SOPHOS IPS Signature Update Release Notes
Version : 9.16.31 Release Date : 26th September 2019 IPS Signature Update
Release Information
Upgrade Applicable on
IPS Signature Release Version 9.16.30 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650
Upgrade Information Upgrade type: Automatic
Compatibility Annotations: None
Introduction The Release Note document for IPS Signature Database Version 9.16.31 includes support for the new signatures. The following sections describe the release in detail.
New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected], along with the application details.
September 2019 Page 2 of 15 IPS Signature Update
This IPS Release includes One Hundred(100) signatures to address Eighty Eight(88) vulnerabilities. New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
FILE-FLASH Adobe Flash CVE-2016- AVC Decoder Memory Multimedia 1 4275 Corruption attempt
FILE-FLASH Adobe Flash ContextMenu Clone CVE-2016- Multimedia 1 memory corruption 4284 vulnerability attempt
FILE-FLASH Adobe Flash CVE-2016-0997 Remote CVE-2016- Multimedia 2 Code Execution 0997 Vulnerability
FILE-FLASH Adobe Flash CVE-2017- malformed FLV heap Multimedia 1 2986 overflow attempt
FILE-FLASH Adobe Flash CVE-2017- Player ActionPush out Multimedia 1 3060 of bounds read attempt
FILE-FLASH Adobe Flash Player BitmapData CVE-2017- Multimedia 1 object out of bounds 3079 access attempt
FILE-FLASH Adobe Flash Player CVE-2016-4273 Malformed Multimedia 1 ActionConstantPool Memory Corruption
FILE-FLASH Adobe Flash Player CVE-2018-15982 CVE-2018- Multimedia 2 Arbitrary Code Injection 15982 Vulnerability
September 2019 Page 3 of 15 IPS Signature Update
FILE-FLASH Adobe Flash Player CVE-2017- determinePreferredLoca Multimedia 1 3082 les out of bounds memory read attempt
FILE-FLASH Adobe Flash Player display list CVE-2017- Multimedia 1 structure memory 2930 corruption attempt
FILE-FLASH Adobe Flash Player FrameLabel CVE-2016- Multimedia 1 memory corruption 6986 attempt
FILE-FLASH Adobe Flash Player invalid FLV CVE-2016- Multimedia 1 header out of bounds 1001 write attempt
FILE-FLASH Adobe Flash Player malformed CVE-2016- Multimedia 1 VideoFrame memory 4274 corruption attempt
FILE-FLASH Adobe Flash CVE-2017- Player memory Multimedia 1 3099 corruption attempt
FILE-FLASH Adobe Flash Player MPEG-4 AVC CVE-2017- Multimedia 1 decoding out of bounds 3076 read attempt
FILE-FLASH Adobe Flash CVE-2019- Player out-of-bounds Multimedia 2 7108 read attempt
FILE-FLASH Adobe Flash CVE-2017- Player tvsdk object use Multimedia 1 11225 after free attempt
September 2019 Page 4 of 15 IPS Signature Update
FILE-FLASH Adobe Flash CVE-2019- Player use after free Multimedia 2 7837 attempt
FILE-FLASH Adobe Standalone Flash Player AS3 Primetime timeline CVE-2016- Multimedia 1 ShimContentResolver 6983 out of bounds read attempt
FILE-IDENTIFY ZSoft PCX Application 4 file download request and Software
FILE-IMAGE Adobe Acrobat Pro CVE-2017- CVE-2017- Multimedia 2 16381 SampleFormat 16381 heap overflow attempt
FILE-IMAGE Adobe Acrobat TIFF malformed CVE-2017- YCbCrCoefficients Multimedia 2 16382 values memory corruption attempt
FILE-MULTIMEDIA Adobe Acrobat CVE-2017- Multimedia 4 ImageConversion EMF 11308 Integer Overflow
FILE-MULTIMEDIA Adobe Flash Player MP4 CVE-2017- Multimedia 1 stsz atom memory 2926 corruption attempt
FILE-OFFICE LibreOffice CVE-2019- LibreLogo Arbitrary Office Tools 1 9848 Code Execution
FILE-OTHER Adobe CVE-2014- Application 2 Acrobat CVE-2017- 0529 and Software 16395 EMF conversion
September 2019 Page 5 of 15 IPS Signature Update
heap buffer overflow attempt
FILE-OTHER Adobe Acrobat CVE-2017- CVE-2017- Application 16407 ImageConversion 1 16407 and Software EMF BMP Out of Bounds Read II
FILE-OTHER Adobe Acrobat CVE-2017- CVE-2017- Application 16407 ImageConversion 1 16407 and Software EMF BMP Out of Bounds Read
FILE-OTHER Adobe Acrobat EMFPlus out of CVE-2017- Application 1 bounds buffer overflow 16404 and Software attempt
