SOPHOS IPS Signature Update Release Notes
Version : 7.16.66 Release Date : 16th January 2020 IPS Signature Update
Release Information
Upgrade Applicable on IPS Signature Release Version 7.16.65 Sophos Appliance Models XG-550, XG-750, XG-650
Upgrade Information Upgrade type: Automatic
Compatibility Annotations: None
Introduction The Release Note document for IPS Signature Database Version 7.16.66 includes support for the new signatures. The following sections describe the release in detail.
New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected], along with the application details.
January 2020 Page 2 of 54 IPS Signature Update
This IPS Release includes Four Hundred and Fifty(450) signatures to address Three Hundred and Eighty Eight(388) vulnerabilities. New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-CHROME Google Chrome CVE-2014- locationAttributeSetter Browsers 2 1713 Use After Free (Published Exploit)
BROWSER-FIREFOX Mozilla Firefox Built-in CVE-2015- PDF Viewer Same Origin Browsers 3 4495 Policy Bypass (Published Exploit)
BROWSER-FIREFOX Mozilla Firefox CVE- CVE-2017- 2017-5428 Browsers 2 5428 createImageBitmap Integer Overflow
BROWSER-FIREFOX Mozilla Firefox CVE-2006- DOMNodeRemoved Browsers 1 2779 Memory Corruption (Published Exploit)
BROWSER-FIREFOX Mozilla Firefox IconURL CVE-2005- Browsers 3 Arbitrary JavaScript 1477 Execution
BROWSER-FIREFOX Mozilla Firefox CVE-2005- JavaScript Engine Browsers 3 0989 Information Disclosure (Published Exploit)
January 2020 Page 3 of 54 IPS Signature Update
BROWSER-FIREFOX Mozilla Firefox CVE-2009- nsPropertyTable Browsers 1 3070 PropertyList Memory Corruption
BROWSER-FIREFOX Mozilla Firefox PKCS11 CVE-2009- Browsers 1 Module Installation 3076 Code Execution
BROWSER-FIREFOX Mozilla Firefox Plugin CVE-2005- Browsers 3 Access Control 0527 Vulnerability
BROWSER-FIREFOX Mozilla Firefox XUL CVE-2008- Browsers 3 Frame Tree Memory 5016 Corruption
BROWSER-FIREFOX Mozilla Multiple CVE-2012- Products WAV Browsers 3 4186 Processing Buffer Overflow
BROWSER-FIREFOX Mozilla Products CVE-2005- Malformed GIF Buffer Browsers 3 0399 Overflow (Published Exploit)
BROWSER-IE IBM SPSS SamplePower CVE- CVE-2012- 2012-5945 Vsflex8l Browsers 2 5945 ActiveX Control Buffer Overflow
BROWSER-IE Microsoft CVE-2017- Browsers 2 Edge Chakra CVE-2017- 0010 0010 Remote Code
January 2020 Page 4 of 54 IPS Signature Update
Execution
BROWSER-IE Microsoft Edge Chakra Eval CVE- CVE-2017- Browsers 1 2017-8636 Integer 8636 Overflow
BROWSER-IE Microsoft Edge Chakra JavaScript CVE-2016- CVE-2016-0024 engine Browsers 1 0024 out of bounds read attempt
BROWSER-IE Microsoft Edge CVE-2016-7242 CVE-2016- Browsers 3 Array.concat Type 7242 Confusion Attempt
BROWSER-IE Microsoft Edge CVE-2017-0208 CVE-2017- repeat Sign Extension Browsers 3 0208 Information Disclosure II
BROWSER-IE Microsoft Edge CVE-2017-0208 CVE-2017- Browsers 3 repeat Sign Extension 0208 Information Disclosure I
BROWSER-IE Microsoft CVE-2017- Edge CVE-2017-8652 Browsers 1 8652 Use After Free
BROWSER-IE Microsoft Edge CVE-2017-8656 CVE-2017- PreVisitCatch Browsers 2 8656 Uninitialized Memory Use II
BROWSER-IE Microsoft CVE-2017- Browsers 2 Edge CVE-2017-8656 8656 PreVisitCatch
January 2020 Page 5 of 54 IPS Signature Update
Uninitialized Memory Use I
BROWSER-IE Microsoft Edge CVE-2017-8671 CVE-2017- Browsers 2 Chakra Arguments Off 8671 By One I
BROWSER-IE Microsoft Internet CVE-2015-2425 CVE-2015- Explorer Browsers 2 2425 MutationObserver use after free attempt
BROWSER-IE Microsoft Internet Explorer and CVE-2010- SharePoint Services Browsers 3 3324 HTML Sanitization Cross-Site Scripting
BROWSER-IE Microsoft Internet Explorer CVE-2012- Browsers 1 Asynchronous NULL 2521 Memory Corruption
BROWSER-IE Microsoft CVE-2005- Internet Explorer CDF Browsers 3 0056 Cross Domain Scripting
BROWSER-IE Microsoft Internet Explorer CVE-2006- Browsers 1 createTextRange Code 1359 Execution
BROWSER-IE Microsoft Internet Explorer CVE-2016- Browsers 2 CTravelEntry Memory 0113 Corruption
BROWSER-IE Microsoft CVE-2012- Browsers 2 Internet Explorer CVE- 0010 2012-0010 Copy And
January 2020 Page 6 of 54 IPS Signature Update
Paste Information Disclosure
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2012- 2012-4792 Browsers 2 4792 applyElement Use After Free (Published Exploit)
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2014- Browsers 1 2014-0305 pastHTML 0305 Use After Free II
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2014- Browsers 1 2014-2782 Use After 2782 Free (Published Exploit)
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2015- Browsers 1 2015-0046 Type 0046 Confusion
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2015- 2015-2419 JSON Browsers 1 2419 Stringify Double Free Attempt
BROWSER-IE Microsoft Internet Explorer CVE- CVE-2016- Browsers 1 2016-0186 Uninitialized 0186 Pointer Attempt II
BROWSER-IE Microsoft Internet Explorer daxctle.ocx Spline Browsers 1 Method Buffer Overflow
BROWSER-IE Microsoft CVE-2005- Browsers 3
January 2020 Page 7 of 54 IPS Signature Update
Internet Explorer 0553 DHTML Object Memory Corruption
BROWSER-IE Microsoft Internet Explorer CVE-2004- Browsers 2 execCommand File Type 1331 Spoofing
BROWSER-IE Microsoft Internet Explorer File Browsers 1 Download Extension Spoofing
BROWSER-IE Microsoft Internet Explorer FTP CVE-2004- Client Directory Browsers 1 1376 Traversal (Published Exploit)
BROWSER-IE Microsoft Internet Explorer HTML CVE-2008- Browsers 1 Attribute Handling 3476 Memory Corruption
BROWSER-IE Microsoft Internet Explorer HTML CVE-2006- Browsers 2 Tag Memory Corruption 1188 (Published Exploit)
BROWSER-IE Microsoft Internet Explorer Print CVE-2013- Browsers 3 Preview Information 3908 Disclosure
BROWSER-IE Microsoft Internet Explorer CVE-2016- Browsers 2 PROPERTYDESC Double 0111 Free
CVE-2010- BROWSER-IE Microsoft Browsers 1 Internet Explorer Select 3345
January 2020 Page 8 of 54 IPS Signature Update
Element Memory Corruption
