SOPHOS IPS Signature Update Release Notes
Version : 9.16.43 Release Date : 07th November 2019 IPS Signature Update
Release Information
Upgrade Applicable on
IPS Signature Release Version 9.16.42 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650
Upgrade Information Upgrade type: Automatic
Compatibility Annotations: None
Introduction The Release Note document for IPS Signature Database Version 9.16.43 includes support for the new signatures. The following sections describe the release in detail.
New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected], along with the application details.
November 2019 Page 2 of 37 IPS Signature Update
This IPS Release includes Two Hundred and Seventy Eight(278) signatures to address Two Hundred and Forty(240) vulnerabilities. New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-CHROME Google Chrome CVE- CVE-2015- Browsers 2 2015-6769 Universal 6769 Cross Site Scripting
BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5010 Universal 5010 Cross Site Scripting
BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5116 Type 5116 Confusion
BROWSER-CHROME CVE-2016- Google Chrome Denial Browsers 1 1669 Of Service Vulnerability
BROWSER-CHROME Google Chrome Out Of CVE-2017- Browsers 1 Bounds Read And Write 15401 Vulnerability
BROWSER-CHROME CVE-2017- Google Chrome Out-Of- Browsers 1 5053 Bounds Vulnerability
BROWSER-CHROME Google Chrome Remote CVE-2016- Browsers 1 Code Execution 9651 Vulnerability
BROWSER-CHROME CVE-2017- Browsers 1 Google Chrome Remote 5115 Code Execution
November 2019 Page 3 of 37 IPS Signature Update
Vulnerability
BROWSER-CHROME Google Chrome Remote CVE-2017- Browsers 1 Code Execution 5121 Vulnerability
BROWSER-CHROME Google Chrome Same CVE-2016- Browsers 1 Origin Policy Bypass 1668 Vulnerability
BROWSER-FIREFOX JavaScript library CVE-2019- OpenPGP.js improper Browsers 1 9153 signature verification attempt
BROWSER-IE Metasploit CVE-2010- Browsers 1 Aurora Exploit Attempt 0249
BROWSER-IE Metasploit CVE-2010- Aurora Exploit Header Browsers 1 0249 Fold Evasion Attempt
BROWSER-IE Microsoft ChakraCore scripting CVE-2017- Browsers 1 engine memory 11799 corruption attempt
BROWSER-IE Microsoft CVE-2019- Edge Address Bar Browsers 3 6251 Spoofing Vulnerability
BROWSER-IE Microsoft Edge CVE-2016-7288 CVE-2016- Browsers 1 TypedArray.sort Use 7288 After Free
BROWSER-IE Microsoft CVE-2017- Browsers 2 Edge CVE-2017-0135 0135 Same Origin Policy
November 2019 Page 4 of 37 IPS Signature Update
Bypass
BROWSER-IE Microsoft CVE-2017- Edge CVE-2017-11855 Browsers 2 11855 Memory Corruption
BROWSER-IE Microsoft CVE-2018- Edge CVE-2018-0871 Browsers 2 0871 Information Disclosure
BROWSER-IE Microsoft Edge CVE-2018-0934 CVE-2018- Scripting Engine Browsers 2 0934 Memory Corruption Attempt
BROWSER-IE Microsoft CVE-2018- Edge CVE-2018-8242 Browsers 2 8242 Remote Code Execution
BROWSER-IE Microsoft CVE-2018- Edge CVE-2018-8278 Browsers 2 8278 URL Spoofing
BROWSER-IE Microsoft CVE-2019- Edge CVE-2019-0658 Browsers 1 0658 Information Disclosure
BROWSER-IE Microsoft CVE-2019- Edge CVE-2019-0676 Browsers 2 0676 Information Disclosure
BROWSER-IE Microsoft Edge JavaScript engine CVE-2019- Browsers 1 memory corruption 1239 attempt
BROWSER-IE Microsoft CVE-2019- Edge MSXML memory Browsers 1 1060 corruption attempt
BROWSER-IE Microsoft CVE-2018- Browsers 2
November 2019 Page 5 of 37 IPS Signature Update
Edge Scripting Engine 0769 CVE-2018-0769 Memory Corruption attempt
BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1307 attempt
BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1308 attempt
BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1335 attempt
BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 1366 attempt
BROWSER-IE Microsoft Edge VBScript engine CVE-2019- Browsers 1 memory corruption 1238 attempt
