SOPHOS IPS Signature Update Release Notes

SOPHOSIPS Signature UpdateRelease Notes

Version : 9.16.44Release Date : 12th November 2019

IPS Signature Update

November 2019 of 39

Release Information

Upgrade Applicable on

IPS Signature Release Version 9.16.43

Sophos Appliance Models

CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P,CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F,CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P,CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P,CR1500i-12P, CR1500ia, CR1500ia10FCR25iNG, CR25iNG-6P, CR35iNG, CR50iNG,CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG-XP, CR750iNG-XP, CR2500iNG, CR25wiNG,CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C,CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650

Upgrade Information

Upgrade type: Automatic

Compatibility Annotations: None

IntroductionThe Release Note document for IPS Signature Database Version 9.16.44 includes support for the newsignatures. The following sections describe the release in detail.

New IPS SignaturesThe Sophos Intrusion Prevention System shields the network from known attacks by matching thenetwork traffic against the signatures in the IPS Signature Database. These signatures are developed tosignificantly increase detection performance and reduce the false alarms.

Report false positives at [email protected], along with the application details.

mailto:[email protected]


November 2019 of 39

This IPS Release includes Three Hundred and Twelve(312) signatures to address Two Hundred and EightyOne(281) vulnerabilities.

New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-IE MicrosoftEdge CVE-2016-7288TypedArray.sort UseAfter Free

CVE-2016-7288 Browsers 1

BROWSER-IE MicrosoftEdge CVE-2018-8242Remote Code Execution


BROWSER-IE MicrosoftEdge JavaScriptReverseHelper bufferoverrun attempt


BROWSER-IE MicrosoftEdge out of boundswrite attempt


BROWSER-IE MicrosoftEdge type confusionvulnerability attempt


BROWSER-IE MicrosoftInternet Explorer 11CMarkupGetMarkupTitle use-after-free attempt


BROWSER-IE MicrosoftInternet Explorer andEdge CVE-2016-3247Memory Corruption I


BROWSER-IE MicrosoftInternet ExplorerCAttribute to



November 2019 of 39

CStyleAttrArray typeconfusion attempt

BROWSER-IE MicrosoftInternet ExplorerChakra.dll Array.filtertype confusion attempt


BROWSER-IE MicrosoftInternet Explorer classidremote code executionattempt


BROWSER-IE MicrosoftInternet Explorer CVE-2016-0002 EdgeMemory Corruption II


BROWSER-IE MicrosoftInternet Explorer CVE-2016-3288 MemoryCorruption II


BROWSER-IE MicrosoftInternet Explorer CVE-2016-7241 EdgeJSON.parse TypeConfusion


BROWSER-IE MicrosoftInternet Explorer CVE-2017-0059 CStr UseAfter Free


BROWSER-IE MicrosoftInternet Explorerjavascript memorycorruption attempt


BROWSER-IE MicrosoftInternet ExplorerSComputedStyledestructor out of



November 2019 of 39

bounds read attempt

BROWSER-IE MicrosoftInternet ExplorerVBScript remote codeexecution attempt


BROWSER-IE MicrosoftInternet ExplorerVBScript remote codeexecution attempt


BROWSER-IE MicrosoftInternet Explorer XDRPrototype HijackingDenial of Service

Browsers 1

BROWSER-IE MicrosoftWindows PDF LibraryCVE-2016-3319Memory Corruption I


BROWSER-OTHERMicrosoft Edge CVE-2016-7206 RemoteCode ExecutionVulnerability


BROWSER-OTHER SafariDenial Of ServiceVulnerability


BROWSER-OTHER SafariSame Origin PolicyBypass Vulnerability


BROWSER-PLUGINSTrend Micro ControlManagerThreatDistributedTrailThreatName SQLInjection CVE-2018-



November 2019 of 39

3606

FILE-FLASH Adobe FlashPlayerABRControlParametersaccess memorycorruption attempt

CVE-2016-4185 Multimedia 1

FILE-FLASH Adobe FlashPlayer AS2 setIntervaluse after free attempt


FILE-FLASH Adobe FlashPlayer ASnative customgetter use after freeattempt


FILE-FLASH Adobe FlashPlayer ASnativesetFocus use after freeattempt


FILE-FLASH Adobe FlashPlayerBitmapData.applyFilteraccess violation attempt


FILE-FLASH Adobe FlashPlayerBitmapData.copyChannel access violationattempt


FILE-FLASH Adobe FlashPlayer BitmapDatamethod memorycorruption attempt


FILE-FLASH Adobe FlashPlayer BlurFiltermemory corruptionattempt



November 2019 of 39

FILE-FLASH Adobe FlashPlayer CVE-2016-4227ActionScript setFocusUse After Free Attempt


