SOPHOS IPS Signature Update Release Notes

Version : 7.16.40 Release Date : 30th October 2019 IPS Signature Update

Release Information

Upgrade Applicable on IPS Signature Release Version 7.16.39 Sophos Appliance Models XG-550, XG-750, XG-650

Upgrade Information Upgrade type: Automatic

Compatibility Annotations: None

Introduction The Release Note document for IPS Signature Database Version 7.16.40 includes support for the new signatures. The following sections describe the release in detail.

New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected], along with the application details.

October 2019 Page 2 of 34 IPS Signature Update

This IPS Release includes Three Hundred and Eleven(311) signatures to address Two Hundred and Sixty One(261) vulnerabilities. New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-CHROME Google Chrome CVE-2016- Browsers 1 Arbitrary Script 5204 Injection Vulnerability

BROWSER-CHROME Google Chrome Cross CVE-2014- Browsers 2 Origin Policy Bypass 1701 Vulnerability

BROWSER-CHROME Google Chrome Cross CVE-2014- Browsers 2 Site Scripting 1747 Vulnerability

BROWSER-CHROME Google Chrome CVE- CVE-2011- Browsers 2 2011-2856 Cross Origin 2856 Bypass

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2013-6632 Denial Of 5200 Service

BROWSER-CHROME Google Chrome CVE- CVE-2014- Browsers 2 2014-7927 Denial Of 7927 Service

BROWSER-CHROME Google Chrome CVE- CVE-2014- Browsers 2 2014-7928 Denial Of 7928 Service

October 2019 Page 3 of 34 IPS Signature Update

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2015-1233 Remote 5200 Code Execution

BROWSER-CHROME Google Chrome CVE- CVE-2015- Browsers 1 2015-1242 Denial Of 1242 Service

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2015-6764 Out of 5200 Bounds Memory Access

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-1653 Denial Of 1653 Service

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-1672 Same Origin 1672 Policy Bypass

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-1673 Universal 6173 Cross Site Scripting

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-1675 Same Origin 1675 Policy

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-1676 Persistent 1676 Cross Site Scripting

CVE-2016- BROWSER-CHROME Browsers 2 Google Chrome CVE- 5129

October 2019 Page 4 of 34 IPS Signature Update

2016-1710 Same Origin Policy Bypass

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-5129 Denial Of 5129 Service

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-5200 Out of 5200 Bounds Memory Access

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2016-5207 Universal 5207 Cross Site Scripting

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2017-15396 Buffer 5200 Overflow

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2017-5007 Cross Site 5129 Scripting

BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5040 Out Of 5040 Bound Read

BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5088 Out of 5088 Bounds Memory Access

BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5122 Out Of 5122 Bound Memory Access

October 2019 Page 5 of 34 IPS Signature Update

BROWSER-CHROME Google Chrome CVE- CVE-2017- Browsers 2 2017-5129 Out Of 5129 Bound Memory Access

BROWSER-CHROME Google Chrome CVE- CVE-2016- Browsers 2 2018-6056 Type 5200 Confusion

BROWSER-CHROME CVE-2015- Google Chrome Denial Browsers 2 6771 Of Service Vulnerability

BROWSER-CHROME CVE-2016- Google Chrome Denial Browsers 2 1646 Of Service Vulnerability

BROWSER-CHROME CVE-2018- Google Chrome Heap Browsers 1 6064 Corruption Vulnerability

BROWSER-CHROME CVE-2017- Google Chrome Heap Browsers 1 5128 Overflow Vulnerability

BROWSER-CHROME Google Chrome CVE-2016- Browsers 2 Information Disclosure 1665 Vulnerability

BROWSER-CHROME Google Chrome CVE-2016- Browsers 1 Information Disclosure 1677 Vulnerability

BROWSER-CHROME Google Chrome CVE-2016- Browsers 2 Information Disclosure 5172 Vulnerability

October 2019 Page 6 of 34 IPS Signature Update

BROWSER-CHROME CVE-2018- Google Chrome Object Browsers 1 6106 Corruption Vulnerability

BROWSER-CHROME Google Chrome Out Of CVE-2017- Browsers 1 Bounds Read 5098 Vulnerability

BROWSER-CHROME CVE-2017- Google Chrome Out Of Browsers 1 5071 Bounds Vulnerability

BROWSER-CHROME Google Chrome Regexp CVE-2016- Browsers 2 Denial Of Service 1688 Vulnerability