BROWSER-IE Microsoft Internet Explorer and CVE-2016- Browsers 1 Edge CVE-2016-3247 3247 Memory Corruption I
BROWSER-IE Microsoft Internet Explorer CVE-2015- Browsers 1 CDispContainer out of 6152 bounds read attempt
BROWSER-IE Microsoft CVE-2015- Browsers 1 Internet Explorer 6154 CMarkupPointer
November 2019 Page 6 of 37 IPS Signature Update
UnEmbed out of bounds read attempt
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2011- Browsers 2 20111-1993 onscroll 1993 DOS Attempt
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2013- 2013-3897 swapNode Browsers 2 3897 memory corruption attempt
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2015- Browsers 3 2015-6075 CElement 6075 Use After Free Attempt
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- Browsers 1 2016-0002 Edge 0002 Memory Corruption II
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- Browsers 1 2016-3288 Memory 3288 Corruption II
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- 2016-7241 Edge Browsers 1 7241 JSON.parse Type Confusion
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2017- Browsers 2 2017-0059 CStr Use 0059 After Free
BROWSER-IE Microsoft CVE-2019- Browsers 2 Internet Explorer CVE- 0676 2019-0676 information
November 2019 Page 7 of 37 IPS Signature Update
disclosure attempt
BROWSER-IE Microsoft Internet Explorer VML CVE-2014- Browsers 2 CVE-2014-1776 use 1776 after free attempt
BROWSER-IE Microsoft Internet Explorer XDR Browsers 1 Prototype Hijacking Denial of Service
BROWSER-IE Microsoft Windows PDF Library CVE-2016- Browsers 1 CVE-2016-3319 3319 Memory Corruption II
BROWSER-IE Microsoft Windows PDF Library CVE-2016- Browsers 1 CVE-2016-3319 3319 Memory Corruption I
BROWSER-OTHER Apple CVE-2017- Safari Denial Of Service Browsers 1 7061 Vulnerability
BROWSER-OTHER Apple CVE-2017- Safari Denial Of Browsers 1 2468 Vulnerability
BROWSER-OTHER Electron CVE-2018- Browsers 1 nodeIntegration bypass 1000136 exploit attempt
BROWSER-OTHER CVE-2017- jQuery Prototype Browsers 1 11358 Pollution Vulnerability
BROWSER-WEBKIT CVE-2017- Browsers 2 Apple Safari CVE-2017- 2367 2367 Universal Cross
November 2019 Page 8 of 37 IPS Signature Update
Site Scripting
BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 2447 2447 Denial Of Service
BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 7092 7092 Denial Of service
BROWSER-WEBKIT Apple Safari WebKit CVE-2017- Browsers 1 out-of-bounds write 2505 attempt
BROWSER-WEBKIT Google Chrome Same CVE-2016- Browsers 1 Origin Policy Bypass 1711 Vulnerability
FILE-FLASH Adobe Flash CVE-2016-9163 Remote CVE-2016- Multimedia 1 Code Execution 9163 Vulnerability I
FILE-FLASH Adobe Flash Player CVE-2016- ABRControlParameters Multimedia 1 4185 access memory corruption attempt
FILE-FLASH Adobe Flash Player AS3 multiple axis CVE-2016- Multimedia 1 attributes integer 0989 overflow attempt
FILE-FLASH Adobe Flash CVE-2016- Player ASnative memory Multimedia 1 0981 corruption attempt
CVE-2016- FILE-FLASH Adobe Flash Multimedia 1 Player 0962
November 2019 Page 9 of 37 IPS Signature Update
BitmapData.paletteMap size mismatch integer overflow attempt
FILE-FLASH Adobe Flash Player CVE-2015-8644 CVE-2015- Multimedia 2 Multiple Remote Code 8644 Execution
FILE-FLASH Adobe Flash Player CVE-2016-1010 CVE-2016- Multimedia 1 Rectangle Width Integer 1010 Overflow
FILE-FLASH Adobe Flash Player CVE-2016-4177 CVE-2016- Multimedia 2 SceneAndFrameData 4177 Memory Corruption
FILE-FLASH Adobe Flash Player DefineBitsJPEG2 CVE-2016- Multimedia 1 invalid length memory 4179 corruption attempt
FILE-FLASH Adobe Flash Player hitTest CVE-2016- BitmapData object Multimedia 1 0963 integer overflow attempt
FILE-FLASH Adobe Flash Player invalid CVE-2016- sourceRect copyPixels Multimedia 1 0968 heap corruption attempt
FILE-FLASH Adobe Flash Player M3U8 parser CVE-2015- Multimedia 1 logic memory 8457 corruption attempt