FILE-FLASH Adobe FlashPlayerDisplacementMapFiltermapBitmap use afterfree attempt


FILE-FLASH Adobe FlashPlayerduplicateMovieClip useafter free attempt


FILE-FLASH Adobe FlashPlayer improper displaylist handling memorycorruption attempt


FILE-FLASH Adobe FlashPlayer LoadVars use-after-free attempt


FILE-FLASH Adobe FlashPlayer malformed ATFbuffer overflow attempt


FILE-FLASH Adobe FlashPlayerMediaPlayerItemLoaderout of bounds memoryaccess attempt


FILE-FLASH Adobe FlashPlayer MessageChanneltype confusion attempt


FILE-FLASH Adobe FlashPlayer movieclipattachbitmap use-after-



November 2019 of 39

free attempt CVE-2015-8410

FILE-FLASH Adobe FlashPlayer MovieClipmethod use after freeattempt


FILE-FLASH Adobe FlashPlayer MovieClip objectuse-after-free attempt


FILE-FLASH Adobe FlashPlayer overly large cpoolindex out of boundsread attempt


FILE-FLASH Adobe FlashPlayer PSDKEventDispatchremoveEventListeneruse after free attempt


FILE-FLASH Adobe FlashPlayer Rectangleconstructor use afterfree attempt


FILE-FLASH Adobe FlashPlayer rectanglememory accessviolation attempt


FILE-FLASH Adobe FlashPlayer recursion callsstack overflow attempt


FILE-FLASH Adobe FlashPlayerSelection.SetSelectionuse-after-free attempt



November 2019 of 39

FILE-FLASH Adobe FlashPlayer SharedObjectsend stack bufferoverflow attempt


FILE-FLASH Adobe FlashPlayer SoundURLStreammemory corruptionattempt


FILE-FLASH Adobe FlashPlayer String lengthheap buffer overflowattempt


FILE-FLASH Adobe FlashPlayer TextField filtersuse-after-free attempt


FILE-FLASH Adobe FlashPlayer TextField setteruse after free attempt


FILE-FLASH Adobe FlashPlayerTextFormat.tabStopsuse after free attempt


FILE-FLASH Adobe FlashPlayer toString typeconfusion memorycorruption attempt


FILE-FLASH Adobe FlashPlayer URLStream useafter free attempt


FILE-FLASH Adobe FlashPlayer use after freeattempt


FILE-FLASH Adobe CVE-2016- Multimedia 1


November 2019 of 39

Standalone Flash PlayerASnative object useafter free attempt

0991

FILE-IDENTIFY AdobeAcrobat JOBOPTIONSFile Parsing Out ofBounds Read

CVE-2019-7109

Applicationand Software 4

FILE-IDENTIFYEmbedded Open TypeFont file magic detected


FILE-IDENTIFY PortableExecutable Binary FileMagic Detected


FILE-IDENTIFY RAR filemagic detected


FILE-IDENTIFY WindowsMedia Metafile filedownload request


FILE-IMAGE AdobeAcrobat Professionalmalformed PCXmemory corruptionattempt


FILE-IMAGE AdobeAcrobat Pro malformedJPEG tag data bufferoverflow attempt


FILE-IMAGE AdobeAcrobat Pro malformedTIFF out of bounds readattempt CVE-2018-5044


FILE-IMAGE AdobeAcrobat Pro malformed



November 2019 of 39

TIF heap overflowattempt

FILE-IMAGE AdobeAcrobat Pro TIFFembedded XPS file outof bounds read attempt


FILE-IMAGE AdobeAcrobat TIFF ICC tagheap buffer overflowattempt


FILE-IMAGE AdobeAcrobat TIFFPhotometricInterpretation heap buffer overflowattempt


FILE-IMAGE AdobeAcrobat XPS heapoverflow attempt


FILE-IMAGE AdobeReader malformedapp13 marker memorycorruption attempt


FILE-IMAGE AppleQuicktime malformedFPX file memorycorruption attempt


FILE-MULTIMEDIAAdobe AcrobatProfessional EMFmalformedEMR_POLYBEZIERTO16out of bounds accessattempt


FILE-MULTIMEDIAAdobe Acrobat XPS CVE- CVE-2018- Multimedia 3


November 2019 of 39

2018-4889 JPEG Out ofBounds Read

4889

FILE-MULTIMEDIAAdobe Flash CVE-2017-3076 AVC EdgeProcessing Out ofBounds Read


FILE-MULTIMEDIAAdobe Professional EMFmalformedEMR_STRETCHDIBITSrecord memorycorruption attempt