BROWSER-IE Microsoft Internet Explorer CVE-2013- Browsers 1 textNode Use After Free 1311 (Published Exploit)
BROWSER-IE Microsoft Internet Explorer CVE-2011- Browsers 1 Uninitialized Object 0036 Memory Corruption
BROWSER-OTHER Apple Safari WebKit CVE-2011- innerHTML Double Free Browsers 1 0221 Memory Corruption (Published Exploit)
BROWSER-OTHER Apple Safari WebKit Selections CVE-2010- Browsers 3 Use After Free 1812 (Published Exploit)
BROWSER-PLUGINS Adobe Download CVE-2009- Manager getPlus Browsers 1 3958 ActiveX Control Buffer Overflow
BROWSER-PLUGINS Citrix Access Gateway CVE-2011- Plug-in for Windows Browsers 1 2592 nsepacom ActiveX Control Buffer Overflow
BROWSER-PLUGINS EDB IBM Lotus Domino Web CVE-2007- Browsers 1 Access ActiveX Controls 4474 Buffer Overflow
BROWSER-PLUGINS CVE-2011- Browsers 3
January 2020 Page 9 of 54 IPS Signature Update
Flexera InstallShield 3174 ISGrid2.dll DoFindReplace Heap Buffer Overflows
BROWSER-PLUGINS Google Apps Browsers 1 googleapps.url.mailto URI Argument Injection
BROWSER-PLUGINS HP Application Lifecycle Management ActiveX Browsers 2 Control Insecure Method Exposure
BROWSER-PLUGINS HP LoadRunner CVE-2013- lrFileIOService ActiveX Browsers 2 2370 Control Input Validation Error
BROWSER-PLUGINS HP LoadRunner XUpload.ocx ActiveX Browsers 1 Control Arbitrary File Download
BROWSER-PLUGINS HP Software Update CVE-2008- Browsers 3 HPeDiag ActiveX 0712 Control Buffer Overflow
BROWSER-PLUGINS HP Sprinter CVE-2014-2638 CVE-2014- Tidestone Formula One Browsers 2 2638 DefaultFontName Buffer Overflow I
BROWSER-PLUGINS IBM CVE-2012- Browsers 2 Lotus iNotes 2175 dwa85W.dll ActiveX
January 2020 Page 10 of 54 IPS Signature Update
Control Buffer Overflow
BROWSER-PLUGINS IBM Lotus Quickr qp2.cab CVE-2012- Browsers 1 ActiveX Control Stack 2176 Buffer Overflow
BROWSER-PLUGINS IBM Lotus Quickr qp2.cab CVE-2012- Browsers 2 ActiveX Control Stack 2176 Buffer Overflow
BROWSER-PLUGINS IBM SPSS VsVIEW6.ocx CVE-2012- Browsers 1 ActiveX control Code 0189 Execution
BROWSER-PLUGINS McAfee Virtual Technician Browsers 2 MVT.MVTControl ActiveX Control Insecure Method
BROWSER-PLUGINS Microsoft Access Snapshot Viewer CVE-2008- Browsers 3 ActiveX Control 2463 snapview.ocx Code Execution
BROWSER-PLUGINS Microsoft Internet CVE-2007- Explorer Pdwizard.ocx Browsers 1 3041 ActiveX Object Memory Corruption
BROWSER-PLUGINS Microsoft Office MSODataSourceControl Browsers 1 ActiveX Control Denial of Service
January 2020 Page 11 of 54 IPS Signature Update
BROWSER-PLUGINS Microsoft Video ActiveX CVE-2008- Browsers 1 Control Stack Buffer 0015 Overflow
BROWSER-PLUGINS Microsoft Windows CVE-2013- CVE-2013-1296 Remote Browsers 2 1296 Desktop Client ActiveX Control Use After Free
BROWSER-PLUGINS MW6 Technologies CVE-2009- Browsers 1 Barcode.dll ActiveX 0298 Control Buffer Overflow
BROWSER-PLUGINS NetIQ Security Solutions CVE-2015- for ISeries Browsers 3 0795 SafeShellExecute Stack Buffer Overflow
BROWSER-PLUGINS Novell GroupWise CVE-2012- Client for Windows Browsers 1 0439 ActiveX Code Execution (Published Exploit)
BROWSER-PLUGINS Novell iPrint Client Browsers 1 ActiveX Control Stack Buffer Overflow
BROWSER-PLUGINS Novell iPrint Client Browsers 1 GetDriverSettings Stack Buffer Overflow
BROWSER-PLUGINS Novell iPrint Client CVE-2009- Browsers 1 ienipp.ocx target-frame 1568 Stack Buffer Overflow
January 2020 Page 12 of 54 IPS Signature Update
BROWSER-PLUGINS Novell ZENworks CVE-2011- LaunchHelp.dll ActiveX Browsers 3 2657 Control LaunchProcess Code Execution
BROWSER-PLUGINS Office OCX Multiple ActiveX Controls Browsers 2 OpenWebFile Arbitrary Program Execution Vulnerability
BROWSER-PLUGINS Oracle AutoVue AutoVueX ActiveX Browsers 2 Control ExportEdaBom Remote File Creation II
BROWSER-PLUGINS RealNetworks RealGames Browsers 1 StubbyUtil.ProcessMgr ActiveX Command Execution
BROWSER-PLUGINS Research In Motion CVE-2009- BlackBerry Application Browsers 1 0305 Web Loader ActiveX Control Buffer Overflow
BROWSER-PLUGINS SAP 3D Visual Enterprise CVE-2015- Browsers 3 Viewer Flic Animation 8028 Buffer Overflow II
BROWSER-PLUGINS SAP 3D Visual Enterprise CVE-2015- Browsers 3 Viewer Flic Animation 8028 Buffer Overflow I
January 2020 Page 13 of 54 IPS Signature Update
BROWSER-PLUGINS SAP Crystal Reports CVE-2010- Browsers 1 PrintControl.dll ActiveX 2590 Control Buffer Overflow
BROWSER-PLUGINS SAP GUI TabOne ActiveX CVE-2008- Browsers 1 Control Caption List 4827 Buffer Overflow
BROWSER-PLUGINS Symantec Products CVE-2007- ActiveX Control Browsers 3 2955 NavComUI.dll Code Execution
BROWSER-PLUGINS Unitronics VisiLogic OPLC TeeCommander CVE-2015- Browsers 3 ChartLink ActiveX 6478 Control Memory Corruption
BROWSER-PLUGINS VMware Workstation Browsers 1 ActiveX Control vielib.dll Command Execution
BROWSER-PLUGINS WinZip FileView ActiveX CVE-2006- Browsers 3 Control Unsafe Method 5198 Exposure
BROWSER-PLUGINS Yahoo Messenger CVE-2007- Browsers 1 AudioConf ActiveX 1680 Control Buffer Overflow
BROWSER-WEBKIT CVE-2011- Apple Safari Webkit Browsers 2 CVE-2011-1774 libxslt 1774 Arbitrary File Creation
January 2020 Page 14 of 54 IPS Signature Update
(Published Exploit)
FILE-FLASH Adobe Flash AVM2 Action Script CVE-2011- Multimedia 1 Virtual Machine 0609 Memory Corruption
FILE-FLASH Adobe Flash iExternalizable Interface CVE-2015- Multimedia 1 Type Confusion 7645 Vulnerability I
FILE-FLASH Adobe Flash Player ActionScript3 CVE-2015- ByteArray Class Use Multimedia 1 5119 After Free (Published Exploit)
FILE-FLASH Adobe Flash Player CVE-2014-0550 CVE-2014- and AIR String Multimedia 1 0550 Concatenation Integer Overflow I
FILE-FLASH Adobe Flash CVE-2014- Player parseFloat Stack Multimedia 1 9163 Overflow Vulnerability
FILE-IMAGE Adobe Photoshop PNG Image CVE-2012- Multimedia 1 Processing Buffer 4170 Overflow
FILE-IMAGE GIMP XWD CVE-2012- File Handling Stack Multimedia 2 5576 Buffer Overflow
FILE-IMAGE libpng CVE-2011- png_decompress_chunk Multimedia 2 3026 Integer Overflow