FILE-FLASH Adobe Flash CVE-2015- Multimedia 1 Player MP3 ID3 data
November 2019 Page 10 of 37 IPS Signature Update
parsing heap buffer 8446 overflow attempt
FILE-FLASH Adobe Flash CVE-2015- Player PCRE parsing out Multimedia 1 8418 of bounds read attempt
FILE-FLASH Adobe Flash Player rectangle CVE-2016- auxiliary method Multimedia 1 0977 integer overflow attempt
FILE-FLASH Adobe Flash Player ShaderParameter CVE-2015- Multimedia 1 integer overflow 8445 attempt
FILE-IMAGE Adobe Acrobat Reader JPEG CVE-2017- Multimedia 2 2000 tile memory 11226 corruption attempt
FILE-IMAGE Adobe Pro DC Exif ModifyDate CVE-2016- Multimedia 1 metadata memory 1076 corruption attempt
FILE-IMAGE Adobe Pro DC Exif Software CVE-2016- Multimedia 1 metadata memory 1076 corruption attempt
FILE-IMAGE Adobe Reader EMF CVE-2017- EMR_MOVETOEX Multimedia 2 3123 memory corruption attempt
FILE-IMAGE CVE-2017- Application ImageMagick 2 WWWDecodeDelegate 15277 and Software command injection
November 2019 Page 11 of 37 IPS Signature Update
attempt
FILE-MULTIMEDIA Adobe Flash CVE-2017- CVE-2017- 3076 AVC Edge Multimedia 2 3076 Processing Out of Bounds Read
FILE-OFFICE Microsoft Office CVE-2018-1026 CVE-2018- Office Tools 2 Remote Code Execution 1026 Vulnerability
FILE-OFFICE Microsoft Office Excel graphics CVE-2018- Office Tools 2 remote code execution 1028 attempt
FILE-OFFICE Microsoft CVE-2018- Office Excel remote Office Tools 2 1026 code execution attempt
FILE-OFFICE Microsoft Office Excel StyleXF CVE-2015- Office Tools 1 invalid icvXF out of 6122 bounds read attempt
FILE-OTHER Adobe Acrobat and Reader CVE-2018- Application docID Stack Buffer 1 4901 and Software Overflow leak CVE- 2018-4901
FILE-OTHER Adobe Acrobat and Reader CVE-2019- Application 4 JPEG2000 Parsing Out 7794 and Software of Bounds Read
FILE-OTHER Adobe CVE-2017- Application Acrobat EMF with 2 malformed embedded 11259 and Software JPEG memory
November 2019 Page 12 of 37 IPS Signature Update
corruption attempt
FILE-OTHER Adobe Acrobat ImageConversion EMF CVE-2018- Application 1 BMP Heap Buffer 4982 and Software Overflow CVE-2018- 4982
FILE-OTHER Adobe Acrobat Pro EMF CVE-2018- Application RegionNodeCount out- 2 5020 and Software of-bounds write attempt
FILE-OTHER Adobe CVE-2018- Application Acrobat Pro XPS heap 2 5015 and Software overflow attempt
FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12777 Out of 12777 and Software Bounds Read Access
FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12780 Out of 12780 and Software Bounds Read Access
FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12781 Out of 12781 and Software Bounds Read Access
FILE-OTHER Adobe Acrobat Reader CVE- CVE-2018- Application 2 2018-12793 Type 12793 and Software Confusion
FILE-OTHER Adobe Flash CVE-2016- Application 1 Player unsupported 0967 and Software video encoding remote
November 2019 Page 13 of 37 IPS Signature Update
code execution attempt
FILE-OTHER Adobe InDesign Unsafe CVE-2019- Application 4 Hyperlink Processing 7107 and Software Remote Code Execution
FILE-OTHER Adobe Professional EMF file CVE-2017- Application 2 TIFF image size memory 11261 and Software corruption attempt
FILE-OTHER Adobe CVE-2018- Application Reader CVE-2018-15997 2 15997 and Software Information Disclosure
FILE-OTHER Apple IOS CVE-2017- Application CVE-2017-2416 2 2416 and Software Memory Corruption
FILE-OTHER Cisco WebEx Network CVE-2018- Application Recording Player for 1 0104 and Software ARF files dll-load exploit attempt
FILE-OTHER Microsoft Internet Explorer CVE- CVE-2016- Application 2016-7272 Malformed 2 7272 and Software Ico Integer Overflow Attempt
FILE-OTHER Microsoft JET Database Engine CVE-2019- Application CVE-2019-1359 Remote 2 1359 and Software Code Execution Vulnerability