BROWSER-CHROME Google Chrome Same CVE-2015- Browsers 2 Origin Policy Bypass 6755 Vulnerability

BROWSER-CHROME Google Chrome Same CVE-2015- Browsers 2 Origin Policy Bypass 6770 Vulnerability

BROWSER-CHROME Google Chrome Same CVE-2017- Browsers 1 Origin Policy Bypass 0199 Vulnerability

BROWSER-CHROME Google Chrome Same CVE-2017- Browsers 2 Origin Policy Bypass 2480 Vulnerability

BROWSER-CHROME CVE-2017- Google Chrome Same Browsers 1 Remote Code Execution 5008 Vulnerability

October 2019 Page 7 of 34 IPS Signature Update

Vulnerability

BROWSER-CHROME CVE-2017- Google Chrome Use- Browsers 1 5127 After-Free Vulnerability

BROWSER-CHROME Google Chrome V8 - CVE-2018- Browsers 2 Object Allocation Size 6065 Integer Overflow

BROWSER-CHROME Google PDFium TIFF CVE-2015- Image Flate Decoder Browsers 1 7545 Code Execution Vulnerability.

BROWSER-FIREFOX Mozilla Firefox method CVE-2018- array.prototype.push Browsers 2 12387 remote code execution attempt

BROWSER-IE Internet CVE-2016- Explorer CVE-2017-8634 Browsers 2 5129 Remote Code Execution

BROWSER-IE Internet Explorer Scripting CVE-2017- Browsers 1 Engine Memory 11839 Corruption Vulnerability

BROWSER-IE Internet Explorer Scripting CVE-2017- Browsers 1 Engine Memory 8645 Corruption Vulnerability

BROWSER-IE Internet EXplorer Scripting CVE-2017- Browsers 1 Engine Memory 8729 Corruption Vulnerability

October 2019 Page 8 of 34 IPS Signature Update

BROWSER-IE Internet Explorer Scripting CVE-2018- Browsers 1 Engine Memory 0840 Corruption Vulnerability

BROWSER-IE Microsoft Edge anonymous CVE-2018- Browsers 2 function type confusion 0774 attempt

BROWSER-IE Microsoft Edge Chakra JIT CVE-2018- BoundFunction Browsers 2 8139 NewInstance out of bounds read attempt

BROWSER-IE Microsoft Edge Chakra JIT CVE-2017- Browsers 2 memory corruption 0234 attempt

BROWSER-IE Microsoft Edge Chakra CVE-2017- Browsers 1 setPrototypeOf use- 8751 after-free attempt

BROWSER-IE Microsoft Edge CVE-2017-11889 CVE-2017- Scripting Engine Browsers 2 0236 postMessage Use After Free Attempt

BROWSER-IE Microsoft CVE-2017- Edge CVE-2017-8646 Browsers 2 2363 Remote Code Execution

BROWSER-IE Microsoft CVE-2017- Edge CVE-2017-8656 Browsers 2 8656 Remote Code Exec

CVE-2018- BROWSER-IE Microsoft Browsers 1 Edge CVE-2018-0835 0835

October 2019 Page 9 of 34 IPS Signature Update

EnsureNonNativeArray Type Confusion I

BROWSER-IE Microsoft CVE-2018- Edge out of bounds Browsers 2 0777 write attempt

BROWSER-IE Microsoft Edge Scripting Engine CVE-2018- CVE-2018-0770 Browsers 2 0770 Memory Corruption Vulnerability

BROWSER-IE Microsoft Edge scripting engine CVE-2018- Browsers 1 memory corruption 0838 attempt

BROWSER-IE Microsoft Edge scripting engine CVE-2018- Browsers 2 memory corruption 0980 attempt

BROWSER-IE Microsoft Edge scripting engine CVE-2019- Browsers 1 memory corruption 0991 vulnerability attempt

BROWSER-IE Microsoft Edge Scripting Engine CVE-2017- Browsers 1 Memory Corruption 0134 Vulnerability

BROWSER-IE Microsoft Edge Scripting Engine CVE-2017- Browsers 1 Memory Corruption 8740 Vulnerability

BROWSER-IE Microsoft Edge Scripting Engine CVE-2018- Browsers 1 Memory Corruption 0837 Vulnerability

October 2019 Page 10 of 34 IPS Signature Update

BROWSER-IE Microsoft CVE-2018- Edge scripting engine Browsers 1 0775 type confusion attempt