FILE-OFFICE AdobeAcrobatImageConversion JPEGOut-of-Bounds Read

CVE-2017-2960 Office Tools 1

FILE-OFFICE EMFcorruption attempt


FILE-OFFICE MicrosoftJET Database remotecode execution attempt


FILE-OFFICE MicrosoftOffice Excel malformedLabel record exploitattempt


FILE-OFFICE MicrosoftOffice Graph CVE-2018-8157 Chart Out-Of-Bounds Write


FILE-OFFICE MicrosoftOffice Outlook HTMLacronym tag memorycorruption attempt



November 2019 of 39

FILE-OFFICE MicrosoftOffice PowerPointOfficeArt atom memorycorruption attempt


FILE-OFFICE MicrosoftOffice PowerPoint outof bounds value remotecode execution attempt


FILE-OFFICE MicrosoftOutlook email rules filememory corruptionattempt


FILE-OFFICE MicrosoftOutlook RWZ CVE-2018-8587 Integer Overflow


FILE-OTHER2015_6130_Flag Set

CVE-2015-6130


FILE-OTHER AcrobatReader CVE-2018-12838Information DisclosureVulnerability

CVE-2018-12838



CVE-2018-12845



CVE-2018-15948


FILE-OTHER AdobeAcrobat and ReaderdocID Stack BufferOverflow leak CVE-2018-4901

CVE-2018-4901



November 2019 of 39

FILE-OTHER AdobeAcrobat CVE-2018-5061ImageConversion EMFEmfPlusDrawBeziersOut-Of-Bounds Read

CVE-2018-5061


FILE-OTHER AdobeAcrobat EMF filekerning data memorycorruption attempt

CVE-2017-11239


FILE-OTHER AdobeAcrobat out of boundsread attempt

CVE-2019-7049


FILE-OTHER AdobeAcrobat Pro CVE-2018-4893 XPS Out OfBounds Read Attempt

CVE-2018-4893


FILE-OTHER AdobeAcrobat Pro CVE-2018-4896 Out Of BoundsRead Attempt

CVE-2018-4896


FILE-OTHER AdobeAcrobat Pro CVE-2018-4904 Embedded TIFFHeap Overflow AttemptII

CVE-2018-4904


FILE-OTHER AdobeAcrobat pro CVE-2018-4914 Out Of BoundsRead Attempt

CVE-2018-4914


FILE-OTHER AdobeAcrobat Pro EMFEMR_STRETCHDIBITSsize out of bounds readattempt

CVE-2018-4964



November 2019 of 39

FILE-OTHER AdobeAcrobat Pro EMFImageConversion out-of-bounds writeattempt

CVE-2018-12860


FILE-OTHER AdobeAcrobat Pro EMFmalformed bitmaprectangle destinationout of bounds readattempt

CVE-2018-4886


FILE-OTHER AdobeAcrobat Pro EMFmalformed bitmaprectangle destinationout of bounds readattempt

CVE-2018-4886


FILE-OTHER AdobeAcrobat Pro EMFmemory corruptionattempt

CVE-2018-15951


FILE-OTHER AdobeAcrobat Pro integeroverflow vulnerabilityattempt

CVE-2018-15995


FILE-OTHER AdobeAcrobat Pro TIFFembedded XPS file outof bounds read attempt

CVE-2018-4903


FILE-OTHER AdobeAcrobat Pro XPS filemalformed Sourceattribute bufferoverflow attempt