FILE-OTHER Adobe CVE-2019- Application Acrobat out-of-bounds 2 7122 and Software read attempt
FILE-OTHER Adobe Acrobat Pro EMF CVE-2018- Application 2 EmfPlusDrawString out 4879 and Software of bounds read attempt
FILE-OTHER Adobe CVE-2018- Application Acrobat Pro EMF out of 1 4895 and Software bounds write attempt
FILE-OTHER Adobe Acrobat Pro PDX CVE-2018- Application malformed index out of 1 4984 and Software bounds memory read attempt
FILE-OTHER Adobe CVE-2017- Application 2 Acrobat Pro 16411 and Software WebCapture out of
September 2019 Page 6 of 15 IPS Signature Update
bounds read attempt
FILE-OTHER Adobe Acrobat Reader CVE- CVE-2019- Application 2 2019-7125 Arbitrary 7125 and Software Code Execution
FILE-OTHER Adobe Acrobat Reader JP2 CVE-2018- Application 2 CVE-2018-4990 Double 4990 and Software Free Code Execution
FILE-OTHER Adobe Flash Player CVE-2016-0967 CVE-2016- Application Unsupported Video 2 0967 and Software Encoding Remote Code Execution
FILE-OTHER Adobe Flash CVE-2017- Application Player h264 decoder 1 2984 and Software heap overflow attempt
FILE-OTHER Adobe CVE-2019- Application Reader CVE-2019-7818 2 7818 and Software Out Of Bounds Read
FILE-PDF Adobe Acrobat and Reader CVE-2017- CVE-2017- Application 4 16374 JPEG2000 Parsing 16374 and Software Out of Bounds Read
FILE-PDF Adobe Acrobat CVE-2018- Application EMF BMP Heap Buffer 1 12788 and Software Overflow
FILE-PDF Adobe Acrobat malformed JPEG 2000 CVE-2017- Application 2 codestream width out 3033 and Software of bounds read attempt
CVE-2018- Application FILE-PDF Adobe Acrobat 2 Reader CVE-2018-4948 4948 and Software
September 2019 Page 7 of 15 IPS Signature Update
Heap Overflow Attempt
FILE-PDF Adobe Acrobat CVE-2019- Application Reader CVE-2019-7113 2 7113 and Software PDF Heap Overflow
FILE-PDF Adobe Acrobat Reader javascript CVE-2017- Application 1 engine stack overflow 3037 and Software attempt
FILE-PDF Adobe Acrobat XFA engine heap CVE-2017- Application 2 memory corruption 11219 and Software attempt
FILE-PDF Adobe PDF CFF font parsing memory CVE-2017- Application 2 corruption vulnerability 16362 and Software attempt
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-5036 Heap 2 5036 and Software Overflow
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-5037 Heap 2 5037 and Software Overflow
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-5041 Heap 2 5041 and Software Overflow
FILE-PDF Adobe Reader CVE-2018- Application CVE-2018-5045 2 5045 and Software Overflow
FILE-PDF Adobe Reader CVE-2019- Application CVE-2019-7822 Out Of 4 7822 and Software Bounds Read
FILE-PDF Adobe Reader CVE-2016- Application 1
September 2019 Page 8 of 15 IPS Signature Update
JavaScript recursive calls 6970 and Software memory corruption attempt
OS-SOLARIS Oracle Operating CVE-2001- Solaris LPD overflow System and 1 1583 attempt Services
OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 2 DHCP Client CVE-2019- 0547 Services 0547 Code Execution
SERVER-APACHE Apache CouchDB CVE-2017- CVE-2017- Apache HTTP 2 12635 JSON Remote 12635 Server Privilege Escalation
SERVER-APACHE Apache CVE-2019- Apache HTTP httpd mod_remoteip 1 10097 Server Buffer Overflow
SERVER-APACHE Apache Solr xmlparser external CVE-2017- Apache HTTP 2 doctype or entity 12629 Server expansion attempt
SERVER-APACHE Apache Struts 2 namespace CVE-2018- Apache HTTP Expression Language 2 11776 Server Injection CVE-2018- 11776
SERVER-APACHE Apache CVE-2017- Apache HTTP Struts 2 Struts 1 Plugin 2 9791 Server Remote Code Execution
SERVER-APACHE Apache CVE-2017- Apache HTTP Subversion svn-ssh URL 1 9800 Server Command Execution
SERVER-APACHE Apache CVE-2019- Apache HTTP 2
September 2019 Page 9 of 15 IPS Signature Update
Tomcat HTTP2 10072 Server Connection Window Exhaustion Denial Of Service
SERVER-APACHE httpd mod_mime content- CVE-2017- Apache HTTP 1 type buffer overflow 7679 Server attempt
