首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

网络入侵检测系统(IDS)规则5.6.11升级包列表

名称: eoi.unify.allrulepatch.ips.5.6.11.29063.rule 版本:5.6.11.29063
MD5:a6686cf2a37c369d5db983def5feb7f1 大小:29.69M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.29063。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25828]:MyBB 代码注入漏洞 (CVE-2022-24734)
2. 攻击[25827]:泛微E-Office do_excel.php 任意文件写入漏洞
3. 攻击[25829]:禅道命令执行漏洞

更新规则:
1. 攻击[25252]:哥斯拉Godzilla JAVA_AES_BASE64 Webshell 连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.29063. This package include changed rules:

new rules:
1. threat[25828]:MyBB Code Injection Vulnerability (CVE-2022-24734)
2. threat[25827]:Panmicro E-Office do_excel.php Arbitrary File Writing Vulnerability
3. threat[25829]:ZenTao Command Execution Vulnerability

update rules:
1. threat[25252]:Godzilla JAVA_AES_BASE64 Webshell Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2023-01-26 23:12:06
名称: eoi.unify.allrulepatch.ips.5.6.11.29047.rule 版本:5.6.11.29047
MD5:2f2ee856308e33a39fb4baa82157d175 大小:29.68M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.29047。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25824]:D-Link DIR-823G 命令注入漏洞(CVE-2022-44808)
2. 攻击[41936]:哥斯拉Godzilla Webshell JSP脚本下载
3. 攻击[25825]:GitLab远程代码执行漏洞(CVE-2022-2992)
4. 攻击[25826]:泛微E-cology uploaderOperate.jsp 文件上传漏洞
5. 攻击[41935]:Phpspy Webshell 下载

更新规则:
1. 攻击[41859]:恶意软件“匿影”挖矿程序DNS请求连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.29047. This package include changed rules:

new rules:
1. threat[25824]:D-Link DIR-823G Command Injection Vulnerability (CVE-2022-44808)
2. threat[41936]:Godzilla Webshell JSP Scripts Download
3. threat[25825]:GitLab Remote Code Execution Vulnerability(CVE-2022-2992)
4. threat[25826]:Weaver E-cology uploaderOperate.jsp file upload vulnerability
5. threat[41935]:Phpspy Webshell Download

update rules:
1. threat[41859]:Malware Blackout Mining Program DNS Request Connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2023-01-19 20:05:15
名称: eoi.unify.allrulepatch.ips.5.6.11.29031.rule 版本:5.6.11.29031
MD5:ac30f6397d4d5ea13d608d6c870c274d 大小:29.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.29031。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25813]:HotelDruid 代码注入漏洞(CVE-2022-22909)
2. 攻击[25815]:WECON LeviStudioU Alarm Tag栈缓冲区溢出漏洞
3. 攻击[41931]:curl PE文件下载
4. 攻击[41932]:curl ELF文件下载
5. 攻击[25816]:AtomCMS 文件上传漏洞(CVE-2022-25487)
6. 攻击[25822]:Advantech iView NetworkServlet 命令注入漏洞(CVE-2022-2143)
7. 攻击[41933]:wget PE文件下载
8. 攻击[41934]:wget ELF文件下载
9. 攻击[25818]:KeySight N6854A and N6841A RF Sensor UserFirmwareRequestHandler目录遍历漏洞(CVE-2022-1661)
10. 攻击[25819]:Ivanti Avalanche EnterpriseServer Service getDisplayableTreeData SQL注入漏洞
11. 攻击[25820]:ASPXpy木马执行命令检测
12. 攻击[25817]:Zimbra Collaboration Memcached CRLF注入漏洞(CVE-2022-27924)
13. 攻击[25821]:Centos Web Panel 7未验证的远程代码执行(CVE-2022-44877)
14. 攻击[25823]:泛微E-Office OfficeServer 文件上传漏洞
15. 应用:暴风影音
16. 应用:Orbitz
17. 应用:京东物流
18. 应用:快手
19. 应用:最右-Android
20. 应用:Hotwire
21. 应用:有道词典-Android
22. 应用:和目摄像机
23. 应用:最右-资源
24. 应用:优酷视频-Android

更新规则:
1. 攻击[24538]:Xstream反序列化远程代码执行漏洞(CVE-2013-7285)(CVE-2019-10173)
2. 攻击[24561]:XStream Library ReflectionConverter反序列化漏洞(CVE-2019-10173)
3. 攻击[62199]:PHP远程文件包含漏洞之passthru执行
4. 攻击[41930]:iodine DNS隧道工具通信
5. 攻击[25259]:Apache Solr SSRF 漏洞 (CVE-2021-27905)
6. 攻击[25747]:Windows信息收集命令类型一
7. 攻击[25750]:Windows信息收集命令类型二
8. 攻击[25776]:泛微OA DownloadServlet任意文件上传漏洞
9. 攻击[25811]:Pharmacy Management System 文件上传漏洞(CVE-2022-30887)
10. 攻击[25812]:Part-DB 0.5.11 文件上传漏洞(CVE-2022-0848)
11. 攻击[41935]:Phpspy Webshell 下载
12. 攻击[25810]:Ivanti Avalanche 证书管服务器反序列化漏洞
13. 攻击[25754]:Covenant工具默认HTTP模板通信
14. 攻击[41710]:Linux系统Shell反向连接
15. 攻击[25739]:Linux反弹shell类型一


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.29031. This package include changed rules:

new rules:
1. threat[25813]:HotelDruid Code Injection Vulnerability (CVE-2022-22909)
2. threat[25815]:WECON LeviStudioU Alarm Tag Stack Buffer Overflow Vulnerability
3. threat[41931]:Curl PE File Download
4. threat[41932]:curl ELF File Download
5. threat[25816]:AtomCMS File Upload Vulnerability (CVE-2022-25487)
6. threat[25822]:Advantech iView NetworkServlet Command Injection Vulnerability(CVE-2022-2143)
7. threat[41933]:Wget PE File Download
8. threat[41934]:wget ELF File Download
9. threat[25818]:KeySight N6854A and N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Vulnerability(CVE-2022-1661)
10. threat[25819]:Ivanti Avalanche EnterpriseServer Service getDisplayableTreeData SQL Injection Vulnerability
11. threat[25820]:ASPXpy Trojan Execution Command Detection
12. threat[25817]:Zimbra Collaboration Memcached CRLF Injection Vulnerability(CVE-2022-27924)
13. threat[25821]:Centos Web Panel 7 Unauthenticated Remote Code Execution(CVE-2022-44877)
14. threat[25823]:E-Office OfficeServer File Upload Vulnerability
15. app:Storm Player
16. app:Orbitz
17. app:JD Logistics
18. app:Kuaishou
19. app:izuyou.com
20. app:Hotwire
21. app:youdao dict-Android
22. app:HeMu Camera
23. app:
24. app:YouKu-Android

update rules:
1. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285)(CVE-2019-10173)
2. threat[24561]:XStream Library ReflectionConverter Insecure Deserialization Vulnerability(CVE-2019-10173)
3. threat[62199]:PHle Inclusion Vulnerability Of Passthru Execution
4. threat[41930]:iodine DNS Tunnel Tool Communication
5. threat[25259]:Apache Solr SSRF Vulnerability (CVE-2021-27905)
6. threat[25747]:Windows Information Collection Command Type One
7. threat[25750]:Windows Information Collection Command Type Two
8. threat[25776]:Weaver OA DownloadServlet Arbitrary File Upload Vulnerability
9. threat[25811]:Pharmacy Management System File Upload Vulnerability (CVE-2022-30887)
10. threat[25812]:Part-DB 0.5.11 File Upload Vulnerability (CVE-2022-0848)
11. threat[41935]:Phpspy Webshell Download
12. threat[25810]:Ivanti Avalanche Certificate Management Server Insecure Deserialization Vulnerability
13. threat[25754]:Covenant tool default HTTP template communication
14. threat[41710]:Linux Shell Reverse Connect
15. threat[25739]:Linux Shell Reverse Type One


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2023-01-12 22:52:05
名称: eoi.unify.allrulepatch.ips.5.6.11.28982.rule 版本:5.6.11.28982
MD5:99751e3a7b8c2a49232b3c10272252d1 大小:29.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28982。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25811]:Pharmacy Management System 文件上传漏洞(CVE-2022-30887)
2. 攻击[25812]:Part-DB 0.5.11 文件上传漏洞(CVE-2022-0848)

更新规则:
1. 攻击[25796]:mySCADA myDESIGNER目录遍历漏洞 (CVE-2021-43555)
2. 攻击[25808]:Apache Storm nimbus 远程命令执行漏洞(CVE-2021-38294)
3. 攻击[25794]:信息收集工具执行类型一


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28982. This package include changed rules:


new rules:
1. threat[25811]:Pharmacy Management System File Upload Vulnerability (CVE-2022-30887)
2. threat[25812]:Part-DB 0.5.11 File Upload Vulnerability (CVE-2022-0848)

update rules:
1. threat[25796]:mySCADA myDESIGNER Directory Traversal Vulnerability(CVE-2021-43555)
2. threat[25808]:Apache Storm nimbus Remote Command Execution Vulnerability (CVE-2021-38294)
3. threat[25794]:Information Collection Tool Execution Type One


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2023-01-05 20:02:54
名称: eoi.unify.allrulepatch.ips.5.6.11.28950.rule 版本:5.6.11.28950
MD5:939dd170a9da311053f8898b6dcf7ca0 大小:29.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28950。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25790]:Spring boot admin任意命令执行漏洞(CVE-2022-46166)
2. 攻击[10533]:OpenSSL拒绝服务漏洞漏洞攻击(CVE-2022-0778)
3. 攻击[25792]:用友nc XbrlPersistenceServlet反序列化漏洞
4. 攻击[25793]:Django SQL注入攻击(CVE-2022-28346)
5. 攻击[25791]:冰蝎jsp内存马上传
6. 攻击[25796]:mySCADA myDESIGNER目录遍历漏洞 (CVE-2021-43555)
7. 攻击[25794]:信息收集工具执行类型一
8. 攻击[25798]:用友NC DownloadServlet反序列化漏洞
9. 攻击[25799]:用友NC UploadServlet反序列化漏洞
10. 攻击[25797]:Webmin命令执行漏洞(CVE-2022-36446)
11. 攻击[30801]:用友 U8 getSessionList.jsp信息泄漏漏洞
12. 攻击[25801]:GoAhead Server 环境变量注入漏洞(CVE-2021-42342)
13. 攻击[25805]:用友NC mxservlet反序列化漏洞
14. 攻击[25806]:用友NC FileParserServlet反序列化漏洞
15. 攻击[25795]:信息收集工具执行类型二
16. 攻击[25809]:Zyxel防火墙远程代码执行漏洞(CVE-2022-30525)

更新规则:
1. 攻击[25149]:ImageMagick身份验证命令注入漏洞(CVE-2020-29599)
2. 攻击[24553]:冰蝎 Webshell 连接(JSP)
3. 攻击[25752]:Linux信息收集命令执行成功
4. 攻击[24811]:Apache Solr Velocity远程代码执行漏洞(CVE-2019-17558)
5. 攻击[25342]:Gitea 1.4.0 目录穿越漏洞
6. 攻击[25239]:用友NC6.5 DeleteServlet 未授权反序列化漏洞
7. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞
8. 攻击[24550]:Webmin远程代码执行漏洞(CVE-2019-15107)
9. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞
10. 攻击[41919]:Weevely Webshell 工具通信
11. 攻击[25697]:Microsoft Exchange Server服务器端请求伪造漏洞(CVE-2022-41040)
12. 攻击[25652]:用友NC actionhandlerservlet接口反序列化漏洞
13. 攻击[25344]:Apache Kylin 未授权配置泄露漏洞(CVE-2020-13937)
14. 攻击[25786]:Oracle ADF Faces 反序列化任意命令执行漏洞(CVE-2022-21445)
15. 攻击[25790]:Spring boot admin任意命令执行漏洞(CVE-2022-46166)
16. 攻击[25802]:Microsoft Exchange Server远程代码执行漏洞(CVE-2022-41082)
17. 攻击[25801]:GoAhead Server 环境变量注入漏洞(CVE-2021-42342)
18. 攻击[24163]:GoAhead httpd LD_PRELOAD 远程代码执行漏洞(CVE-2017-17562)
19. 攻击[23818]:Spring Boot框架SPEL表达式注入漏洞
20. 攻击[25638]:用友NC6.5任意文件上传漏洞(grouptemplet)
21. 攻击[23991]:Fastjson远程代码执行漏洞
22. 攻击[41780]:DNSLog查询请求


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28950. This package include changed rules:

new rules:
1. threat[25790]:Spring boot admin Arbitrary Command Execution Vulnerability (CVE-2022-46166)
2. threat[10533]:OpenSSL Denial of Service Vulnerability (CVE-2022-0778)
3. threat[25792]:YonYou nc XbrlPersistenceServlet Deserialization Vulnerability
4. threat[25793]:Django SQL Injection Attack (CVE-2022-28346)
5. threat[25791]:Behinder jsp Memory Shell Upload
6. threat[25796]:mySCADA myDESIGNER Directory Traversal Vulnerability(CVE-2021-43555)
7. threat[25794]:Information Collection Tool Execution Type One
8. threat[25798]:YonYouNC DownloadServlet Deserialization Vulnerability
9. threat[25799]:YonYouNC UploadServlet Deserialization Vulnerability
10. threat[25797]:Webmin Command Execution Vulnerability (CVE-2022-36446)
11. threat[30801]:YonYou U8 getSessionList.jsp information leakage vulnerability
12. threat[25801]:GoAhead Server Environment Variable Injection Vulnerability(CVE-2021-42342)
13. threat[25805]:YonYouNC mxservlet Deserialization Vulnerability
14. threat[25806]:Yonyou NC FileParserServlet Interface Deserialization Vulnerability
15. threat[25795]:Information Collection Tool Execution Type Two
16. threat[25809]:Zyxel Firewall Remote Command Injection Vulnerability (CVE-2022-30525)

update rules:
1. threat[25149]:ImageMagick Authenticate Command Injection Vulnerability(CVE-2020-29599)
2. threat[24553]:Behinder Webshell Connect(JSP)
3. threat[25752]:Linux Information Collection Command Execution Success
4. threat[24811]:Apache Solr Velocity Remote Code Execution Vulnerability (CVE-2019-17558)
5. threat[25342]:Gitea 1.4.0 Directory Traversal Vulnerability
6. threat[25239]:Yonyou NC6.5 DeleteServlet Unauthorized Deserialization Vulnerability
7. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability
8. threat[24550]:Webmin Remote Code Execution Vulnerability(CVE-2019-15107)
9. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability
10. threat[41919]:Weevely Webshell Tool Communication
11. threat[25697]:Microsoft Exchange Server Server-Side Request Forgery Vulnerability(CVE-2022-41040)
12. threat[25652]:Yonyou NC actionhandlerservlet Interface Deserialization Vulnerability
13. threat[25344]:Apache kylin unauthorized configuration leak vulnerability (CVE-2020-13937)
14. threat[25786]:Oracle ADF Faces Deserialization Arbitrary Command Execution Vulnerability (CVE-2022-21445)
15. threat[25790]:Spring boot admin Arbitrary Command Execution Vulnerability (CVE-2022-46166)
16. threat[25802]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2022-41082)
17. threat[25801]:GoAhead Server Environment Variable Injection Vulnerability(CVE-2021-42342)
18. threat[24163]:GoAhead httpd LD_PRELOAD Remote Code Execution Vulnerability(CVE-2017-17562)
19. threat[23818]:Spring Boot Framework SPEL Expressions Injection Vulnerability
20. threat[25638]:Yonyou NC6.5 Arbitrary File Upload Vulnerability(grouptemplet)
21. threat[23991]:Fastjson Remote Code Execution Vulnerability
22. threat[41780]:DNSLog Query Request


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-31 23:45:00
名称: eoi.unify.allrulepatch.ips.5.6.11.28923.rule 版本:5.6.11.28923
MD5:a868a96fe0d39750f1078694d410bb5d 大小:29.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28923。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25803]:Microsoft Exchange Server远程权限提升漏洞(CVE-2022-41080)
2. 攻击[25802]:Microsoft Exchange Server远程代码执行漏洞(CVE-2022-41082)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28923. This package include changed rules:

new rules:
1. threat[25803]:Microsoft Exchange Server Remote Privilege Escalation Vulnerability(CVE-2022-41080)
2. threat[25802]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2022-41082)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-28 22:12:10
名称: eoi.unify.allrulepatch.ips.5.6.11.28853.rule 版本:5.6.11.28853
MD5:51d08145f7996443b80bffc2fa5869d2 大小:29.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28853。该升级包新增/改进的规则有:


新增规则:
1. 攻击[30797]:TerraMaster TOS 敏感信息泄露漏洞(CVE-2022-24990)
2. 攻击[30796]:Jetty WEB-INF 敏感信息泄露漏洞(CVE-2021-28164)
3. 攻击[25751]:Windows信息收集命令执行成功
4. 攻击[30798]:Jetty WEB-INF 敏感信息泄露漏洞(CVE-2021-34429)
5. 攻击[41929]:内网隧道工具reGeorg通信
6. 攻击[25775]:LanDe Network O2oa 代码执行漏洞(CVE-2022-22916)
7. 攻击[25752]:Linux信息收集命令执行成功
8. 攻击[25776]:泛微OA DownloadServlet任意文件上传漏洞
9. 攻击[25777]:用友nc FileReceiveServlet反序列化文件上传漏洞
10. 攻击[30799]:用友 NCCloud fs/console SQL注入漏洞
11. 攻击[25781]:友点CMS SQL注入漏洞 (CVE-2022-32299)
12. 攻击[25782]:友点CMS SQL注入漏洞 (CVE-2022-32301)
13. 攻击[25779]:GitLab任意文件读取漏洞(CVE-2016-9086)
14. 攻击[25780]:Apache Airflow 代码注入漏洞(CVE-2022-40127)
15. 攻击[25784]:Atlassian Bitbucket 命令注入漏洞(CVE-2022-36804)
16. 攻击[25785]:Gitlist 0.6.0远程命令执行漏洞(CVE-2018-1000533)
17. 攻击[25786]:Oracle ADF Faces 反序列化任意命令执行漏洞(CVE-2022-21445)
18. 攻击[30800]:用友u8-test.jsp SQL注入漏洞
19. 攻击[25787]:Java Agent型内存马上传
20. 攻击[25788]:Spring 型内存马上传
21. 攻击[25789]:GitLab Community and Enterprise Edition Notes存储型跨站脚本漏洞(CVE-2022-1175)
22. 攻击[25774]:TerraMaster TOS 远程命令执行漏洞 (CVE-2022-24989)
23. 应用:MindMaster
24. 应用:应届生求职-资源
25. 应用:百视通-资源
26. 应用:公牛智家
27. 应用:印象笔记
28. 应用:CC直播-ios
29. 应用:微信读书
30. 应用:中国联通-Android