CVE-2018-4899


FILE-OTHER Adobe CVE-2018- Application 2


November 2019 of 39

Acrobat Pro XPS out-of-bounds read attempt

5016 and Software

FILE-OTHER AdobeAcrobat Reader CVE-2018-12775 Out OfBounds

CVE-2018-12775


FILE-OTHER AdobeAcrobat Reader CVE-2018-12777 Out ofBounds Read Access

CVE-2018-12777



CVE-2018-12780



CVE-2018-12781


FILE-OTHER AdobeAcrobat Reader pcxplanes memorycorruption attempt

CVE-2017-3036


FILE-OTHER AppleQuickTime PSD FileParsing CVE-2016-1769Memory Corruption

CVE-2016-1769


FILE-OTHER EMFEmrText object out ofbounds read attempt

CVE-2018-4883


FILE-OTHER FreeBSDbspatch utility remotecode execution attemptCVE-2014-9862

CVE-2014-9862



November 2019 of 39

FILE-OTHER FreeBSDbspatch utility remotecode execution attempt

CVE-2014-9862


FILE-OTHER GNULibextractor CVE-2018-16430 ZIP File CommentOut-of-Bounds Read

CVE-2018-16430


FILE-OTHER GoogleGolang Get CommandInjection

CVE-2018-7187


FILE-OTHER MicrosoftJet 4.0 CVE-2016-0250Access ViolationVulnerability

CVE-2016-0250


FILE-OTHERMicrosoft .NETResources file remotecode execution attempt

CVE-2018-8172


FILE-OTHER MicrosoftwimgapiLoadIntegrityInfo heapbuffer overflow attempt

CVE-2018-8210


FILE-OTHER MicrosoftWindows Device Guardbypass via compiledhelp file attempt

CVE-2017-8625


FILE-OTHER MicrosoftWindows wimgapiReadIntegrityInfo HeapBuffer Overflow CVE-2018-8210

CVE-2018-8210


FILE-OTHER Snapddirty_sock exploitdownload attempt

CVE-2019-7304



November 2019 of 39

FILE-OTHER VMwareVNCVMWDynResolutionHeap Buffer Overflow

CVE-2017-4933


FILE-OTHER WSDL soapendpoint location codeinjection attempt

CVE-2017-8759


FILE-PDF AcrobatReader CVE-2018-12766Information DisclosureVulnerability

CVE-2018-12766



CVE-2018-12766



CVE-2018-15925


FILE-PDF Adobe Acrobatand Reader CVE-2017-11254 addAnnot UseAfter Free Vulnerability


FILE-PDF Adobe Acrobatand Reader CVE-2018-12790 JPEG2000 ParsingOut of Bounds Read

CVE-2018-12790


FILE-PDF Adobe Acrobatand Reader JPEG2000Out of Bounds Read

CVE-2017-2946


FILE-PDF Adobe AcrobatCoolType malformedfont memory corruptionattempt

CVE-2016-0945



November 2019 of 39

FILE-PDF Adobe AcrobatEMF EMR_ALPHABLENDCVE-2018-12789 Out-of-Bounds Read

CVE-2018-12789


FILE-PDF Adobe AcrobatFileAttachment use-after-free attempt

CVE-2016-1065


FILE-PDF Adobe AcrobatImageConversion TIFFHeap-based BufferOverflow

CVE-2017-2966


FILE-PDF Adobe Acrobatinteger overflowattempt

CVE-2018-16007


FILE-PDF Adobe AcrobatJavaScript engine useafter free attempt

CVE-2019-7082


FILE-PDF Adobe AcrobatOCG setIntent CVE-2018-4910 IntegerOverflow II

CVE-2018-4910


FILE-PDF Adobe AcrobatReader annotationoversized array memorycorruption attempt

CVE-2016-1007


FILE-PDF Adobe AcrobatReader byte order markout of bounds readattempt

CVE-2018-4882


FILE-PDF Adobe AcrobatReader CVE-2016-1043XFA FormCalc replaceInteger Overflow

CVE-2016-1043



November 2019 of 39

FILE-PDF Adobe AcrobatReader CVE-2018-12782Double Free MemoryCorruption

CVE-2018-12782


FILE-PDF Adobe AcrobatReader CVE-2018-12783Use After Free MemoryCorruption

CVE-2018-12783


FILE-PDF Adobe AcrobatReader CVE-2018-4882Byte Order Mark Out OfBounds Read Attempt II

CVE-2018-4882


FILE-PDF Adobe AcrobatReadergetAnnotsRichMediareturn type confusionattempt

CVE-2018-4902


FILE-PDF Adobe AcrobatReader invalid trailermemory corruptionattempt

CVE-2018-4901


FILE-PDF Adobe AcrobatReader JavaScript XFAengine use after freeattempt

CVE-2018-4913


FILE-PDF Adobe AcrobatReader malformed AESkey memory corruptionattempt

CVE-2017-3030


FILE-PDF Adobe AcrobatReader malformed CFFglobal subroutinememory corruptionattempt

CVE-2017-2941



November 2019 of 39

FILE-PDF Adobe AcrobatReader malformed PRCfile out of bounds readattempt

CVE-2017-3019


FILE-PDF Adobe AcrobatReader malformedTrueType font memorycorruption attempt

CVE-2017-11237


FILE-PDF Adobe AcrobatReader malformed TTFmemory corruptionattempt

CVE-2017-3116


FILE-PDF Adobe AcrobatReader PostScript fileout of bounds readattempt CVE-2019-7074

CVE-2019-7074


FILE-PDF Adobe AcrobatReader U3D e3_boneobject out of boundsmemory access attempt