FILE-OTHER Microsoft Windows BLF file local CVE-2016- Application 2 privilege escalation 3332 and Software attempt
November 2019 Page 14 of 37 IPS Signature Update
FILE-OTHER Microsoft Windows CVE-2016- CVE-2016- Application 1 7256 OTF Parsing 7256 and Software Memory Corruption
FILE-OTHER Microsoft Windows CVE-2016- 7274 GDI32.dll cmap CVE-2016- Application 1 numUVSMappings 7274 and Software overflow attempt vulnerabilty
FILE-OTHER Microsoft Windows Host Compute CVE-2018- Application 2 Service Shim remote 8115 and Software code execution attempt
CVE-2019- 0891,mapp unknown,v FILE-OTHER Microsoft endor Database Windows Jet Database Microsoft,v Management 4 CVE-2019-0891 Remote uln Code System Code Execution Exec,sfosca t 33,sigtype poc
CVE-2019- 0891,vendo r FILE-OTHER Microsoft Microsoft,v Database Windows Jet Database uln Code Management 1 CVE-2019-0891 Remote Exec,sfosca System Code Execution t 33,sigtype poc,mapp unknown
CVE-2019- FILE-OTHER Microsoft 1242,vendo Database Windows Jet Database r Management 1 CVE-2019-1242 Remote Microsoft,v System Code Execution uln Code Exec,sfosca
November 2019 Page 15 of 37 IPS Signature Update
t 33,sigtype poc,mapp unknown
CVE-2019- 1242,vendo r FILE-OTHER Microsoft Microsoft,v Database Windows Jet Database uln Code Management 4 CVE-2019-1242 Remote Exec,sfosca System Code Execution t 33,sigtype poc,mapp unknown
FILE-OTHER Microsoft Windows malformed CVE-2018- Application 2 TTF integer overflow 1013 and Software attempt
FILE-PDF Adobe Acrobat And Reader CVE-2017- CVE-2017- Application 11263 AcroForm 2 11263 and Software Encoding Code Execution II
FILE-PDF Adobe Acrobat And Reader CVE-2017- CVE-2017- Application 11263 AcroForm 2 11263 and Software Encoding Code Execution I
FILE-PDF Adobe Acrobat and Reader JPEG2000 CVE-2018- Application 4 Parsing Out of Bounds 4990 and Software Read
FILE-PDF Adobe Acrobat and Reader Text Field CVE-2019- Application 2 Value Remote Code 7125 and Software Execution
FILE-PDF Adobe Acrobat CVE-2016- Application 1 CoolType font
November 2019 Page 16 of 37 IPS Signature Update
representation 0944 and Software decoding memory corruption attempt
FILE-PDF Adobe Acrobat CVE-2016- Application memory corruption 1 1081 and Software vulnerability attempt
FILE-PDF Adobe Acrobat PDF Reader CVE-2018- CVE-2018- Application 2 4979 URL Security 4979 and Software Bypass
FILE-PDF Adobe Acrobat Reader CVE-2016-1043 CVE-2016- Application 1 XFA FormCalc replace 1043 and Software Integer Overflow
FILE-PDF Adobe Acrobat Reader CVE-2018-12782 CVE-2018- Application 2 Double Free Memory 12782 and Software Corruption
FILE-PDF Adobe Acrobat Reader CVE-2018-12783 CVE-2018- Application 2 Use After Free Memory 12783 and Software Corruption
FILE-PDF Adobe Acrobat Reader duplicate U3D CVE-2017- Application 1 header memory 11222 and Software corruption attempt
FILE-PDF Adobe Acrobat Reader embedded TTF CVE-2016- Application 1 name record out of 4203 and Software bounds read attempt
FILE-PDF Adobe Acrobat Reader embedded TTF CVE-2016- Application 2 name record out of 4203 and Software bounds read attempt
November 2019 Page 17 of 37 IPS Signature Update
FILE-PDF Adobe Acrobat Reader malformed TTF CVE-2017- Application 2 memory corruption 3116 and Software attempt
FILE-PDF Adobe Acrobat Reader pdfshell preview CVE-2016- Application 1 mode - possible denial 0942 and Software of service attempt
FILE-PDF Adobe Professional JPEG ICC CVE-2017- Application 2 profile heap overflow 11211 and Software attempt
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-16033 Out Of 2 16033 and Software Bounds
FILE-PDF Adobe Reader DC JPEG2000 CVE-2016- CVE-2016- Application 1 7854 Out-of-Bounds 7854 and Software Read
FILE-PDF Adobe Reader CVE-2016- Application embedded TTF heap 1 4204 and Software overflow attempt
