首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

统一威胁监测探针(UTS)入侵威胁管理升级包列表

名称: eoi.unify.allrulepatch.uts.5.6.10.22154.rule 版本:5.6.10.22154
MD5:36ba9a80ff309eb6bde5598607f2963d 大小:25.45M
描述:

本升级包为统一威胁探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22154。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796)

发布时间:2020-03-13 20:53:18
名称: eoi.unify.allrulepatch.uts.5.6.10.22137.rule 版本:5.6.10.22137
MD5:5d8c72a82f52d82686a15744b24160a7 大小:25.44M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22137。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10503]:Siemens Desigo PX 6.00 拒绝服务漏洞(CVE-2019-13927)
2. 攻击[30734]:东阳媒体DM-AP240T / W无线接入点远程配置泄漏
3. 攻击[24746]:eWON Flexy 13.0路由器身份验证绕过漏洞
4. 攻击[49039]:恶意程序LiquorBot网络通信
5. 攻击[41733]:恶意程序Oski Stealer网络通信
6. 攻击[30735]:iSee Hybrid QDVR WH-H4 1.03R / 2.0.0.P(get_jpeg)流泄漏漏洞
7. 攻击[24747]:LibreNMS Collected 命令注入漏洞(CVE-2019-10669)
8. 攻击[24748]:OctoberCMS上传保护绕过代码执行漏洞(CVE-2017-1000119)
9. 攻击[24750]:FreeSWITCH 1.10.1 命令执行漏洞
10. 攻击[41734]:Qakbot僵尸网络恶意行为通信
11. 攻击[24751]:TP-Link TL-WR849N 认证绕过漏洞(CVE-2019-19143)
12. 攻击[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB 任意代码执行漏洞
13. 攻击[24753]:Linear eMerge E3 1.00-06 目录遍历漏洞(CVE-2019-7254)
14. 攻击[24754]:UniSharp Laravel File Manager 2.0.0 任意文件读取漏洞
15. 攻击[24755]:RICOH Aficio SP 5200S HTML注入漏洞
16. 攻击[24756]:Google Chrome 80 JSCreate类型混淆漏洞(CVE-2020-6418)
17. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞(CVE-2020-2555)
18. 攻击[24758]:ThinkCMF框架任意文件包含漏洞

更新规则:
1. 攻击[23833]:phpMyAdmin远程代码执行漏洞(CVE-2016-5734)
2. 攻击[24749]:医院管理系统4.0持久性跨站点脚本攻击漏洞(CVE-2020-5191)
3. 攻击[24741]:D-Link DIR-859未经身份验证的远程命令执行(CVE-2019-17621)

发布时间:2020-03-12 20:11:14
名称: eoi.unify.allrulepatch.ips.5.6.10.22014.rule 版本:5.6.10.22014
MD5:cf076fc0a3981e24afe3fe6ab267530d 大小:25.39M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22014。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24721]:Axis SSI 远程代码执行漏洞
2. 攻击[24720]:Microsoft Office SharePoint存储型跨站脚本攻击(CVE-2019-1070)
3. 攻击[24722]:FLIR Thermal Camera FC-S/PT 命令注入漏洞
4. 攻击[24724]:D-Link DGS-1250 头部注入漏洞
5. 攻击[30733]:LabVantage 8.3 信息泄露漏洞
6. 攻击[24725]:jackson-databind JNDI注入远程代码执行漏洞(CVE-2020-8840)
7. 攻击[24708]:Prima Access Control 2.3.35经python脚本上传漏洞(CVE-2019-9189)
8. 攻击[24709]:IBM RICOH 6400 打印机代码注入漏洞
9. 攻击[24710]:OpenEMR New.php 命令注入漏洞(CVE-2019-3968)
10. 攻击[24713]:GilaCMS 认证用户本地文件包含漏洞(CVE-2019-16679)
11. 攻击[24712]:Netcore NW710 登录权限绕过
12. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞
13. 攻击[24715]:FusionPBX exec.php 文件命令执行漏洞
14. 攻击[24716]:Online Course Registration 2.0 远程代码执行漏洞
15. 攻击[24717]:EyesOfNetwork 5.3 SQL注入漏洞(CVE-2020-8656)
16. 攻击[24718]:EyesOfNetwork 5.3 远程代码执行漏洞(CVE-2020-8654)
17. 攻击[24726]:Cacti 1.2.8 任意os命令执行漏洞(CVE-2020-8813)
18. 攻击[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota 任意文件上传漏洞
19. 攻击[24728]:Avaya Aura Communication Manager 5.2 远程代码执行漏洞
20. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688)