CVE-2016-1116


FILE-PDF Adobe AcrobatXFA field initializationmemory corruptionattempt

CVE-2017-11218


FILE-PDF Adobe FlashPlayer ActionScriptsetFocus use after freeattempt

CVE-2016-4227


FILE-PDF Adobe FlashPlayer ActionScriptsetFocus use after freeattempt

CVE-2016-4227


FILE-PDF Adobe ReadercompareDocuments

CVE-2016-1085



November 2019 of 39

JavaScript function use-after-free attempt

FILE-PDF Adobe ReaderCVE-2018-12803Information Disclosure

CVE-2018-12803


FILE-PDF Adobe ReaderCVE-2018-16033 Out OfBounds

CVE-2018-16033


FILE-PDF Adobe ReaderDC JPEG2000 CVE-2016-7854 Out-of-BoundsRead

CVE-2016-7854


FILE-PDF Adobe ReaderJPEG 2000 chrominancesubsampling memorycorruption attempt

CVE-2016-1009


FILE-PDF Adobe Readermalformed JPEG2000image invalidNumberComponentsout of bounds readattempt

CVE-2016-1078


FILE-PDF Adobe Readermalformed Universal 3Dstream memorycorruption attempt

CVE-2016-1037


FILE-PDF Adobe ReaderPDF memory corruptionattempt

CVE-2017-3017


FILE-PDF Adobe ReaderPDF onEventexecMenuItem use afterfree attempt

CVE-2016-1056



November 2019 of 39

FILE-PDF Adobe Readertrusted JavaScriptfunction security bypassattempt

CVE-2016-1042


FILE-PDF Adobe ReaderUniversal 3D engine outof bounds memoryaccess violation attempt

CVE-2016-1074


FILE-PDF Adobe ReaderXFA API preOpen useafter free attempt

CVE-2016-1049


FILE-PDF Adobe ReaderXFA prePrint use afterfree attempt

CVE-2016-1048


FILE-PDF Foxit ReaderCVE-2018-14304Annotations noteIconUse After Free

CVE-2018-14304


FILE-PDF Microsoft EdgePDF Builder CVE-2017-0023 out of boundsread attemptVulnerability

CVE-2017-0023


FILE-PDF MicrosoftWindows PDF LibraryHeap-based BufferOverflow

CVE-2017-8728


FILE-PDFTRUFFLEHUNTERTALOS-2018-0623 attackattempt

CVE-2018-12852


INDICATOR-OBFUSCATIONMicrosoft Windows OLE

CVE-2014-6332

OperatingSystem andServices

2


November 2019 of 39

CVE-2014-6332Automation ArrayRemote Code ExecutionIII

INDICATOR-OBFUSCATIONMicrosoft Windows OLECVE-2014-6332Automation ArrayRemote Code ExecutionII

CVE-2014-6332


2

MALWARE-OTHERMalwareWorm.Win32.Wcry.ARuntime Detection

MalwareCommunication 2

NETBIOS SMB-DS NTTrans Secondary ParamCount overflow attempt

CVE-2003-0085


1

OS-LINUX Linux KernelUSBIP out of boundswrite attempt

CVE-2016-3955


1

OS-LINUX Red Hat 389Directory Server CVE-2018-14648 do_searchDenial of Service

CVE-2018-14648


1

OS-LINUX Red HatNetworkManager CVE-2018-1111 DHCPCommand Injection

CVE-2018-1111


2

OS-WINDOWS DCERPCNCACN-IP-TCP srvsvcNetrpPathCanonicalizepath canonicalizationstack overflow attempt

CVE-2008-4250


1


November 2019 of 39

OS-WINDOWSMicrosoft WindowsCredSSP MITM CodeExecution

CVE-2018-0886


2

OS-WINDOWSMicrosoft WindowsCVE-2018-0817 IntegerOverflow

CVE-2018-0817


1

OS-WINDOWSMicrosoft WindowsCVE-2018-0877 IntegerOverflow

CVE-2018-0877


1

OS-WINDOWSMicrosoft WindowsCVE-2018-0889 RemoteCode Execution

CVE-2018-0889


1

OS-WINDOWSMicrosoft WindowsCVE-2019-1071Information Disclosure

CVE-2019-1071


1

OS-WINDOWSMicrosoft WindowsCVE-2019-1073Information Disclosure

CVE-2019-1073


2

OS-WINDOWSMicrosoft Windows JETDatabase EnginePhysical Index Out-of-Bounds Read CVE-2019-0575