FILE-IMAGE LibTIFF CVE-2006- Multimedia 3
January 2020 Page 15 of 54 IPS Signature Update
TIFFFetchData Function 2025 Integer Overflow (Published Exploit)
FILE-JAVA IBM Java CVE-2012- Application com.ibm.rmi.util.ProxyU 1 4820 and Software til Sandbox Breach
FILE-JAVA IBM Java CVE-2012- Application Multiple Packages 1 4822 and Software Sandbox Breach
FILE-JAVA IBM Java CVE-2012- Application Multiple Packages 2 4822 and Software Sandbox Breach
FILE-JAVA Oracle CVE- 2010-0839 Java CVE-2010- Application Soundbank Resource 2 0839 and Software Name Overflow Attempt
FILE-JAVA Oracle Java Beans CVE-2014-0423 CVE-2014- Application 2 DocumentHandler XML 0423 and Software External Entity
FILE-JAVA Sun Java Web CVE-2008- Application Start Charset Encoding 1 1188 and Software Stack Buffer Overflow
FILE-MULTIMEDIA Apple QuickTime ftab CVE-2014- Multimedia 1 Atom Stack Buffer 1246 Overflow
FILE-MULTIMEDIA Apple Quicktime MJPEG CVE-2013- Multimedia 1 Frame stsd Atom Heap 1020 Overflow
FILE-MULTIMEDIA CVE-2012- Multimedia 1
January 2020 Page 16 of 54 IPS Signature Update
Apple QuickTime TeXML 0663 Color String Parsing Buffer Overflow
FILE-MULTIMEDIA Apple QuickTime TeXML CVE-2013- Multimedia 1 textBox Element 1015 Memory Corruption
FILE-MULTIMEDIA Apple QuickTime TeXML CVE-2012- Multimedia 1 Transform Attribute 0663 Parsing Buffer Overflow
FILE-MULTIMEDIA CVE-2006- Apple QuickTime udta Multimedia 3 1460 Atom Buffer Overflow
FILE-MULTIMEDIA Microsoft DirectX CVE- CVE-2007- 2007-3895 WAV and Multimedia 3 3895 AVI File Parsing Code Execution
FILE-MULTIMEDIA Nullsoft Winamp Midi File Header Handling Multimedia 1 Buffer Overflow (Published Exploit)
FILE-MULTIMEDIA Nullsoft Winamp CVE-2008- Ultravox Streaming Multimedia 1 0065 Metadata Parsing Stack Buffer Overflow
FILE-MULTIMEDIA RealNetworks CVE-2010- RealPlayer FLV Parsing Multimedia 1 3000 Two Integer Overflow Vulnerabilities
January 2020 Page 17 of 54 IPS Signature Update
FILE-MULTIMEDIA UMPlayer wintab32.dll Multimedia 2 Insecure Library Loading
FILE-MULTIMEDIA VideoLAN VLC Media CVE-2008- Multimedia 3 Player XSPF Memory 4558 Corruption
FILE-MULTIMEDIA VLC Media Player ABC File Multimedia 1 Instruction Field Parsing Heap Overflow
FILE-OFFICE Microsoft DirectPlay Office File CVE-2012- Office Tools 1 Handling Invalid 1537 Memory Free
FILE-OFFICE Microsoft Excel Embedded CVE-2006- Office Tools 3 Shockwave Flash Object 3014 Code Execution
FILE-OFFICE Microsoft Excel Malformed CVE-2008- Office Tools 1 Formula Parsing Code 0115 Execution
FILE-OFFICE Microsoft Excel MergeCells Record CVE-2012- Office Tools 1 Parsing Memory 0185 Corruption
FILE-OFFICE Microsoft Office CVE-2015-1649 RTF Out-Of-Bounds CVE-2015- Office Tools 2 Array Access Remote 1649 Code Execution Attempt II
FILE-OFFICE Microsoft CVE-2015- Office Tools 2
January 2020 Page 18 of 54 IPS Signature Update
Office CVE-2015-1649 1649 RTF Out-Of-Bounds Array Access Remote Code Execution Attempt VI
FILE-OFFICE Microsoft CVE-2016- Office CVE-2016-3234 Office Tools 3 3234 Information Disclosure
FILE-OFFICE Microsoft Office dde field code Office Tools 1 execution attempt
FILE-OFFICE Microsoft Office Excel CVE-2009- CVE-2009- Office Tools 1 0557 FtCbls Remote 0557 Code Execution
FILE-OFFICE Microsoft Office Excel CVE-2009- 0558 ExternSheet Office Tools 2 Record Remote Code Execution Attempt
FILE-OFFICE Microsoft Office Excel SxView CVE-2010- Office Tools 1 Record Parsing Memory 0821 Corruption
FILE-OFFICE Microsoft Office PowerPoint CVE- CVE-2009- 2009-1129 PP7 Office Tools 2 1129 Component Buffer Overflow Attempt
FILE-OFFICE Microsoft Office PowerPoint CVE-2009- Invalid Object Office Tools 1 0556 Reference Code Execution
January 2020 Page 19 of 54 IPS Signature Update
FILE-OFFICE Microsoft Office VBA Module Office Tools 2 Stream Use after Free I
FILE-OFFICE Microsoft Office Works File CVE-2012- Office Tools 1 Converter Heap 0177 Overflow
FILE-OFFICE Microsoft Office Works File CVE-2008- Converter WPS File Office Tools 1 0108 Field Length Stack Overflow
FILE-OFFICE Microsoft Publisher CVE-2011- CVE-2011- 1508 Pubconv.dll Office Tools 3 1508 Function Pointer Overwrite II
CVE-2007- Version 7.16.65 Office Tools 1 0934
FILE-OFFICE Microsoft CVE-2007- Word Malformed String Office Tools 1 3899 Memory Corruption
FILE-OFFICE Microsoft Word RTF Bitmap CVE-2016- Office Tools 1 biWidth biHeight Heap 0010 Buffer Overflow
FILE-OFFICE Microsoft Word RTF CVE-2014- Office Tools 1 listoverridecount 1761 Memory Corruption
FILE-OTHER Adobe Shockwave Player Lnam CVE-2010- Application 1 Chunk Processing Buffer 3655 and Software Overflow
January 2020 Page 20 of 54 IPS Signature Update
FILE-OTHER Cisco WebEx Recording CVE-2012- Application Format Player atas32.dll 3 1337 and Software 0xBB Subrecords Integer Overflow
FILE-OTHER Cisco WebEx Recording CVE-2012- Application 1 Format Player atas32.dll 1336 and Software Integer Overflow
FILE-OTHER Cisco WebEx Recording CVE-2012- Application Format Player 1 1335 and Software atdl2006.dll Buffer Overflow
FILE-OTHER ClamAV AntiVirus CVE-2008- Application cli_check_jpeg_exploit 3 5314 and Software Function Denial of Service
FILE-OTHER ClamAV libclamav MEW PE File CVE-2007- Application 2 Handling Integer 6335 and Software Overflow
FILE-OTHER ClamAV libclamav PE File CVE-2008- Application 1 Handling Integer 0318 and Software Overflow
FILE-OTHER Corel Multiple Products CVE-2014- Application 2 Multiple Insecure 8393 and Software Library Loading
FILE-OTHER Flexense Application DiskPulse Client Import 2 and Software Stack Buffer Overflow II
January 2020 Page 21 of 54 IPS Signature Update
FILE-OTHER Flexense Application DiskPulse Client Import 2 and Software Stack Buffer Overflow I
FILE-OTHER IBM Informix Client SDK NFX Application 1 File Processing Stack and Software Buffer Overflow
FILE-OTHER Oracle CorelDRAW CVE-2013- CVE-2013- Application 0418 File Parser Heap 1 0418 and Software Buffer Overflow Attempt