更新规则:
1. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
2. 攻击[24702]:LG SuperSign CMS 2.5 远程代码执行漏洞(CVE-2018-17173)
3. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
4. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞(RCE)(CVE-2017-12629)
5. 攻击[24599]:RConfig v3.9.2未授权RCE漏洞
6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663)
7. 攻击[41604]:恶意程序windows/Ramnit_a网络通信
8. 攻击[30732]:HPE智能管理中心dbman命令信息泄露(CVE-2019-5392)


发布时间:2020-02-27 14:05:44
名称: eoi.unify.allrulepatch.uts.5.6.10.21979.rule 版本:5.6.10.21979
MD5:dd3a7cfecd968786dc3cf4f33cb6be1b 大小:25.38M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21797。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24719]:Apache Tomcat AJP协议文件包含漏洞(CVE-2020-1938)

发布时间:2020-02-21 19:28:04
名称: eoi.unify.allrulepatch.ips.5.6.10.21797.rule 版本:5.6.10.21797
MD5:c72d7fd39d01c2b64fcc801c666faba8 大小:25.30M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21797。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24660]:Netgear R6400远程代码执行漏洞(CVE-2016-6277)
2. 攻击[24661]:SonicWall Global Management System 任意代码执行漏洞(CVE-2018-9866)
3. 攻击[24662]:Technicolor调制解调器命令注入漏洞(CVE-2017-14127)(CVE-2019-18396)
4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551)

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞

发布时间:2020-01-16 19:28:03
名称: eoi.unify.allrulepatch.ips.5.6.10.21411.rule 版本:5.6.10.21411
MD5:dfd2ea5ae7cd529b377fee17306bc6de 大小:25.24M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21411。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24602]:OpenEMR facility_admin.php跨站脚本漏洞(CVE-2019-8368)
2. 攻击[24603]:YouPHPTube远程代码执行漏洞(CVE-2019-16124)
3. 攻击[24604]:Windows NTLM认证篡改漏洞(CVE-2019-1166)
4. 攻击[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL注入漏洞
5. 攻击[24607]:OpenEMR C_Document.class.php view_action doc_id 跨站脚本攻击(CVE-2019-3964)
6. 攻击[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet SQL注入
7. 攻击[24609]:Citrix StoreFront Server 7.15-XML外部实体注入
8. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
9. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
10. 攻击[41723]:APT组织"黑格莎"攻击活动

更新规则:
1. 攻击[49013]:挖矿程序连接矿池服务器通信

发布时间:2019-11-19 09:54:43
名称: eoi.unify.allrulepatch.ips.5.6.10.21357.rule 版本:5.6.10.21357
MD5:4ed1bf4de75d23b97b65138c30ca0f7c 大小:25.22M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上和V2.0R00F01之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21357。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24599]:RConfig未授权RCE漏洞
2. 攻击[24598]:Apache Solr远程代码执行漏洞
3. 攻击[24600]:rConfig v3.9.2 远程代码执行漏洞
4. 攻击[24597]:Joomla 远程代码执行漏洞
5. 攻击[24601]:ThinkcmfX php代码注入漏洞

更新规则:
1. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞(RCE)(CVE-2017-12629)
2. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193)
3. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)