CVE-2019-0575


2

OS-WINDOWSMicrosoft Windowskernel informationdisclosure attempt

CVE-2019-0840


2


November 2019 of 39

OS-WINDOWSMicrosoft WindowsLSASS AuthenticationDenial of Service

CVE-2017-0004


2

OS-WINDOWSMicrosoft Windows NTDHCP REQUEST clientidentifier overflowattempt

CVE-2004-0899


1

OS-WINDOWSMicrosoft Windows NTDHCP REQUESThostname overflowattempt

CVE-2004-0899


1

OS-WINDOWSMicrosoft WindowsPrint Spooler ServiceArbitrary File Upload

CVE-2010-2729


4

OS-WINDOWSMicrosoft Windows RDPCVE-2019-0708 RemoteCode Execution


1

OS-WINDOWSMicrosoft WindowsRemote DesktopServices CVE-2019-1182Remote Code ExecutionVulnerability

CVE-2019-1182


1

OS-WINDOWSMicrosoft WindowsRemote DesktopServices Remote CodeExecution (DecryptedTraffic)

CVE-2019-0708


1

OS-WINDOWS CVE-2008- Operating 4


November 2019 of 39

Microsoft WindowsServer Service RPCRequest Handling BufferOverflow

4250 System andServices

OS-WINDOWSMicrosoft WindowsSMB Negotiate RequestRemote Code Execution

CVE-2009-3103


1

OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0143 MemoryCorruption

CVE-2017-0143


2

OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0144 MemoryCorruption

CVE-2017-0143


2

OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0147 InformationDisclosure

CVE-2017-0147


2

OS-WINDOWSMicrosoft WindowsSMB Server SMBv1 CVE-2017-0147 InformationDisclosure

CVE-2017-0147


2

OS-WINDOWSMicrosoft WindowsSMB Server SMBv2Smb2UpdateLeaseFileName Code Execution

CVE-2019-0630


1

OS-WINDOWSMicrosoft WindowsSMBv1 identical MID

CVE-2017-0143

OperatingSystem and

2


November 2019 of 39

and FID type confusionattempt CVE-2017-0143

Services

OS-WINDOWSWindowsUniscribe CVE-2017-0014 Remote CodeExecution

CVE-2017-0014


1

PROTOCOL-NNTP articlepost without pathattempt


1

PROTOCOL-NNTP canceloverflow attempt

CVE-2004-0045


2

PROTOCOL-VOIP CiscoUnified Customer VoicePortal denial of serviceattempt

CVE-2018-0086

VoIP andInstant

Messaging2

PROTOCOL-VOIP SIPREGISTER flood attempt

CVE-2014-2154

VoIP andInstant

Messaging3

SCAN O-WINDOWSMicrosoft WindowsSMB Negotiate RequestRemote Code Execution

CVE-2009-3103 Reconnaissance 1

SERVER-APACHE ApacheHTTP Server mod_http2denial of serviceattempt

CVE-2016-8740

Apache HTTPServer 2

SERVER-APACHE ApacheSolr Config API InsecureDeserialization

CVE-2019-0192

Apache HTTPServer 1

SERVER-APACHE ApacheSolr ConfigSets CVE-2018-8010 XML

CVE-2018-8010

Apache HTTPServer 3


November 2019 of 39

External EntityExpansion InformationDisclosure

SERVER-APACHE ApacheSubversionmod_authz_svn COPYMOVE Denial of Service

CVE-2016-2168

Apache HTTPServer 3

SERVER-APACHE ApacheSubversion svnserveinteger overflowattempt

CVE-2015-5259

Apache HTTPServer 1

SERVER-APACHE ApacheTomcat HTTP PUTRemote Code Execution

CVE-2017-12615

Apache HTTPServer 1

SERVER-MAIL IBMDomino IMAP MailboxName Stack BufferOverflow

CVE-2017-1274

Other MailServer 3

SERVER-ORACLE OracleGlassFish ServerThemeServlet DirectoryTraversal

DatabaseManagement

System2

SERVER-OTHER CiscoASA IKEv2 invalidfragment length heapbuffer overflow attempt

CVE-2016-1287

Other WebServer 1

SERVER-OTHER CiscoSoftware ClusterManagement Protocolremote code executionattempt

CVE-2017-3881

Other WebServer 1

SERVER-OTHER CMSMade Simple login.phpRemote Password Reset

CVE-2018-10081

Other WebServer 2


November 2019 of 39

SERVER-OTHER ElasticKibana server.js LocalFile Inclusion

CVE-2018-17246

Web Servicesand

Applications3

SERVER-OTHER GnuTLSProxy CertificateInformation ExtensionMemory Corruption

CVE-2017-5334

Other WebServer 2

SERVER-OTHER IBMWebSphere ApplicationServer Commons-Collections LibraryRemote Code ExecutionII