FILE-OTHER VMware Server ISAPI Extension CVE-2008- Application 3 Remote Denial Of 3697 and Software Service
FILE-PDF Adobe Acrobat and Reader CVE-2010- CVE-2010- Application 1 2862 Font Parsing 2862 and Software Integer Overflow I
FILE-PDF Adobe Acrobat and Reader U3D CVE-2012- Application 1 Texture Parsing Buffer 2049 and Software Overflow
FILE-PDF Adobe Acrobat and Reader XFA CVE-2013- Application oneOfChild Remote 1 0640 and Software Code Execution (Published Exploit)
FILE-PDF Adobe Acrobat CVE-2004- Application File Extension Buffer 2 0632 and Software Overflow
CVE-2009- Application FILE-PDF Adobe Acrobat 3 Reader CVE-2009-1493 1493 and Software
January 2020 Page 22 of 54 IPS Signature Update
spell.customDictionary Open Exploit Attempt
FILE-PDF Adobe Acrobat Reader CVE-2009-2994 CVE-2009- Application U3D 3 2994 and Software CLODMeshDeclaration Memory Corruption I
FILE-PDF Adobe Acrobat Reader CVE 2010-3622 CVE-2010- Application 2 ACE.dll ICC mluc Integer 3622 and Software Overflow
FILE-PDF Adobe Acrobat Reader Malformed CVE-2011- Application 1 Shader Modifier Heap 2462 and Software Corruption
FILE-PDF Adobe Reader and Acrobat RMA CVE-2012- Application 1 Objects Memory 4157 and Software Corruption
FILE-PDF Adobe Reader and Acrobat Sandbox CVE-2014- Application 3 Policy Bypass (Published 0521 and Software Exploit)
FILE-PDF CoolPDF Reader Image Stream CVE-2012- Application Processing Buffer 1 4914 and Software Overflow (Published Exploit)
MALWARE-CNC ET Malware EXPLOIT Possible Communicatio 1 ETERNALBLUE MS17- n 010 Heap Spray
MALWARE-CNC ET Malware 1 EXPLOIT Possible Communicatio
January 2020 Page 23 of 54 IPS Signature Update
ETERNALCHAMPION n MS17-010 Sync Response
MALWARE-CNC ET Malware EXPLOIT Possible Communicatio 1 ETERNALROMANCE n MS17-010 Heap Spray
MALWARE-CNC Petya Malware Malware PROP Communicatio 1 Suspicious HTTP n Request I
MALWARE-CNC Malware Suspicious WannaCry Communicatio 1 Ransomware Binary n Download Activity III
MISC ROWSER-PLUGINS SAP 3D Visual ERP System 1 Enterprise Viewer 3DM File Buffer Overflow
OS-OTHER Apple QuickTime FPX File Operating CVE-2016- Parsing Memory System and 3 1767 Corruption Vulnerability Services I
OS-WINDOWS Kerberos Operating Multi-realm KDC NULL CVE-2013- System and 3 Pointer Dereference 1418 Services Denial of Service
OS-WINDOWS Microsoft Color Operating CVE-2008- Management System System and 1 2245 Crafted Path Name Services Buffer Overflow
OS-WINDOWS CVE-2005- Operating 3
January 2020 Page 24 of 54 IPS Signature Update
Microsoft DirectShow 2128 System and AVI Decoder Buffer Services Overflow
OS-WINDOWS Operating Microsoft Expression CVE-2012- System and 1 Design Insecure Library 0016 Services Loading
OS-WINDOWS Operating Microsoft Forefront CVE-2011- System and 3 UAG Default Reflected 1897 Services Cross-site Scripting
OS-WINDOWS Microsoft Forefront Operating CVE-2011- Unified Access Gateway System and 3 2012 NULL Session Cookie Services Denial of Service
OS-WINDOWS Microsoft Graphics Operating CVE-2016- Component CVE-2016- System and 3 0169 0169 Information Services Disclosure
OS-WINDOWS Operating Microsoft Help CVE-2007- System and 1 Workshop HPJ OPTIONS 0427 Services Section Buffer Overflow
OS-WINDOWS Operating Microsoft HTTP Services CVE-2009- System and 1 Chunked Encoding 0086 Services Integer Overflow
OS-WINDOWS Operating Microsoft Hyperlink CVE-2016- System and 3 Object Library 0059 Services Information Disclosure
OS-WINDOWS CVE-2009- Operating 1
January 2020 Page 25 of 54 IPS Signature Update
Microsoft License 2523 System and Logging Server RPC Call Services Buffer Overflow
OS-WINDOWS Operating CVE-2003- Microsoft LSASS Buffer System and 2 0533 Overflow Vulnerability Services
OS-WINDOWS Microsoft Multiple Operating CVE-2012- Products HTML System and 3 1858 Sanitization Cross-Site Services Scripting
OS-WINDOWS Microsoft .NET Operating CVE-2012- Framework Improper System and 1 1855 Execution of Function Services Pointer
OS-WINDOWS Microsoft OLE Operating CVE-2007- Automation String System and 1 2224 Manipulation Heap Services Overflow
OS-WINDOWS Microsoft Remote Operating Desktop CVE-2012-0002 CVE-2012- System and 1 DisconnectProviderUlti 0002 Services matum Memory Corruption II
OS-WINDOWS Microsoft Remote Operating Desktop CVE-2012-0002 CVE-2012- System and 1 DisconnectProviderUlti 0002 Services matum Memory Corruption VI
OS-WINDOWS CVE-2012- Operating Microsoft Remote 1 0002 System and Desktop CVE-2012-0002
January 2020 Page 26 of 54 IPS Signature Update
targetParams Denial of Services Service I
OS-WINDOWS Operating Microsoft Remote CVE-2011- System and 3 Desktop Web Access 1263 Services Cross Site Scripting
OS-WINDOWS Operating Microsoft Report CVE-2011- System and 3 Viewer Control Cross 1976 Services Site Scripting
OS-WINDOWS Microsoft System Operating CVE-2012- Center Configuration System and 3 2536 Manager Cross Site Services Scripting
OS-WINDOWS Microsoft Visual Studio Operating CVE-2006- Crystal Reports RPT File System and 2 6133 Handling Code Services Execution
OS-WINDOWS Operating Microsoft Windows AVI CVE-2009- System and 2 File Chunk Length 1546 Services Integer Overflow
OS-WINDOWS Microsoft Windows Operating CVE-2012- Common Controls System and 1 0158 MSCOMCTL.OCX Stack Services Buffer Overflow
OS-WINDOWS Microsoft Windows Operating CVE-2006- CVE-2006-5583 SNMP System and 1 5583 Service Memory Services Corruption
January 2020 Page 27 of 54 IPS Signature Update
OS-WINDOWS Microsoft Windows Operating CVE-2016-3237 CVE-2016- System and 3 Authentication 3237 Services Kerberos NTLM Fallback Security Bypass
OS-WINDOWS Microsoft Windows DNS Operating Server RPC CVE-2007- System and 1 Management Interface 1748 Services Buffer Overflow (little endian)
OS-WINDOWS Operating Microsoft Windows File CVE-2014- System and 3 Handling Component 0315 Services Remote Code Execution
OS-WINDOWS Operating Microsoft Windows CVE-2006- System and 3 Folder GUID Code 3281 Services Execution