BROWSER-IE Microsoft Internet Explorer cve- 2015-6086 CVE-2015- Browsers 2 InitFromString Function 6086 Out of Bounds Memory Access

BROWSER-IE Microsoft Internet Explorer CVE- CVE-2018- Browsers 3 2018-0763 Information 0763 Disclosure

BROWSER-IE Microsoft Internet Explorer invalid CVE-2012- object property Browsers 1 4787 memory corruption attempt

BROWSER-IE Microsoft CVE-2017- Internet Explorer out of Browsers 1 11911 bounds read attempt

BROWSER-IE Microsoft CVE-2017- Internet Explorer out of Browsers 2 11911 bounds read attempt

BROWSER-IE Microsoft Scripting Engine CVE-2017- Browsers 1 Memory Corruption 0015 Vulnerability

BROWSER-IE Scripting Engine Memory CVE-2017- Browsers 1 Corruption Vulnerability 11793 Attempt

CVE-2018- BROWSER-OTHER Apple Browsers 1 iTunes Denial Of Service 4121

October 2019 Page 11 of 34 IPS Signature Update

Vulnerability

BROWSER-OTHER Apple CVE-2016- Safari CVE-2016-4734 Browsers 2 4734 Remote Code Execution

BROWSER-OTHER Apple CVE-2017- Safari CVE-2017-6980 Browsers 2 6980 Denial Of Service

BROWSER-OTHER Apple CVE-2016- Safari Remode Code Browsers 1 1857 Execution Vulnerability

BROWSER-OTHER Apple CVE-2017- Safari Remode Code Browsers 1 2491 Execution Vulnerability

BROWSER-OTHER Apple Safari Same Origin CVE-2017- Browsers 2 Policy Bypass 2365 Vulnerability

BROWSER-OTHER Safari CVE-2011- Cross Site Scripting Browsers 2 3243 Vulnerability

BROWSER-OTHER Safari CVE-2017- Cross Site Scripting Browsers 1 2504 Vulnerability

BROWSER-OTHER Safari CVE-2016- Denial Of Service Browsers 2 1779 Vulnerability

BROWSER-OTHER Safari CVE-2017- Denial Of Service Browsers 2 2531 Vulnerability

BROWSER-OTHER Safari CVE-2017- Denial Of Service Browsers 1 2547 Vulnerability

October 2019 Page 12 of 34 IPS Signature Update

BROWSER-OTHER Safari CVE-2017- Denial Of Service Browsers 2 7056 Vulnerability

BROWSER-OTHER Safari CVE-2017- Same Origin Policy Browsers 2 2442 Bypass Vulnerability

BROWSER-OTHER Safari CVE-2017- Same Origin Policy Browsers 2 2446 Bypass Vulnerability

BROWSER-OTHER Safari CVE-2017- Same Origin Policy Browsers 2 2493 Bypass Vulnerability

BROWSER-OTHER Safari CVE-2017- WebKit Remote Code Browsers 1 2536 Exceution Vulnerability

BROWSER-WEBKIT CVE-2016- Apple ioS WebKit Denial Browsers 2 4622 Of Service Vulnerability

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 1684 1684 Denial Of Service

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 2363 2363 Same Origin Policy

BROWSER-WEBKIT Apple Safari CVE-2017- CVE-2017- Browsers 2 2364 Universal Cross 2364 Site Scripting

BROWSER-WEBKIT Apple Safari CVE-2017- CVE-2017- Browsers 2 2445 Universal Cross 2445 Site Scripting

October 2019 Page 13 of 34 IPS Signature Update

BROWSER-WEBKIT Apple Safari CVE-2017- CVE-2017- Browsers 2 2479 Universal Cross 2479 Site Scripting

BROWSER-WEBKIT Apple Safari CVE-2017- CVE-2017- Browsers 2 2510 Universal Cross 2510 Site Scripting

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 2521 2521 Denial Of service

BROWSER-WEBKIT Apple Safari CVE-2017- CVE-2017- Browsers 2 2528 Universal Cross 2528 Site Scripting

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 7037 7037 Denial Of Service

BROWSER-WEBKIT Apple Safari CVE-2017- CVE-2017- Browsers 2 7089 Universal Cross 7089 Site Scripting

BROWSER-WEBKIT CVE-2017- Apple Safari CVE-2017- Browsers 2 2363 7117 Denial Of Service