CVE-2016-0150

Other WebServer 2

SERVER-OTHER Jacksondatabind deserializationremote code executionattempt

CVE-2017-17485

Other WebServer 1

SERVER-OTHERKubernetes API ProxyRequest HandlingPrivilege Escalation

CVE-2018-1002105

Other WebServer 2

SERVER-OTHERKubernetes API Serverbypass attempt

CVE-2018-1002105

Other WebServer 2

SERVER-OTHERMicrosoft WindowsDHCP Server FailoverRemote Code Execution

CVE-2019-0785

Other WebServer 4

SERVER-OTHER PHPgdImageColorMatchheap buffer overflowfile download attempt

CVE-2019-6977

Other WebServer 2

SERVER-OTHER PHPLDAP ldap get dn Denial

CVE-2018-10548

Other WebServer 2


November 2019 of 39

of Service IV

SERVER-OTHERPostgreSQL DatabasePassword Change StackBuffer Overflow

CVE-2019-10164

Other WebServer 2

SERVER-OTHER WesternDigital My Cloudauthentication bypassattempt

CVE-2018-17153

Other WebServer 2

SERVER-OTHER XenProject XAPI UpdateDirectory Traversal CVE-2018-14007

CVE-2018-14007

Other WebServer 2

SERVER-OTHER ZohoManageEngineOpManager BusinessView Background ImageArbitrary File Upload

CVE-2018-18475

Other WebServer 2

SERVER-WEBAPPAlienvault CVE-2016-8582 Unified SecurityManagement andOSSIM gauge.php SQLInjection

CVE-2016-8582

Web Servicesand

Applications2

SERVER-WEBAPPAlienvault OSSIMgauge.php value SQLinjection attempt

CVE-2016-8582

Web Servicesand

Applications2

SERVER-WEBAPP CiscoAdaptive SecurityAppliance Webvpn XMLParser Double Free CVE-2018-0101

CVE-2018-3609

Web Servicesand

Applications2

SERVER-WEBAPP CiscoDDR2200 ADSL gateway CVE-2017- Web Services

and1


November 2019 of 39

command injectionattempt

11588 Applications

SERVER-WEBAPP CiscoPrime Network AnalysisModule commandinjection attempt

CVE-2016-1388

Web Servicesand

Applications2

SERVER-WEBAPP CiscoRV220 platform.cgi SQLinjection attempt

CVE-2015-6319

Web Servicesand

Applications1

SERVER-WEBAPP CiscoUltra ServicesFramework commandinjection attempt

CVE-2017-6714

Web Servicesand

Applications1

SERVER-WEBAPP EMCVMAX3 CVE-2017-4997VASA ProviderUploadConfiguratorDirectory Traversal II

CVE-2017-4997

Web Servicesand

Applications2

SERVER-WEBAPP EMCVMAX3 VASA ProviderUploadConfiguratorDirectory Traversal(Decrypted Traffic)

CVE-2017-4997

Web Servicesand

Applications1

SERVER-WEBAPP GEMDS PulseNET CVE-2018-10611 SpringRemoting HTTPInvokerInsecure Deserialization

CVE-2018-10611

Web Servicesand

Applications2

SERVER-WEBAPP HPEIntelligent ManagementCenter CVE-2017-12559mibFileServlet fileDirectory Traversal

CVE-2017-12559

Web Servicesand

Applications2

SERVER-WEBAPP HPESystem Management CVE-2016- Web Services

and2


November 2019 of 39

Homepage bufferoverflow attempt

4395 Applications

SERVER-WEBAPP KibanaConsole forElasticsearch local fileinclusion attempt

CVE-2018-17246

Other WebServer 2

SERVER-WEBAPPManageEngineApplications ManagerApache CommonsCollections InsecureDeserialization

CVE-2016-9498

Web Servicesand

Applications1

SERVER-WEBAPP NagiosXI Autodiscovery CVE-2019-9164 JobCommand Injection

CVE-2019-9164

Web Servicesand

Applications2

SERVER-WEBAPP NagiosXI CVE-2018-8734database settingsmodification attempt

CVE-2018-8734

Web Servicesand

Applications1

SERVER-WEBAPPNetGain SystemsEnterprise ManagerCVE-2017-16602exec_jsp CommandExecution

CVE-2017-16602

Web Servicesand

Applications2

SERVER-WEBAPPNetgear ProSAFENMS300 fileUpload.doArbitrary File Upload

CVE-2016-1524

Web Servicesand

Applications2

SERVER-WEBAPP Oraclee-Business SuiteHR_UTIL_DISP_WEBSQL injection attempt

CVE-2016-0517

Web Servicesand

Applications3


November 2019 of 39

SERVER-WEBAPP OracleFusion MiddlewareMapViewer arbitraryJSP file upload attempt

CVE-2017-3230

Web Servicesand

Applications1

SERVER-WEBAPP OracleFusion MiddlewareMapViewer directorytraversal attempt

CVE-2017-3230

Web Servicesand

Applications1

SERVER-WEBAPP OracleOpera PropertyManagement SystemProcessInfo commandinjection attempt