OS-WINDOWS Operating Microsoft Windows CVE-2009- System and 3 GDIplus GpFont.SetData 1217 Services Integer Overflow
OS-WINDOWS Operating Microsoft Windows GDI CVE-2008- System and 1 WMF File HeaderSize 2249 Services Buffer Overflow
OS-WINDOWS Microsoft Windows Operating CVE-2004- Graphics Rendering System and 1 0209 Engine Buffer Overflow Services (Published Exploit)
CVE-2007- OS-WINDOWS Operating 1 Microsoft Windows 5348 System and
January 2020 Page 28 of 54 IPS Signature Update
Graphics Rendering Services Engine VML Gradient Buffer Overflow
OS-WINDOWS Microsoft Windows HLP Operating CVE-2007- File Handling Heap System and 3 1912 Buffer Overflow Services (Published Exploit)
OS-WINDOWS Microsoft Windows Operating CVE-2014- Kerberos KDC Privilege System and 1 6324 Escalation (Published Services Exploit)
OS-WINDOWS Operating Microsoft Windows LNK CVE-2017- System and 1 CVE-2017-8464 Remote 8464 Services Code Execution
OS-WINDOWS Microsoft Windows Operating CVE-2004- LoadImage API Function System and 3 1049 Integer Overflow Services (Published Exploit)
OS-WINDOWS Microsoft Windows Operating CVE-2016- LSASS Authenticate System and 3 7237 Message Denial of Services Service
OS-WINDOWS Operating Microsoft Windows CVE-2010- System and 1 Media Decompression 1879 Services Code Execution
OS-WINDOWS Operating Microsoft Windows CVE-2006- System and 3 Media Format ASF 4702 Services Parsing Buffer Overflow
January 2020 Page 29 of 54 IPS Signature Update
OS-WINDOWS Microsoft Windows Operating CVE-2006- Media Player ASX System and 2 6134 Playlist Parsing Buffer Services Overflow
OS-WINDOWS Operating Microsoft Windows CVE-2007- System and 3 Media Player Skin 3037 Services Parsing Code Execution
OS-WINDOWS Operating Microsoft Windows OLE System and 1 Automation Remote Services Code Execution
OS-WINDOWS Operating Microsoft Windows OLE CVE-2016- System and 1 CVE-2016-0092 Code 0092 Services Execution
OS-WINDOWS Microsoft Windows Operating Remote Desktop CVE-2005- System and 3 Protocol Denial of 1218 Services Service (Published Explloit)
OS-WINDOWS Operating Microsoft Windows CVE-2014- System and 1 SChannel Buffer 6321 Services Overflow
OS-WINDOWS Operating Microsoft Windows CVE-2017- System and 2 Search CVE-2017-11771 11771 Services Heap Buffer Overflow I
OS-WINDOWS Operating CVE-2009- Microsoft Windows System and 2 3676 SMB CVE-2009-3676 Services Response Denial of
January 2020 Page 30 of 54 IPS Signature Update
Service
OS-WINDOWS Microsoft Windows Operating SMB CVE-2012-0175 CVE-2012- System and 2 Invalid Character 0175 Services Argument Injection Attempt
OS-WINDOWS Microsoft Windows Operating CVE-2005- SMB Response Handling System and 2 0045 Buffer Overflow Services (Longfilename)
OS-WINDOWS Operating Microsoft Windows CVE-2008- System and 1 SMB Search Request 4038 Services Buffer Overflow
OS-WINDOWS Operating Microsoft Windows CVE-2010- System and 2 winhlp32.exe MsgBox 0483 Services Remote Code Execution
OS-WINDOWS Microsoft Windows Operating CVE-2012- WinVerifyTrust PE System and 1 0151 Validation Security Services Bypass
OS-WINDOWS Microsoft Windows Operating Workstation Service CVE-2006- System and 2 NetrWkstaUserEnum 6723 Services Denial of Service (Published Exploit)
OS-WINDOWS Operating CVE-2004- Microsoft Winhlp32 System and 3 1361 Compressed Phrase Services Integer Overflow
January 2020 Page 31 of 54 IPS Signature Update
(Published Exploit)
OS-WINDOWS Microsoft XML Core Operating CVE-2008- Services MSXML Header System and 3 4033 Request Information Services Disclosure
OS-WINDOWS Microsoft XML Core Operating CVE-2008- Services parseError System and 3 4029 DOM Object Services Information Disclosure
OS-WINDOWS MIT Operating Kerberos 5 CVE-2015- System and 3 build_principal_va 2697 Services Denial of Service
OS-WINDOWS MIT Kerberos ASN.1 Operating CVE-2009- asn1_decode_generalti System and 1 0846 me Uninitialized Pointer Services Reference
OS-WINDOWS Windows Operating CryptoAPI CVE-2020- CVE-2020- System and 5 0601 Spoofing 0601 Services Vulnerability
POLICY-OTHER Arcserve Unified Data Protection Operating CVE-2015- Management CVE-2015- System and 3 4069 4069 Credential Services Disclosure
PROTOCOL-DNS ISC CVE-2015- BIND db.c Assertion DNS 3 8000 Failure Denial of Service
CVE-2015- Industrial PROTOCOL-SCADA 3 Schneider Electric 8561 Control System
January 2020 Page 32 of 54 IPS Signature Update
ProClima F1BookView AttachToSS Memory Corruption
PROTOCOL-SCADA Schneider Electric CVE-2015- Industrial ProClima F1BookView 3 8561 Control System CopyAll Memory Corruption
PROTOCOL-SCADA Schneider Electric CVE-2015- Industrial ProClima F1BookView 3 8561 Control System CopyRange SwapTables Memory Corruption
PROTOCOL-VOIP Digium Asterisk SIP Invalid SDP VoIP and CVE-2013- Media Descriptions Instant 2 5642 Denial of Service Messaging (Published Exploit)
PROTOCOL-VOIP Digium Asterisk SIP Invalid SDP VoIP and CVE-2013- Media Descriptions Instant 3 5642 Denial of Service Messaging (Published Exploit)
PROTOCOL-VOIP Digium Asterisk SIP Terminated VoIP and CVE-2013- Channel ACK with SDP Instant 3 5641 Denial of Service Messaging (Published Exploit)
PROTOCOL-VOIP Digium Asterisk TLS Certificate VoIP and CVE-2015- Common Name NULL Instant 3 3008 Byte Input Validation Messaging Error
SERVER-APACHE CVE-2017- Apache HTTP 2 Apache CouchDB CVE- 12635 Server 2017-12635 JSON
January 2020 Page 33 of 54 IPS Signature Update
Remote Privilege Escalation
SERVER-APACHE Apache CVE-2017-7659 CVE-2017- Apache HTTP 2 HTTPD mod_http2 Null 7659 Server Pointer Dereference
SERVER-APACHE Apache HTTP Server CVE-2006- Apache HTTP 3 mod_tcl Module Format 4154 Server String Vulnerability
SERVER-APACHE CVE-2015- Apache HTTP Apache Qpid Sequence 1 0203 Server Set Denial of Service
SERVER-APACHE Apache Santuario XML CVE-2013- Apache HTTP 3 Security for Java DTD 4517 Server Denial of Service
SERVER-APACHE Apache Struts 2 CVE-2012- Apache HTTP ConversionErrorInterce 1 0391 Server ptor OGNL Script Injection