BROWSER-WEBKIT Apple Safari WebkitCVE- CVE-2017- Browsers 2 2017-2464 Denial Of 2464 Service

BROWSER-WEBKIT Apple WebKit CVE-2018- Browsers 1 updateReferencedText 4315 use-after-free attempt

October 2019 Page 14 of 34 IPS Signature Update

FILE-FLASH Adobe Flash CVE-2008- Player CVE-2018-15982 Multimedia 2 2992 Use After Free

FILE-IDENTIFY Adobe Acrobat JOBOPTIONS CVE-2019- Application 4 File Parsing Out of 7110 and Software Bounds Read

FILE-IDENTIFY Omron CX-Supervisor project Application 4 file file attachment and Software detected

FILE-IMAGE Microsoft Windows OLE Load CVE-2019- Multimedia 1 Picture remote code 0885 execution attempt

FILE-IMAGE SketchUp CVE-2013- Application BMP RLE8 parsing 1 3663 and Software buffer overflow attempt

FILE-OFFICE Microsoft CVE-2017- HTA Handler Office Tools 1 0199 Vulnerability

FILE-OFFICE Microsoft CVE-2019- Office directory Office Tools 1 0801 traversal attempt

FILE-OFFICE Microsoft CVE-2019- Office directory Office Tools 2 0801 traversal attempt

FILE-OFFICE Microsoft Office Equation Editor CVE-2017- Office Tools 2 RTF embedded OLE 11882 evasion attempt

FILE-OFFICE Microsoft CVE-2013- Office Tools 1 Office Excel malicious

October 2019 Page 15 of 34 IPS Signature Update

cce value following a 1315 PtgMemFunc token

FILE-OFFICE Microsoft Powerpoint graphics CVE-2019- Office Tools 1 component remote 0822 code execution attempt

FILE-OTHER Adobe Acrobat PostScript CVE-2019- Application 1 parsing type confusion 7087 and Software attempt

FILE-OTHER Apple DMG ffs_mountfs integer CVE-2007- Application 2 overflow exploit 0229 and Software attempt

FILE-OTHER Apple iBook CVE-2017- Application Information Disclosure 1 2426 and Software Vulnerability

FILE-OTHER Microsoft CVE-2019- Application SharePoint 1 1257 and Software deserialization attempt

FILE-OTHER Microsoft Windows Avast Anti- CVE-2018- Application 2 Virus local credentials 12572 and Software disclosure attempt

FILE-OTHER Microsoft Windows Device Guard CVE-2017- Application 2 bypass via compiled 8625 and Software help file attempt

FILE-OTHER Microsoft Windows Jet Database CVE-2019- Application 1 CVE-2019-1249 Remote 7050 and Software Code Execution

FILE-OTHER Snapd CVE-2019- Application 2

October 2019 Page 16 of 34 IPS Signature Update

dirty_sock exploit 7304 and Software download attempt

FILE-OTHER VideoLAN CVE-2018- Application VLC media player out- 1 19857 and Software of-bounds read attempt

FILE-OTHER Windows CVE-2019- Application GDI font out-of-bounds 1 0758 and Software read attempt

FILE-PDF Adobe Acrobat CVE-2019- Application JavaScript engine out- 1 7053 and Software of-bounds read attempt

FILE-PDF Adobe Acrobat JOBOPTIONS File CVE-2019- Application 1 Parsing Out of Bounds 7110 and Software Read

FILE-PDF Adobe Acrobat CVE-2019- Application PDF use-after-free 2 7050 and Software attempt

FILE-PDF Microsoft CVE-2019- Application Speech API remote code 1 0985 and Software execution attempt

OS-OTHER HWiNFO Operating CVE-2018- AMD64 Kernel Driver System and 1 6061 Information Disclosure Services

OS-WINDOWS Microsoft Graphics Operating CVE-2019- Device Interface CVE- System and 2 1252 2019-1252 Information Services Disclosure

OS-WINDOWS Operating Microsoft win32k driver CVE-2019- System and 1 buffer over read 1078 Services attempt

October 2019 Page 17 of 34 IPS Signature Update

OS-WINDOWS Microsoft Windows Jet Operating CVE-2019- Database CVE-2019- System and 2 1243 1243 Remote Code Services Execution

OS-WINDOWS Microsoft Windows Jet Operating CVE-2019- Database CVE-2019- System and 4 1243 1243 Remote Code Services Execution