更新规则:
1. 攻击[25262]:泛微OA9任意文件上传漏洞
2. 攻击[24507]:HTTP请求uri/referer字段目录遍历
3. 攻击[25778]:友点CMS SQL注入漏洞 (CVE-2022-32300)
4. 攻击[25718]:Tendar Router AC11 缓冲区溢出漏洞(CVE-2021-31755)
5. 攻击[25247]:用友ERP-NC 目录遍历漏洞
6. 攻击[25768]:Cacti 命令注入漏洞(CVE-2022-46169)
7. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28853. This package include changed rules:


new rules:
1. threat[30797]:TerraMaster TOS Sensitive Information Disclosure Vulnerability (CVE-2022-24990)
2. threat[30796]:Jetty WEB-INF Sensitive Information Disclosure Vulnerability(CVE-2021-28164)
3. threat[25751]:Windows Information Collection Command Execution Success
4. threat[30798]:Jetty WEB-INF Sensitive Information Disclosure Vulnerability(CVE-2021-34429)
5. threat[41929]:Intranet tunneling tool reGeorg communication
6. threat[25775]:LanDe Network O2oa Code Execution Vulnerability (CVE-2022-22916)
7. threat[25752]:Linux Information Collection Command Execution Success
8. threat[25776]:Weaver OA DownloadServlet Arbitrary File Upload Vulnerability
9. threat[25777]:YonYou nc FileReceiveServlet Deserialization File Upload Vulnerability
10. threat[30799]:YonYou NCCloud fs/console SQL Injection Vulnerability
11. threat[25781]:YoudianCMS SQL Injection Vulnerability (CVE-2022-32299)
12. threat[25782]:YoudianCMS SQL Injection Vulnerability (CVE-2022-32301)
13. threat[25779]:GitLab Arbitrary File Read Vulnerability(CVE-2016-9086)
14. threat[25780]:Apache Airflow Code Injection Vulnerability (CVE-2022-40127)
15. threat[25784]:Atlassian Bitbucket Command Injection Vulnerability (CVE-2022-36804)
16. threat[25785]:Gitlist 0.6.0 Remote Code Execution Vulnerability(CVE-2018-1000533)
17. threat[25786]:Oracle ADF Faces Deserialization Arbitrary Command Execution Vulnerability (CVE-2022-21445)
18. threat[30800]:YonYou u8-test.jsp SQL Injection Vulnerability
19. threat[25787]:Java Agent Memory Shell Upload
20. threat[25788]:Spring Memory Shell Upload
21. threat[25789]:GitLab Community and Enterprise Edition Notes Stored Cross-Site Scripting Vulnerability(CVE-2022-1175)
22. threat[25774]:TerraMaster TOS Remote Command Execution Vulnerability (CVE-2022-24989)
23. app:MindMaster
24. app:yingjiesheng.com
25. app:
26. app:iotbull.com
27. app:Evernote
28. app:CC live-ios
29. app:weread
30. app:10010.com-Android

update rules:
1. threat[25262]:Weaver OA9 Arbitrary File Upload Vulnerability
2. threat[24507]:HTTP Request URL/Referer Field Directory Traversal
3. threat[25778]:Youdian CMS SQL Injection Vulnerability (CVE-2022-32300)
4. threat[25718]:Tendar Router AC11 Stack Buffer Overflow Vulnerability(CVE-2021-31755)
5. threat[25247]:Yonyou ERP-NC directory traversal vulnerability
6. threat[25768]:Cacti Command Injection Vulnerability (CVE-2022-46169)
7. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-22 22:04:48
名称: eoi.unify.allrulepatch.ips.5.6.11.28779.rule 版本:5.6.11.28779
MD5:c6e08c7c3e8311efc9d1fe8658caee72 大小:29.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28779。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25760]:pgAdmin4 validate_binary_path远程代码执行漏洞(CVE-2022-4223)
2. 攻击[30795]:用友NC IUpdateService XXE漏洞
3. 攻击[25764]:用友u8 Uploadimg2File文件上传漏洞
4. 攻击[25765]:D-link gdrive.cgi 远程命令执行漏洞
5. 攻击[25766]:用友时空KSOA ImageUpload文件上传漏洞
6. 应用:联发科
7. 应用:车来了-Android
8. 应用:航天云网-INDICS
9. 应用:悦动圈
10. 应用:北京现代
11. 应用:小爱同学-Android
12. 应用:开源中国
13. 应用:韩饭网
14. 应用:汉王
15. 应用:机智云Gizwits平台
16. 应用:西瓜视频-资源
17. 应用:佳明
18. 应用:阿里云ET-工业大脑
19. 应用:个性网
20. 应用:西门子MindSphere平台
21. 应用:南昌交通学院
22. 应用:KK直播-资源
23. 应用:访问QQ邮箱网站
24. 应用:7808口碑创业网
25. 应用:掌阅
26. 应用:TCL智慧家居-Android
27. 应用:动漫屋
28. 应用:梨视频
29. 应用:KK直播-iOS
30. 应用:欧普智能家庭-Android
31. 应用:便民查询网怀孕计算器
32. 应用:分期乐
33. 应用:新浪微博-Web
34. 应用:快对-资源
35. 应用:西瓜视频-ios
36. 应用:慢慢买
37. 应用:快对-Android
38. 应用:喂车车
39. 应用:克拉克拉-iOS
40. 应用:KK直播-Android
41. 应用:美团-资源
42. 应用:中国移动OneNET平台
43. 应用:海尔-COSMOPlat
44. 应用:环球网校
45. 应用:邮乐
46. 应用:同盾科技
47. 应用:Soul-Android
48. 应用:金山词霸
49. 应用:Athmapp汽车之家
50. 应用:快对-iOS
51. 应用:西瓜视频-web
52. 应用:咕咚
53. 应用:法大大
54. 应用:中兴智能家居-Android
55. 应用:美团-Android
56. 应用:KK直播
57. 应用:西瓜视频-Android
58. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞
59. 攻击[25768]:Cacti 命令注入漏洞(CVE-2022-46169)
60. 攻击[25770]:深信服 EDR 远程命令执行漏洞
61. 攻击[25767]:多个网络产品ping接口任意命令执行漏洞
62. 攻击[25769]:TP-LINK 后门漏洞通信

更新规则:
1. 攻击[30794]:QNAP 任意文件读取漏洞(CVE-2019-7192)
2. 攻击[24550]:Webmin远程代码执行漏洞(CVE-2019-15107)
3. 攻击[41919]:Weevely Webshell 工具通信
4. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞
5. 攻击[30794]:QNAP 任意文件读取漏洞(CVE-2019-7194)
6. 应用:Postgresql
7. 攻击[25507]:Terramaster TOS 命令注入漏洞(CVE-2020-28188)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28779. This package include changed rules:

new rules:
1. threat[25760]:pgAdmin4 validate_binary_path Remote Code Execution Vulnerability(CVE-2022-4223)
2. threat[30795]:YonYou NC IUpdateService XXE Vulnerability
3. threat[25764]:YonYou u8 Uploadimg2File File Upload Vulnerability
4. threat[25765]:D-link gdrive.cgi Remote Code Execution Vulnerability
5. threat[25766]:YonYou KSOA ImageUpload File Upload Vulnerability
6. app:MediaTek
7. app:车来了-Android
8. app:CASICloud-INDICS
9. app:51yund.com
10. app:beijing-hyundai.com.cn
11. app:xiaoailite-Android
12. app:OSChina
13. app:hanfan.cc
14. app:Hanvon
15. app:Gizwits
16. app:XiguaVideo-Resources
17. app:Garmin
18. app:Industrial Brain
19. app:gexing.com
20. app:MindSphere
21. app:Institute of Technology East China Jiaotong University
22. app:KKLive Resources
23. app:Visiting the QQ Mail Website
24. app:7808.cn
25. app:iReader
26. app:TCL Smart Home-Android
27. app:dm5.com
28. app:Pearvideo
29. app:KKLive-iOS
30. app:opple Smart Home-Android
31. app:51240 Pregnancy test
32. app:fenqile.com
33. app:Sina Micro-blog
34. app:kuaidui-资源
35. app:XiGuaVideo-ios
36. app:Manmanbuy
37. app:kuaidui-Android
38. app:weicheche.cn
39. app:kelakela
40. app:KKLive-Android
41. app:meituan-Resources
42. app:OneNET
43. app:COSMOPlat
44. app:hqwx.com
45. app:ule.com
46. app:Tongdun
47. app:soulapp
48. app:iciba
49. app:athmapp.com
50. app:kuaidui-iOS
51. app:XiGuaVideo-web
52. app:codoon.com
53. app:fadada.com
54. app:ztehome-Android
55. app:meituan-Android
56. app:KKLive
57. app:XiGuaVideo-Android
58. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability
59. threat[25768]:Cacti Command Injection Vulnerability (CVE-2022-46169)
60. threat[25770]:Sangfor EDR Remote Code Execution Vulnerability
61. threat[25767]:Multiple Network Products Ping Interface Arbitrary Command Execution Vulnerability
62. threat[25769]:TP-LINK Backdoor Vulnerability Communication

update rules:
1. threat[30794]:QNAP Arbitrary File Reading Vulnerability (CVE-2019-7192)
2. threat[24550]:Webmin Remote Code Execution Vulnerability(CVE-2019-15107)
3. threat[41919]:Weevely Webshell Tool Communication
4. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability
5. threat[30794]:QNAP Arbitrary File Reading Vulnerability (CVE-2019-7194)
6. app:Postgresql
7. threat[25507]:Terramaster TOS Command Injection Vulnerability(CVE-2020-28188)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-16 10:24:29
名称: eoi.unify.allrulepatch.ips.5.6.11.28750.rule 版本:5.6.11.28750
MD5:4039cfd4ec13c42202484cb3cc771df2 大小:29.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28750。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41927]:WMI建立远程连接
2. 攻击[41926]:木马后门程序mrAgent通信

更新规则:
1. 攻击[41336]:远程控制工具PSEXEC建立连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28750. This package include changed rules:

new rules:
1. threat[41927]:WMI establishes remote connections
2. threat[41926]:Trojan Backdoor mrAgent Communication

update rules:
1. threat[41336]:Remote Control Tool PSEXEC Establish Connections


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-09 22:48:46
名称: eoi.unify.allrulepatch.ips.5.6.11.28715.rule 版本:5.6.11.28715
MD5:dd0b497a5f3711cb979f502e456f93fd 大小:29.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28715。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25753]:用友 u8 UploadFileData文件上传漏洞
2. 攻击[25746]:Linux信息收集命令类型一
3. 攻击[25748]:Linux信息收集命令类型二
4. 攻击[25747]:Windows信息收集命令类型一
5. 攻击[25750]:Windows信息收集命令类型二
6. 攻击[41918]:WeBaCoo Webshell工具通信
7. 攻击[41919]:Weevely Webshell 工具通信
8. 攻击[25759]:用友nc bsh.servlet.BshServlet命令执行漏洞
9. 攻击[41921]:ZeroTier内网穿透工具通信
10. 攻击[41922]:NSmartProxy工具通信
11. 攻击[41920]:Your Freedom工具通信

更新规则:
1. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28715. This package include changed rules:


new rules:
1. threat[25753]:Yonyou u8 UploadFileData file upload vulnerability
2. threat[25746]:Linux Information Collection Command Type One
3. threat[25748]:Linux Information Collection Command Type Two
4. threat[25747]:Windows Information Collection Command Type One
5. threat[25750]:Windows Information Collection Command Type Two
6. threat[41918]:WeBaCoo Webshell Tool Communication
7. threat[41919]:Weevely Webshell Tool Communication
8. threat[25759]:Yonyou nc bsh.servlet.BshServlet Command Execution Vulnerability
9. threat[41921]:ZeroTier Intranet penetrating tool communication
10. threat[41922]:NSmartProxy Tool Communication
11. threat[41920]:Your Freedom Tool Communication

update rules:
1. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-08 20:38:23
名称: eoi.unify.allrulepatch.ips.5.6.11.28640.rule 版本:5.6.11.28640
MD5:a2455225a1e85bae8abb8279e644ebb6 大小:29.40M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28640。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25749]:Advantech iView findCfgDeviceListDetailsExport目录遍历漏洞(CVE-2022-2139)
2. 攻击[25739]:Linux反弹shell类型一
3. 攻击[25740]:Linux反弹shell类型二
4. 攻击[25738]:Windows反弹shell类型一
5. 攻击[25741]:Windows反弹shell类型二

更新规则:
1. 攻击[41720]:蚁剑Webshell管理工具连接控制
2. 攻击[25681]:Advantech iView getAllActiveTraps search_date SQL 注入漏洞(CVE-2022-2135)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28640. This package include changed rules:

new rules:
1. threat[25749]:Advantech iView findCfgDeviceListDetailsExport Directory Traversal Vulnerability(CVE-2022-2139)
2. threat[25739]:Linux Shell Reverse Type One
3. threat[25740]:Linux Shell Reverse Type Two
4. threat[25738]:Windows Shell Reverse Type One
5. threat[25741]:Windows Shell Reverse Type Two

update rules:
1. threat[41720]:AntSword Webshell Management Tool Connection and Control
2. threat[25681]:Advantech iView getAllActiveTraps search_date SQL Injection Vulnerability(CVE-2022-2135)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-12-01 22:33:30
名称: eoi.unify.allrulepatch.ips.5.6.11.28617.rule 版本:5.6.11.28617
MD5:1c88e101ce3344070286514f55bd8032 大小:29.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28617。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25743]:联软it安全运维管理系统ScanAcutaInfoController/deleteChoosed反序列化漏洞
2. 攻击[25744]:慧点 OA wordOperationRest/taoda 任意文件上传
3. 攻击[50624]:Anydesk远程控制软件HTTPS通信
4. 攻击[50622]:Anydesk远程控制软件运行

更新规则:
1. 攻击[25449]:XXL-JOB(REST接口)未授权远程执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28617. This package include changed rules:


new rules:
1. threat[25743]:LeagSoft IT Security Operation And Maintenance Management System ScanAcutaInfoController/deleteChoosed Deserialization Vulnerability
2. threat[25744]:WisePoint OA wordOperationRest/taoda Arbitrary File Upload Vulnerability
3. threat[50624]:Anydesk Remote Control software HTTPS Communication
4. threat[50622]:Remote Control Tool Anydesk Running

update rules:
1. threat[25449]:XXL-JOB (REST API) Unauthorized Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-25 14:47:46
名称: eoi.unify.allrulepatch.ips.5.6.11.28552.rule 版本:5.6.11.28552
MD5:2838be59b22f7392a6d2eb272a3d1f62 大小:29.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28552。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25737]:用友FE templateOfTaohong_manager.jsp 目录遍历漏洞
2. 攻击[41907]:reDuh http隧道内网代理连接 (php)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28552. This package include changed rules:

new rules:
1. threat[25737]:Yonyou FE templateOfTaohong_manager.jsp Directory Traversal Vulnerability
2. threat[41907]:reDuh http tunnel proxy connection (php)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-17 19:21:24
名称: eoi.unify.allrulepatch.ips.5.6.11.28523.rule 版本:5.6.11.28523
MD5:0f733ac7f2abd9c7c7e332fd457eb740 大小:28.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28523。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25733]:Ivanti Avalanche EnterpriseServer getApplicationData SQL注入漏洞
2. 攻击[25734]:Servlet型内存马上传
3. 攻击[25735]:Filter型内存马上传
4. 攻击[25736]:Listener型内存马上传
5. 攻击[25731]:Linux样本下载类型二
6. 攻击[25732]:Windows样本下载类型二



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28523. This package include changed rules:

new rules:
1. threat[25733]:Ivanti Avalanche EnterpriseServer getApplicationData SQL Injection Vulnerability
2. threat[25734]:Servlet Memory Shell Upload
3. threat[25735]:Filter Memory Shell Upload
4. threat[25736]:Listener Memory Shell Upload
5. threat[25731]:Linux Sample Download Type Two
6. threat[25732]:Windows Sample Download Type Two



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-10 18:08:37
名称: eoi.unify.allrulepatch.ips.5.6.11.28498.rule 版本:5.6.11.28498
MD5:e0353e59193cb036d1bd55780c52a23b 大小:28.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28498。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25721]:Microsoft Windows SChannel缓冲区溢出漏洞(CVE-2014-6321)
2. 攻击[25722]:ForgeRock Access Management and OpenAM Jato反序列化漏洞(CVE-2021-35464)
3. 攻击[25723]:JBoss JMX Console Deployer 任意文件上传漏洞(CVE-2007-1036)
4. 攻击[25724]:TrendNET路由器权限绕过漏洞 (CVE-2018-7034)
5. 攻击[25725]:WordPress True Ranker 目录遍历漏洞 (CVE-2021-39312)
6. 攻击[25729]:Aria2 任意文件写入漏洞
7. 攻击[25727]:Linux样本下载类型一
8. 攻击[25726]:Windows样本下载类型一