SERVER-ORACLE Oracle Database GoldenGate Manager CVE-2018- Management 1 Command Tab Parsing 2912 System Denial of Service
SERVER-ORACLE Oracle Database Solaris RPC CVE-2017- CVE-2017- Management 2 3623 Heap Buffer 3623 System Overflow
SERVER-OTHER HPE Data Protector CVE-2016- Other Web 1 EXEC_BAR domain 2006 Server Buffer Overflow
SERVER-OTHER HPE Data Protector CVE-2016- Other Web 1 EXEC_BAR username 2005 Server Buffer Overflow
SERVER-OTHER IBM Informix Dynamic CVE-2017- Other Web Server index.php 3 1092 Server testconn Heap Buffer Overflow
SERVER-OTHER IBM Tivoli Storage Manager CVE-2015- Other Web 1 Fastback buffer 8520 Server overflow attempt
SERVER-OTHER IBM CVE-2015- Other Web 1 Tivoli Storage Manager
September 2019 Page 10 of 15 IPS Signature Update
Fastback buffer 8521 Server overflow attempt
SERVER-OTHER IBM WebSphere Application CVE-2015- Other Web Server Commons- 1 7450 Server Collections Library Remote Code Execution
SERVER-OTHER Microsoft Windows CVE-2019- Other Web 4 DHCP Server Failover 0785 Server Remote Code Execution
SERVER-OTHER Microsoft Windows CVE-2019- Other Web 4 DHCP Server Remote 0725 Server Code Execution
SERVER-WEBAPP Adobe Web Services ColdFusion CFFILE CVE-2019- and 2 Upload Action 7838 Applications Unrestricted File Upload
SERVER-WEBAPP HPE Intelligent Management Web Services CVE-2019- Center dbman Opcode and 1 5355 10003 Filename Denial Applications of Service
SERVER-WEBAPP HPE Intelligent Management Web Services CVE-2017- Center getSelInsBean and 2 12490 Expression Language Applications Injection
SERVER-WEBAPP HPE Intelligent Management Web Services Center CVE-2019- and 1 IctTableExportToCSVBea 5370 Applications n Expression Language Injection
September 2019 Page 11 of 15 IPS Signature Update
SERVER-WEBAPP HPE Intelligent Management Web Services Center CVE-2019- and 1 PlatNavigationToBean 5387 Applications URL Expression Language Injection
SERVER-WEBAPP HP Web Services IMC guiDataDetail Java CVE-2017- and 1 expression language 12523 Applications injection attempt
SERVER-WEBAPP HP IMC Web Services iccSelectDeviceSeries CVE-2017- and 1 Java expression 12510 Applications language injection attempt
SERVER-WEBAPP HP IMC wmiConfigContent Web Services CVE-2017- Java expression and 1 12526 language injection Applications attempt
SERVER-WEBAPP IBM OpenAdmin Tool SOAP Web Services CVE-2017- welcomeService.php and 1 1092 PHP code injection Applications attempt
SERVER-WEBAPP Web Services Joomba component CVE-2018- and 2 Article Factory Manager 17380 Applications SQL injection attempt
SERVER-WEBAPP Joomla component Web Services CVE-2018- Timetable Schedule and 2 17394 3.6.8 SQL injection Applications attempt
September 2019 Page 12 of 15 IPS Signature Update
SERVER-WEBAPP Oracle Web Services Identity Manager CVE- CVE-2017- and 3 2017-10151 Default 10151 Applications Credentials II
SERVER-WEBAPP Oracle Weblogic CVE-2019- Web Services CVE-2019- 2647 and 1 2647 ForeignRecoveryContext Applications External Entity Injection
SERVER-WEBAPP Oracle Web Services Weblogic CVE-2019- and 2 WsrmSequenceContext 2650 Applications External Entity Injection
SERVER-WEBAPP Oracle Weblogic Web Services CVE-2019- WsrmServerPayloadCon and 2 2648 text External Entity Applications Injection
September 2019 Page 13 of 15 IPS Signature Update
Name: Name of the Signature
CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
Category: Class type according to threat
Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
September 2019 Page 14 of 15 IPS Signature Update
Important Notice Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved. All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters Sophos Technologies Pvt. Ltd. Reg. Office: Sophos House, Saigulshan Complex, Beside White House, Panchvati Cross Road, Ahmedabad – 380006, INDIA Phone: +91-79-66216666 Fax: +91-79-26407640 Web site: www.sophos.com
September 2019 Page 15 of 15