FILE-PDF Adobe Reader CVE-2018- Application JavaScript CVE-2018- 2 4954 and Software 4954 Use After Free
FILE-PDF Adobe Reader CVE-2016- Application submitForm read out of 1 1064 and Software bounds attempt
FILE-PDF Foxit Reader CVE-2018-14304 CVE-2018- Application 3 Annotations noteIcon 14304 and Software Use After Free
FILE-PDF Application 1
November 2019 Page 18 of 37 IPS Signature Update
TRUFFLEHUNTER and Software TALOS-2019-0796 attack attempt
INDICATOR- OBFUSCATION Microsoft Windows OLE Operating CVE-2014- CVE-2014-6332 System and 2 6332 Automation Array Services Remote Code Execution III
INDICATOR- OBFUSCATION Microsoft Windows OLE Operating CVE-2014- CVE-2014-6332 System and 2 6332 Automation Array Services Remote Code Execution II
OS-LINUX Linux Kernel Operating CVE-2016- USBIP out of bounds System and 1 3955 write attempt Services
OS-WINDOWS Microsoft Windows 10 Operating CVE-2018- CVE-2018-1010 Remote System and 2 1010 Code Execution Services Vulnerability
OS-WINDOWS Microsoft Windows 10 Operating CVE-2018- CVE-2018-1015 Remote System and 2 1015 Code Execution Services Vulnerability
OS-WINDOWS Microsoft Windows CVE Operating CVE-2016- 2016-3393 Graphics System and 1 3393 engine EMF rendering Services vulnerability
November 2019 Page 19 of 37 IPS Signature Update
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 3 CVE-2019-1108 1108 Services Information Disclosure
OS-WINDOWS Operating Microsoft Windows CVE-2018- System and 1 DNSAPI remote code 8225 Services execution attempt
OS-WINDOWS Operating Microsoft Windows CVE-2018- System and 2 Font Library Remote 1015 Services Code Execution
OS-WINDOWS Operating Microsoft Windows GDI CVE-2019- System and 2 CVE-2019-0758 0758 Services Information Disclosure
OS-WINDOWS Operating Microsoft Windows GDI CVE-2019- System and 2 CVE-2019-0882 0882 Services Information Disclosure
OS-WINDOWS Microsoft Windows Operating CVE-2018- Graphics Device CVE- System and 3 8424 2018-8424 Interface Services Information Disclosure
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 2 HTTP2 Ping Flood Denial 9512 Services of Service
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 4 HTTP2 Ping Flood Denial 9512 Services of Service
OS-WINDOWS CVE-2019- Operating 1
November 2019 Page 20 of 37 IPS Signature Update
Microsoft Windows 9514 System and HTTP2 Reset Flood Services Denial of Service
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 4 HTTP2 Reset Flood 9514 Services Denial of Service
CVE-2019- 9513,mapp unknown,v endor OS-WINDOWS Microsoft,v Web Services Microsoft Windows uln Denial and 2 HTTP2 Resource Loop Of Applications Denial of Service Service,sfos cat 50,sigtype poc
CVE-2019- 9513,mapp unknown,v endor OS-WINDOWS Microsoft,v Web Services Microsoft Windows uln Denial and 4 HTTP2 Resource Loop Of Applications Denial of Service Service,sfos cat 50,sigtype poc
CVE-2019- 9513,vendo r OS-WINDOWS Microsoft,v Microsoft Windows uln Denial Microsoft IIS 4 HTTP2 Resource Loop Of web server Denial of Service Service,sfos cat 40,sigtype generic,ma pp
November 2019 Page 21 of 37 IPS Signature Update
unknown
OS-WINDOWS Microsoft Windows Jet Operating CVE-2019- Database CVE-2019- System and 1 1358 1358 Remote Code Services Execution
CVE-2019- 1181,mapp unknown, mapp unknown, mapp OS-WINDOWS unknown, Microsoft Windows mapp Operating Remote Desktop unknown,,v System and 1 Services DVC endor Services Decompression Heap Microsoft,v Buffer Overflow uln Overflow,sf oscat 44,sigtype poc,mapp unknown
CVE-2019- 1181,mapp unknown, mapp unknown, OS-WINDOWS mapp Microsoft Windows unknown, Operating Remote Desktop mapp System and 1 Services DVC unknown,v Services Decompression Heap endor Buffer Overflow Microsoft,v uln Overflow,sf oscat 44,sigtype poc
November 2019 Page 22 of 37 IPS Signature Update