更新规则:
1. 攻击[41720]:蚁剑Webshell管理工具连接控制
2. 攻击[60464]:HTTP服务目录遍历漏洞
3. 攻击[25614]:Apache Spark UI doAs命令注入漏洞 (CVE-2022-33891)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28498. This package include changed rules:

new rules:
1. threat[25721]:Microsoft Windows SChannel Buffer Overflow Vulnerability(CVE-2014-6321)
2. threat[25722]:ForgeRock Access Management and OpenAM Jato Insecure Deserialization Vulnerability (CVE-2021-35464)
3. threat[25723]:JBoss JMX Console Deployer Arbitrary File Upload Vulnerability(CVE-2007-1036)
4. threat[25724]:TrendNET Router Authorization Bypass Vulnerability(CVE-2018-7034)
5. threat[25725]:WordPress True Ranker Directory Traversal Vulnerability (CVE-2021-39312)
6. threat[25729]:Aria2 Arbitrary File Write Vulnerability
7. threat[25727]:Linux Sample Download Type One
8. threat[25726]:Windows Sample Download Type One

update rules:
1. threat[41720]:AntSword Webshell Management Tool Connection and Control
2. threat[60464]:HTTP Directory Traversal Vulnerability
3. threat[25614]:Apache Spark UI doAs Command Injection Vulnerability (CVE-2022-33891)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-04 17:14:36
名称: eoi.unify.allrulepatch.ips.5.6.11.28462.rule 版本:5.6.11.28462
MD5:683f38e1ca41f6fa0396d3f36d9efc93 大小:28.34M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28462。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25708]:Ivanti Avalanche SmartDeviceServer DeviceLogsManager 目录遍历漏洞
2. 攻击[25709]:Netgear ProSafe 远程命令执行漏洞
3. 攻击[25710]:BEWARD N100 H.264 VGA 网络摄像机远程代码执行漏洞
4. 攻击[25712]:WordPress Slider Revolution Responsive 任意文件下载漏洞(CVE-2014-9734)
5. 攻击[25713]:Joomla DT Register SQL注入漏洞(CVE-2018-6584)
6. 攻击[25714]:WordPress 内容注入漏洞(CVE-2017-5487)
7. 攻击[25715]:Atlassian Questions 硬编码漏洞(CVE-2022-26138)
8. 攻击[25716]:VMware vCenter Server 任意文件上传漏洞(CVE-2021-22005)
9. 攻击[25717]:Laravel _ignition 远程代码执行漏洞(CVE-2021-3129)
10. 攻击[25718]:Tendar Router AC11 缓冲区溢出漏洞(CVE-2021-31755)
11. 攻击[25711]:nostromo nhttpd 目录遍历漏洞(CVE-2019-16278)
12. 攻击[25719]:ASUS b1m projector applg.cgi 远程命令执行漏洞

更新规则:
1. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552)
2. 攻击[24670]:PandoraFMS v7.0NG 远程代码执行漏洞(CVE-2019-20224)
3. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28462. This package include changed rules:

new rules:
1. threat[25708]:Ivanti Avalanche SmartDeviceServer DeviceLogsManager Directory Traversal Vulnerability
2. threat[25709]:Netgear ProSafe Remote Command Execution Vulnerability
3. threat[25710]:BEWARD N100 H.264 VGA IP Camera Remote Code Execution Vulnerability
4. threat[25712]:WordPress Slider Revolution Responsive Arbitrary File Download Vulnerability(CVE-2014-9734)
5. threat[25713]:Joomla DT Register SQL Injection Vulnerability(CVE-2018-6584)
6. threat[25714]:WordPress Content Injection Vulnerability(CVE-2017-5487)
7. threat[25715]:Atlassian Questions Hardcoded Password Vulnerability(CVE-2022-26138)
8. threat[25716]:VMware vCenter Server Arbitrary File Upload Vulnerability(CVE-2021-22005)
9. threat[25717]:Laravel _ignition Remote Code Execution Vulnerability(CVE-2021-3129)
10. threat[25718]:Tendar Router AC11 Stack Buffer Overflow Vulnerability(CVE-2021-31755)
11. threat[25711]:nostromo nhttpd Directory Traversal Vulnerability(CVE-2019-16278)
12. threat[25719]:ASUS b1m projector applg.cgi Remote Code Execution Vulnerability

update rules:
1. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552)
2. threat[24670]:PandoraFMS v7.0NG Remote Code Execution Vulnerability (CVE-2019-20224)
3. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-28 13:48:50
名称: eoi.unify.allrulepatch.ips.5.6.11.28434.rule 版本:5.6.11.28434
MD5:4aed41318a970e8ec437ddcf14820292 大小:28.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28434。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25700]:Teleport堡垒机 do-login 任意用户登录漏洞
2. 攻击[25701]:SeaCMS search.php 远程代码执行漏洞
3. 攻击[25702]:Realtek Jungle SDK命令注入漏洞(CVE-2021-35394)
4. 攻击[25703]:Craft CMS SEOmatic 注入漏洞(CVE-2020-9757)
5. 攻击[25704]:Apache Commons JXPath 远程代码执行漏洞(CVE-2022-41852)
6. 攻击[25705]:Apache Commons-Text 远程命令执行漏洞 (CVE-2022-42889)
7. 攻击[25706]:Cobalt Strike远程代码执行漏洞 (CVE-2022-39197)
8. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552)

更新规则:
1. 攻击[25377]:Gitlab服务器端请求伪造(SSRF)漏洞(CVE-2021-22214)
2. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)
3. 攻击[24846]:phpcms2008 代码注入漏洞
4. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
5. 攻击[25614]:Apache Spark UI 命令注入漏洞 (CVE-2022-33891)
6. 攻击[41901]:冰蝎 Webshell 连接(image)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28434. This package include changed rules:

new rules:
1. threat[25700]:Teleport do-login Arbitrary User Login Vulnerability
2. threat[25701]:SeaCMS search.php Remote Code Execution Vulnerability
3. threat[25702]:Realtek Jungle SDK Command Injection Vulnerability(CVE-2021-35394)
4. threat[25703]:Craft CMS SEOmatic Server-Side Template Injection Vulnerability(CVE-2020-9757)
5. threat[25704]:Apache Commons JXPath Remote Code Execution Vulnerability(CVE-2022-41852)
6. threat[25705]:Apache Commons-Text Remote Code Execution Vulnerability (CVE-2022-42889)
7. threat[25706]:Cobalt Strike Remote Code Execution Vulnerability (CVE-2022-39197)
8. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552)

update rules:
1. threat[25377]:Gitlab Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-22214)
2. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)
3. threat[24846]:phpcms2008 code injection vulnerability
4. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
5. threat[25614]:Apache Spark UI Command Injection Vulnerability (CVE-2022-33891)
6. threat[41901]:Behinder Webshell Connect(image)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-21 17:29:24
名称: eoi.unify.allrulepatch.ips.5.6.11.28396.rule 版本:5.6.11.28396
MD5:df58058d28f7d3905b29caf511e19240 大小:28.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28396。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25691]:LILIN DVR命令注入漏洞
2. 攻击[25692]:Seowon Intech SWC-9100 命令注入漏洞(CVE-2013-7179)
3. 攻击[25694]:蓝凌OA EKP 后台SQL注入漏洞(CNVD-2021-01363)
4. 攻击[25693]:安川机器人Telnet默认密码漏洞
5. 攻击[25695]:Atlassian Jira Server and Data Center 服务器端请求伪造漏洞(CVE-2022-26135)
6. 攻击[25696]:金蝶OA server_file 目录遍历漏洞(CNVD-2021-43484)
7. 攻击[25698]:用友畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞
8. 攻击[25699]:用友畅捷通T+ RecoverPassword.aspx 管理员密码修改漏洞
9. 攻击[25697]:Exchange Server服务器端请求伪造漏洞(CVE-2022-41040)

更新规则:
1. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361)
2. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞
3. 攻击[25637]:万户OA任意文件上传漏洞
4. 攻击[24560]:Totaljs CMS 12.0 目录遍历漏洞(CVE-2019-15952)
5. 攻击[21898]:V-CMS PHP文件上传和执行漏洞(CVE-2011-4828)
6. 攻击[25603]:致远OA(A6/A8) wpsAssistServlet 任意文件上传漏洞
7. 攻击[25641]:H3C CAS虚拟化平台任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28396. This package include changed rules:

new rules:
1. threat[25691]:LILIN DVR Command Injection Vulnerability
2. threat[25692]:Seowon Intech SWC-9100 Command Injection Vulnerability(CVE-2013-7179)
3. threat[25694]:Landray-OA EKP SQL Injection Vulnerability(CNVD-2021-01363)
4. threat[25693]:Yaskawa robot Telnet default password vulnerability
5. threat[25695]:Atlassian Jira Server and Data Center Server-Side Request Forgery Vulnerability(CVE-2022-26135)
6. threat[25696]:Kingdee OA server_file Directory Traversal Vulnerability(CNVD-2021-43484)
7. threat[25698]:Yonyou CHANJET T+ DownloadProxy.aspx Arbitrary File Read Vulnerability
8. threat[25699]:Yonyou CHANJET T+ RecoverPassword.aspx Admin Password Reset Vulnerability
9. threat[25697]:Exchange Server Server-Side Request Forgery Vulnerability(CVE-2022-41040)

update rules:
1. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361)
2. threat[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 remote code execution vulnerability
3. threat[25637]:Wanhu OA Arbitrary File Upload Vulnerability
4. threat[24560]:Totaljs CMS 12.0 Path Traversal Vulnerability(CVE-2019-15952)
5. threat[21898]:V-CMS PHP File Upload and Execute Vulnerability(CVE-2011-4828)
6. threat[25603]:Seeyon OA (A6/A8) wpsAssistServlet Arbitrary File Upload Vulnerability
7. threat[25641]:H3C CAS Virtualization Platform Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-15 17:17:27
名称: eoi.unify.allrulepatch.ips.5.6.11.28343.rule 版本:5.6.11.28343
MD5:7d2f8e5570fa7054731746a7dde6bfa6 大小:28.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28343。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25689]:Jenkins Rundeck插件存储型跨站脚本漏洞(CVE-2022-30956)
2. 攻击[25690]:Wordpress Paid Memberships Pro 插件SQL注入漏洞(CVE-2021-25114)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28343. This package include changed rules:

new rules:
1. threat[25689]:Jenkins Rundeck Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-30956)
2. threat[25690]:Wordpress Paid Memberships Pro Plugin SQL Injection Vulnerability(CVE-2021-25114)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-06 20:04:04
名称: eoi.unify.allrulepatch.ips.5.6.11.28334.rule 版本:5.6.11.28334
MD5:fadbed66a85d486d73c2af7b5424d130 大小:28.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28334。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25686]:PHPCMS 9.6.0 任意文件上传漏洞(CVE-2018-14399)
2. 攻击[25687]:Advantech iView updatePROMFile SQL注入漏洞(CVE-2022-2136)
3. 攻击[25688]:Jenkins GitLab Plugin 跨站脚本漏洞(CVE-2022-34777)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28334. This package include changed rules:

new rules:
1. threat[25686]:PHPCMS 9.6.0 Arbitrary File Upload Vulnerability(CVE-2018-14399)
2. threat[25687]:Advantech iView updatePROMFile SQL Injection Vulnerability(CVE-2022-2136)
3. threat[25688]:Jenkins GitLab Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-34777)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-30 15:11:35
名称: eoi.unify.allrulepatch.ips.5.6.11.28324.rule 版本:5.6.11.28324
MD5:2b0da0b46bf417668a63e627f398d5c3 大小:28.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28324。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25682]:Zoho ManageEngine ADAudit Plus外部实体注入漏洞(CVE-2022-28219)
2. 攻击[25683]:Horde Groupware Webmail Edition 反序列化漏洞(CVE-2022-30287)
3. 攻击[25684]:Zimbra Collaboration Calendar 反射型跨站脚本漏洞(CVE-2022-24682)
4. 攻击[25685]:GLPI-Project GLPI SQL漏洞(CVE-2022-31061)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28324. This package include changed rules:

new rules:
1. threat[25682]:Zoho ManageEngine ADAudit Plus External Entity Injection Vulnerability (CVE-2022-28219)
2. threat[25683]:Horde Groupware Webmail Edition Deserialization Vulnerability(CVE-2022-30287)
3. threat[25684]:Zimbra Collaboration Calendar Reflected Cross-Site Scripting Vulnerability(CVE-2022-24682)
4. threat[25685]:GLPI-Project GLPI SQL Injection Vulnerability(CVE-2022-31061)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-26 09:21:45
名称: eoi.unify.allrulepatch.ips.5.6.11.28291.rule 版本:5.6.11.28291
MD5:424bf342ecd4dce82b2fbb674ca67a85 大小:28.10M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28291。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25680]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2022-26887)
2. 攻击[25681]:Advantech iView getAllActiveTraps search_date SQL 注入漏洞(CVE-2022-2135)

更新规则:
1. 攻击[50621]:Todesk远程控制软件运行


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28291. This package include changed rules:

new rules:
1. threat[25680]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2022-26887)
2. threat[25681]:Advantech iView getAllActiveTraps search_date SQL Injection Vulnerability(CVE-2022-2135)

update rules:
1. threat[50621]:Remote Control Tool Todesk Running


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-16 17:11:28
名称: eoi.unify.allrulepatch.ips.5.6.11.28277.rule 版本:5.6.11.28277
MD5:f6f8c7ba6f4d843268c803650a034ef9 大小:28.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28277。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25672]:Windows LNK 远程代码执行漏洞(CVE-2020-1421)
2. 攻击[25674]:WordPress Popup Maker Plugin Popup Settings存储型跨站脚本漏洞(CVE-2022-1104)
3. 攻击[25675]:Microsoft Windows DHCP Client 远程代码执行漏洞(CVE-2019-0547)
4. 攻击[25676]:Gogs Git Endpoints目录遍历漏洞(CVE-2022-1993)
5. 攻击[25677]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2022-1367)
6. 攻击[25678]:Any800 框架任意文件写入漏洞
7. 攻击[25679]:Wordpress Google Tag Manager for WordPress 插件反射型跨站脚本漏洞(CVE-2022-1707)

更新规则:
1. 攻击[24955]:Windows LNK快捷方式文件远程代码执行漏洞(CVE-2020-0729)
2. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)
3. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611)
4. 攻击[23793]:Microsoft Internet Explorer Scripting Engine远程内存破坏漏洞(CVE-2016-3210)
5. 攻击[25670]:VanDyke VShell Server Trigger 命令注入漏洞 (HTTP协议) (CVE-2022-28054)
6. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28277. This package include changed rules:

new rules:
1. threat[25672]:Windows LNK remote code execution vulnerability (CVE-2020-1421)
2. threat[25674]:WordPress Popup Maker Plugin Popup Settings Stored Cross-Site Scripting Vulnerability(CVE-2022-1104)
3. threat[25675]:Microsoft Windows DHCP Client Remote Code Execution Vulnerability(CVE-2019-0547)
4. threat[25676]:Gogs Git Endpoints Directory Traversal Vulnerability(CVE-2022-1993)
5. threat[25677]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2022-1367)
6. threat[25678]:Any800 Framework Arbitrary File Write Vulnerability
7. threat[25679]:Wordpress Google Tag Manager for WordPress Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2022-1707)

update rules:
1. threat[24955]:Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
2. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)
3. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611)
4. threat[23793]:Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-3210)
5. threat[25670]:VanDyke VShell Server Trigger Command Injection Vulnerability (HTTP protocol) (CVE-2022-28054)
6. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-09 23:07:04
名称: eoi.unify.allrulepatch.ips.5.6.11.28230.rule 版本:5.6.11.28230
MD5:33bf715a3831dfee01da6766ce3a873f 大小:28.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28230。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25666]:Acquia Mautic Tracking Pixel 存储型跨站脚本漏洞(CVE-2022-25772)
2. 攻击[25667]:Gitlab远程代码执行漏洞(CVE-2018-14364)
3. 攻击[25668]:致远OA未授权访问漏洞

更新规则:
1. 攻击[25663]:Eaton Intelligent Power Management存储型跨站脚本漏洞(CVE-2021-23282)
2. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485)
3. 攻击[24083]:Zabbix Server Active Proxy Trapper 命令注入漏洞(CVE-2017-2824)
4. 攻击[21816]:FCKeditor connectors模块文件上传代码执行漏洞
5. 攻击[10108]:Microsoft Windows 2000 RPC DCOM接口拒绝服务攻击
6. 攻击[25669]:用友畅捷通T+任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28230. This package include changed rules:

new rules:
1. threat[25666]:Acquia Mautic Tracking Pixel Stored Cross-Site Scripting Vulnerability(CVE-2022-25772)
2. threat[25667]:GitLab Remote Command Execution Vulnerability(CVE-2018-14364)
3. threat[25668]:Seeyon OA Unauthorized Access Vulnerability

update rules:
1. threat[25663]:Eaton Intelligent Power Management Stored Cross-Site Scripting Vulnerability(CVE-2021-23282)
2. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485)
3. threat[24083]:Zabbix Server Active Proxy Trapper Command Injection Vulnerability(CVE-2017-2824)
4. threat[21816]:ColdFusion 8.0.1 Arbitrary File Upload and Execute Vulnerability
5. threat[10108]:Microsoft Windows 2000 RPC DCOM Interface Denial of Service
6. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-02 19:48:12
名称: eoi.unify.allrulepatch.ips.5.6.11.28218.rule 版本:5.6.11.28218
MD5:af38d1133ace4abb50257086a464a54e 大小:28.09M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28218。该升级包新增/改进的规则有:


更新规则:
1. 攻击[25669]:用友畅捷通T+任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28218. This package include changed rules:


update rules:
1. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-30 22:58:58
名称: eoi.unify.allrulepatch.ips.5.6.11.28213.rule 版本:5.6.11.28213
MD5:8d5191509f80571ff07a2686895e6c0f 大小:28.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28213。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25669]:用友畅捷通T+任意文件上传漏洞