OS-WINDOWS Operating Microsoft Windows System and 3 SMB Transaction heap Services groom attempt

OS-WINDOWS Microsoft Windows Operating win32k CVE-2019- System and 1 NtGdiExtFloodFill 1017 Services memory corruption attempt

OS-WINDOWS Windows Operating OLE Automation Array CVE-2014- System and 1 Remote Code Execution 6332 Services Vulnerability

SERVER-APACHE Apache 2 mod_ssl CVE-2004- Apache HTTP 3 Connection Abort denial 0748 Server of service attempt

SERVER-APACHE CVE-2013- Apache HTTP Apache Struts2 remote 1 2251 Server code execution attempt

SERVER-APACHE Apache Struts CVE-2018- Apache HTTP 2 java.lang.ProcessBuilder 11776 Server class access attempt

October 2019 Page 18 of 34 IPS Signature Update

SERVER-APACHE Apache Struts ognl CVE-2018- Apache HTTP 2 remote code execution 11776 Server attempt

SERVER-OTHER Adobe ColdFusion CKEditor CVE-2018- Other Web upload.cfm Unrestricted 2 15961 Server File Upload CVE-2018- 15961

SERVER-OTHER ASP Other Web webshell upload 4 Server attempt

SERVER-OTHER Blue CVE-2011- Other Web Coat BCAAA buffer 1 5124 Server overflow attempt

SERVER-OTHER Century Other Web Star SCADA directory 2 Server traversal attempt

SERVER-OTHER CFM Other Web webshell upload 4 Server attempt

SERVER-OTHER Cisco CVE-2019- Other Web IOS XE REST API 2 12643 Server Authentication Bypass

SERVER-OTHER Cisco Software Cluster CVE-2017- Other Web Management Protocol 1 3881 Server remote code execution attempt

SERVER-OTHER IBM WebSphere Application CVE-2015- Other Web Server Commons- 1 7450 Server Collections Library Remote Code Execution

October 2019 Page 19 of 34 IPS Signature Update

SERVER-OTHER Interactive Graphical Other Web 1 SCADA System arbitrary Server file read attempt

SERVER-OTHER ipTime Other Web G104BE directory 2 Server traversal attempt

SERVER-OTHER ISC CVE-2011- Other Web DHCP command 1 0997 Server injection attempt

SERVER-OTHER Jenkins CI Server Groovy CVE-2019- Other Web 1 Pipeline Remote Code 1003001 Server Execution

SERVER-OTHER CVE-2011- Other Web NetSupport Manager 1 0404 Server Client Buffer Overflow

SERVER-OTHER NFS server /etc/passwd CVE-2019- Other Web 3 symlink creation 11538 Server attempt

SERVER-OTHER NFS server /etc/passwd Other Web 3 symlink creation Server attempt

SERVER-OTHER Novell CVE-2010- Other Web NetWare AFP denial of 3 0317 Server service attempt

SERVER-OTHER Web Services OpenSSL DTLS SRTP CVE-2014- and 3 Extension Parsing 3513 Applications Denial of Service

October 2019 Page 20 of 34 IPS Signature Update

SERVER-OTHER Perl Other Web webshell upload 2 Server attempt

SERVER-OTHER PHP Other Web webshell upload 4 Server attempt

SERVER-OTHER Samsung Integrated Management System Other Web 2 Data Management Server Server hardcoded credentials attempt

SERVER-OTHER Siemens SIMATIC CVE-2015-2177 CVE-2015- Other Web 2 Remote Denial of 2177 Server Service

SERVER-WEBAPP Web Services Advantech WebAccess CVE-2017- and 2 8.3.2 Dashboard SQL 16716 Applications injection attempt

SERVER-WEBAPP Web Services Advantech WebAccess CVE-2018- and 2 CertUpdate directory 5445 Applications traversal attempt

SERVER-WEBAPP Web Services Advantech WebAccess CVE-2018- and 2 Dashboard directory 15706 Applications traversal attempt

SERVER-WEBAPP Advantech WebAccess Web Services Dashboard Viewer and 2 arbitrary file upload Applications attempt

SERVER-WEBAPP CVE-2019- Web Services 1

October 2019 Page 21 of 34 IPS Signature Update

Advantech WebAccess 6550 and SCADA Bwthinfl Stack- Applications based Buffer Overflow