发布时间:2019-11-07 15:46:11
名称: eoi.unify.allrulepatch.ips.5.6.10.21114.rule 版本:5.6.10.21114
MD5:2fe4426263aac37a15d859f748ac0b45 大小:24.58M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21114。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24567]:泛微e-cology OA系统远程代码执行漏洞

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21114. This package include changed rules:


new rules:
1. threat[24567]:Weaver e-cology OA System Remote Code Execution Vulnerability

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-25 09:50:07
名称: eoi.unify.allrulepatch.ips.5.6.10.20818.rule 版本:5.6.10.20818
MD5:1dde7be41a9f7640f0c8fa6a58a40c88 大小:24.48M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20818。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24536]:HPE智能管理中心TopoDebugServlet不安全反序列化
2. 攻击[24537]:Firefly CMS 1.0 远程命令执行漏洞
3. 攻击[24538]:Xstream反序列化远程代码执行漏洞(CVE-2013-7285)(CVE-2019-10173)

更新规则:
1. 攻击[24392]:LAquis SCADA Web服务器acompanhamentotela PAGINA命令注入(CVE-2018-18992)
2. 攻击[68655]:可疑Webshell后门访问控制
3. 攻击[68654]:可疑Webshell脚本文件上传行为
4. 攻击[40958]:木马后门程序Chopper Webshell检测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20818. This package include changed rules:

new rules:
1. threat[24536]:HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization
2. threat[24537]:Firefly CMS 1.0 Remote Command Execution vulnerability
3. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285)(CVE-2019-10173)

update rules:
1. threat[24392]:LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection(CVE-2018-18992)
2. threat[68655]:Suspicious Webshell Backdoor Access and Control
3. threat[68654]:Suspicious Webshell Script Files Upload Behavior
4. threat[40958]:Backdoor/Trojan Chopper Webshell Detection

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-15 10:15:01
名称: eoi.unify.allrulepatch.ips.5.6.10.20655.rule 版本:5.6.10.20655
MD5:384fa57d9e18d6cde153d79e841359fd 大小:24.50M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20655。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24522]:Microsoft Office Outlook 安全绕过漏洞(CVE-2017-11774)
2. 攻击[30723]:Sahi Pro 8.x目录遍历漏洞(CVE-2019-13063)
3. 攻击[41700]:Sqlmap扫描攻击探测
4. 攻击[41701]:Sqlmap Tamper space2blank 模块扫描攻击探测
5. 攻击[41702]:Nmap扫描攻击探测
6. 攻击[41703]:DirBuster扫描攻击探测
7. 攻击[49037]:GandCrab勒索软件请求恶意域名

更新规则:
1. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
2. 攻击[41187]:Acunetix Web Vulnerability Scanner扫描探测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20655. This package include changed rules:

new rules:
1. threat[24522]:Microsoft Office Outlook security bypass vulnerability (CVE-2017-11774)
2. threat[30723]:Sahi Pro 8.x Directory Traversal Vulnerability(CVE-2019-13063)
3. threat[41700]:Sqlmap scan attack detection
4. threat[41701]:Sqlmap Tamper space2blank module scan attack detection
5. threat[41702]:Nmap scan attack detection
6. threat[41703]:DirBuster scanning attack detection
7. threat[49037]:Ransomware GandCrab Query Malicious Domain

update rules:
1. threat[49014]:Mining program query DNS mine pool server domain name
2. threat[41187]:Acunetix Web Vulnerability Scanner Detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-10 11:16:42
名称: eoi.unify.allrulepatch.ips.5.6.10.20624.rule 版本:5.6.10.20624
MD5:4c8ef910e875d7b8dfdd5943ab0df20d 大小:24.46M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20624。

新增规则:
1. 攻击[24516]:BlogEngine.NET XML注入漏洞(CVE-2019-10718)
2. 攻击[24517]:Hosting Controller HC10无效指针写入漏洞(CVE-2019-12323)
3. 攻击[24518]:OMRON CX-One CX-Protocol CMessage 类型混淆漏洞
4. 攻击[24520]:Spring Security OAuth开放重定向漏洞(CVE-2019-3778)(CVE-2019-11269)
5. 攻击[49036]:APT组织索伦之眼(ProjectSauron)攻击


注意事项:
1. 该升级包升级后引擎自动重启生效.