CVE-2016-5563

Web Servicesand

Applications3

SERVER-WEBAPP PHPCVE-2019-9022dns_get_record Out ofBounds Read

CVE-2019-9022

Web Servicesand

Applications3

SERVER-WEBAPP PHPunserialize function useafter free memorycorruption vulnerabilityattempt

CVE-2016-7479

Web Servicesand

Applications2

SERVER-WEBAPPPMSotware Simple WebServer connectionheader buffer overflowattempt

Web Servicesand

Applications1

SERVER-WEBAPP QuestNetVault BackupMultipart CVE-2018-1163 RequestchecksessionAuthentication Bypass

CVE-2018-1163

Web Servicesand

Applications3

SERVER-WEBAPP SAPNetWeaver

CVE-2016-2386

Web Servicesand

2


November 2019 of 39

UDDISecurityImplBeanSQL injection attempt

Applications

SERVER-WEBAPPSitecore CMSdefault.aspx directorytraversal attempt CVE-2018-7669

CVE-2018-7669

Web Servicesand

Applications2

SERVER-WEBAPPSymantec MessagingGatewayperformBackupNow.docommand injectionattempt

CVE-2017-6326

Web Servicesand

Applications1

SERVER-WEBAPP TrendMicro Control ManagerCVE-2018-3602AdHocQuery_ProcessorGetProductCategorySQL Injection

CVE-2018-3602

Web Servicesand

Applications2

SERVER-WEBAPP TrendMicro Mobile SecurityCVE-2017-14078Enterpriseeas_agent_unregisterslink_id SQL Injection

CVE-2017-14078

Web Servicesand

Applications2

SERVER-WEBAPP TrendMicro Mobile SecurityEnterpriseeas_agent_sync_client_info slink_id SQLInjection (DecryptedTraffic)

CVE-2017-14078

Web Servicesand

Applications1

SERVER-WEBAPP TrendMicro Mobile SecurityEnterpriseeas_agent_sync_client_info slink_id SQL

Web Servicesand

Applications2


November 2019 of 39

Injection I

SERVER-WEBAPP TrendMicro Mobile SecurityEnterpriseeas_agent_unregisterslink_id SQL Injection(Decrypted Traffic)

CVE-2017-14078

Web Servicesand

Applications2

SERVER-WEBAPP TrendMicroproxy_controller.phpcommand injectionattempt

CVE-2017-11394

Web Servicesand

Applications2

SERVER-WEBAPP TrendMicro Threat DiscoveryApplianceadmin_sys_time.cgicommand injectionattempt

CVE-2016-7547

Web Servicesand

Applications1

SERVER-WEBAPPTRUFFLEHUNTERTALOS-2018-0549 attackattempt

CVE-2018-3867

Web Servicesand

Applications4

SERVER-WEBAPPTRUFFLEHUNTERTALOS-2018-0567 attackattempt

Web Servicesand

Applications4

SERVER-WEBAPPWordPress load-scripts.php Denial ofService

CVE-2018-6389

Web Servicesand

Applications3

SERVER-WEBAPPWP_Query plugin SQLinjection attempt

CVE-2017-5611

Web Servicesand

Applications1

SQL Oracle e-BusinessSuite CVE-2016- Database

Management3


November 2019 of 39

JTF_BISUTILITY_PUBSQL injection attempt

0515 System

SQL Oracle MySQLPluggable Auth denial ofservice attempt

CVE-2017-3599

DatabaseManagement

System2

MalwareCommunication 4


November 2019 of 39

Name: Name of the Signature

CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) providesreference of CVE Identifiers for publicly known information security vulnerabilities.

Category: Class type according to threat

Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical


November 2019 of 39

Important NoticeSophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warrantyof any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes noresponsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in productdesign or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved.

All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate HeadquartersSophos Technologies Pvt. Ltd.

Reg. Office: Sophos House, Saigulshan Complex,

Beside White House, Panchvati Cross Road,

Ahmedabad – 380006, INDIA

Phone: +91-79-66216666

Fax: +91-79-26407640

Web site: www.sophos.com

http://www.sophos.com/

SOPHOS IPS Signature Update Release Notes

Documents

Transcript of SOPHOS IPS Signature Update Release Notes