注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28213. This package include changed rules:

new rules:
1. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability




Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-30 16:03:16
名称: eoi.unify.allrulepatch.ips.5.6.11.28186.rule 版本:5.6.11.28186
MD5:076ed5109cf0e584fa160a808d8079b0 大小:28.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28186。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25659]:Zoho ManageEngine ADSelfService Plus 命令注入漏洞(CVE-2022-28810)
2. 攻击[25661]:Ivanti Avalanche EnterpriseServer Service getProfileApplicationData SQL注入漏洞
3. 攻击[25663]:Eaton Intelligent Power Management存储型跨站脚本漏洞(CVE-2021-23282)
4. 攻击[25662]:Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL注入漏洞(CVE-2022-1378)
5. 攻击[25664]:GitLab存储型跨站脚本漏洞(CVE-2022-2230)
6. 攻击[25665]:Lansweeper lansweeper AssetActions SQL注入漏洞(CVE-2022-21210)

更新规则:
1. 攻击[24463]:Apache Tomcat远程代码执行漏洞(CVE-2019-0232)
2. 攻击[25658]:Pimcore GridHelperService.php SQL注入漏洞(CVE-2022-1429)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28186. This package include changed rules:

new rules:
1. threat[25659]:Zoho ManageEngine ADSelfService Plus Command Injection Vulnerability(CVE-2022-28810)
2. threat[25661]:Ivanti Avalanche EnterpriseServer Service getProfileApplicationData SQL Injection Vulnerability
3. threat[25663]:Eaton Intelligent Power Management Stored Cross-Site Scripting Vulnerability(CVE-2021-23282)
4. threat[25662]:Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL Injection(CVE-2022-1378)
5. threat[25664]:GitLab Community and Enterprise Edition Project Settings Stored Cross-Site Scripting Vulnerability(CVE-2022-2230)
6. threat[25665]:Lansweeper lansweeper AssetActions SQL Injection Vulnerability(CVE-2022-21210)

update rules:
1. threat[24463]:Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
2. threat[25658]:Pimcore GridHelperService.php SQL Injection Vulnerability(CVE-2022-1429)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-26 10:24:22
名称: eoi.unify.allrulepatch.ips.5.6.11.28154.rule 版本:5.6.11.28154
MD5:d8a6678720f567453ecb980224a380fa 大小:28.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28154。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25656]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2022-29535)
2. 攻击[25657]:Open-Falcon Falcon-Plus SQL注入漏洞(CVE-2022-26245)
3. 攻击[25658]:Pimcore GridHelperService.php SQL注入漏洞(CVE-2022-1429)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28154. This package include changed rules:

new rules:
1. threat[25656]:Zoho ManageEngine OpManager SQL Injection Vulnerability(CVE-2022-29535)
2. threat[25657]:Open-Falcon Falcon-Plus SQL Injection Vulnerability(CVE-2022-26245)
3. threat[25658]:Pimcore GridHelperService.php SQL Injection Vulnerability(CVE-2022-1429)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-19 11:12:55
名称: eoi.unify.allrulepatch.ips.5.6.11.28135.rule 版本:5.6.11.28135
MD5:53b394c5f18e2fb22d0b06338dbb1a90 大小:28.13M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28135。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25654]:WordPress Modern Events Calendar Lite插件存储型跨站脚本漏洞(CVE-2022-0364)
2. 攻击[25655]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33734)

更新规则:
1. 攻击[25647]:帆软报表反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28135. This package include changed rules:

new rules:
1. threat[25654]:WordPress Modern Events Calendar Lite Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-0364)
2. threat[25655]:Siemens SINEC NMS SQL Injection Vulnerabolity(CVE-2021-33734)

update rules:
1. threat[25647]:FineReport Deserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-12 10:32:29
名称: eoi.unify.allrulepatch.ips.5.6.11.28125.rule 版本:5.6.11.28125
MD5:3dd0cc9af504b8d4aef8475ae27d785e 大小:28.13M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28125。该升级包新增/改进的规则有:

新增规则:
1. 攻击[50621]:Todesk远程控制软件运行
2. 攻击[41905]:Webshell样本1005007上传



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28125. This package include changed rules:

new rules:
1. threat[50621]:Remote Control Tool Todesk Running
2. threat[41905]:Webshell Sample 1005007 Upload



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-07 22:22:24
名称: eoi.unify.allrulepatch.ips.5.6.11.28118.rule 版本:5.6.11.28118
MD5:6a7c4a0d1e48de22938317febcb2d95f 大小:28.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28118。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25652]:用友NC actionhandlerservlet接口反序列化漏洞
2. 攻击[25653]:用友NC ResourceManagerServlet接口反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28118. This package include changed rules:


new rules:
1. threat[25652]:Yonyou NC actionhandlerservlet Interface Deserialization Vulnerability
2. threat[25653]:Yonyou NC ResourceManagerServlet Interface Deserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-06 21:35:20
名称: eoi.unify.allrulepatch.ips.5.6.11.28110.rule 版本:5.6.11.28110
MD5:ee82d081cc97b569b03a29e856e5670d 大小:28.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28110。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25650]:泛微e-cologyH2数据库远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28110. This package include changed rules:

new rules:
1. threat[25650]:Weaver e-Cologyh2 Database Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-06 08:56:03
名称: eoi.unify.allrulepatch.ips.5.6.11.28105.rule 版本:5.6.11.28105
MD5:b4fa6ced9af95864eed6bb2207828efa 大小:28.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28105。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30789]:迈普ISG1000任意文件下载漏洞

更新规则:
1. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134)
2. 攻击[25648]:普元EOS反序列化漏洞
3. 攻击[25647]:帆软报表反序列化漏洞
4. 攻击[25600]:蓝凌OA远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28105. This package include changed rules:

new rules:
1. threat[30789]:MPSec ISG1000 Arbitrary File Download Vulnerability

update rules:
1. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134)
2. threat[25648]:Primeton EOS Deserialization Vulnerability
3. threat[25647]:FineReport Deserialization Vulnerability
4. threat[25600]:Landray-OA Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-05 10:55:41
名称: eoi.unify.allrulepatch.ips.5.6.11.28091.rule 版本:5.6.11.28091
MD5:480aa76eb36605be20874600e38938c2 大小:28.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28091。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25648]:普元EOS反序列化漏洞(URLDNS)

更新规则:
1. 攻击[25620]:用友NC6.5任意文件上传漏洞
2. 攻击[41904]:隐匿命令执行攻击
3. 攻击[41781]:FRP内网穿透工具通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28091. This package include changed rules:

new rules:
1. threat[25648]:Primeton EOS Deserialization Vulnerability(URLDNS)

update rules:
1. threat[25620]:Yonyou NC6.5 Arbitrary File Upload Vulnerability
2. threat[41904]:Hidden Command Execution Attack
3. threat[41781]:Communication of FRP Intranet Penetration Tool


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-01 20:50:28
名称: eoi.unify.allrulepatch.ips.5.6.11.28082.rule 版本:5.6.11.28082
MD5:ffe2ad5d031e41a85616b85922af395b 大小:28.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28082。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25646]:网神防火墙任意上传漏洞
2. 攻击[25647]:帆软报表反序列化漏洞
3. 攻击[41904]:HTTP请求头隐匿命令执行攻击



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28082. This package include changed rules:

new rules:
1. threat[25646]:SecGate Firewall Arbitrary File Upload Vulnerability
2. threat[25647]:FineReport Deserialization Vulnerability
3. threat[41904]:HTTP Header Hidden Command Execution Attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-31 22:32:46
名称: eoi.unify.allrulepatch.ips.5.6.11.28073.rule 版本:5.6.11.28073
MD5:fe3db87ee60449cdf15f402c5e3e4cc2 大小:27.99M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28073。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25641]:H3C CAS虚拟化平台任意文件上传漏洞
2. 攻击[25645]:用友GRP-U8任意文件上传漏洞
3. 攻击[25638]:用友NC6.5任意文件上传漏洞(grouptemplet)
4. 攻击[25639]:用友时空KSOA任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28073. This package include changed rules:

new rules:
1. threat[25641]:H3C CAS Virtualization Platform Arbitrary File Upload Vulnerability
2. threat[25645]:Yonyou GRP-U8 Arbitrary File Upload Vulnerability
3. threat[25638]:Yonyou NC6.5 Arbitrary File Upload Vulnerability(grouptemplet)
4. threat[25639]:Yonyou KSOA Arbitrary File Upload Vulnerability




Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-31 09:55:46
名称: eoi.unify.allrulepatch.ips.5.6.11.28066.rule 版本:5.6.11.28066
MD5:16c4547df77c708815ad1e7b8928cad0 大小:27.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28066。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25642]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28066. This package include changed rules:

new rules:
1. threat[25642]:Weblogic WLS component IIOP protocol remote code execution vulnerability

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-30 16:50:06
名称: eoi.unify.allrulepatch.ips.5.6.11.28054.rule 版本:5.6.11.28054
MD5:41e74d5cda188e9d5cd67b9f20c3c2e5 大小:27.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28054。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25632]:中远麒麟堡垒机SQL注入漏洞
2. 攻击[25637]:万户OA任意文件上传漏洞

更新规则:
1. 攻击[25629]:拓尔思MAS 远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28054. This package include changed rules:

new rules:
1. threat[25632]:Zhongyuan Kylin Security Management System SQL Injection Vulnerability
2. threat[25637]:Wanhu OA Arbitrary File Upload Vulnerability

update rules:
1. threat[25629]:TRS-MAS Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-30 09:35:09
名称: eoi.unify.allrulepatch.ips.5.6.11.28043.rule 版本:5.6.11.28043
MD5:4f3a7169f97244e71452ee381fc7bf7f 大小:28.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28043。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25626]:天融信上网行为管理系统命令执行漏洞
2. 攻击[25629]:TRS-MAS testCommandExecutor.jsp 远程命令执行漏洞
3. 攻击[25628]:泛微OA任意管理员登陆漏洞

更新规则:
1. 攻击[25619]:泛微e-mobile远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28043. This package include changed rules:

new rules:
1. threat[25626]:Topsec Internet Behavior Management System Command Execution Vulnerability
2. threat[25629]:TRS-MAS testCommandExecutor.jsp Remote Command Execution Vulnerability
3. threat[25628]:Weaver OA Arbitrary Administrator Login Vulnerability

update rules:
1. threat[25619]:Weaver e-mobile Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-28 13:57:14
名称: eoi.unify.allrulepatch.ips.5.6.11.28034.rule 版本:5.6.11.28034
MD5:be6da7a91650b39223cd5c27d5e36301 大小:28.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28034。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25625]:禅道 16.5 SQL注入漏洞

更新规则:
1. 攻击[25084]:Elasticsearch未授权访问漏洞
2. 攻击[41780]:DNSLog查询请求


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28034. This package include changed rules:

new rules:
1. threat[25625]:Zentao 16.5 SQL Injection Vulnerability

update rules:
1. threat[25084]:Elasticsearch Unauthorized Access Vulnerability
2. threat[41780]:DNSLog Query Request


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-27 20:00:46
名称: eoi.unify.allrulepatch.ips.5.6.11.28025.rule 版本:5.6.11.28025
MD5:02dc0030c2581b4ccfdd4748f59231a1 大小:27.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28025。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41901]:冰蝎 Webshell 连接(image)
2. 攻击[25619]:泛微e-mobile远程代码执行漏洞
3. 攻击[25620]:用友NC任意文件上传漏洞
4. 攻击[25621]:泛微E-cology任意文件上传漏洞

更新规则:
1. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON)
2. 攻击[41697]:冰蝎加密ASP Webshell文件上传
3. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
4. 攻击[41699]:冰蝎加密JSP Webshell文件上传
5. 攻击[41696]:冰蝎加密PHP Webshell文件上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28025. This package include changed rules:

new rules:
1. threat[41901]:Behinder Webshell Connect(image)
2. threat[25619]:Weaver e-mobile Remote Code Execution Vulnerability
3. threat[25620]:Yonyou NC Arbitrary File Upload Vulnerability
4. threat[25621]:Weaver E-cology Arbitrary File Upload Vulnerability

update rules:
1. threat[41903]:Behinder 4.0 Webshell Connect(JSON)
2. threat[41697]:Behinder Encrypted ASP Webshell File Upload
3. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
4. threat[41699]:Behinder Encrypted JSP Webshell File Upload
5. threat[41696]:Behinder Encrypted PHP Webshell File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-27 09:23:30
名称: eoi.unify.allrulepatch.ips.5.6.11.28008.rule 版本:5.6.11.28008
MD5:f933a9aec3f516022f6a3091bec78dda 大小:28.04M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.28008。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25615]:致远OA JDBC接口反序列化漏洞
2. 攻击[25616]:通达OA 任意文件上传漏洞
3. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON)

更新规则:
1. 攻击[41699]:冰蝎加密JSP Webshell文件上传
2. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
3. 攻击[41696]:冰蝎加密PHP Webshell文件上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.28008. This package include changed rules:

new rules:
1. threat[25615]:Seeyon OA JDBC API Deserialization Vulnerability
2. threat[25616]:TongDa OA Arbitrary File Upload Vulnerability
3. threat[41903]:Behinder 4.0 Webshell Connect(JSON)

update rules:
1. threat[41699]:Behinder Encrypted JSP Webshell File Upload
2. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
3. threat[41696]:Behinder Encrypted PHP Webshell File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-26 00:06:47
名称: eoi.unify.allrulepatch.ips.5.6.11.27982.rule 版本:5.6.11.27982
MD5:41c8f1d563a4f4e9cc14b9969389db57 大小:28.05M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27982。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25606]:Apache Solr JMX服务远程代码执行漏洞(CVE-2019-12409)
2. 攻击[25608]:Gogs 文件上传命令注入漏洞(CVE-2022-0415)
3. 攻击[25609]:dotCMS 任意文件上传漏洞(CVE-2022-26352)
4. 攻击[25610]:Oracle MySQL Cluster Management API dumpState堆栈缓冲区溢出漏洞(CVE-2022-21280)
5. 攻击[25611]:Delta Industrial Automation CNCSoft ScreenEditor堆栈缓冲区溢出漏洞(CVE-2021-43982)
6. 攻击[25612]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2022-27908)
7. 攻击[25613]:Django SQL注入漏洞(CVE-2022-34265)
8. 攻击[25614]:Apache Spark UI 命令注入漏洞 (CVE-2022-33891)

更新规则:
1. 攻击[41776]:冰蝎 Webshell 连接(ASP)
2. 攻击[25600]:蓝凌OA远程代码执行漏洞
3. 攻击[25027]:Tea LaTex 1.0-远程执行代码漏洞
4. 攻击[41499]:HTTP请求敏感路径访问尝试
5. 攻击[25315]:F5 BIG-IP 认证绕过漏洞(CVE-2021-22986)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27982. This package include changed rules:

new rules:
1. threat[25606]:Apache Solr JMX Service Remote Code Execution Vulnerability(CVE-2019-12409)
2. threat[25608]:Gogs File Upload tree_path Command Injection Vulnerability(CVE-2022-0415)
3. threat[25609]:dotCMS Arbitrary File Upload Vulnerability(CVE-2022-26352)
4. threat[25610]:Oracle MySQL Cluster Management API dumpState Stack Buffer Overflows Vulnerability(CVE-2022-21280)
5. threat[25611]:Delta Industrial Automation CNCSoft ScreenEditor Stack Buffer Overflow Vulnerability(CVE-2021-43982)
6. threat[25612]:Zoho ManageEngine OpManager Inventory Reports SQL Injection Vulnerability(CVE-2022-27908)
7. threat[25613]:Django SQL Injection Vulnerability(CVE-2022-34265)
8. threat[25614]:Apache Spark UI Command Injection Vulnerability (CVE-2022-33891)

update rules:
1. threat[41776]:Behinder Webshell Connect(ASP)
2. threat[25600]:Landray-OA Remote Code Execution Vulnerability
3. threat[25027]:Tea LaTex 1.0 - Remote Code Execution Vulnerability
4. threat[41499]:HTTP Request Sensitive Path Access Attempt
5. threat[25315]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2021-22986)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-21 17:51:43
名称: eoi.unify.allrulepatch.ips.5.6.11.27944.rule 版本:5.6.11.27944
MD5:d815c6f5d07e3739150637d98a54b826 大小:27.96M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27944。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25604]:nopCommerce nopCommerce BackupAction目录遍历漏洞(CVE-2022-28451)
2. 攻击[41900]:FastTunnel内网穿透工具通信
3. 攻击[25605]:WECON LeviStudioU ScreenInfo ScrnFile堆缓冲区溢出漏洞(CVE-2021-23157)
4. 攻击[25601]:WSO2 API Manager ToolsAnyFileUploadExecutor目录遍历漏洞(CVE-2022-29464)
5. 攻击[25602]:OpenEMR C_DocumentCategory.class.php存储型跨站脚本漏洞(CVE-2022-1178)

