首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

升级包列表

名称: eoi.unify.allrulepatch.ips.5.6.10.20147.rule 版本:5.6.10.20147
MD5:e9275340a0b44367cd49d66819d6186a 大小:68.53M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20147。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24470]:Weblogic blind XXE漏洞
2. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20147. This package include changed rules:

new rules:
1. threat[24470]:Weblogic blind XXE vulnerability
2. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-20 15:06:21
名称: eoi.unify.allrulepatch.ips.5.6.10.19741.rule 版本:5.6.10.19741
MD5:0993324eb537c20e7e9d44bc73cd0e01 大小:23.52M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19741。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24400]:Dell OpenManage Network Manager 访问控制漏洞(CVE-2018-15768)
2. 攻击[24409]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8391)
3. 攻击[24410]:SuiteCRM 7.10.7 SQL注入
6. 攻击[24413]:Joomla附件模块3.2.6版 Shell上传
7. 攻击[24412]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8390)
8. 攻击[24414]:Webiness Inventory 2.3版任意文件上传(CVE-2019-8404)
9. 攻击[24415]:Jenkins远程执行代码
10. 攻击[24416]:WordPress WP-JS-External-Link-Info url重定向漏洞
11. 攻击[24417]:WinRAR ACE文件处理路径遍历漏洞(CVE-2018-20250)
12. 攻击[24418]:KindEditor编辑器文件上传漏洞
13: 攻击[24419]:Hoteldruid 2.3 - 'nsextt' XSS 注入(CVE-2019-8937)
14. 攻击[24420]:Zoho ManageEngine ServiceDesk Plus(SDP)任意文件上传(CVE-2019-8394)
15. 攻击[24421]:WordPress wp_crop_image目录遍历漏洞(CVE-2019-8943)
16. 攻击[30715]:Joomla PrayerCenter 3.0.4 数据库sql文件泄露
17. 攻击[24423]:Raisecom Technology GPON-ONU HT803G-07 命令注入漏洞
18. 攻击[24425]:Drupal Public Download Count(Pubdlcnt) Modules开放式重定向漏洞
19. 攻击[24424]:PDF Signer 3.0 模板注入漏洞

更新规则:
1. 攻击[60054]:Mozilla/Netscape/Firefox浏览器域名远程溢出漏洞
2. 攻击[62783]:Microsoft Internet Explorer AxDebugger.Document拒绝服务漏洞
3. 攻击[62807]:Apple Safari Feed拒绝服务漏洞
4. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
5. 攻击[62291]:raSMP User-Agent HTTP报文头HTML注入漏洞
6. 攻击[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper远程拒绝服务漏洞
7. 攻击[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter拒绝服务漏洞
8. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
9. 攻击[31654]:Microsoft Outlook Web Access for Exchange Server 邮件字段XSS漏洞(CVE-2008-2247)
10. 攻击[24302]:可疑XML外部实体(XXE)注入攻击尝试
11. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
12. 应用:http-methods

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19741. This package include changed rules:

new rules:
1. threat[24400]:Dell OpenManage Network Manager MySQL Improper Access Control(CVE-2018-15768)
2. threat[24409]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8391)
3. threat[24410]:SuiteCRM 7.10.7 SQL Injection
4. threat[24411]:Master IP CAM 01 3.3.4.2103 Remote Command Execution(CVE-2019-8387)
5. threat[24413]:Joomla Attachments 3.2.6 Shell Upload
6. threat[24412]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8390)
7. threat[24414]:Webiness Inventory 2.3 Arbitrary File Upload(CVE-2019-8404)
8. threat[24415]:Jenkins Remote Code Execution
9. threat[24416]:WordPress WP-JS-External-Link-Info Open Redirection Vulnerability
10. threat[24417]:WinRAR ACE File Handling Path Traversal Vulnerability(CVE-2018-20250)
11. threat[24418]:KindEditor editor file upload vulnerability
12. threat[24419]:Hoteldruid 2.3 - 'nsextt' XSS Injection(CVE-2019-8937)
13. threat[24420]:Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload(CVE-2019-8394)
14. threat[24421]:WordPress wp_crop_image Directory Traversal Vulnerability (CVE-2019-8943)
15. threat[30715]:Joomla PrayerCenter 3.0.4 Database Disclosure Vulnerability
16. threat[24423]:Raisecom Technology GPON-ONU HT803G-07 Command Injection Vulnerability
17. threat[24425]:Drupal Public Download Count(Pubdlcnt) Modules Open Redirection Vulnerability
18. threat[24424]:PDF Signer 3.0 Template Injection Vulnerability

update rules:
1. threat[60054]:Mozilla Products International Domain Name Parsing Buffer Overflow Vulnerability
2. threat[62783]:Microsoft Internet Explorer AxDebugger.Document Denial of Service Vulnerability
3. threat[62807]:Apple Safari Feed Denial of Service Vulnerability
4. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
5. threat[62291]:raSMP User-Agent Parsing Cross-Site Scripting Vulnerability
6. threat[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object DOS Vulnerability
7. threat[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial of Service Vulnerability
8. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
9. threat[31654]:Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability(CVE-2008-2247)
10. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt
11. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
12. app:http-methods