SERVER-APACHE Apache Subversion CVE-2016- Apache HTTP 3 mod_authz_svn COPY 2168 Server MOVE Denial of Service
SERVER-APACHE Apache Tomcat CVE-2014- Apache HTTP ChunkedInputFilter 3 0075 Server Malformed Chunk Size Denial of Service
SERVER-IIS Microsoft IIS Microsoft IIS 1 Directory web server Authentication Security
January 2020 Page 34 of 54 IPS Signature Update
Bypass
SERVER-IIS Microsoft IIS WebDAV Request CVE-2009- Microsoft IIS 2 Directory Security 1535 web server Bypass
SERVER-MAIL Dovecot SASL Authentication CVE-2016- Other Mail 3 Component Denial of 8652 Server Service
SERVER-MAIL IBM Domino GIF CVE-2015- CVE-2015- Other Mail 2 0135 Processing Heap 0135 Server Buffer Overflow
SERVER-MAIL IBM Domino IMAP Mailbox CVE-2017- Other Mail 3 Name Stack Buffer 1274 Server Overflow
SERVER-MAIL IBM Lotus Notes CVE-2007-5544 CVE-2007- Other Mail 3 DOC Attachment 5544 Server Viewer Buffer Overflow
SERVER-MAIL PHPMailer mail Sender CVE-2016- Other Mail 2 Command Injection 10033 Server (Published Exploit)
SERVER-MAIL Qualcomm WorldMail CVE-2005- Other Mail 2 IMAP Literal Token 4267 Server Parsing Buffer Overflow
SERVER-OTHER CA ARCserve Backup CVE-2009- Other Web 3 Message Engine Denial 1761 Server of Service
January 2020 Page 35 of 54 IPS Signature Update
SERVER-OTHER CA BrightStor ARCserve Backup Media Server Other Web 1 SUN-RPC Procedure 191 Server Code Execution (Published Exploit)
SERVER-OTHER Citrix XenApp and Other Web XenDesktop XML 1 Server Service Interface Stack Buffer Overflow
SERVER-OTHER Dries Buytaert Drupal Core CVE-2012- Other Web 3 OpenID Module 4554 Server Information Disclosure
SERVER-OTHER GnuTLS DistinguishedName CVE-2015- Other Web 3 Decoding Double Free 6251 Server Vulnerability
SERVER-OTHER GnuTLS libtasn1 CVE-2015- Other Web 3 _asn1_extract_der_octe 3622 Server t Memory Access Error
CVE-2014- Other Web Version 7.16.65 2 1959 Server
SERVER-OTHER HP Data Protector Media Other Web 2 Operations SignInName Server Parameter Overflow
SERVER-OTHER HPE Intelligent Management CVE-2017- Other Web 1 Center RMI Registry 5792 Server Insecure Deserialization
SERVER-OTHER HP CVE-2010- Other Web 1
January 2020 Page 36 of 54 IPS Signature Update
OpenView Network 1551 Server Node Manager netmon.exe Stack Buffer Overflow
SERVER-OTHER HP OpenView Network Node Manager CVE-2009- Other Web 1 nnmRptConfig.exe 3848 Server Template Buffer Overflow
SERVER-OTHER HP OpenView Network Node Manager CVE-2009- Other Web 1 OvAcceptLang 0921 Server Parameter Buffer Overflow
SERVER-OTHER HP OpenView Network Node Manager CVE-2009- Other Web 1 ovalarm.exe Accept- 4179 Server Language Buffer Overflow
SERVER-OTHER HP OpenView Network CVE-2011- Other Web Node Manager ovutil.dll 1 0262 Server stringToSeconds Buffer Overflow
SERVER-OTHER HP Operations Agent CVE-2012- Other Web Performance 1 2019 Server Component Last Chunk Buffer Overflow
SERVER-OTHER HP ProCurve Manager Other Web SNAC 2 Server GetDomainControllerSe rvlet Policy Bypass
January 2020 Page 37 of 54 IPS Signature Update
SERVER-OTHER HP ProCurve Manager CVE-2013- Other Web SNAC 1 4812 Server UpdateCertificatesServl et Code Execution
SERVER-OTHER HP SiteScope SOAP Call CVE-2013- Other Web 1 runOMAgentCommand 2367 Server Command Injection
SERVER-OTHER HylaFAXplus LDAP CVE-2013- Other Web 3 Authentication User 5680 Server Name Buffer Overflow
SERVER-OTHER IBM Informix Dynamic CVE-2017- Other Web Server index.php 1 1092 Server testconn Heap Buffer Overflow
SERVER-OTHER IBM Lotus Expeditor cai URI CVE-2008- Other Web 1 Handler Command 1965 Server Execution
SERVER-OTHER IBM CVE-2006- Other Web Tivoli Directory Server 3 0717 Server LDAP Buffer Overflow
SERVER-OTHER IBM WebSphere Application Server Commons- CVE-2016- Other Web 2 Collections Library 0150 Server Remote Code Execution I
SERVER-OTHER IBM CVE-2015- Other Web WebSphere Application 1 Server Commons- 7450 Server Collections Library
January 2020 Page 38 of 54 IPS Signature Update
Remote Code Execution
SERVER-OTHER Joomla! CMS Policy Bypass and CVE-2016- Other Web 2 Privilege Escalation 8869 Server Vulnerabilities
SERVER-OTHER MIT CVE-2016- Other Web Kerberos 5 KDC Null 2 3120 Server Pointer Dereference
SERVER-OTHER MIT Kerberos CVE-2016- CVE-2016- Other Web 3119 kadmind Null 1 3119 Server Pointer Dereference Vulnerability
SERVER-OTHER Nginx CVE-2013-2070 CVE-2013- Other Web Chunked Transfer 1 2070 Server Parsing Denial of Service
SERVER-OTHER Novell CVE-2012- Other Web File Reporter FSFUI 2 4958 Server Arbitrary File Retrieval
SERVER-OTHER Novell GroupWise HTTP CVE-2012- Other Web 3 Interfaces Arbitrary File 0419 Server Retrieval
SERVER-OTHER Novell CVE-2012- Other Web GroupWise WebAccess 1 1855 Server Cross-Site Scripting III
SERVER-OTHER Novell CVE-2014- Other Web GroupWise WebAccess 3 0611 Server Cross-Site Scripting I
CVE-2014- Other Web SERVER-OTHER Novell 3 GroupWise WebAccess 0611 Server
January 2020 Page 39 of 54 IPS Signature Update
Cross-Site Scripting (Published Exploit)
SERVER-OTHER Novell Netware XNFS.NLM Other Web 1 xdrDecodeString Heap Server Buffer Overflow
SERVER-OTHER Novell ZENworks Asset CVE-2012- Other Web Management Web 2 4933 Server Console Information Disclosure
SERVER-OTHER OpenLDAP ldapsearch CVE-2017- Other Web 3 pagesize Double Free 9287 Server Denial of Service
SERVER-OTHER OpenLDAP slapd Deref CVE-2015- Other Web 3 Overlay Null Pointer 1545 Server Dereference
SERVER-OTHER OpenSSL DHE Client Key CVE-2015- Other Web 2 Exchange Denial of 1787 Server Service
SERVER-OTHER OpenSSL Invalid PSS CVE-2015- Other Web 3 Parameters Denial of 0208 Server Service
SERVER-OTHER PHP exif_process_user_com CVE-2016- Other Web ment CVE-2016-6292 3 6292 Server Null Pointer Dereference I
CVE-2011- Other Web SERVER-OTHER Smart 2 Software CVE-2011- 5007 Server
January 2020 Page 40 of 54 IPS Signature Update
5007 Solutions CoDeSys ControlService Stack Buffer Overflow
SERVER-OTHER Squid Proxy ESI Response CVE-2016- Other Web 3 Processing Denial of 4555 Server Service