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20624.

new rules:
1. threat[24516]:BlogEngine.NET XML Injection Vulnerability(CVE-2019-10718)
2. threat[24517]:Hosting Controller HC10 Remote Invalid Pointer Write Vulnerability(CVE-2019-12323)
3. threat[24518]:OMRON CX-One CX-Protocol CMessage Type Confusion vulnerability
4. threat[24520]:Spring Security OAuth Open Redirector Vulnerability(CVE-2019-3778)(CVE-2019-11269)
5. threat[49036]:APT organization ProjectSauron attack

Announcements:
1. After update the package, the engine will restart automatically.

发布时间:2019-07-03 17:05:27
名称: eoi.unify.allrulepatch.ips.5.6.10.20597.rule 版本:5.6.10.20597
MD5:842dceb9d106321ec8331c06c88ec7e6 大小:24.47M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20597。

新增规则:
1. 攻击[24512]:Koha Library Software 18.1106000 重定向攻击
2. 攻击[24513]:Windows MS17-010系列漏洞扫描攻击
3. 攻击[24514]:IBM Websphere Application Server反序列化远程代码执行漏洞(CVE-2019-4279)

更新规则:
1. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
2. 攻击[22696]:Netgear DGN1000B setup.cgi 远程命令注入漏洞
3. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效.

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20557.

new rules:
1. threat[24512]:Koha Library Software 18.1106000 Open Redirection
2. threat[24513]:Windows MS17-010 Vulnerabilities Scanning
3. threat[24514]:IBM Websphere Application Server Untrusted Data Deserialization Remote Code Execution(CVE-2019-4279)

update rules:
1. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
2. threat[22696]:Netgear DGN1000B setup.cgi Remote Command Execution
3. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically.

发布时间:2019-06-26 17:34:47
名称: eoi.unify.allrulepatch.ips.5.6.10.20557.rule 版本:5.6.10.20557
MD5:6147338fd184e71a8f86cc420ff76b3a 大小:24.49M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20557。该升级包新增/改进的规则有:

更新规则:
1. 攻击[50519]:远程控制工具NetWire连接
2. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20557. This package include changed rules:

update rules:
1. threat[50519]:Remote Control tool NetWire
2. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-25 12:43:06
名称: eoi.unify.allrulepatch.ips.5.6.10.20554.rule 版本:5.6.10.20554
MD5:d287ed3fa1ea77398b2f3614c51625ad 大小:24.48M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20554。该升级包新增/改进的规则有:
新增规则:
1. 攻击[10494]:Advantech WebAccess节点webvrpcs uninstallwa拒绝服务漏洞(CVE-2019-6554)
2. 攻击[24509]:LAquis SCADA Web Server relatorioindividual TAG参数代码注入漏洞
3. 攻击[24511]:Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL注入漏洞(CVE-2019-11469)

更新规则:
1. 攻击[24437]:OpenMRS webservices.rest不安全对象反序列化漏洞(CVE-2018-19276)
2. 攻击[30709]:施耐德派尔高Sarix Pro网络摄像头信息泄露漏洞
3. 攻击[24465]:confluence远程代码执行漏洞(CVE-2019-3396)
4. 攻击[41489]:后门程序Doublepulsar通信
5. 攻击[41529]:木马后门程序熊宝宝远控网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20554. This package include changed rules:
new rules:
1. threat[10494]:Advantech WebAccess Node webvrpcs uninstallwa Denial of Service Vulnerability(CVE-2019-6554)
2. threat[24509]:LAquis SCADA Web Server relatorioindividual TAG Code Injection vulnerability
3. threat[24511]:Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL Injection Vulnerability(CVE-2019-11469)