CVE-2019- 1181,mapp unknown, mapp unknown, OS-WINDOWS mapp Microsoft Windows unknown,v Operating Remote Desktop endor System and 1 Services DVC Microsoft,v Services Decompression Heap uln Buffer Overflow Overflow,sf oscat 44,sigtype poc,mapp unknown
CVE-2019- 1181,mapp unknown, OS-WINDOWS mapp Microsoft Windows unknown,v Operating Remote Desktop endor System and 4 Services DVC Microsoft,v Services Decompression Heap uln Code Buffer Overflow Exec,sfosca t 44,sigtype poc
OS-WINDOWS Operating Microsoft Windows CVE-2017- System and 2 RRAS Service Out of 11885 Services Bounds Access II
OS-WINDOWS Operating Microsoft Windows CVE-2017- System and 2 RRAS Service Out of 11885 Services Bounds Access I
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 2 SMB remote code 0633 Services execution attempt
November 2019 Page 23 of 37 IPS Signature Update
OS-WINDOWS Operating Microsoft Windows CVE-2015- System and 1 Uniscribe Integer 6130 Services Underflow
PROTOCOL-FTP ProFTPD CVE-2019- Infinite Loop Denial of FTP 2 18217 Service
Operating PROTOCOL-RPC System and 2 portmap listing UDP 111 Services
SERVER-APACHE Apache Continuum Apache HTTP 1 saveInstallation.action Server Command Injection
SERVER-APACHE Apache CVE-2019- Apache HTTP Solr Config API Insecure 1 0192 Server Deserialization
SERVER-APACHE Apache CVE-2015- Apache HTTP Subversion svn Protocol 1 5259 Server Parser Integer Overflow
SERVER-APACHE Apache Subversion svnserve CVE-2015- Apache HTTP 1 integer overflow 5259 Server attempt
SERVER-APACHE Apache Tomcat CVE-2017- CVE-2017- Apache HTTP 2 12617 HTTP PUT 12617 Server Remote Code Execution
SERVER-APACHE Apache Tomcat HTTP PUT CVE- CVE-2017- Apache HTTP 2 2017-12615 Windows 12615 Server Remote Code Execution
SERVER-APACHE Apache CVE-2019- Apache HTTP 1
November 2019 Page 24 of 37 IPS Signature Update
Traffic Server HTTP2 9515,vendo Server Settings Flood Denial of r Service Apache,vul n Denial Of Service,sfos cat 30,sigtype generic
CVE-2019- 9515,vendo r SERVER-APACHE Apache Apache,vul Traffic Server HTTP2 Apache HTTP n Denial Of 4 Settings Flood Denial of Server Service,sfos Service cat 30,sigtype generic
CVE-2019- 9515,,,vend or SERVER-APACHE Apache Apache,vul Traffic Server HTTP2 Other Web n Denial Of 1 Settings Flood Denial of Server Service,sfos Service cat 46,sigtype poc
SERVER-MAIL IBM Domino IMAP Mailbox CVE-2017- Other Mail 3 Name Stack Buffer 1274 Server Overflow
SERVER-MSSQL Microsoft SQL RDBMS Database CVE-2016- Engine CVE-2016-7250 Management 1 7250 UNC Path Injection System Privilege Escalation II
Database SERVER-MSSQL CVE-2016- Management 1 Microsoft SQL RDBMS 7250 Engine UNC Path System
November 2019 Page 25 of 37 IPS Signature Update
Injection Privilege Escalation (Published Exploit)
SERVER-OTHER CVE-2016- Other Web Advantech WebAccess 1 0851 Server buffer overflow attempt
SERVER-OTHER Advantech WebAccess Other Web Node spchapi and 2 Server tv_enua Stack Buffer Overflow
SERVER-OTHER Advantech WebAccess CVE-2016- Other Web webvrpcs Service 1 0856 Server Function 0x013C71 Buffer Overflow
SERVER-OTHER Advantech WebAccess CVE-2016- Other Web webvrpcs Service 2 0856 Server Function 0x013C80 Buffer Overflow
SERVER-OTHER Advantech WebAccess CVE-2016- Other Web 1 webvrpcs Service 0856 Server strncpy Buffer Overflow
SERVER-OTHER Microsoft Windows CVE-2019- Other Web DHCP Server Failover 1 1206 Server CVE-2019-1206 Denial of Service
SERVER-OTHER Microsoft Windows CVE-2019- Other Web DHCP Server Failover 4 1206 Server CVE-2019-1206 Denial of Service
November 2019 Page 26 of 37 IPS Signature Update
SERVER-OTHER Microsoft Windows CVE-2019- Other Web 4 DHCP Server Failover 0785 Server Remote Code Execution
SERVER-OTHER Microsoft Windows CVE-2019- Other Web 4 DHCP Server Remote 0725 Server Code Execution
SERVER-OTHER ntpq CVE-2018- Other Web decode array buffer 1 7183 Server overflow attempt