SERVER-OTHER Squid CVE-2014- Other Web Range Header Denial of 3 3609 Server Service
SERVER-OTHER Sun CVE-2006- Other Web Directory Server LDAP 3 0647 Server Denial of Service II
SERVER-OTHER Sun CVE-2006- Other Web Directory Server LDAP 3 0647 Server Denial of Service VIII
SERVER-OTHER Sun CVE-2006- Other Web Directory Server LDAP 3 0647 Server Denial of Service VI
SERVER-OTHER Sun CVE-2006- Other Web Directory Server LDAP 3 0647 Server Denial of Service V
SERVER-OTHER Trend Micro Control Manager Other Web CasLogDirectInsertHand 1 Server ler.cs Remote Code Execution
SERVER-OTHER Trend Micro OfficeScan CVE-2008- Other Web Multiple CGI Modules 1 3862 Server HTTP Form Processing Buffer Overflow
SERVER-OTHER Trend CVE-2007- Other Web 1
January 2020 Page 41 of 54 IPS Signature Update
Micro ServerProtect 1070 Server Crafted RPC Call CMON_NetTestConnect ion Buffer Overflow
SERVER-OTHER Trend Micro ServerProtect CVE-2007- Other Web RPC Call ActiveUpdate 1 1070 Server and ActiveRollback Buffer Overflow
SERVER-OTHER Trend Micro Smart Protection Server CVE-2016- Other Web 3 ccca_ajaxhandler.php 6266 Server Command Injection (Decrypted Traffic)
SERVER-OTHER Trend Micro Smart Protection Server Other Web 1 wcs_bwlists_handler.ph Server p Command Injection (Decrypted Traffic)
SERVER-OTHER UltraVNC VNCViewer CVE-2009- Other Web 2 Authenticate Buffer 0388 Server Overflow
SERVER-SAMBA Samba NetDFS RPC Operating CVE-2007- netdfs_io_dfs_EnumInf System and 1 2446 o_d Handling Heap Services Overflow
SERVER-SAMBA Samba smbd Operating CVE-2013- read_nttrans_ea_list System and 2 4124 Infinite Allocation Loop Services Denial of Service
January 2020 Page 42 of 54 IPS Signature Update
SERVER-SAMBA Samba smbd Operating CVE-2013- read_nttrans_ea_list System and 3 4124 Infinite Allocation Loop Services Denial of Service
SERVER-SAMBA Samba Operating CVE-2004- Unicode Filename System and 1 0882 Buffer Overflow Services
SERVER-SAMBA Samba Operating Wildcard Filename CVE-2004- System and 3 Matching Denial of 0930 Services Service
SERVER-WEBAPP Web Services Advantech WebAccess CVE-2016- and 3 Dashboard removeFile 0855 Applications Directory Traversal
SERVER-WEBAPP Advantech WebAccess Web Services CVE-2016- Dashboard and 3 0855 removeFolder Directory Applications Traversal
SERVER-WEBAPP Apache Struts Web Services FilterDispatcher and and 2 DefaultStaticContentLo Applications ader Classes Directory Traversal
SERVER-WEBAPP BEA Web Services WebLogic Admin CVE-2005- and 3 Console Cross Site 1747 Applications Scripting Vulnerability
SERVER-WEBAPP Web Services CVE-2016- Brocade Network and 3 8207 Advisor Applications CliMonitorReportServlet
January 2020 Page 43 of 54 IPS Signature Update
FILENAME Directory Traversal
SERVER-WEBAPP Brocade Network Web Services Advisor CVE-2016- and 1 DashboardFileReceiveSe 8205 Applications rvlet filename Directory Traversal
SERVER-WEBAPP Brocade Network Web Services Advisor CVE-2016- and 3 SoftwareImageUpload 8206 Applications name filename Directory Traversal
SERVER-WEBAPP Cisco Web Services Network Registrar and 1 Default Credentials Applications Authentication Bypass
SERVER-WEBAPP Cisco Prime Collaboration Web Services Provisioning CVE-2017- and 2 logconfigtracer.jsp 6637 Applications Arbitrary File Deletion (Decrypted Traffic)
SERVER-WEBAPP Drupal Core XML-RPC Endpoint Web Services CVE-2014- xmlrpc.php Internal and 3 5265 Entity Expansion Denial Applications of Service
SERVER-WEBAPP EDB Symantec Web Gateway Web Services CVE-2012- Management Console and 1 0297 Remote Shell Command Applications Execution
SERVER-WEBAPP EMC Web Services CVE-2013- 3 CMCNE inmservlets.war and
January 2020 Page 44 of 54 IPS Signature Update
BootFileUploadMoreInf 6810 Applications oServlet Directory Traversal
SERVER-WEBAPP EMC CMCNE inmservlets.war Web Services CVE-2013- UnifiedFileUploadMoreI and 2 6810 nfoServlet Directory Applications Traversal
SERVER-WEBAPP Web Services FreePBX Framework and 1 remotemod Remote Applications Command Execution
SERVER-WEBAPP HP Web Services Data Protector Multiple CVE-2011- and 1 Products FinishedCopy 3162 Applications SQL Injection
SERVER-WEBAPP HPE Intelligent Management Web Services CVE-2017- Center and 2 5794 FileUploadServlet Applications Directory Traversal
SERVER-WEBAPP HPE Network 2017-5811 Web Services CVE-2017- Automation FileServlet and 1 5811 Information Disclosure Applications II
SERVER-WEBAPP HP Enterprise Vertica Web Services CVE-2016- validateAdminConfig and 1 2002 Remote Command Applications Injection
SERVER-WEBAPP HP Web Services Intelligent Management CVE-2012- and 2 Center DownloadServlet 5208 Applications Information Disclosure
January 2020 Page 45 of 54 IPS Signature Update
SERVER-WEBAPP HP Intelligent Management Web Services CVE-2014- Center and 1 2620 FaultDownloadServlet Applications Information Disclosure
SERVER-WEBAPP HP Intelligent Management Web Services CVE-2012- Center and 2 5203 ReportImgServlet Applications Information Disclosure
SERVER-WEBAPP HP Intelligent Management Web Services CVE-2013- Center SOM and 3 4826 sdFileDownload Applications Information Disclosure
SERVER-WEBAPP HP LoadRunner Virtual Web Services CVE-2013- User Generator and 1 4837 EmulationAdmin Two Applications Directory Traversal
SERVER-WEBAPP HP LoadRunner Virtual Web Services CVE-2013- User Generator and 1 4838 saveCodeRuleFile Applications Directory Traversal
SERVER-WEBAPP HP Web Services Network Virtualization CVE-2014- and 1 toServerObject 2626 Applications Directory Traversal
SERVER-WEBAPP HP Web Services Service Virtualization CVE-2013- and 1 AutoPass License Server 6221 Applications Directory Traversal
CVE-2012- SERVER-WEBAPP IBM Web Services 2 Tivoli Provisioning 0199 and
January 2020 Page 46 of 54 IPS Signature Update
Manager Express Applications User.updateUserValue SQL Injection
SERVER-WEBAPP Ignite Web Services Realtime Openfire user- CVE-2015- and 3 create.jsp Cross-Site 6973 Applications Request Forgery