SERVER-WEBAPP Alcatel Web Services Lucent I-240W-Q GPON CVE-2019- and 1 ONT Stack Buffer 3921 Applications Overflow Vulnerability

SERVER-WEBAPP All in Web Services One Video Downloader and 2 SQL injection attempt Applications

SERVER-WEBAPP Apache Superset CVE-2018- Apache HTTP python pickle library 1 8021 Server remote code execution attempt

SERVER-WEBAPP Web Services Atlassian confluence CVE-2019- and 1 widget remote code 3396 Applications execution attempt

SERVER-WEBAPP Web Services Bacula-Web client- CVE-2017- and 2 report.php SQL 15367 Applications injection attempt

SERVER-WEBAPP Web Services CVE-2017- Bacula-Web jobs.php and 2 15367 SQL injection attempt Applications

SERVER-WEBAPP Web Services CentOS Web Panel CVE-2019- and 2 persistent cross site 7646 Applications scripting attempt

SERVER-WEBAPP Cisco Web Services IOS XE WebUI CVE-2019- and 2 Command Injection 12651 Applications Vulnerability

October 2019 Page 22 of 34 IPS Signature Update

SERVER-WEBAPP CloudByte ElastiStor Web Services CVE-2018- imageUploadServlet and 2 15675 directory traversal Applications attempt

SERVER-WEBAPP CMS Web Services CVE-2018- Made Simple arbitrary and 4 1000094 PHP file upload attempt Applications

SERVER-WEBAPP Web Services CMSsite 1.0 SQL and 2 injection attempt Applications

SERVER-WEBAPP Cobub Web Services CVE-2018- Razor channel name and 2 8057 SQL injection attempt Applications

SERVER-WEBAPP Web Services Cogent DataHub SQL and 2 injection attempt Applications

SERVER-WEBAPP CyberArk Enterprise Web Services CVE-2019- Password Vault XML and 2 7442 external entity injection Applications attempt

SERVER-WEBAPP DoD IT Web Services Solutions Homey BnB and 2 script SQL injection Applications attempt

SERVER-WEBAPP Dojo Web Services CVE-2010- Toolkit SDK cross site and 2 2275 scripting attempt Applications

SERVER-WEBAPP Easy Web Services Hosting Control Panel CVE-2018- and 2 action cross site 6362 Applications scripting attempt

October 2019 Page 23 of 34 IPS Signature Update

SERVER-WEBAPP Epic Web Services CVE-2016- MyChart SQL injection and 2 6272 attempt Applications

SERVER-WEBAPP Web Services Flexpaper and CVE-2018- and 2 Flowpaper command 11686 Applications injection attempt

SERVER-WEBAPP Web Services CVE-2018- Fortigate SSL VPN cross and 2 13380 site scripting attempt Applications

SERVER-WEBAPP Web Services generic cross site and 2 scripting via url attempt Applications

SERVER-WEBAPP Git Web Services CVE-2015- Remote Code Execution and 1 7545 Vulnerability Applications

SERVER-WEBAPP Web Services CVE-2018- Gxlcms SQL injection and 2 9247 attempt Applications

SERVER-WEBAPP Web Services HAProxy H2 Frame heap CVE-2018- and 1 memory corruption 10184 Applications attempt

SERVER-WEBAPP Horde Groupware Webmail Web Services Contact Management and 2 add.php directory Applications traversal attempt

SERVER-WEBAPP Horde Groupware Webmail Web Services CVE-2017- encryptMessage and 2 7413 prefs.php command Applications injection attempt

October 2019 Page 24 of 34 IPS Signature Update

SERVER-WEBAPP HPE IMC Web Services CVE-2019- CustomReportTemplate and 1 5373 SelectBean Expression Applications Language Injection

SERVER-WEBAPP HPE Intelligent Management Web Services CVE-2019- Center and 2 11956 ByteMessageResource Applications Insecure Deserialization

SERVER-WEBAPP HPE Web Services Intelligent Management CVE-2018- and 3 Center opcode denial- 7123 Applications of-service attempt

SERVER-WEBAPP HP SiteScope Web Services CVE-2012- APIMonitorImpl and 2 3259 information disclosure Applications attempt

SERVER-WEBAPP IBM Web Services WebSphere Application CVE-2019- and 2 Server remote code 4279 Applications execution attempt

SERVER-WEBAPP Web Services IceWarp Mail Server CVE-2015- and 2 directory traversal 1503 Applications attempt