SERVER-OTHER OpenSSL SSLv3 large CVE-2014- Other Web heartbeat response - 1 0160 Server possible ssl heartbleed attempt
SERVER-OTHER OpenSSL TLSv1.1 large CVE-2014- Other Web heartbeat response - 1 0160 Server possible ssl heartbleed attempt
SERVER-OTHER OpenSSL TLSv1 large CVE-2014- Other Web heartbeat response - 1 0160 Server possible ssl heartbleed attempt
SERVER-OTHER Unitrends Enterprise Other Web Backup CVE-2017-7282 2 Server Local File Inclusion attempt
SERVER-OTHER ZeroMQ libzmq curve_server CVE-2019- Other Web 1 Stack-based Buffer 13132 Server Overflow
November 2019 Page 27 of 37 IPS Signature Update
SERVER-OTHER ZeroMQ libzmq curve_server CVE-2019- Other Web 4 Stack-based Buffer 13132 Server Overflow
SERVER-SAMBA Samba Operating NDR Parsing CVE-2016- System and 2 ndr_pull_dnsp_name 2123 Services Integer Overflow
SERVER-WEBAPP Web Services Advantech WebAccess CVE-2017- and 2 updateTemplate.aspx 5154 Applications SQL Injection
SERVER-WEBAPP Web Services Advantech WebAccess CVE-2017- and 2 updateTemplate SQL 5154 Applications injection attempt
SERVER-WEBAPP Web Services awstats.pl configdir CVE-2005- and 1 command injection 0116 Applications attempt
SERVER-WEBAPP CA Web Services CVE-2016- eHealth command and 2 6152 injection attempt Applications
SERVER-WEBAPP Cisco Web Services Elastic Services CVE-2019- and 2 Controller REST API 1867 Applications Authentication Bypass
SERVER-WEBAPP Cisco Web Services CVE-2019- Security Manager RMI and 1 12630 Insecure Deserialization Applications
SERVER-WEBAPP Cisco Web Services CVE-2019- Security Manager RMI and 4 12630 Insecure Deserialization Applications
November 2019 Page 28 of 37 IPS Signature Update
SERVER-WEBAPP Cobub Web Services CVE-2018- Razor channel name and 1 8057 SQL injection attempt Applications
SERVER-WEBAPP Drupal Web Services Core Web Services CVE- CVE-2019- and 3 2019-6340 Remote 6340 Applications Code Execution
SERVER-WEBAPP Elastic Web Services CVE-2019- Kibana Timelion and 1 7609 Prototype Pollution Applications
SERVER-WEBAPP Fortinet FortiOS SSL Web Services CVE-2018- VPN web portal and 1 13379 directory traversal Applications attempt
SERVER-WEBAPP GPON Web Services Router authentication CVE-2018- and 1 bypass and command 10562 Applications injection attempt
SERVER-WEBAPP HPE Web Services System Management CVE-2017- and 1 Homepage cross site 12544 Applications scripting attempt
SERVER-WEBAPP Web Services Jenkins Git Client CVE-2019- and 1 Remote Command 10392 Applications Execution
SERVER-WEBAPP Jenkins Java Web Services SignedObject CVE-2017- and 1 deserialization 1000353 Applications command execution attempt
SERVER-WEBAPP CVE-2017- Web Services 1
November 2019 Page 29 of 37 IPS Signature Update
Joomla 3.7.0 com_fields 8917 and view SQL injection Applications attempt
SERVER-WEBAPP ManageEngine Web Services Applications Manager CVE-2018- and 1 testCredential.do 7890 Applications command injection attempt
CVE-2019- 9511,mapp unknown, mapp SERVER-WEBAPP unknown,v Microsoft Windows endor Web Services HTTP2 Resource Loop Microsoft,v and 1 Denial of Service uln Denial Applications PRIORITY Of Service,sfos cat 50,sigtype poc
CVE-2019- 9511,mapp unknown,v endor SERVER-WEBAPP Microsoft,v Microsoft Windows uln Denial Microsoft IIS HTTP2 Resource Loop 4 Of web server Denial of Service Service,sfos PRIORITY cat 40,sigtype poc,mapp unknown
CVE-2019- SERVER-WEBAPP 9511,mapp Microsoft Windows Microsoft IIS unknown,v 4 HTTP2 Resource Loop endor web server Denial of Service Microsoft,v uln Denial
November 2019 Page 30 of 37 IPS Signature Update
Of Service,sfos cat 40,sigtype generic
CVE-2019- 9511,mapp unknown,, mapp SERVER-WEBAPP unknown,v Microsoft Windows endor Web Services HTTP2 Resource Loop Microsoft,v and 1 Denial of Service uln Denial Applications WINDOW_UPDATE Of Service,sfos cat 50,sigtype poc