更新规则:
1. 攻击[41893]:MetaSploit渗透攻击工具Beacon加密通信
2. 攻击[41894]:Cobalt Strike攻击工具Beacon加密通信
3. 攻击[50620]:Cobalt Strike/MetaSploit攻击工具Beacon加密通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27944. This package include changed rules:

new rules:
1. threat[25604]:nopCommerce nopCommerce BackupAction Directory Traversal Vulnerability(CVE-2022-28451)
2. threat[41900]:FastTunnel Intranet Penetration Tool Communication
3. threat[25605]:WECON LeviStudioU ScreenInfo ScrnFile Heap Buffer Overflow Vulnerability(CVE-2021-23157)
4. threat[25601]:WSO2 API Manager ToolsAnyFileUploadExecutor Directory Traversal Vulnerability(CVE-2022-29464)
5. threat[25602]:OpenEMR C_DocumentCategory.class.php Stored Cross-Site Scripting(CVE-2022-1178)

update rules:
1. threat[41893]:Penetration Test Tool MetaSploit Beacon Encrypted Communication
2. threat[41894]:Penetration Test Tool Cobalt Strike Beacon Encrypted Communication
3. threat[50620]:Penetration Test Tool Cobalt Strike/ MetaSploit Beacon Encrypted Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-14 18:50:40
名称: eoi.unify.allrulepatch.ips.5.6.11.27924.rule 版本:5.6.11.27924
MD5:9f67810dc2ebf89a728d25edc1c69844 大小:27.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27924。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25603]:致远OA(A6/A8) 任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27924. This package include changed rules:

new rules:
1. threat[25603]:Seeyon OA (A6/A8) Arbitrary File Upload Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-12 13:45:44
名称: eoi.unify.allrulepatch.ips.5.6.11.27905.rule 版本:5.6.11.27905
MD5:bad6c0b3a49802788256665633de8155 大小:27.96M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27905。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25594]:Spring Shiro/Security框架认证绕过漏洞(CVE-2022-32532/CVE-2022-22978)
2. 攻击[41898]:APT-C-40可疑域名访问
3. 攻击[25595]:Patrowl PatrowlManager Unrestricted文件上传漏洞(CVE-2021-43829)
4. 攻击[25596]:Jenkins Credentials Plugin存储型跨站脚本漏洞(CVE-2022-29036)
5. 攻击[25597]:Delta Industrial Automation DIALink存储型跨站脚本漏洞(CVE-2021-38488)
6. 攻击[25598]:VMware Spring Cloud Function SpEL代码执行漏洞(CVE-2022-22963)
7. 攻击[41893]:MetaSploit渗透攻击工具Beacon加密通信
8. 攻击[50620]:Cobalt Strike/MetaSploit攻击工具Beacon加密通信
9. 攻击[25599]:蓝凌OA任意文件读取漏洞
10. 攻击[25600]:蓝凌OA远程代码执行漏洞
11. 攻击[41894]:Cobalt Strike攻击工具Beacon加密通信

更新规则:
1. 攻击[22591]:FCKEditor 'FileUpload()'函数任意文件上传漏洞
2. 攻击[24999]:Spring Boot Actuator未授权访问
3. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接
4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)
5. 攻击[25011]:哥斯拉Godzilla PHP_XOR_RAW Webshell 连接



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27905. This package include changed rules:

new rules:
1. threat[25594]:Spring Shiro/Security Framework Authentication Bypass Vulnerability(CVE-2022-32532/CVE-2022-22978)
2. threat[41898]:APT-C-40 Suspicious Domain Access
3. threat[25595]:Patrowl PatrowlManager Unrestricted File Upload Vulnerability(CVE-2021-43829)
4. threat[25596]:Jenkins Credentials Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-29036)
5. threat[25597]:Delta Industrial Automation DIALink events Stored Cross-Site Scripting Vulnerability(CVE-2021-38488)
6. threat[25598]:VMware Spring Cloud Function SpEL Code Injection Vulnerability(CVE-2022-22963)
7. threat[41893]:Penetration Test Tool MetaSploit Beacon Encrypted Communication
8. threat[50620]:Penetration Test Tool Cobalt Strike/ MetaSploit Beacon Encrypted Communication
9. threat[25599]:Landray-OA Arbitrary File Read Vulnerability
10. threat[25600]:Landray-OA Remote Code Execution Vulnerability
11. threat[41894]:Penetration Test Tool Cobalt Strike Beacon Encrypted Communication

update rules:
1. threat[22591]:FCKEditor 'FileUpload()' Function Arbitray File Upload Vulnerability
2. threat[24999]:Spring Boot Actuator Unauthorized Access
3. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect
4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)
5. threat[25011]:Godzilla PHP_XOR_RAW Webshell Connect



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-09 10:46:41
名称: eoi.unify.allrulepatch.ips.5.6.11.27845.rule 版本:5.6.11.27845
MD5:b764a5a578e7579e0e302911a0abccf8 大小:27.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27845。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25591]:Webmin 远程代码执行漏洞(CVE-2022-0824)
2. 攻击[25592]:NginxProxyManager Proxy Host 存储型跨站脚本漏洞(CVE-2022-28379)
3. 攻击[25593]:Lansweeper Lansweeper HelpdeskSetupActions SQL注入漏洞(CVE-2022-22149)

更新规则:
1. 攻击[25182]:nps http内网代理连接
2. 应用:ssl


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27845. This package include changed rules:

new rules:
1. threat[25591]:Webmin Remote Code Execution Vulnerability(CVE-2022-0824)
2. threat[25592]:NginxProxyManager Proxy Host Stored Cross-Site Scripting Vulnerability (CVE-2022-28379)
3. threat[25593]:Lansweeper lansweeper HelpdeskSetupActions SQL Injection Vulnerability (CVE-2022-22149)

update rules:
1. threat[25182]:nps http proxy connection
2. app:ssl


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-30 15:05:01
名称: eoi.unify.allrulepatch.ips.5.6.11.27812.rule 版本:5.6.11.27812
MD5:eb196e4f4563f9d18e39b612cdca9943 大小:27.66M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27812。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL注入漏洞(CVE-2017-17420)
2. 攻击[25581]:SolarWinds SRM Profiler SQL注入漏洞(CVE-2016-4350)
3. 攻击[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS漏洞(CVE-2017-7309)
4. 攻击[25585]:Oracle E-Business Suite General Ledger SQL注入漏洞(CVE-2019-2638)
5. 攻击[25589]:Netgate pfSense diag_routes.php 命令注入漏洞(CVE-2021-41282)
6. 攻击[25590]:SalesAgility SuiteCRM 远程代码执行漏洞(CVE-2022-23940)

更新规则:
1. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27812. This package include changed rules:

new rules:
1. threat[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL Injection Vulnerability(CVE-2017-17420)
2. threat[25581]:SolarWinds SRM Profiler SQL Injection Vulnerability(CVE-2016-4350)
3. threat[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS Vulnerability(CVE-2017-7309)
4. threat[25585]:Oracle E-Business Suite General Ledger SQL Injection Vulnerability(CVE-2019-2638)
5. threat[25589]:Netgate pfSense diag_routes.php Command Injection Vulnerability(CVE-2021-41282)
6. threat[25590]:SalesAgility SuiteCRM email_recipients Remote Code Execution Vulnerability(CVE-2022-23940)

update rules:
1. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-23 18:04:12
名称: eoi.unify.allrulepatch.ips.5.6.11.27748.rule 版本:5.6.11.27748
MD5:7ae5de860bff8c702ef11bb3ba455bb5 大小:27.64M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27748。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41896]:Goby工具扫描攻击探测
2. 攻击[41897]:Xray工具扫描攻击探测
3. 攻击[25578]:Spring Security 认证绕过漏洞(CVE-2022-22978)
4. 攻击[25576]:Lansweeper lansweeper WebUserActions存储型跨站脚本漏洞(CVE-2022-21145)
5. 攻击[25577]:Oracle Access Manager OpenSSO Agent不安全反序列化漏洞(CVE-2021-35587)
6. 攻击[10531]:HAProxy HTTP 头处理拒绝服务漏洞(CVE-2022-0711)
7. 攻击[25579]:WordPress Photo Gallery Plugin存储型跨站脚本漏洞(CVE-2022-0750)

更新规则:
1. 攻击[41820]:HTTP CRLF注入攻击
2. 攻击[41781]:FRP内网穿透工具通信
3. 攻击[41782]:FRP内网穿透工具 - 通过域名访问
4. 应用:pop3


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27748. This package include changed rules:

new rules:
1. threat[41896]:Goby scan attack detection
2. threat[41897]:Xray scan attack detection
3. threat[25578]:Spring Security Authentication Bypass Vulnerability(CVE-2022-22978)
4. threat[25576]:Lansweeper lansweeper WebUserActions Stored Cross-Site Scripting Vulnerability(CVE-2022-21145)
5. threat[25577]:Oracle Access Manager OpenSSO Agent Insecure Deserialization(CVE-2021-35587)
6. threat[10531]:HAProxy Set-Cookie2 Header Handling Denial of Service Vulnerability (CVE-2022-0711)
7. threat[25579]:WordPress Photo Gallery Plugin Stored Cross Site Scripting Vulnerability(CVE-2022-0750)

update rules:
1. threat[41820]:HTTP CRLF Injection Attack
2. threat[41781]:Communication of FRP Intranet Penetration Tool
3. threat[41782]:FRP intranet penetration tool - Access via domain name
4. app:pop3


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-16 23:57:27
名称: eoi.unify.allrulepatch.ips.5.6.11.27711.rule 版本:5.6.11.27711
MD5:1f87ade301b0a304f937b856111ea552 大小:27.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27711。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25573]:WordPress Photo Gallery插件SQL注入漏洞(CVE-2022-1281)
2. 攻击[25574]:WordPress All-in-One WP Migration 插件目录遍历漏洞(CVE-2022-1476)
3. 攻击[25575]:WordPress TI WooCommerce Wishlist插件SQL注入漏洞 (CVE-2022-0412)
4. 攻击[25570]:Tiny File Manager tinyfilemanager.php fullpath目录遍历漏洞(CVE-2021-45010)
5. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134)
6. 攻击[41895]:Fscan webtitle攻击探测

更新规则:
1. 攻击[22915]:Microsoft IE内存破坏漏洞(CVE-2013-3914)(MS13-088)
2. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
3. 应用:mqtt


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27711. This package include changed rules:

new rules:
1. threat[25573]:WordPress Photo Gallery Plugin filter_tag SQL Injection Vulnerability(CVE-2022-1281)
2. threat[25574]:WordPress All-in-One WP Migration Plugin Backups Directory Traversal Vulnerability(CVE-2022-1476)
3. threat[25575]:WordPress TI WooCommerce Wishlist Plugin SQL Injection Vulnerability (CVE-2022-0412)
4. threat[25570]:Tiny File Manager tinyfilemanager.php fullpath Directory Traversal Vulnerability(CVE-2021-45010)
5. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134)
6. threat[41895]:Fscan Webtitle attack detection

update rules:
1. threat[22915]:Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2013-3914)(MS13-088)
2. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
3. app:mqtt


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-10 17:54:49
名称: eoi.unify.allrulepatch.ips.5.6.11.27646.rule 版本:5.6.11.27646
MD5:44c1f2a000e965485809a731fa4754c6 大小:27.62M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27646。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25564]:Vmware Workspace One Access服务端模板注入漏洞(CVE-2022-22954)
2. 攻击[25566]:Lansweeper GetAssetsByGroupId SQL注入漏洞(CVE-2022-21234)
3. 攻击[25567]:VMware 认证绕过漏洞(CVE-2022-22972)
4. 攻击[25568]:Microsoft Windows Support Diagnostic Tool远程代码执行漏洞(CVE-2022-30190)
5. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112)

更新规则:
1. 攻击[41820]:HTTP CRLF注入攻击
2. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27646. This package include changed rules:

new rules:
1. threat[25564]:Vmware Workspace One Access Server Template Injection Vulnerability(CVE-2022-22954)
2. threat[25566]:Lansweeper GetAssetsByGroupId SQL Injection Vulnerability(CVE-2022-21234)
3. threat[25567]:VMware Authentication Bypass Vulnerability(CVE-2022-22972)
4. threat[25568]:Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability(CVE-2022-30190)
5. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112)

update rules:
1. threat[41820]:HTTP CRLF Injection Attack
2. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-02 20:54:37
名称: eoi.unify.allrulepatch.ips.5.6.11.27602.rule 版本:5.6.11.27602
MD5:a5d59da0fcf6e65e41c76c9e5e018d47 大小:27.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27602。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25560]:Apache CouchDB 远程代码执行漏洞(CVE-2022-24706)
2. 攻击[25561]:Webmin 命令注入漏洞 (CVE-2019-15642)
3. 攻击[25563]:Spring Boot H2 Database 远程命令执行漏洞 (CVE-2021-42392)
4. 攻击[25562]:Windows Network File System 远程代码执行漏洞(CVE-2022-26937)

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞
2. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27602. This package include changed rules:


new rules:
1. threat[25560]:Apache CouchDB Remote Code Execution Vulnerability(CVE-2022-24706)
2. threat[25561]:Webmin Command Injection Vulnerability (CVE-2019-15642)
3. threat[25563]:Spring Boot H2 Database RCE Vulnerability (CVE-2021-42392)
4. threat[25562]:Windows Network File System Remote Code Execution Vulnerability(CVE-2022-26937)

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability
2. threat[41766]:Godzilla Webshell JSP Scripts Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-27 15:40:17
名称: eoi.unify.allrulepatch.ips.5.6.11.27562.rule 版本:5.6.11.27562
MD5:623a1b0f13fdd74dad9e2b3217c16cc3 大小:27.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27562。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
2. 攻击[25558]:ZZZCMS远程执行代码漏洞(CVE-2021-32605)
3. 攻击[25559]:Dolibarr ERP and CRM 代码注入漏洞( CVE-2022-0819)

更新规则:
1. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)
2. 攻击[41887]:Ngrok内网穿透工具通信
3. 攻击[24835]:Discuz ML远程代码执行漏洞(CVE-2019-13956)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27562. This package include changed rules:


new rules:
1. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
2. threat[25558]:ZZZCMS Remote Code Execution Vulnerability (CVE-2021-32605)
3. threat[25559]:Dolibarr ERP and CRM Code Injection Vulnerability( CVE-2022-0819)

update rules:
1. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)
2. threat[41887]:Ngrok Intranet Penetration Tool Communication
3. threat[24835]:Discuz ML RCE Vulnerability (CVE-2019-13956)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-20 17:10:36
名称: eoi.unify.allrulepatch.ips.5.6.11.27527.rule 版本:5.6.11.27527
MD5:2e3de726662c35c8fee0328e3370c7d6 大小:27.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27527。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25552]:Ruby On Rails 目录穿越漏洞(CVE-2018-3760)
2. 攻击[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL注入漏洞(CVE-2022-0169)
3. 攻击[25554]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33732)
4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)

更新规则:
1. 攻击[20171]:Microsoft IIS 4.0/5.0 CGI文件名错误解码攻击
2. 攻击[24257]:Pivotal Spring Framework isWritableProperty SpEL 表达式注入漏洞(CVE-2018-1273)
3. 攻击[30748]:DiscuzX前台任意文件删除漏洞
4. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27527. This package include changed rules:

new rules:
1. threat[25552]:Ruby On Rails Directory Traversal Vulnerability(CVE-2018-3760)
2. threat[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL Injection Vulnerability(CVE-2022-0169)
3. threat[25554]:Siemens SINEC NMS SQL Injection Vulnerability(CVE-2021-33732)
4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)

update rules:
1. threat[20171]:Microsoft IIS 4.0/5.0 CGI Filename Incorrect Decoding Vulnerability
2. threat[24257]:Pivotal Spring Framework isWritableProperty SpEL Injection Vulnerability(CVE-2018-1273)
3. threat[30748]:Discuz X foreground any file deletion vulnerability
4. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-12 18:24:07
名称: eoi.unify.allrulepatch.ips.5.6.11.27503.rule 版本:5.6.11.27503
MD5:2f1400d33df1223ac15eca2667cbc5f1 大小:27.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27503。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25548]:齐治堡垒机命令执行漏洞
2. 攻击[25549]:Spring Boot Eureka XStream 反序列化远程代码执行漏洞
3. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485)
4. 攻击[25551]:用友NC未授权反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27503. This package include changed rules:


new rules:
1. threat[25548]:Shterm Security Management System Command Execution Vulnerability
2. threat[25549]:Spring Boot Eureka XStream Deserializable Remote Code Execution Vulnerability
3. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485)
4. threat[25551]:Yonyou NC Unauthorized Deserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-07 20:10:14
名称: eoi.unify.allrulepatch.ips.5.6.11.27477.rule 版本:5.6.11.27477
MD5:96981c271f13c32cc7f547cf862a0a1a 大小:27.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27477。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25542]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2021-38391)
2. 攻击[25543]:Oracle WebLogic Server 反序列化漏洞 (CVE-2018-2628)
3. 攻击[25545]:WordPress WP Statistics SQL注入漏洞(CVE-2022-25148)
4. 攻击[25546]:WordPress WP Statistics SQL注入漏洞(CVE-2022-25149)
5. 攻击[25544]:Pimcore Title Field存储型跨站脚本漏洞(CVE-2022-0832)
6. 攻击[25547]:Pimcore Key Field存储型跨站脚本漏洞(CVE-2022-0831)

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27477. This package include changed rules:

new rules:
1. threat[25542]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2021-38391)
2. threat[25543]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2018-2628)
3. threat[25545]:WordPress WP Statistics Plugin current_page_id SQL Injection Vulnerability(CVE-2022-25148)
4. threat[25546]:WordPress WP Statistics Plugin ip SQL Injection Vulnerability(CVE-2022-25149)
5. threat[25544]:Pimcore Title Field Stored Cross-Site Scripting Vulnerability(CVE-2022-0832)
6. threat[25547]:Pimcore Key Field Stored Cross-Site Scripting Vulnerability(CVE-2022-0831)

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-28 15:30:40
名称: eoi.unify.allrulepatch.ips.5.6.11.27443.rule 版本:5.6.11.27443
MD5:a61f67fcf485aaf7b099f393e5a58054 大小:27.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27443。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25539]:Foxit PDF Reader and Editor Annotation rotate释放后重用漏洞(CVE-2021-34847)
2. 攻击[25540]:Apache OpenOffice dBase 缓冲区溢出漏洞(CVE-2021-33035)
3. 攻击[25541]:Microsoft Windows Remote Procedure Call Runtime远程代码执行漏洞(CVE-2022-26809)