update rules:
1. threat[24437]:OpenMRS webservices.rest Insecure Object Deserialization Vulnerabilities(CVE-2018-19276)
2. threat[30709]:Schneider Pelco Sarix Pro Webcam Information Disclosure Vulnerability
3. threat[24465]:Confluence remote code execution vulnerability (cve-2019-3396)
4. threat[41489]:Backdoor Doublepulsar Communication
5. threat[41529]:Trojan/Backdoor XiongBaoBao Network Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-21 22:48:46
名称: eoi.unify.allrulepatch.ips.5.6.10.20521.rule 版本:5.6.10.20521
MD5:17a7dbb9865ec543a1884c46614eac64 大小:24.35M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20521。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24508]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 攻击[30722]:Coremail 配置信息泄漏漏洞
4. 攻击[23589]:Mongodb未授权访问漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20521. This package include changed rules:

new rules:
1. threat[24508]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. threat[30722]:Coremail Configuration Information Disclosure Vulnerability
4. threat[23589]:Mongodb Unauthorized Access Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-17 22:02:54
名称: eoi.unify.allrulepatch.ips.5.6.10.20507.rule 版本:5.6.10.20507
MD5:035acba8deb999319c3968e800f14b11 大小:24.36M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20507。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24504]:基于URI的SQL注入
2. 攻击[24505]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)
3. 攻击[24506]:Coremail论客邮件系统信息泄露漏洞
4. 攻击[41696]:冰蝎加密PHP Webshell文件上传
5. 攻击[41697]:冰蝎加密ASP Webshell文件上传
6. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
7. 攻击[41699]:冰蝎加密JSP Webshell文件上传
8. 攻击[24507]:http请求uri/referer字段目录遍历

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[23597]:Redis未授权访问远程获得服务器权限漏洞
3. 攻击[63682]:HTTP SQL注入尝试类型三
4. 攻击[50563]:Elasticsearch服务敏感路径访问
5. 攻击[68654]:可疑Webshell脚本文件上传行为


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20507. This package include changed rules:

new rules:
1. threat[24504]:URI-based SQL injection
2. threat[24505]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)
3. threat[24506]:Coremail Mail System Information Disclosure Vulnerability
4. threat[41696]:Behinder Encrypted PHP Webshell File Upload
5. threat[41697]:Behinder Encrypted ASP Webshell File Upload
6. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
7. threat[41699]:Behinder Encrypted JSP Webshell File Upload
8. threat[24507]:Http request uri/referer field directory traversal

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[23597]:Redis Unauthorized Access obtain Remote server permission Vulnerability
3. threat[63682]:HTTP SQL Injection Attempt Type Three
4. threat[50563]:Elasticsearch service sensitive path access
5. threat[68654]:Suspicious Webshell Script Files Upload Behavior


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-14 22:20:51
名称: eoi.unify.allrulepatch.ips.5.6.10.20483.rule 版本:5.6.10.20483
MD5:08111d35fce272f5fd54da9ed71d9e94 大小:24.35M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20483。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49034]:恶意挖矿病毒Xmrig DNS请求连接
2. 攻击[24503]:Ecshop 2.x/3.x SQL注入/任意代码执行漏洞

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24236]:Asterisk 越界写漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.






NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20483. This package include changed rules:

new rules:
1. threat[49034]:Malware Mining Virus Xmrig DNS Request Connection
2. threat[24503]:Ecshop 2.x/3.x SQL Injection/Arbitary Code Execution Vulnerability

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24236]:Asterisk out-of-bounds write vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-14 09:01:09
名称: eoi.unify.allrulepatch.ips.5.6.10.20441.rule 版本:5.6.10.20441
MD5:3aba5e2bc21389898fd2c0407553244b 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20441。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24502]:反射型XSS注入攻击