SERVER-WEBAPP Intel AMT remote Web Services CVE-2017- administration tool and 1 5689 authentication bypass Applications attempt

Web Services SERVER-WEBAPP CVE-2017- and 1 Intenos Iopsys Remote 17867 Code Execution Applications

October 2019 Page 25 of 34 IPS Signature Update

Vulnerability

SERVER-WEBAPP Jenkins Groovy Web Services CVE-2019- metaprogramming and 2 1003000 remote code execution Applications attempt

SERVER-WEBAPP Web Services Joomla ProjectLog CVE-2018- and 2 search SQL injection 6024 Applications attempt

SERVER-WEBAPP LG- Web Services Ericsson iPECS NMS CVE-2018- and 2 30M directory traversal 15138 Applications attempt

SERVER-WEBAPP MailCleaner Web Services managetracing and 2 searchAction command Applications injection attempt

SERVER-WEBAPP Web Services Manage Engine CVE-2018- and 2 Recovery Manager cross 9163 Applications site scripting attempt

SERVER-WEBAPP Microsoft SharePoint Web Services CVE-2019- EntityInstanceIdEncoder and 1 0604 remote code execution Applications attempt

SERVER-WEBAPP Web Services Multiple products and 3 HTML5 ping DDoS Applications attempt

CVE-2018- SERVER-WEBAPP NUUO Web Services 2 NVRmini 14933 and

October 2019 Page 26 of 34 IPS Signature Update

upgrade_handle.php Applications command injection attempt

SERVER-WEBAPP Web Services OpenEMR CVE-2019- and 2 ajax_download.php 14530 Applications Directory Traversal

SERVER-WEBAPP OpenEMR Web Services CVE-2019- C_Document.class.php and 2 3963 patient_id Cross-Site Applications Scripting

SERVER-WEBAPP Web Services CVE-2018- OpenEMR SQL injection and 2 9250 attempt Applications

SERVER-WEBAPP Oracle Web Services Business Intelligence CVE-2019- and 2 directory traversal 2588 Applications attempt

SERVER-WEBAPP Orchid Core VMS Web Services CVE-2018- Unauthenticated and 2 10956 Priviledged Directory Applications Traversal

SERVER-WEBAPP Web Services OWASP ModSecurity CVE-2018- and 2 Core Rule Set CVE-2018- 16384 Applications 16384 Sql Injection

SERVER-WEBAPP PHP Web Services CVE-2018- CVE-2018-5711 Denial and 2 5711 Of Service Applications

SERVER-WEBAPP Web Services CVE-2018- ProjectSend SQL and 2 13452 injection Vulnerability Applications

October 2019 Page 27 of 34 IPS Signature Update

SERVER-WEBAPP Pulse Web Services Secure diag.cgi CVE-2019- and 1 Command Injection 11539 Applications (Decrypted Traffic)

SERVER-WEBAPP Pulse Web Services Secure diag.cgi CVE-2019- and 1 Command Injection 11539 Applications (encrypted Traffic)

SERVER-WEBAPP Pulse Web Services CVE-2019- Secure diag.cgi and 2 11539 Command Injection Applications

SERVER-WEBAPP Pulse Web Services Secure Guacamole URI CVE-2019- and 2 Information Disclosure 11510 Applications (Decrypted Traffic)

SERVER-WEBAPP Pulse Web Services Secure Guacamole URI CVE-2019- and 2 Information Disclosure 11510 Applications (encrypted Traffic)

SERVER-WEBAPP Pulse Web Services Secure Platform Stack- CVE-2019- and 1 Based Buffer Overflow 11542 Applications (Decrypted Traffic)

SERVER-WEBAPP Pulse Web Services Secure Platform Stack- CVE-2019- and 1 Based Buffer Overflow 11542 Applications (encrypted Traffic)

SERVER-WEBAPP QNAP Web Services QCenter API CVE-2018- and 2 date_config command 0709 Applications injection attempt

Web Services SERVER-WEBAPP Quest CVE-2018- and 2 DR Series Disk Backup 11181 CustomerPortalService. Applications

October 2019 Page 28 of 34 IPS Signature Update

pm command injection attempt

SERVER-WEBAPP Quest DR Series Disk Backup Web Services CVE-2018- EncryptionService.pm and 2 11176 command injection Applications attempt

SERVER-WEBAPP Ruby Web Services Net FTP library CVE-2017- and 2 command injection 17405 Applications attempt