更新规则:
1. 攻击[24881]:Zabbix latest.php SQL注入漏洞(CVE-2016-10134)
2. 攻击[25483]:HAProxy HTTP 头处理整数溢出漏洞(CVE-2021-40346)
3. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
4. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145)
5. 攻击[41887]:Ngrok内网穿透工具通信
6. 攻击[41710]:Linux系统Shell反向连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27443. This package include changed rules:

new rules:
1. threat[25539]:Foxit PDF Reader and Editor Annotation rotate Use After Free Vulnerability(CVE-2021-34847)
2. threat[25540]:Apache OpenOffice dBase Buffer Overflow Vulnerability(CVE-2021-33035)
3. threat[25541]:Microsoft Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability(CVE-2022-26809)

update rules:
1. threat[24881]:Zabbix latest.php SQL injection vulnerability (CVE-2016-10134)
2. threat[25483]:HAProxy HTTP Header Handling Integer Overflow Vulnerability(CVE-2021-40346)
3. threat[49014]:Mining program query DNS mine pool server domain name
4. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145)
5. threat[41887]:Ngrok Intranet Penetration Tool Communication
6. threat[41710]:Linux Shell Reverse Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-24 09:20:08
名称: eoi.unify.allrulepatch.ips.5.6.11.27394.rule 版本:5.6.11.27394
MD5:d11dd92214d7a1643840d0d3c287e209 大小:27.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27394。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25533]:Grafana Labs Grafana组件目录遍历漏洞(CVE-2021-43798)
2. 攻击[25534]:Apereo CAS 4.X反序列化漏洞
3. 攻击[25536]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2021-41288)
4. 攻击[25535]:Zoho ManageEngine ADSelfService Plus 认证绕过漏洞(CVE-2021-40539)
5. 攻击[25537]:Foxit PDF Reader and Editor Annotation richDefaults释放后重用漏洞(CVE-2021-34848)
6. 应用:百度手机端
7. 应用:反恐精英-全球攻势

更新规则:
1. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接
2. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564)
3. 攻击[40339]:木马后门程序Matrix木马通信
4. 攻击[41887]:Ngrok内网穿透工具通信
5. 应用:滴滴出行
6. 应用:王者荣耀
7. 应用:网易云音乐
8. 应用:高德地图
9. 应用:美团团购
10. 应用:今日头条
11. 应用:1688阿里巴巴
12. 应用:百度地图
13. 应用:腾讯视频
14. 应用:BiliBili
15. 应用:优酷视频
16. 应用:ftp
17. 应用:telnet


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27394. This package include changed rules:

new rules:
1. threat[25533]:Grafana Labs Grafana Plugin Directory Traversal Vulnerability(CVE-2021-43798)
2. threat[25534]:Apereo CAS 4.X Insecure Deserialization Vulnerability
3. threat[25536]:Zoho ManageEngine OpManager getReportData SQL Injection Vulnerability(CVE-2021-41288)
4. threat[25535]:Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability(CVE-2021-40539)
5. threat[25537]:Foxit PDF Reader and Editor Annotation richDefaults Use After Free Vulnerability(CVE-2021-34848)
6. app:Baidu mobile app
7. app:CSGO

update rules:
1. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect
2. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564)
3. threat[40339]:Backdoor/Trojan Matrix Communication
4. threat[41887]:Ngrok Intranet Penetration Tool Communication
5. app:DIDI
6. app:Glory of Kings
7. app:NetEase CloudMusic
8. app:AMAP
9. app:MEITUAN
10. app:Toutiao
11. app:1688-Alibaba
12. app:Baidu Map
13. app:Tencent Video
14. app:BiliBili
15. app:Youku Video
16. app:ftp
17. app:telnet


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-18 09:38:16
名称: eoi.unify.allrulepatch.ips.5.6.11.27355.rule 版本:5.6.11.27355
MD5:35af024e85ec864f5739573df4f7f14a 大小:27.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27355。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41888]:SSF代理工具连接建立
2. 攻击[41889]:Termite内网穿透工具通信



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27355. This package include changed rules:

new rules:
1. threat[41888]:SSF Proxy Tool Connection
2. threat[41889]:Termite Intranet Penetration Tool Communication



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-07 18:04:38
名称: eoi.unify.allrulepatch.ips.5.6.11.27337.rule 版本:5.6.11.27337
MD5:244f120dfa4425fe208da7134ad0995d 大小:27.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27337。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25530]:Spring Cloud Function SPEL表达式注入漏洞

更新规则:
1. 攻击[25450]:GitLab远程命令执行漏洞(CVE-2021-22205)
2. 攻击[24853]:Pippo FastjsonEngine Fastjson远程代码执行漏洞(CVE-2017-18349)
3. 攻击[25312]:用友NC6.5 bsh.servlet.BshServlet 远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27337. This package include changed rules:

new rules:
1. threat[25530]:Spring Cloud Function SPEL Injection Vulnerability

update rules:
1. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205)
2. threat[24853]:Pippo FastjsonEngine Fastjson RCE Vulnerability(CVE-2017-18349)
3. threat[25312]:Yonyou NC6.5 bsh.servlet.BshServlet Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-01 10:00:04
名称: eoi.unify.allrulepatch.ips.5.6.11.27310.rule 版本:5.6.11.27310
MD5:dac5f102b8771450d4295c4c39436dfe 大小:27.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27310。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25529]:Atlassian JIRA Data Center不安全反序列化漏洞 CVE-2020-36239
2. 攻击[41887]:Ngrok内网穿透工具通信


更新规则:
1. 攻击[24250]:Drupal核心远程代码执行漏洞
2. 攻击[24797]:PHPUnit 远程代码执行漏洞(CVE-2017-9841)
3. 应用:iec104


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27310. This package include changed rules:

new rules:
1. threat[25529]:Atlassian JIRA Data Center Insecure Deserialization Vulnerability CVE-2020-36239
2. threat[41887]:Ngrok Intranet Penetration Tool Communication


update rules:
1. threat[24250]:Drupal Core Remote Code Execution Vulnerability
2. threat[24797]:PHPUnit Remote Code Execution Vulnerability(CVE-2017-9841)
3. app:iec104



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-30 12:54:18
名称: eoi.unify.allrulepatch.ips.5.6.11.27270.rule 版本:5.6.11.27270
MD5:8804fdcd0b86f3a89131be85e1b81c07 大小:27.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27270。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41886]:Pystinger代理工具连接建立
2. 攻击[25526]:YouPHPTube Encoder 命令注入漏洞(CVE-2019-5129)
3. 攻击[25527]:Nagios XI Custom Includes Component任意文件上传漏洞(CVE-2021-40344)
4. 攻击[25528]:GitLab Community and Enterprise Edition DesignReferenceFilter存储型跨站脚本漏洞(CVE-2021-22238)

更新规则:
1. 攻击[25506]:Advantech WebAccess HMI Designer 堆缓冲区溢出漏洞(CVE-2021-33000)
2. 攻击[24361]:Cisco Prime Infrastructure swimtemp TFTP 任意文件上传漏洞(CVE-2018-15379)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27270. This package include changed rules:

new rules:
1. threat[41886]:Pystinger Proxy Tool Connection
2. threat[25526]:YouPHPTube Encoder Command Injection Vulnerability(CVE-2019-5129)
3. threat[25527]:Nagios XI Custom Includes Component Arbitrary File Upload Vulnerability(CVE-2021-40344)
4. threat[25528]:GitLab Community and Enterprise Edition DesignReferenceFilter Stored Cross-Site Scripting(CVE-2021-22238)

update rules:
1. threat[25506]:Advantech WebAccess HMI Designer Heap Buffer Overflow Vulnerability(CVE-2021-33000)
2. threat[24361]:Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload Vulnerability(CVE-2018-15379)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-24 17:50:32
名称: eoi.unify.allrulepatch.ips.5.6.11.27243.rule 版本:5.6.11.27243
MD5:a512fa750464cb2c64b62d761d0d2fd6 大小:27.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27243。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30786]:Metabase任意文件读取漏洞(CVE-2021-41277)
2. 攻击[41884]:恶意挖矿程序ETHMiner通信
3. 攻击[25523]:Nagios XI cmdsubsys.php Archive Name命令注入漏洞(CVE-2021-40345)
4. 攻击[41885]:Ecloud代理工具连接建立
5. 攻击[25524]:Oracle WebLogic Server本地文件包含漏洞(CVE-2022-21371)
6. 攻击[25525]:D-link DSL-2888A 命令注入漏洞(CVE-2020-24581)

更新规则:
1. 攻击[24656]:Spring Web Flow远程代码执行漏洞(CVE-2017-4971)
2. 攻击[24880]:FasterXML jackson-databind 远程代码执行漏洞(CVE-2020-11113)
3. 攻击[49004]:Blackmoon银行木马通信
4. 应用:ftps


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27243. This package include changed rules:

new rules:
1. threat[30786]:Metabase Arbitrary File Read Vulnerability(CVE-2021-41277)
2. threat[41884]:Malicious Mining Program Ethminer Communication
3. threat[25523]:Nagios XI cmdsubsys.php Archive Name Command Injection(CVE-2021-40345)
4. threat[41885]:Ecloud Proxy Tool Connection
5. threat[25524]:Oracle WebLogic Server Local File Inclusion Vulnerability(CVE-2022-21371)
6. threat[25525]:D-link DSL-2888A Command Injection Vulnerability(CVE-2020-24581)

update rules:
1. threat[24656]:Spring Web Flow Remote Code Execution Vulnerability(CVE-2017-4971)
2. threat[24880]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-11113)
3. threat[49004]:Blackmoon Banking Trojan Communication
4. app:ftps


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-17 17:44:46
名称: eoi.unify.allrulepatch.ips.5.6.11.27207.rule 版本:5.6.11.27207
MD5:9a45433c0f2e3f0b838bf0bfe2e86ac0 大小:27.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27207。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25516]:Spring Cloud Gateway远程代码执行漏洞(CVE-2022-22947)
2. 攻击[25517]:Schneider Electric Struxureware Data Center目录遍历漏洞(CVE-2021-22794)
3. 攻击[25518]:Schneider Electric Struxureware Data Center命令注入漏洞(CVE-2021-22795)
4. 攻击[25519]:Advantech WebAccess HMI Designer 内存破坏漏洞(CVE-2021-33004)

更新规则:
1. 攻击[30785]:D-Link DCS-2530L/DCS-2670L信息泄露漏洞(CVE-2020-25078)
2. 攻击[25511]:Autodesk FBX Review ZIP目录遍历漏洞(CVE-2021-27030)
3. 攻击[22722]:Apache Struts2远程代码执行漏洞(S2-013)
4. 应用:FTPS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27207. This package include changed rules:

new rules:
1. threat[25516]:Spring Cloud Gateway Remote Code Execution Vulnerability(CVE-2022-22947)
2. threat[25517]:Schneider Electric Struxureware Data Center Expert Firmware Update Directory Traversal Vulnerability(CVE-2021-22794)
3. threat[25518]:Schneider Electric Struxureware Data Center Expert testRepository Command Injection Vulnerability(CVE-2021-22795)
4. threat[25519]:Advantech WebAccess HMI Designer PM3 NHTrendGraph Memory Corruption Vulnerability(CVE-2021-33004)

update rules:
1. threat[30785]:D-Link DCS-2530L/DCS-2670L Information Disclosure Vulnerability(CVE-2020-25078)
2. threat[25511]:Autodesk FBX Review ZIP Directory Traversal Vulnerability(CVE-2021-27030)
3. threat[22722]:Apache Struts2 Remote Command Execution(S2-013)
4. app:FTPS


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-11 09:11:21
名称: eoi.unify.allrulepatch.ips.5.6.11.27156.rule 版本:5.6.11.27156
MD5:d574abb2942bee9547c693ddfbd9c22b 大小:26.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27156。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25515]:Blueimp jQuery-File-Upload 文件上传漏洞(CVE-2018-9206)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27156. This package include changed rules:

new rules:
1. threat[25515]:Blueimp jQuery-File-Upload File Upload Vulnerability(CVE-2018-9206)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-03 17:12:33
名称: eoi.unify.allrulepatch.ips.5.6.11.27135.rule 版本:5.6.11.27135
MD5:43f32a073bfd25a155a0876bf1731905 大小:26.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27135。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25508]:Samba vfs_fruit越界读写漏洞(CVE-2021-44142)
2. 攻击[25509]:向日葵远程代码执行漏洞
3. 攻击[41883]:恶意软件T-Rex挖矿活动
4. 攻击[25510]:Fortinet FortiWeb SAML Server Configuration命令注入漏洞(CVE-2021-22123)
5. 攻击[30785]:D-Link DCS-2530L/DCS-2670L信息泄露漏洞(CVE-2020-25078)
6. 攻击[25511]:Autodesk FBX Review ZIP目录遍历漏洞(CVE-2021-27030)
7. 攻击[25512]:Sonatype Nexus Repository Manager跨站脚本漏洞(CVE-2021-37152)
8. 攻击[25513]:NETGEAR JGS516PE远程代码执行漏洞(CVE-2020-26919)
9. 应用:udt
10. 应用:ovation
11. 应用:moxa-nport
12. 应用:gbt-32960
13. 应用:jt905
14. 应用:tridium-niagara-fox
15. 应用:jt809
16. 应用:doip
17. 应用:ddp
18. 应用:foxboro
19. 应用:atg
20. 应用:ansi-c1222

更新规则:
1. 攻击[25289]:SonarQube api 信息泄露漏洞(CVE-2020-27986)
2. 应用:afp
3. 应用:amqp
4. 应用:cip
5. 应用:dhcp
6. 应用:edp
7. 应用:egd
8. 应用:iecmms
9. 应用:ike
10. 应用:imap
11. 应用:ipsec-esp-udp
12. 应用:jabber
13. 应用:jt808
14. 应用:l2tp
15. 应用:nfs
16. 应用:ntp
17. 应用:omron_fins
18. 应用:open-vpn
19. 应用:pop3
20. 应用:pptp
21. 应用:radius
22. 应用:rtcp
23. 应用:rtmp
24. 应用:rtp
25. 应用:smtp
26. 应用:snmp
27. 应用:socks
28. 应用:ssdp
29. 应用:tftp
30. 应用:xdmcp
31. 应用:xmpp
32. 应用:synchrophasor
33. 应用:iec104
34. 应用:smtps
35. 应用:dicom
36. 应用:ATG
37. 应用:modbus
38. 应用:rpc


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27135. This package include changed rules:

new rules:
1. threat[25508]:Samba vfs_fruit Module ADEID_FINDERI Handling Out-Of-Bounds Read and Write Vulnerability(CVE-2021-44142)
2. threat[25509]:Sunlogin Remote Code Execution Vulnerability
3. threat[41883]:Malware T-Rex Mining Activities
4. threat[25510]:Fortinet FortiWeb SAML Server Configuration Command Injection Vulnerability(CVE-2021-22123)
5. threat[30785]:D-Link DCS-2530L/DCS-2670L Information Disclosure Vulnerability(CVE-2020-25078)
6. threat[25511]:Autodesk FBX Review ZIP Directory Traversal Vulnerability(CVE-2021-27030)
7. threat[25512]:Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability(CVE-2021-37152)
8. threat[25513]:NETGEAR JGS516PE Remote Code Execution Vulnerability(CVE-2020-26919)
9. app:udt
10. app:ovation
11. app:moxa-nport
12. app:gbt-32960
13. app:jt905
14. app:tridium-niagara-fox
15. app:jt809
16. app:doip
17. app:ddp
18. app:foxboro
19. app:atg
20. app:ansi-c1222

update rules:
1. threat[25289]:SonarQube api Information Disclosure Vulnerability(CVE-2020-27986)
2. app:afp
3. app:amqp
4. app:cip
5. app:dhcp
6. app:edp
7. app:egd
8. app:iecmms
9. app:ike
10. app:imap
11. app:ipsec-esp-udp
12. app:jabber
13. app:jt808
14. app:l2tp
15. app:nfs
16. app:ntp
17. app:omron_fins
18. app:open-vpn
19. app:pop3
20. app:pptp
21. app:radius
22. app:rtcp
23. app:rtmp
24. app:rtp
25. app:smtp
26. app:snmp
27. app:socks
28. app:ssdp
29. app:tftp
30. app:xdmcp
31. app:xmpp
32. app:synchrophasor
33. app:iec104
34. app:smtps
35. app:dicom
36. app:ATG
37. app:modbus
38. app:rpc


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-25 01:01:06
名称: eoi.unify.allrulepatch.ips.5.6.11.27090.rule 版本:5.6.11.27090
MD5:6229ddb409205e49abeb8360887e3e6e 大小:26.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27090。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41881]:Lanproxy内网穿透工具通信
2. 攻击[41882]:reDuh http隧道内网代理连接
3. 攻击[25502]:MeterSphere任意文件读取漏洞(CVE-2021-45789)
4. 攻击[25503]:MeterSphere任意文件上传漏洞(CVE-2021-45790)
5. 攻击[25504]:phpKF CMS 3.00 Beta y6远程代码执行漏洞
6. 攻击[25505]:Delta Industrial Automation DIAEnergie HandlerEnergyType.aspx SQL注入漏洞(CVE-2021-38390)
7. 攻击[25506]:Advantech WebAccess HMI Designer 堆缓冲区溢出漏洞(CVE-2021-33000)
8. 攻击[50619]:PHP Xdebug远程调试
9. 攻击[25507]:Terramaster TOS 命令注入漏洞(CVE-2020-28188)