更新规则:
1. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
2. 攻击[22532]:WordPress plugin Foxypress uploadify.php任意代码执行漏洞
3. 攻击[23705]:WordPress Foxypress插件uploadify.php 任意文件上传漏洞
4. 攻击[23589]:Mongodb未授权访问漏洞
5. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20441. This package include changed rules:


new rules:
1. threat[24502]:Reflective XSS injection attack

update rules:
1. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
2. threat[22532]:WordPress plugin Foxypress uploadify.php Arbitrary Code Execution Vulnerability
3. threat[23705]:WordPress Foxypress XActive uploadify.php Arbitrary File Upload Vulnerability
4. threat[23589]:Mongodb Unauthorized Access Vulnerability
5. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-06 15:54:07
名称: eoi.unify.allrulepatch.ips.5.6.10.20340.rule 版本:5.6.10.20340
MD5:275fd2c2003c8f2a5aa6118223c0162a 大小:24.33M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变5.6.10.20340。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24488]:SOCA访问控制系统180612跨站点脚本攻击
2. 攻击[41689]:Linux挖矿程序kworkerds下载恶意文件
3. 攻击[24489]:微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)

更新规则:
1. 攻击[61534]:Webmin /Usermin信息泄露漏洞
2. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20340. This package include changed rules:

new rules:
1. threat[24488]:SOCA Access Control System 180612 Cross Site Scripting
2. threat[41689]:Linux mining program kworkerds downloads malicious files
3. threat[24489]:Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

update rules:
1. threat[61534]:Webmin Arbitrary File Disclosure Vulnerability
2. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-23 09:46:56
名称: eoi.unify.allrulepatch.ips.5.6.10.20205.rule 版本:5.6.10.20205
MD5:5f34cf08a84d457b3ade02f91642437e 大小:22.59M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20205。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24476]:Sierra Wireless AirLink ES450 ACEManager template_load.cgi信息披露(CVE-2018-4067)
2. 攻击[24477]:JioFi 4G M2S 1.0.2拒绝服务(CVE-2019-7439)

更新规则:
1. 攻击[41655]:"驱动人生"下载器木马通信
2. 攻击[41680]:APT34组织黑客攻击工具检测
3. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞(CVE-2019-2725)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20205. This package include changed rules:

new rules:
1. threat[24476]:Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure(CVE-2018-4067)
2. threat[24477]:JioFi 4G M2S 1.0.2 Denial Of Service(CVE-2019-7439)

update rules:
1. threat[41655]:"Driver Talent" Downloader Trojan Communication
2. threat[41680]:APT34 Organization Hacking Tool Detection
3. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate, please update on a suitable time.

发布时间:2019-04-30 14:33:07
名称: eoi.unify.allrulepatch.ips.5.6.10.20147.rule 版本:5.6.10.20147
MD5:e9275340a0b44367cd49d66819d6186a 大小:68.53M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20147。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24470]:Weblogic blind XXE漏洞
2. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20147. This package include changed rules:

new rules:
1. threat[24470]:Weblogic blind XXE vulnerability
2. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-20 15:06:21
名称: eoi.unify.allrulepatch.ips.5.6.10.19741.rule 版本:5.6.10.19741
MD5:0993324eb537c20e7e9d44bc73cd0e01 大小:23.52M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19741。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24400]:Dell OpenManage Network Manager 访问控制漏洞(CVE-2018-15768)
2. 攻击[24409]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8391)
3. 攻击[24410]:SuiteCRM 7.10.7 SQL注入
6. 攻击[24413]:Joomla附件模块3.2.6版 Shell上传
7. 攻击[24412]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8390)
8. 攻击[24414]:Webiness Inventory 2.3版任意文件上传(CVE-2019-8404)
9. 攻击[24415]:Jenkins远程执行代码
10. 攻击[24416]:WordPress WP-JS-External-Link-Info url重定向漏洞
11. 攻击[24417]:WinRAR ACE文件处理路径遍历漏洞(CVE-2018-20250)
12. 攻击[24418]:KindEditor编辑器文件上传漏洞
13: 攻击[24419]:Hoteldruid 2.3 - 'nsextt' XSS 注入(CVE-2019-8937)
14. 攻击[24420]:Zoho ManageEngine ServiceDesk Plus(SDP)任意文件上传(CVE-2019-8394)
15. 攻击[24421]:WordPress wp_crop_image目录遍历漏洞(CVE-2019-8943)
16. 攻击[30715]:Joomla PrayerCenter 3.0.4 数据库sql文件泄露
17. 攻击[24423]:Raisecom Technology GPON-ONU HT803G-07 命令注入漏洞
18. 攻击[24425]:Drupal Public Download Count(Pubdlcnt) Modules开放式重定向漏洞
19. 攻击[24424]:PDF Signer 3.0 模板注入漏洞