SERVER-WEBAPP Ruby Web Services CVE-2019- on Rails Action View and 2 5418 Information Disclosure Applications

SERVER-WEBAPP Ruby Web Services on Rails Active Storage CVE-2019- and 1 deserialization remote 5420 Applications code execution attempt

SERVER-WEBAPP Web Services Samsung Web Viewer CVE-2018- and 2 Cross Site Scripting 11689 Applications Vulnerability

SERVER-WEBAPP Web Services Seowonintech CVE-2016- and 2 diagnostic.cgi command 10760 Applications injection attempt

SERVER-WEBAPP Web Services Seowonintech CVE-2016- and 2 system_config.cgi local 10760 Applications file include attempt

SERVER-WEBAPP Web Services CVE-2018- Sitefinity WCMS cross and 2 17053 site scripting attempt Applications

October 2019 Page 29 of 34 IPS Signature Update

SERVER-WEBAPP Web Services CVE-2018- Sitefinity WCMS cross- and 2 17056 site scripting attempt Applications

SERVER-WEBAPP Softneta MedDream Web Services PACS Server Premium and 2 directory traversal Applications attempt

SERVER-WEBAPP Web Services SolusLabs SolusVM and 2 centralbackup.php SQL Applications injection attempt

SERVER-WEBAPP Web Services Subsonic Subscribe to CVE-2017- and 2 Podcast cross site 9414 Applications scripting attempt

SERVER-WEBAPP Telerik Web Services CVE-2017- UI cryptographic keys and 2 9248 disclosure attempt Applications

SERVER-WEBAPP Web Services ThinkPHP 5.0.23/5.1.31 and 2 command injection Applications attempt

SERVER-WEBAPP Web Services ThinkPHP command and 2 injection attempt Applications

SERVER-WEBAPP Web Services ThinkPHP SQL injection and 2 attempt Applications

SERVER-WEBAPP Web Services TinyPHPForum CVE-2006- and 2 action.php cross site 0102 Applications scripting attempt

October 2019 Page 30 of 34 IPS Signature Update

SERVER-WEBAPP TPLink Web Services TD W8151N SQL and 2 injection attempt Applications

SERVER-WEBAPP Web Services CVE-2018- Tpshop remote file and 2 9919 include attempt Applications

SERVER-WEBAPP Trend Web Services CVE-2018- Micro Control Manager and 2 3606 SQL injection attempt Applications

SERVER-WEBAPP Trend Web Services Micro DDEI directory and 2 traversal attempt Applications

SERVER-WEBAPP Unitrends Enterprise Web Services Backup Appliance CVE-2017- and 2 download-files 7283 Applications command injection attempt

SERVER-WEBAPP Web Services CVE-2019- vBulletin SQL injection and 2 17271 attempt Applications

SERVER-WEBAPP vCard Web Services CVE-2006- Create Card cross site and 2 1230 scripting attempt Applications

SERVER-WEBAPP vCard Web Services CVE-2006- New Card cross site and 2 1230 scripting attempt Applications

SERVER-WEBAPP vCard Web Services CVE-2006- Toprated cross site and 2 1230 scripting attempt Applications

SERVER-WEBAPP CVE-2018- Web Services Webadmin history 2 19191 and parameter cross site

October 2019 Page 31 of 34 IPS Signature Update

scripting attempt Applications

SERVER-WEBAPP Web Services Webadmin history CVE-2018- and 2 parameter cross site 9250 Applications scripting attempt

SERVER-WEBAPP Web Services WIFICAM Wireless IP CVE-2017- and 2 Camera command 18377 Applications injection attempt

SERVER-WEBAPP Web Services WordPress default and 2 admin theme cross site Applications scripting attempt

SERVER-WEBAPP Web Services WordPress Rencontre CVE-2019- and 2 plugin SQL injection 13413 Applications attempt

SERVER-WEBAPP Web Services WordPress Yuzo Related and 2 Posts plugin cross site Applications scripting attempt

SERVER-WEBAPP Xalan- Web Services CVE-2014- Java secure processing and 2 0107 bypass attempt Applications

SQL Oracle MySQL Database CVE-2017- Pluggable Auth denial of Management 2 3599 service attempt System

October 2019 Page 32 of 34 IPS Signature Update

 Name: Name of the Signature

 CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

 Category: Class type according to threat

 Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical

October 2019 Page 33 of 34 IPS Signature Update

Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com

October 2019 Page 34 of 34