更新规则:
1. 攻击[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL注入漏洞(CVE-2021-38393)
2. 攻击[23875]:IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385)
3. 攻击[41710]:Linux系统Shell反向连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27090. This package include changed rules:

new rules:
1. threat[41881]:Lanproxy Intranet Penetration Tool Communication
2. threat[41882]:reDuh http tunnel proxy connection
3. threat[25502]:MeterSphere Arbitrary File Read Vulnerability(CVE-2021-45789)
4. threat[25503]:MeterSphere Arbitrary File Upload Vulnerability(CVE-2021-45790)
5. threat[25504]:phpKF CMS 3.00 Beta y6 Remote Code Execution Vulnerability
6. threat[25505]:Delta Industrial Automation DIAEnergie HandlerEnergyType.aspx SQL Injection Vulnerability(CVE-2021-38390)
7. threat[25506]:Advantech WebAccess HMI Designer Heap Buffer Overflow Vulnerability(CVE-2021-33000)
8. threat[50619]:PHP Xdebug Remote Debug
9. threat[25507]:Terramaster TOS Command Injection Vulnerability(CVE-2020-28188)

update rules:
1. threat[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL Injection(CVE-2021-38393)
2. threat[23875]:IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385)
3. threat[41710]:Linux Shell Reverse Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-18 09:59:40
名称: eoi.unify.allrulepatch.ips.5.6.11.27049.rule 版本:5.6.11.27049
MD5:63635a6ff1b603316a6e0ac085fbaeb9 大小:26.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27049。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25499]:SearchBlox 任意文件读取漏洞 (CVE-2020-35580)
2. 攻击[25500]:Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL注入漏洞(CVE-2021-37558)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27049. This package include changed rules:

new rules:
1. threat[25499]:SearchBlox Arbitrary File Read Vulnerability (CVE-2020-35580)
2. threat[25500]:Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL Injection Vulnerability(CVE-2021-37558)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-11 13:07:38
名称: eoi.unify.allrulepatch.ips.5.6.11.27026.rule 版本:5.6.11.27026
MD5:23c4c2a4469cd0e5d913b28b7fa12e01 大小:26.90M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27026。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41880]:Venom代理工具连接建立
2. 攻击[25497]:Microsoft Azure OMI认证绕过漏洞(CVE-2021-38647)
3. 攻击[25498]:D-Link DNS-320 命令注入漏洞 (CVE-2020-25506)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27026. This package include changed rules:

new rules:
1. threat[41880]:Venom proxy tool connection establishment
2. threat[25497]:Microsoft Azure Open Management Infrastructure Authentication Bypass Vulnerability(CVE-2021-38647)
3. threat[25498]:D-Link DNS-320 Command Injection Vulnerability (CVE-2020-25506)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-03 20:06:34
名称: eoi.unify.allrulepatch.ips.5.6.11.27013.rule 版本:5.6.11.27013
MD5:3b371da6eeb39c9bcea644108d9bab1b 大小:26.88M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.27013。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25494]:Yealink Device Management 命令注入漏洞(CVE-2021-27561)
2. 攻击[25495]:用友NC6.5任意文件上传漏洞
3. 攻击[41879]:OneForAll资产收集工具子域名扫描
4. 攻击[41878]:恶意软件Windows/Aspxor_general网络通信
5. 攻击[25496]:WordPress Query SQL注入漏洞(CVE-2022-21661)

更新规则:
1. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085)
2. 攻击[49009]:可疑僵尸网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.27013. This package include changed rules:


new rules:
1. threat[25494]:Yealink Device Management Command Injection Vulnerability(CVE-2021-27561)
2. threat[25495]:Yonyou NC6.5 Arbitrary File Upload Vulnerability
3. threat[41879]:OneForAll Asset Collection Tool Scanning Subdomains
4. threat[41878]:Malware Windows/Aspxor_general Network Communication
5. threat[25496]:WordPress Query SQL Injection Vulnerability(CVE-2022-21661)

update rules:
1. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085)
2. threat[49009]:Suspicious Botnet Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-27 18:46:02
名称: eoi.unify.allrulepatch.ips.5.6.11.26975.rule 版本:5.6.11.26975
MD5:ecae7241995343f0be1a5ac7f11b796f 大小:26.89M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26975。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41876]:恶意软件Windows/Trojan.BlackRev_general网络通信
2. 攻击[41875]:恶意软件Windows/BotnetKernel.BlackEnergy_o网络通信
3. 攻击[50618]:内网隧道工具Privotnacci连接
4. 攻击[41877]:恶意软件Windows/Fakocan_a网络通信
5. 攻击[25493]:Windows HTTP协议栈远程代码执行漏洞(CVE-2022-21907)

更新规则:
1. 攻击[50616]:DNS隧道通信建立SSH连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26975. This package include changed rules:

new rules:
1. threat[41876]:Malware Windows/Trojan.BlackRev_general Network Communication
2. threat[41875]:Malware Windows/BotnetKernel.BlackEnergy_o Network Communication
3. threat[50618]:Intranet tunneling tool Privotnacci connection
4. threat[41877]:Malware Windows/Fakocan_a Network Communication
5. threat[25493]:HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2022-21907)

update rules:
1. threat[50616]:DNS tunnel communication is established through SSH connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-20 17:30:09
名称: eoi.unify.allrulepatch.ips.5.6.11.26941.rule 版本:5.6.11.26941
MD5:9e50eefc8b2f19282a57673c84ab6165 大小:26.88M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26941。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25490]:go-http-tunnel隧道工具通信
2. 攻击[50616]:DNS隧道通信建立SSH连接
3. 攻击[25491]:MeterSphere远程代码执行漏洞
4. 攻击[41870]:恶意软件LifeCalendarWorm挖矿程序连接DNS服务器
5. 攻击[41873]:恶意软件Windows/Rukap_o网络通信
6. 攻击[41872]:恶意软件Windows/Prometei_o网络通信
7. 攻击[41871]:恶意软件Linux/Momentum_a网络通信
8. 攻击[25492]:Genexis Platinum 4410 远程代码执行漏洞 (CVE-2021-29003)
9. 攻击[41874]:firepass代理连接建立

更新规则:
1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26941. This package include changed rules:

new rules:
1. threat[25490]:go-http-tunnel Tunnel Communication
2. threat[50616]:DNS tunnel communication is established through SSH connection
3. threat[25491]:MeterSphere Remote Code Execution Vulnerability
4. threat[41870]:The Malware LifeCalendarWorm Mining Program Connects To DNS Server
5. threat[41873]:Malware Windows/Rukap_o Network Communication
6. threat[41872]:Malware Windows/Prometei_o Network Communication
7. threat[41871]:Malware Linux/Momentum_a Network Communication
8. threat[25492]:Genexis Platinum 4410 Remote Code Execution Vulnerability (CVE-2021-29003)
9. threat[41874]:Firepass proxy connection establishment

update rules:
1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-14 17:01:04
名称: eoi.unify.allrulepatch.ips.5.6.11.26897.rule 版本:5.6.11.26897
MD5:2b6996332360a3c1be2a41595d2c4a10 大小:26.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26897。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25488]:Netgear NETGEAR 命令注入漏洞(CVE-2021-33514)
2. 攻击[25489]:Apache httpd mod_proxy Unix Socket 服务器端请求伪造漏洞 (CVE-2021-40438)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26897. This package include changed rules:

new rules:
1. threat[25488]:Netgear NETGEAR Command Injection Vulnerability(CVE-2021-33514)
2. threat[25489]:Apache httpd mod_proxy Unix Socket Server-Side Request Forgery Vulnerability (CVE-2021-40438)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-07 09:08:41
名称: eoi.unify.allrulepatch.ips.5.6.11.26861.rule 版本:5.6.11.26861
MD5:dfc0173f9dcdc5362188cf1b89ce9573 大小:26.85M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26861。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25485]:Persistent Systems Radia Client Automation命令执行漏洞(CVE-2015-1497)
2. 攻击[25487]:IBM Tivoli Storage Manager FastBack Server Opcode命令注入漏洞(CVE-2015-1949)
3. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085)

更新规则:
1. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞
2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26861. This package include changed rules:

new rules:
1. threat[25485]:Persistent Systems Radia Client Automation Command Execution Vulnerability(CVE-2015-1497)
2. threat[25487]:IBM Tivoli Storage Manager FastBack Server Opcode Command Injection Vulnerability(CVE-2015-1949)
3. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085)

update rules:
1. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability
2. threat[49014]:Mining program query DNS mine pool server domain name


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-30 17:47:54
名称: eoi.unify.allrulepatch.ips.5.6.11.26805.rule 版本:5.6.11.26805
MD5:f5f246e72c65d73fb59389a18b40ad50 大小:26.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26805。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25479]:Adobe Acrobat and Acrobat Reader DC AcroForm Field Format Action释放后重用漏洞(CVE-2021-39840)
2. 攻击[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL注入漏洞(CVE-2021-38393)
3. 攻击[25481]:Adobe Acrobat and Acrobat Reader DC AcroForm buttonGetCaption释放后重用漏洞(CVE-2021-39838)
4. 攻击[25483]:HAProxy HTTP 头处理整数溢出漏洞(CVE-2021-40346)
5. 攻击[41868]:恶意软件windows/ZeuS.ZbotCQJ_a僵尸网络通信

更新规则:
1. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26805. This package include changed rules:

new rules:
1. threat[25479]:Adobe Acrobat and Acrobat Reader DC AcroForm Field Format Action Use After Free Vulnerability(CVE-2021-39840)
2. threat[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL Injection(CVE-2021-38393)
3. threat[25481]:Adobe Acrobat and Acrobat Reader DC AcroForm buttonGetCaption Use After Free Vulnerability(CVE-2021-39838)
4. threat[25483]:HAProxy HTTP Header Handling Integer Overflow Vulnerability(CVE-2021-40346)
5. threat[41868]:Malware windows/ZeuS.ZbotCQJ_a Botnet Communication

update rules:
1. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-23 17:07:12
名称: eoi.unify.allrulepatch.ips.5.6.11.26749.rule 版本:5.6.11.26749
MD5:90baf9137f867b694339b628e1a933d3 大小:26.81M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26749。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41867]:冰蝎 3.0 beta 9 Webshell 连接(PHP)
2. 攻击[25477]:WordPress LearnPress Plugin存储型跨站脚本漏洞(CVE-2021-39348)
3. 攻击[41866]:恶意软件Trojan.MSIL.Antiresys.A僵尸网络上线通信
4. 应用:ADB

更新规则:
1. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
2. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013)
3. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26749. This package include changed rules:

new rules:
1. threat[41867]:Behinder 3.0 beta 9 Webshell Connect(PHP)
2. threat[25477]:WordPress LearnPress Plugin Profile Settings Stored Cross-Site Scripting Vulnerability(CVE-2021-39348)
3. threat[41866]:Malware Trojan.MSIL.Antiresys.A Botnet Network Communication
4. app:ADB

update rules:
1. threat[49014]:Mining program query DNS mine pool server domain name
2. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013)
3. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-16 17:59:33
名称: eoi.unify.allrulepatch.ips.5.6.11.26706.rule 版本:5.6.11.26706
MD5:67c86df27470eff82778d7452986c88a 大小:26.81M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26706。该升级包新增/改进的规则有:


更新规则:
1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26706. This package include changed rules:


update rules:
1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-11 00:28:45
名称: eoi.unify.allrulepatch.ips.5.6.11.26697.rule 版本:5.6.11.26697
MD5:8af10191447ee1167c78778fec7865b8 大小:26.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26697。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26697. This package include changed rules:

new rules:
1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-10 04:37:02
名称: eoi.unify.allrulepatch.ips.5.6.11.26681.rule 版本:5.6.11.26681
MD5:cc8140729aa29e8ae6a2d398b39cae00 大小:26.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26681。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25471]:VMware vCenter Server目录遍历漏洞 (CVE-2021-22013)
2. 攻击[25472]:VMware vCenter Server服务器端请求伪造(SSRF)漏洞(CVE-2021-21993)
3. 攻击[41864]:恶意软件Trojan.Linux.Orbiteibot.A僵尸网络上线通信
4. 攻击[41865]:恶意软件Trojan.MSIL.Ratblamik.A僵尸网络上线通信
5. 攻击[25473]:泛微e-office 9任意文件上传漏洞
6. 攻击[25474]:Centreon componentTemplates.php SQL注入漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26681. This package include changed rules:

new rules:
1. threat[25471]:VMware vCenter Server Directory Traversal Vulnerability (CVE-2021-22013)
2. threat[25472]:VMware vCenter Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-21993)
3. threat[41864]:Malware Trojan.Linux.Orbiteibot.A Botnet Network Communication
4. threat[41865]:Malware Trojan.MSIL.Ratblamik.A Botnet Network Communication
5. threat[25473]:Weaver e-office 9 Arbitrary File Upload Vulnerability
6. threat[25474]:Centreon componentTemplates.php SQL Injection Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-09 17:25:53
名称: eoi.unify.allrulepatch.ips.5.6.11.26660.rule 版本:5.6.11.26660
MD5:16cb6506e0e7746c168b6523efb358a4 大小:26.81M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26660。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41859]:恶意软件“匿影”挖矿程序DNS请求连接
2. 攻击[41860]:恶意软件ThanatosMiner挖矿程序DNS请求连接
3. 攻击[41849]:恶意软件MrbMiner挖矿程序DNS请求连接
4. 攻击[41850]:恶意软件Mykings挖矿程序DNS请求连接
5. 攻击[41852]:恶意软件Prometei挖矿程序DNS请求连接
6. 攻击[41853]:恶意软件TeamTNT挖矿程序DNS请求连接
7. 攻击[41851]:恶意软件z0Miner挖矿程序连接DNS服务器
8. 攻击[41854]:恶意软件Cleanfda挖矿程序连接DNS服务器
9. 攻击[41855]:Freakout挖矿程序连接DNS服务器
10. 攻击[41857]:恶意软件GuardMiner挖矿程序连接DNS服务器
11. 攻击[41858]:恶意软件LoggerMiner挖矿程序连接DNS服务器
12. 攻击[41861]:恶意程序DemonBot僵尸网络上线通信
13. 攻击[25470]:恶意挖矿程序ETHMiner获取挖矿任务
14. 攻击[41863]:恶意挖矿程序ETHMiner提交挖矿任务

更新规则:
1. 攻击[49040]:驱动人生下载器木马恶意域名DNS查询


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26660. This package include changed rules:


new rules:
1. threat[41859]:Malware Blackout Mining Program DNS Request Connection
2. threat[41860]:Malware ThanatosMiner Mining Program DNS Request Connection
3. threat[41849]:Malware MrbMiner Mining Program DNS Request Connection
4. threat[41850]:Malware Mykings Mining Program DNS Request Connection
5. threat[41852]:Malware Prometei Mining Program DNS Request Connection
6. threat[41853]:Malware TeamTNT Mining Program DNS Request Connection
7. threat[41851]:Malware z0Miner mining program connects to DNS server
8. threat[41854]:Malware Cleanfda mining program connects to DNS server
9. threat[41855]:Freakout mining program connects to DNS server
10. threat[41857]:Malware GuardMiner mining program connects to DNS server
11. threat[41858]:Malware LoggerMiner mining program connects to DNS server
12. threat[41861]:Malware DemonBot Botnet Network Communication
13. threat[25470]:Malware Mining ETHMiner Obtains Mining Tasks
14. threat[41863]:Malware Mining ETHMiner Submits Mining Task

update rules:
1. threat[49040]:Driver Talent Downloader Trojan Malicious Domain Name Query


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-03 17:40:56
名称: eoi.unify.allrulepatch.ips.5.6.11.26613.rule 版本:5.6.11.26613
MD5:181379e9bb72198ed876ce29130bd2a0 大小:26.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26613。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25463]:Hikvision Web Server 命令注入漏洞(CVE-2021-36260)
2. 攻击[25465]:Cisco UCS Director AMF 外部实体注入漏洞
3. 攻击[25464]:天擎终端安全管理系统SQL注入漏洞
4. 攻击[30783]:Schneider Electric C-Bus Toolkit PROJECT RESTORE信息泄露漏洞(CVE-2021-22720)
5. 攻击[25466]:Apache Druid LoadData 任意文件读取漏洞(CVE-2021-36749)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26613. This package include changed rules:

new rules:
1. threat[25463]:Hikvision Web Server Command Injection Vulnerability(CVE-2021-36260)
2. threat[25465]:Cisco UCS Director AMF External Entity Injection Vulnerability
3. threat[25464]:Tianqing Terminal Security Management System SQL Injection Vulnerability
4. threat[30783]:Schneider Electric C-Bus Toolkit PROJECT RESTORE Information Disclosure Vulnerability(CVE-2021-22720)
5. threat[25466]:Apache Druid LoadData Arbitrary File Read Vulnerability (CVE-2021-36749)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-26 15:46:50
名称: eoi.unify.allrulepatch.ips.5.6.11.26553.rule 版本:5.6.11.26553
MD5:2c7f6b2b71dd5b57b1ff5acc13a09133 大小:26.77M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26553。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25458]:AndroRAT隧道工具通信
2. 攻击[25459]:Microsoft Edge 内存破坏漏洞(CVE-2016-3386)
3. 攻击[25460]:Edge浏览器Chakra引擎prototype_concat类型混乱漏洞(CVE-2016-7242)
4. 攻击[25461]:Microsoft Edge Browser Chakra Engine Array.join 类型混乱漏洞(CVE-2016-7189)
5. 攻击[25462]:Microsoft Excel安全特征绕过漏洞(CVE-2021-42292)

更新规则:
1. 攻击[25403]:Jenkins Generic Webhook Trigger 插件外部实体注入漏洞(CVE-2021-21669)
2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
3. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26553. This package include changed rules:


new rules:
1. threat[25458]:AndroRAT Tunnel Communication
2. threat[25459]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3386)
3. threat[25460]:Edge_Chakra__array_prototype_concat_Type_Confusion Vulnerability(CVE-2016-7242)
4. threat[25461]:Microsoft Edge Browser Chakra Engine Array.join Type Confusion(CVE-2016-7189)
5. threat[25462]:Microsoft Excel Security Feature Bypass Vulnerability(CVE-2021-42292)

update rules:
1. threat[25403]:Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability(CVE-2021-21669)
2. threat[49014]:Mining program query DNS mine pool server domain name
3. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-19 13:40:43
名称: eoi.unify.allrulepatch.ips.5.6.11.26523.rule 版本:5.6.11.26523
MD5:cad5ccc5186bc05e7599f202a7719abb 大小:26.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26523。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25455]:Dell EMC VMAX目录遍历漏洞(CVE-2018-1215)
2. 攻击[30782]:Microsoft Internet Explorer和Edge信息泄露漏洞(CVE-2016-7195)
3. 攻击[25457]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7283) (MS16-144)
4. 攻击[25446]:Nagios XI Bulk Modification Tool bulkmodifications.inc.php SQL注入漏洞(CVE-2021-37350)