CVE-2019- 9511,mapp unknown,,v endor SERVER-WEBAPP Microsoft,v Microsoft Windows uln Denial Web Services HTTP2 Resource Loop Of and 1 Denial of Service Service,sfos Applications WINDOW_UPDATE cat 50,sigtype generic,ma pp unknown
SERVER-WEBAPP Novell Web Services File Reporter Agent CVE-2011- and 1 stack buffer overflow 0994 Applications attempt
SERVER-WEBAPP Web Services OpenEMR CVE-2019- and 1 facility_admin.php 8368 Applications Cross-Site Scripting
November 2019 Page 31 of 37 IPS Signature Update
SERVER-WEBAPP OPF Web Services CVE-2019- OpenProject sortBy and 1 17092 Cross-Site Scripting Applications
SERVER-WEBAPP phf Web Services CVE-1999- arbitrary command and 1 0067 execution attempt Applications
SERVER-WEBAPP PHP CVE-2017-5340 Web Services CVE-2017- zend_hash_destroy and 2 5340 Uninitialized Pointer Applications Code Execution
SERVER-WEBAPP Web Services phpMyAdmin CVE-2016- and 2 preg_replace null byte 5734 Applications injection attempt
SERVER-WEBAPP PHP zend_hash_destroy Web Services CVE-2017- Uninitialized Pointer and 2 5340 Code Execution Applications (Published Exploit)
SERVER-WEBAPP Web Services Samsung SmartThings CVE-2018- and 2 Hub video-core Camera 3903 Applications URL Buffer Overflow
SERVER-WEBAPP Web Services Samsung SmartThings CVE-2018- and 4 Hub video-core Camera 3903 Applications URL Buffer Overflow
SERVER-WEBAPP Web Services Seowonintech CVE-2016- and 1 diagnostic.cgi command 10760 Applications injection attempt
CVE-2018- SERVER-WEBAPP Web Services 2 Sitecore CMS 7669 and
November 2019 Page 32 of 37 IPS Signature Update
default.aspx directory Applications traversal attempt CVE- 2018-7669
SERVER-WEBAPP Sonatype Nexus Web Services Repository Manager CVE-2019- and 4 CVE-2019-7238 7238 Applications Expression Language Injection
SERVER-WEBAPP Web Services ThinkPHP 5.0.23/5.1.31 CVE-2018- and 1 CVE-2018-20062 20062 Applications Remote Code Execution
SERVER-WEBAPP TPlink Web Services CVE-2017- CVE-2017-15613 and 2 15613 Command Injection Applications
SERVER-WEBAPP Trend Micro Threat Discovery Web Services CVE-2016- Appliance and 1 8587 dlp_policy_upload.cgi Applications Remote Code Execution
SERVER-WEBAPP Trend Micro Threat Discovery Web Services CVE-2016- Appliance logoff.cgi and 2 7552 directory traversal Applications attempt
SERVER-WEBAPP Web Services TRUFFLEHUNTER CVE-2018- and 1 TALOS-2018-0560 attack 3883 Applications attempt Start
SERVER-WEBAPP Web Services VMWare NSX SD-WAN CVE-2018- and 1 Edge command 6961 Applications injection attempt
November 2019 Page 33 of 37 IPS Signature Update
SERVER-WEBAPP Web Services Webmin CVE-2019- and 1 password_change.cgi 15107 Applications Command Injection
SERVER-WEBAPP Web Services Webmin CVE-2019- and 4 password_change.cgi 15107 Applications Command Injection
SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- searchDevices.jsp SQL and 1 16917 Injection (Decrypted Applications Traffic)
SERVER-WEBAPP WiKID 2FA Enterprise Server Web Services CVE-2019- searchDevices.jsp SQL and 1 16917 Injection (encrypted Applications Traffic)
SERVER-WEBAPP WordPress Security Web Services CVE-2018- Audit Log Plugin and 2 8719 Sensitive Information Applications Disclosur
SERVER-WEBAPP Web Services WordPress Ultimate CVE-2017- and 1 Form Builder plugin SQL 15919 Applications injection attempt
SERVER-WEBAPP Wordpress wpdb Web Services CVE-2017- prepare sprintf and 2 14723 placeholder SQL Applications injection attempt
Database SQL union select - CVE-2006- Management 2 possible percent- 2835 delimited SQL injection System
November 2019 Page 34 of 37 IPS Signature Update
attempt - GET parameter
CVE-2017- Malware 2 0144 Communication
November 2019 Page 35 of 37 IPS Signature Update
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
November 2019 Page 36 of 37 IPS Signature Update
Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com
November 2019 Page 37 of 37