SERVER-WEBAPP Web Services Jenkins CI Server CVE-2017- and 2 Multiple Cross-Site 1000356 Applications Request Forgery
SERVER-WEBAPP Kaspersky Anti-Virus for Web Services CVE-2017- Linux File Server and 3 9812 getReportStatus Applications Directory Traversal
SERVER-WEBAPP Web Services MailStore Server and 1 search-result Reflected Applications Cross-Site Scripting
SERVER-WEBAPP ManageEngine Web Services Applications Manager and 1 CommonAPIUtil Applications enableDisableAlarmsAct ion SQL Injection
SERVER-WEBAPP ManageEngine Web Services Applications Manager and 1 CommonAPIUtil Applications getMGList groupId SQL Injection
SERVER-WEBAPP Web Services CVE-2014- ManageEngine Multiple and 3 6034 Products FileCollector Applications doPost Directory
January 2020 Page 47 of 54 IPS Signature Update
Traversal
SERVER-WEBAPP ManageEngine Multiple Web Services CVE-2014- Products and 3 6036 multipartRequest Applications Directory Traversal
SERVER-WEBAPP ManageEngine NetFlow Web Services CVE-2014- Analyzer And IT360 and 3 5445 CSVServlet Arbitrary File Applications Download
SERVER-WEBAPP ManageEngine NetFlow Web Services CVE-2014- Analyzer And IT360 and 3 5446 DisplayChartPDF Applications Directory Traversal
SERVER-WEBAPP McAfee Asset Manager Web Services CVE-2014- CVE-2014-2587 and 3 2587 ReportsAudit.jsp Input Applications Validation Error
SERVER-WEBAPP Moxa Web Services CVE-2016- SoftCMS CGI Program and 2 5792 SQL Injection Applications
SERVER-WEBAPP Nagios Web Services core CGI CVE-2013- and 3 Process_cgivars Off-By- 7108 Applications One
SERVER-WEBAPP Novell Web Services File Reporter CVE-2012- CVE-2012- and 2 4958 FSFUI Arbitrary 4958 Applications File Retrieval II
CVE-2012- SERVER-WEBAPP Novell Web Services 2 File Reporter CVE-2012- 4958 and
January 2020 Page 48 of 54 IPS Signature Update
4958 FSFUI Arbitrary Applications File Retrieval I
SERVER-WEBAPP Novell File Reporter CVE-2012- Web Services CVE-2012- 4959 FSFUI Request and 2 4959 Directory Traversal Applications Attempt III
SERVER-WEBAPP Novell Web Services NetWare OpenSSH and 2 Buffer Overflow I Applications
SERVER-WEBAPP Novell Web Services ZENworks Configuration CVE-2013- and 3 Management PreBoot 3706 Applications Directory Traversal
SERVER-WEBAPP PHP Web Services CVE-2014- CDF File Handling and 3 0238 Infinite Loop Applications
SERVER-WEBAPP PHP Web Services Fileinfo CVE-2014- and 3 cdf_read_property_info 3587 Applications Denial of Service
SERVER-WEBAPP PHP Web Services Libmagic Portable CVE-2014- and 3 Executable Out Of 2270 Applications Bounds Memory Access
SERVER-WEBAPP PHP Web Services CVE-2016- TAR File Parsing and 3 4343 Uninitialized Reference Applications
SERVER-WEBAPP PHP unserialize Call SPL Web Services CVE-2014- ArrayObject and and 2 3515 SPLObjectStorage Applications Memory Corruption
January 2020 Page 49 of 54 IPS Signature Update
SERVER-WEBAPP Red Web Services Hat JBoss BPM Suite CVE-2017- and 1 BRMS Tasks List Cross- 2674 Applications Site Scripting
SERVER-WEBAPP Red Web Services Hat JBoss Seam CVE-2013- and 3 Framework XXE 6447 Applications Information Disclosure
SERVER-WEBAPP Reprise License Web Services Manager actserver and and 1 akey HTTP Parameters Applications Parsing Stack Buffer Overflow
SERVER-WEBAPP Ruby Web Services on Rails JSON Processor CVE-2013- and 2 YAML Deserialization 0333 Applications Code Execution
SERVER-WEBAPP SAP NetWeaver Web Services CVE-2012- DiagiEventSource Denial and 3 2514 of Service (Published Applications Exploit)
SERVER-WEBAPP Schneider Electric Web Services CVE-2017- U.motion Builder and 1 7973 track_import_export.ph Applications p SQL Injection
SERVER-WEBAPP Web Services SolarWinds SRM Profiler CVE-2016- and 1 DuplicateFilesServlet 4350 Applications SQL Injection
Web Services SERVER-WEBAPP CVE-2016- and 1 SolarWinds SRM Profiler 4350 HostStorageServlet Applications
January 2020 Page 50 of 54 IPS Signature Update
state FileSystem ID SQL Injection
SERVER-WEBAPP SolarWinds SRM Profiler Web Services CVE-2016- ScriptServlet and 1 4350 ScriptSchedule SQL Applications Injection
SERVER-WEBAPP SolarWinds SRM Profiler Web Services CVE-2016- UserDefinedFieldConfig and 1 4350 Servlet saveUDF SQL Applications Injection
SERVER-WEBAPP Web Services SolarWinds SRM Profiler CVE-2016- and 1 XiotechMonitorServlet 4350 Applications saveSite SQL Injection
SERVER-WEBAPP SolarWinds Storage Web Services Manager and 1 AuthenticationFilter Applications Authentication Bypass
SERVER-WEBAPP Splunk Web Services Enterprise alerts and 2 alerts_id Server-Side Applications Request Forgery
SERVER-WEBAPP Web Services Symantec IM Manager CVE-2011- and 2 Administrator Interface 0553 Applications SQL injection
SERVER-WEBAPP Web Services Symantec IM Manager CVE-2011- and 3 Multiple Cross Site 0552 Applications Scripting
SERVER-WEBAPP CVE-2012- Web Services 1
January 2020 Page 51 of 54 IPS Signature Update
Symantec Web Gateway 0297 and ipchange.php Command Applications Injection
SERVER-WEBAPP Trend Micro Control Manager Web Services AdHocQuery_Processor. and 1 aspx SQL Injection Applications (Decrypted Traffic)
SERVER-WEBAPP Trend Micro InterScan Web Services CVE-2017- Messaging Security and 3 11391 modTMCSS Command Applications Injection
SERVER-WEBAPP Trend Micro SafeSync for Enterprise Web Services deviceTool.pm and 1 get_device_info SQL Applications Injection (Decrypted Traffic)
SERVER-WEBAPP Typo3 Web Services CVE-2015- CMS SanitizeLocalUrl and 2 5956 Cross-Site Scripting Applications
SERVER-WEBAPP Web Services WECON LeviStudio and 1 HmiSet Style Stack Applications Buffer Overflow
SERVER-WEBAPP Zabbix Web Services Server Active Proxy CVE-2017- and 3 Trapper Command 2824 Applications Injection
Malware Communicatio 1 n
January 2020 Page 52 of 54 IPS Signature Update
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
January 2020 Page 53 of 54 IPS Signature Update
Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2020 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com
January 2020 Page 54 of 54