Denial of Service uln Denial Applications PRIORITY Of Service,sfos cat 50,sigtype poc

CVE-2019- 9511,mapp unknown,v endor SERVER-WEBAPP Microsoft,v Microsoft Windows uln Denial Microsoft IIS HTTP2 Resource Loop 4 Of web server Denial of Service Service,sfos PRIORITY cat 40,sigtype poc,mapp unknown

CVE-2019- SERVER-WEBAPP 9511,mapp Microsoft Windows Microsoft IIS unknown,v 4 HTTP2 Resource Loop endor web server Denial of Service Microsoft,v uln Denial

November 2019 Page 30 of 37 IPS Signature Update

Of Service,sfos cat 40,sigtype generic

CVE-2019- 9511,mapp unknown,, mapp SERVER-WEBAPP unknown,v Microsoft Windows endor Web Services HTTP2 Resource Loop Microsoft,v and 1 Denial of Service uln Denial Applications WINDOW_UPDATE Of Service,sfos cat 50,sigtype poc

CVE-2019- 9511,mapp unknown,,v endor SERVER-WEBAPP Microsoft,v Microsoft Windows uln Denial Web Services HTTP2 Resource Loop Of and 1 Denial of Service Service,sfos Applications WINDOW_UPDATE cat 50,sigtype generic,ma pp unknown

SERVER-WEBAPP Novell Web Services File Reporter Agent CVE-2011- and 1 stack buffer overflow 0994 Applications attempt

SERVER-WEBAPP Web Services OpenEMR CVE-2019- and 1 facility_admin.php 8368 Applications Cross-Site Scripting

November 2019 Page 31 of 37 IPS Signature Update

SERVER-WEBAPP OPF Web Services CVE-2019- OpenProject sortBy and 1 17092 Cross-Site Scripting Applications

SERVER-WEBAPP phf Web Services CVE-1999- arbitrary command and 1 0067 execution attempt Applications

SERVER-WEBAPP PHP CVE-2017-5340 Web Services CVE-2017- zend_hash_destroy and 2 5340 Uninitialized Pointer Applications Code Execution

SERVER-WEBAPP Web Services phpMyAdmin CVE-2016- and 2 preg_replace null byte 5734 Applications injection attempt

SERVER-WEBAPP PHP zend_hash_destroy Web Services CVE-2017- Uninitialized Pointer and 2 5340 Code Execution Applications (Published Exploit)

SERVER-WEBAPP Web Services Samsung SmartThings CVE-2018- and 2 Hub video-core Camera 3903 Applications URL Buffer Overflow

SERVER-WEBAPP Web Services Samsung SmartThings CVE-2018- and 4 Hub video-core Camera 3903 Applications URL Buffer Overflow

SERVER-WEBAPP Web Services Seowonintech CVE-2016- and 1 diagnostic.cgi command 10760 Applications injection attempt

CVE-2018- SERVER-WEBAPP Web Services 2 Sitecore CMS 7669 and

November 2019 Page 32 of 37 IPS Signature Update

default.aspx directory Applications traversal attempt CVE- 2018-7669

SERVER-WEBAPP Sonatype Nexus Web Services Repository Manager CVE-2019- and 4 CVE-2019-7238 7238 Applications Expression Language Injection

SERVER-WEBAPP Web Services ThinkPHP 5.0.23/5.1.31 CVE-2018- and 1 CVE-2018-20062 20062 Applications Remote Code Execution

SERVER-WEBAPP TPlink Web Services CVE-2017- CVE-2017-15613 and 2 15613 Command Injection Applications

SERVER-WEBAPP Trend Micro Threat Discovery Web Services CVE-2016- Appliance and 1 8587 dlp_policy_upload.cgi Applications Remote Code Execution

SERVER-WEBAPP Trend Micro Threat Discovery Web Services CVE-2016- Appliance logoff.cgi and 2 7552 directory traversal Applications attempt

SERVER-WEBAPP Web Services TRUFFLEHUNTER CVE-2018- and 1 TALOS-2018-0560 attack 3883 Applications attempt Start

SERVER-WEBAPP Web Services VMWare NSX SD-WAN CVE-2018- and 1 Edge command 6961 Applications injection attempt

November 2019 Page 33 of 37 IPS Signature Update

SERVER-WEBAPP Web Services Webmin CVE-2019- and 1 password_change.cgi 15107 Applications Command Injection

SERVER-WEBAPP Web Services Webmin CVE-2019- and 4 password_change.cgi 15107 Applications Command Injection

SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- searchDevices.jsp SQL and 1 16917 Injection (Decrypted Applications Traffic)

SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- searchDevices.jsp SQL and 1 16917 Injection (encrypted Applications Traffic)

SERVER-WEBAPP WordPress Security Web Services CVE-2018- Audit Log Plugin and 2 8719 Sensitive Information Applications Disclosur

SERVER-WEBAPP Web Services WordPress Ultimate CVE-2017- and 1 Form Builder plugin SQL 15919 Applications injection attempt

SERVER-WEBAPP Wordpress wpdb Web Services CVE-2017- prepare sprintf and 2 14723 placeholder SQL Applications injection attempt

Database SQL union select - CVE-2006- Management 2 possible percent- 2835 delimited SQL injection System

November 2019 Page 34 of 37 IPS Signature Update

attempt - GET parameter

CVE-2017- Malware 2 0144 Communication

November 2019 Page 35 of 37 IPS Signature Update

 Name: Name of the Signature

 CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

 Category: Class type according to threat

 Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical

November 2019 Page 36 of 37 IPS Signature Update

Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com

November 2019 Page 37 of 37