更新规则:
1. 攻击[60054]:Mozilla/Netscape/Firefox浏览器域名远程溢出漏洞
2. 攻击[62783]:Microsoft Internet Explorer AxDebugger.Document拒绝服务漏洞
3. 攻击[62807]:Apple Safari Feed拒绝服务漏洞
4. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
5. 攻击[62291]:raSMP User-Agent HTTP报文头HTML注入漏洞
6. 攻击[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper远程拒绝服务漏洞
7. 攻击[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter拒绝服务漏洞
8. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
9. 攻击[31654]:Microsoft Outlook Web Access for Exchange Server 邮件字段XSS漏洞(CVE-2008-2247)
10. 攻击[24302]:可疑XML外部实体(XXE)注入攻击尝试
11. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
12. 应用:http-methods

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19741. This package include changed rules:

new rules:
1. threat[24400]:Dell OpenManage Network Manager MySQL Improper Access Control(CVE-2018-15768)
2. threat[24409]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8391)
3. threat[24410]:SuiteCRM 7.10.7 SQL Injection
4. threat[24411]:Master IP CAM 01 3.3.4.2103 Remote Command Execution(CVE-2019-8387)
5. threat[24413]:Joomla Attachments 3.2.6 Shell Upload
6. threat[24412]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8390)
7. threat[24414]:Webiness Inventory 2.3 Arbitrary File Upload(CVE-2019-8404)
8. threat[24415]:Jenkins Remote Code Execution
9. threat[24416]:WordPress WP-JS-External-Link-Info Open Redirection Vulnerability
10. threat[24417]:WinRAR ACE File Handling Path Traversal Vulnerability(CVE-2018-20250)
11. threat[24418]:KindEditor editor file upload vulnerability
12. threat[24419]:Hoteldruid 2.3 - 'nsextt' XSS Injection(CVE-2019-8937)
13. threat[24420]:Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload(CVE-2019-8394)
14. threat[24421]:WordPress wp_crop_image Directory Traversal Vulnerability (CVE-2019-8943)
15. threat[30715]:Joomla PrayerCenter 3.0.4 Database Disclosure Vulnerability
16. threat[24423]:Raisecom Technology GPON-ONU HT803G-07 Command Injection Vulnerability
17. threat[24425]:Drupal Public Download Count(Pubdlcnt) Modules Open Redirection Vulnerability
18. threat[24424]:PDF Signer 3.0 Template Injection Vulnerability

update rules:
1. threat[60054]:Mozilla Products International Domain Name Parsing Buffer Overflow Vulnerability
2. threat[62783]:Microsoft Internet Explorer AxDebugger.Document Denial of Service Vulnerability
3. threat[62807]:Apple Safari Feed Denial of Service Vulnerability
4. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
5. threat[62291]:raSMP User-Agent Parsing Cross-Site Scripting Vulnerability
6. threat[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object DOS Vulnerability
7. threat[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial of Service Vulnerability
8. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
9. threat[31654]:Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability(CVE-2008-2247)
10. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt
11. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
12. app:http-methods