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-04 14:54:04
名称: eoi.unify.allrulepatch.ips.5.6.10.19562.rule 版本:5.6.10.19562
MD5:86a8dc8ebc483ad76bacef4f05e4412e 大小:23.43M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19562。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24382]:HMS Netbiter WS100 3.30.5 XSS漏洞
2. 攻击[24383]:Hucart CMS CSRF漏洞
3. 攻击[41645]:Webshell后门程序Jsp File Browser访问控制
4. 攻击[41646]:零魂php一句话木马客户端上传Webshell后门程序
5. 攻击[41547]:JSP Webshell 后门访问
6. 攻击[41647]:Webshell后门程序phpspy2010访问控制
7. 攻击[24384]:Mitel Connect ONSITE和Mitel ST conferencing远程命令执行漏洞(CVE-2018-5782)
8. 攻击[24386]:doorGets CMS 7.0 任意文件下载漏洞

更新规则:
1. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞
2. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19562. This package include changed rules:

new rules:
1. threat[24382]:HMS Netbiter WS100 3.30.5 Cross Site Scripting
2. threat[24383]:Hucart CMS Cross Site Request Forgery
3. threat[41645]:Webshell Backdoor Jsp File Browser Access and Control
4. threat[41646]:Zerosoul Webshell Uploader Uploading Webshell Backdoor Programs
5. threat[41547]:JSP Webshell Backdoor Access
6. threat[41647]:Webshell Backdoor phpspy2010 Access and Control
7. threat[24384]:Mitel Connect ONSITE and Mitel ST conferencing Remote Code Execution(CVE-2018-5782)
8. threat[24386]:doorGets CMS 7.0 Arbitrary File Download Vulnerability

update rules:
1. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability
2. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate, please update on a suitable time.

发布时间:2019-01-29 17:08:50
名称: eoi.unify.allrulepatch.ips.5.6.10.18860.rule 版本:5.6.10.18860
MD5:c9bef0b1e0ca6f7bad2739f7a56195e8 大小:22.93M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18860。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24316]:Quest KACE 系统管理 run_report命令注入
2. 攻击[24317]:LIVE555 RTSP服务器缓冲区溢出漏洞(CVE-2018-4013)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18860. This package include changed rules:

new rules:
1. threat[24316]:Quest KACE Systems Management run_report Command Injection
2. threat[24317]:LIVE555 RTSP Server Buffer Overflow Vulnerability(CVE-2018-4013)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-02 15:26:59
名称: eoi.unify.allrulepatch.ips.5.6.10.18693.rule 版本:5.6.10.18693
MD5:87994da9fda861b432db0b3b4fc7ee52 大小:22.72M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18693。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[41619]:恶意软件Xbash向C2服务器上传扫描结果信息
3. 攻击[41618]:恶意软件Xbash C2服务器通信

更新规则:
1.攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18693. This package include changed rules:

new rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[41619]:Malware Xbash uploads scan result information to C2 server
3. threat[41618]:Malware Xbash Communicating with C2 Server


update rules:
1.threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-30 23:18:25
名称: eoi.unify.allrulepatch.ips.5.6.10.18479.rule 版本:5.6.10.18479
MD5:34496185ed375c18a5b2f6f4356945f4 大小:22.48M
描述:

描述:
本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18479。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24296]:Adobe Acrobat EMF EmfPlusDrawLines计数堆缓冲区溢出漏洞(CVE-2018-5067)
2. 攻击[24297]:Node.js nghttp2 nghttp2_frame_altsvc_free 空指针引用(CVE-2018-1000168)
3. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)

更新规则:
1. 攻击[24294]:Apache Solr XML 外部实体注入漏洞(CVE-2018-8010,CVE-2018-8026)

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18479. This package include changed rules:

new rules:
1. threat[24296]:Adobe Acrobat EMF EmfPlusDrawLines Count Heap Buffer Overflow Vulnerability(CVE-2018-5067)
2. threat[24297]:Node.js Foundation Node.js nghttp2 nghttp2_frame_altsvc_free Null Pointer Dereference(CVE-2018-1000168)
3. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)

update rules:
1. threat[24294]:Apache Solr ConfigSets XML External Entity Expansion Information Disclosure(CVE-2018-8010,CVE-2018-8026)

发布时间:2018-08-24 11:17:55