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-04 14:54:04
名称: eoi.unify.allrulepatch.ips.5.6.10.19562.rule 版本:5.6.10.19562
MD5:86a8dc8ebc483ad76bacef4f05e4412e 大小:23.43M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19562。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24382]:HMS Netbiter WS100 3.30.5 XSS漏洞
2. 攻击[24383]:Hucart CMS CSRF漏洞
3. 攻击[41645]:Webshell后门程序Jsp File Browser访问控制
4. 攻击[41646]:零魂php一句话木马客户端上传Webshell后门程序
5. 攻击[41547]:JSP Webshell 后门访问
6. 攻击[41647]:Webshell后门程序phpspy2010访问控制
7. 攻击[24384]:Mitel Connect ONSITE和Mitel ST conferencing远程命令执行漏洞(CVE-2018-5782)
8. 攻击[24386]:doorGets CMS 7.0 任意文件下载漏洞

更新规则:
1. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞
2. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19562. This package include changed rules:

new rules:
1. threat[24382]:HMS Netbiter WS100 3.30.5 Cross Site Scripting
2. threat[24383]:Hucart CMS Cross Site Request Forgery
3. threat[41645]:Webshell Backdoor Jsp File Browser Access and Control
4. threat[41646]:Zerosoul Webshell Uploader Uploading Webshell Backdoor Programs
5. threat[41547]:JSP Webshell Backdoor Access
6. threat[41647]:Webshell Backdoor phpspy2010 Access and Control
7. threat[24384]:Mitel Connect ONSITE and Mitel ST conferencing Remote Code Execution(CVE-2018-5782)
8. threat[24386]:doorGets CMS 7.0 Arbitrary File Download Vulnerability

update rules:
1. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability
2. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate, please update on a suitable time.

发布时间:2019-01-29 17:08:50
名称: eoi.unify.allrulepatch.ips.5.6.10.18860.rule 版本:5.6.10.18860
MD5:c9bef0b1e0ca6f7bad2739f7a56195e8 大小:22.93M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18860。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24316]:Quest KACE 系统管理 run_report命令注入
2. 攻击[24317]:LIVE555 RTSP服务器缓冲区溢出漏洞(CVE-2018-4013)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18860. This package include changed rules:

new rules:
1. threat[24316]:Quest KACE Systems Management run_report Command Injection
2. threat[24317]:LIVE555 RTSP Server Buffer Overflow Vulnerability(CVE-2018-4013)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-02 15:26:59
名称: eoi.unify.allrulepatch.ips.5.6.10.18693.rule 版本:5.6.10.18693
MD5:87994da9fda861b432db0b3b4fc7ee52 大小:22.72M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18693。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[41619]:恶意软件Xbash向C2服务器上传扫描结果信息
3. 攻击[41618]:恶意软件Xbash C2服务器通信

更新规则:
1.攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18693. This package include changed rules:

new rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[41619]:Malware Xbash uploads scan result information to C2 server
3. threat[41618]:Malware Xbash Communicating with C2 Server


update rules:
1.threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-30 23:18:25
名称: eoi.unify.allrulepatch.ips.5.6.10.18479.rule 版本:5.6.10.18479
MD5:34496185ed375c18a5b2f6f4356945f4 大小:22.48M
描述:

描述:
本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18479。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24296]:Adobe Acrobat EMF EmfPlusDrawLines计数堆缓冲区溢出漏洞(CVE-2018-5067)
2. 攻击[24297]:Node.js nghttp2 nghttp2_frame_altsvc_free 空指针引用(CVE-2018-1000168)
3. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)

更新规则:
1. 攻击[24294]:Apache Solr XML 外部实体注入漏洞(CVE-2018-8010,CVE-2018-8026)

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18479. This package include changed rules:

new rules:
1. threat[24296]:Adobe Acrobat EMF EmfPlusDrawLines Count Heap Buffer Overflow Vulnerability(CVE-2018-5067)
2. threat[24297]:Node.js Foundation Node.js nghttp2 nghttp2_frame_altsvc_free Null Pointer Dereference(CVE-2018-1000168)
3. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)

update rules:
1. threat[24294]:Apache Solr ConfigSets XML External Entity Expansion Information Disclosure(CVE-2018-8010,CVE-2018-8026)

发布时间:2018-08-24 11:17:55