更新规则:
1. 攻击[25105]:Apache SkyWalking GraphQL 协议 SQL注入漏洞(CVE-2020-9483)
2. 攻击[23991]:Fastjson远程代码执行漏洞
3. 攻击[23875]:IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26523. This package include changed rules:


new rules:
1. threat[25455]:Dell EMC VMAX Directory Traversal Vulnerability(CVE-2018-1215)
2. threat[30782]:Microsoft Internet Explorer and Edge Information Disclosure Vulnerability(CVE-2016-7195)
3. threat[25457]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-7283) (MS16-144)
4. threat[25446]:Nagios XI Bulk Modification Tool bulkmodifications.inc.php SQL Injection Vulnerability(CVE-2021-37350)

update rules:
1. threat[25105]:Apache SkyWalking GraphQL Protocol SQL Injection Vulnerability(CVE-2020-9483)
2. threat[23991]:Fastjson Remote Code Execution Vulnerability
3. threat[23875]:IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-12 09:22:52
名称: eoi.unify.allrulepatch.ips.5.6.11.26476.rule 版本:5.6.11.26476
MD5:2dfc8e7dd1cfc8c9a0117a1babc9e8a4 大小:26.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26476。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25450]:GitLab远程命令执行漏洞(CVE-2021-22205)
2. 攻击[25451]:Adobe Acrobat DC SMask越界写漏洞(CVE-2021-39843)
3. 攻击[25453]:Quest NetVault Backup 认证绕过漏洞(CVE-2018-1163)
4. 攻击[25454]:Google Golang Get命令注入漏洞(CVE-2018-7187)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26476. This package include changed rules:


new rules:
1. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205)
2. threat[25451]:Adobe Acrobat DC SMask Out of Bounds Write Vulnerability(CVE-2021-39843)
3. threat[25453]:Quest NetVault Backup Authentication Bypass Vulnerability(CVE-2018-1163)
4. threat[25454]:Google Golang Get Command Injection Vulnerability(CVE-2018-7187)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-05 10:16:47
名称: eoi.unify.allrulepatch.ips.5.6.11.26440.rule 版本:5.6.11.26440
MD5:0253af6c9ced35e8f88a64ddd20d15f5 大小:25.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26440。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25443]:Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-40487)
2. 攻击[25444]:Flarum存储型跨站脚本漏洞(CVE-2021-32671)
3. 攻击[25445]:Flarum反射型跨站脚本漏洞(CVE-2021-32671)
4. 攻击[25447]:Nagios XI Manage My Dashboards Page存储型跨站脚本漏洞(CVE-2021-38156)
5. 攻击[25448]:Advantech R-SeeNet 反射型跨站脚本漏洞(CVE-2021-21799)
6. 攻击[25449]:XXL-JOB(REST接口)未授权远程执行漏洞

更新规则:
1. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)
2. 攻击[25442]:Schneider Electric C-Bus Toolkit 文件上传漏洞(CVE-2021-22719)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26440. This package include changed rules:

new rules:
1. threat[25443]:Microsoft SharePoint Server Remote Code Execution Vulnerability(CVE-2021-40487)
2. threat[25444]:Flarum Stored Core Cross-Site Scripting Vulnerability(CVE-2021-32671)
3. threat[25445]:Flarum Reflected Core Cross-Site Scripting Vulnerability(CVE-2021-32671)
4. threat[25447]:Nagios XI Manage My Dashboards Page Stored Cross-Site Scripting Vulnerability(CVE-2021-38156)
5. threat[25448]:Advantech R-SeeNet Reflected Cross-Site Scripting Vulnerability(CVE-2021-21799)
6. threat[25449]:XXL-JOB (REST API) Unauthorized Remote Code Execution Vulnerability

update rules:
1. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)
2. threat[25442]:Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Vulnerability(CVE-2021-22719)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-29 09:31:42
名称: eoi.unify.allrulepatch.ips.5.6.11.26408.rule 版本:5.6.11.26408
MD5:08c3999b143f6b25d1428d5b5cbd2e99 大小:25.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26408。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013)
2. 攻击[25436]:Adobe Acrobat Reader DC EScript.api Thermometer Object释放后重用漏洞(CVE-2021-28640)
3. 攻击[25437]:WordPress Automattic WooCommerce Blocks插件SQL注入漏洞(CVE-2021-32789)
4. 攻击[25438]:Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS释放后重用漏洞(CVE-2021-28639)
5. 攻击[25439]:Eaton IPM removeBackground任意文件删除漏洞(CVE-2021-23278)
6. 攻击[25440]:Eaton IPM removeFirmware任意文件删除漏洞(CVE-2021-23278)
7. 攻击[25441]:Schneider Electric C-Bus Toolkit 目录遍历漏洞(CVE-2021-22717)
8. 攻击[25442]:Schneider Electric C-Bus Toolkit 文件上传漏洞(CVE-2021-22719)

更新规则:
1. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
2. 攻击[10139]:Linux Kernel SNMP NAT Helper远程拒绝服务攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26408. This package include changed rules:

new rules:
1. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013)
2. threat[25436]:Adobe Acrobat Reader DC EScript.api Thermometer Object Use After Free Vulnerability(CVE-2021-28640)
3. threat[25437]:WordPress Automattic WooCommerce Blocks Plugin SQL Injection Vulnerability(CVE-2021-32789)
4. threat[25438]:Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS Use After Free Vulnerability(CVE-2021-28639)
5. threat[25439]:Eaton IPM removeBackground Arbitrary File Deletion Vulnerability(CVE-2021-23278)
6. threat[25440]:Eaton IPM removeFirmware Arbitrary File Deletion Vulnerability(CVE-2021-23278)
7. threat[25441]:Schneider Electric C-Bus Toolkit ACCESS SAVE Command Directory Traversal Vulnerability(CVE-2021-22717)
8. threat[25442]:Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Vulnerability(CVE-2021-22719)

update rules:
1. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704)
2. threat[10139]:Linux Kernel SNMP NAT Helper Remote Denial of Service


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-22 09:11:25
名称: eoi.unify.allrulepatch.ips.5.6.11.26362.rule 版本:5.6.11.26362
MD5:29e16004ef12a890e5422ab6bd037e45 大小:25.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26362。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25428]:Microsoft Windows Print Spooler远程代码执行漏洞(CVE-2021-34527)
2. 攻击[25430]:Netgear ProSAFE NMS300 MibController realName 目录遍历漏洞(CVE-2021-27276)
3. 攻击[25431]:Oracle Business Intelligence AMF反序列化漏洞(CVE-2021-2456)
4. 攻击[30780]:Oracle Business Intelligence XML外部实体注入漏洞(CVE-2021-2401)
5. 攻击[25432]:Atlassian JIRA Data Center不安全反序列化漏洞(CVE-2020-36239)
6. 攻击[25433]:Nagios Log Server Audit Log And Alert History 反射型跨站脚本漏洞(CVE-2021-35478)

更新规则:
1. 攻击[50593]:Redis认证失败
2. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
3. 攻击[25427]:Advantech R-SeeNet跨站脚本漏洞(CVE-2021-21800)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26362. This package include changed rules:

new rules:
1. threat[25428]:Microsoft Windows Print Spooler Code Execution Vulnerability(CVE-2021-34527)
2. threat[25430]:Netgear ProSAFE NMS300 MibController realName Directory Traversal Vulnerability(CVE-2021-27276)
3. threat[25431]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization Vulnerability(CVE-2021-2456)
4. threat[30780]:Oracle Business Intelligence Publisher XDO XML External Entity Injection Vulnerability(CVE-2021-2401)
5. threat[25432]:Atlassian JIRA Data Center Insecure Deserialization Vulnerability(CVE-2020-36239)
6. threat[25433]:Nagios Log Server Audit Log And Alert History Reflected Cross-Site Scripting Vulnerability(CVE-2021-35478)

update rules:
1. threat[50593]:Redis Authenticated Failed
2. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704)
3. threat[25427]:Advantech R-SeeNet Cross-Site Scripting Vulnerability(CVE-2021-21800)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-14 19:13:31
名称: eoi.unify.allrulepatch.ips.5.6.11.26316.rule 版本:5.6.11.26316
MD5:ff88f965dd635622172c1bd5603acb24 大小:25.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26316。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25426]:Advantech R-SeeNet 命令注入漏洞(CVE-2021-21805)
2. 攻击[25427]:Advantech R-SeeNet跨站脚本漏洞(CVE-2021-21800)

更新规则:
1. 攻击[25425]:Microsoft MSHTML 远程代码执行漏洞(CVE-2021-40444)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26316. This package include changed rules:

new rules:
1. threat[25426]:Advantech R-SeeNet Command Injection Vulnerability(CVE-2021-21805)
2. threat[25427]:Advantech R-SeeNet Cross-Site Scripting Vulnerability(CVE-2021-21800)

update rules:
1. threat[25425]:Microsoft MSHTML Remote Code Execution Vulnerability(CVE-2021-40444)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-08 10:14:46
名称: eoi.unify.allrulepatch.ips.5.6.11.26306.rule 版本:5.6.11.26306
MD5:7212c7650acb7ef3cc5f88e59c34c28c 大小:25.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26306。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25422]:Microsoft Visual Studio Code 扩展命令注入漏洞(CVE-2021-28472)
2. 攻击[25423]:Adobe Acrobat and Acrobat Reader DC AcroForm addField释放后重用漏洞(CVE-2021-28635)

更新规则:
1. 攻击[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php系统命令注入漏洞(CVE-2021-25298)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26306. This package include changed rules:

new rules:
1. threat[25422]:Microsoft Visual Studio Code Extension Command Injection Vulnerability(CVE-2021-28472)
2. threat[25423]:Adobe Acrobat and Acrobat Reader DC AcroForm addField Use After Free Vulnerability(CVE-2021-28635)

update rules:
1. threat[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php OS Command Injection Vulnerability(CVE-2021-25298)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-30 16:19:54
名称: eoi.unify.allrulepatch.ips.5.6.11.26278.rule 版本:5.6.11.26278
MD5:f50411ff1bbbb8d468915be3102d951b 大小:25.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26278。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25416]:phpMyAdmin跨站点请求伪造漏洞(CVE-2019-12922)
2. 攻击[25415]:Nginx越界读取缓存漏洞(CVE-2017-7529)
3. 攻击[25417]:Apache Struts OGNL 远程代码执行漏洞
4. 攻击[25420]:phpMyAdmin lint.php本地文件包含漏洞(CVE-2018-12613)
5. 攻击[25419]:Advantech iView getPSInventoryInfo SQL注入漏洞(CVE-2021-32932)
6. 攻击[25421]:Advantech R-SeeNet device_graph_page.php跨站脚本漏洞(CVE-2021-21801)

更新规则:
1. 攻击[24849]:通达OA任意文件上传漏洞
2. 攻击[24794]:通达OA任意文件包含漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26278. This package include changed rules:

new rules:
1. threat[25416]:phpMyAdmin Cross Site Request Forgery Vulnerability(CVE-2019-12922)
2. threat[25415]:Nginx Out-of-bounds Read Cache Vulnerability(CVE-2017-7529)
3. threat[25417]:Apache Struts OGNL Remote Code Execution Vulnerability
4. threat[25420]:phpMyAdmin lint.php Local File Inclusion Vulnerability(CVE-2018-12613)
5. threat[25419]:Advantech iView getPSInventoryInfo SQL Injection Vulnerability(CVE-2021-32932)
6. threat[25421]:Advantech R-SeeNet device_graph_page.php Cross-Site Scripting Vulnerability(CVE-2021-21801)

update rules:
1. threat[24849]:TongDa OA arbitrary file upload vulnerability
2. threat[24794]:Tongda OA Arbitrary File Contains Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-23 18:37:30
名称: eoi.unify.allrulepatch.ips.5.6.11.26245.rule 版本:5.6.11.26245
MD5:130821de0f25d1abc47023a145916258 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26245。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25410]:Apache ActiveMQ 反序列化漏洞(CVE-2015-5254)
2. 攻击[25411]:Weblogic 二次序列化漏洞(CVE-2021-2135)
3. 攻击[25412]:Jenkins Extra Columns 插件存储型跨站脚本漏洞(CVE-2021-21630)
4. 攻击[25413]:Apache Tomcat Session远程代码执行漏洞(CVE-2020-9484)
5. 攻击[25414]:Jenkins Scriptler 插件存储型跨站点脚本漏洞(CVE-2021-21667)
6. 应用:达梦数据库

更新规则:
1. 攻击[25409]:Zoho ManageEngine ServiceDesk Plus远程命令执行漏洞(CVE-2021-20081)
2. 攻击[41843]:Zgrab 扫描攻击探测
3. 攻击[25145]:Weblogic Server远程代码执行漏洞(CVE-2021-2109)
4. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26245. This package include changed rules:


new rules:
1. threat[25410]:Apache ActiveMQ Deserialization Vulnerability (CVE-2015-5254)
2. threat[25411]:Weblogic Secondary Serialization Vulnerability(CVE-2021-2135)
3. threat[25412]:Jenkins Extra Columns Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21630)
4. threat[25413]:Apache Tomcat Session Remote Code Execution Vulnerability(CVE-2020-9484)
5. threat[25414]:Jenkins Scriptler Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21667)
6. app:add

update rules:
1. threat[25409]:Zoho ManageEngine ServiceDesk Plus Custom Schedules Arbitrary Command Execution Vulnerability(CVE-2021-20081)
2. threat[41843]:Zgrab scan attack detection
3. threat[25145]:Weblogic Server Remote Code Execution Vulnerability(CVE-2021-2109)
4. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-16 17:20:24
名称: eoi.unify.allrulepatch.ips.5.6.11.26200.rule 版本:5.6.11.26200
MD5:47b6565bcb5f9492222d37f1f98c4aa5 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26200。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25406]:Spring 框架反射型文件下载漏洞(CVE-2020-5421)
2. 攻击[25407]:Oracle Weblogic WLS组件远程代码执行漏洞(CVE-2018-3191)
3. 攻击[25408]:Oracle Weblogic远程代码执行漏洞(CVE-2018-3245)

更新规则:
1. 攻击[24851]:Spring Security OAuth 远程代码执行漏洞(CVE-2016-4977)
2. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)
3. 攻击[23783]:nginx文件类型错误解析漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26200. This package include changed rules:

new rules:
1. threat[25406]:Spring Framework Reflective File Download Vulnerability(CVE-2020-5421)
2. threat[25407]:Oracle Weblogic WLS Core Components Remote Code Execution Vulnerability(CVE-2018-3191)
3. threat[25408]:Oracle Weblogic Remote Code Execution Vulnerability(CVE-2018-3245)

update rules:
1. threat[24851]:Spring Security OAuth remote code execution vulnerability (CVE-2016-4977)
2. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)
3. threat[23783]:nginx Incorrect File Type Parse Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-10 09:25:12
名称: eoi.unify.allrulepatch.ips.5.6.11.26154.rule 版本:5.6.11.26154
MD5:ebade01b1ed240281cf6db01f81aedfa 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26154。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25400]:Jenkins Config File Provider 组件外部实体注入漏洞(CVE-2021-21642)
2. 攻击[25401]:SolarWinds Network Performance Monitor反序列化漏洞(CVE-2021-31474)
3. 攻击[25402]:Zoho ManageEngine ADSelfService Plus命令注入漏洞(CVE-2021-28958)
4. 攻击[25403]:Jenkins Generic Webhook Trigger 插件外部实体注入漏洞(CVE-2021-21669)
5. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084)

更新规则:
1. 攻击[24276]:Apache HTTP Server远程安全限制绕过漏洞(CVE-2017-15715)
2. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26154. This package include changed rules:

new rules:
1. threat[25400]:Jenkins Config File Provider Plugin External Entity Injection Vulnerability(CVE-2021-21642)
2. threat[25401]:SolarWinds Network Performance Monitor FromJson Insecure Deserialization(CVE-2021-31474)
3. threat[25402]:Zoho ManageEngine ADSelfService Plus Password Command Injection(CVE-2021-28958)
4. threat[25403]:Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability(CVE-2021-21669)
5. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084)

update rules:
1. threat[24276]:Apache HTTP Server Remote Security Limit Bypass Vulnerability (CVE-2017-15715)
2. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-02 20:33:52
名称: eoi.unify.allrulepatch.ips.5.6.11.26127.rule 版本:5.6.11.26127
MD5:2ecbf89c0f1605050ad9b45bac30fe9a 大小:25.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26127。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25395]:JBoss Application Server EJBInvokerServlet 远程代码执行漏洞(CVE-2013-4810)
2. 攻击[25397]:Adobe ColdFusion 反序列化漏洞(CVE-2017-3066)
3. 攻击[41842]:WorkMiner 僵尸网络通信

更新规则:
1. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635)
2. 攻击[24109]:Apache Solr/LuceneXML实体扩展漏洞(XXE)(CVE-2017-12629)
3. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193)
4. 攻击[30779]:Netgear ProSAFE NMS300 ConfigFileController 任意文件读取(CVE-2021-27275)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26127. This package include changed rules:

new rules:
1. threat[25395]:Boss Application Server EJBInvokerServlet Remote Code Execution Vulnerability(CVE-2013-4810)
2. threat[25397]:Adobe ColdFusion Deserialization Vulnerability(CVE-2017-3066)
3. threat[41842]:WorkMiner Botnet Communication

update rules:
1. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635)
2. threat[24109]:Apache Solr/LuceneXML Entity Extension Vulnerability (XXE) (CVE-2017-12629)
3. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193)
4. threat[30779]:Netgear ProSAFE NMS300 ConfigFileController getFileContext Arbitrary File Read(CVE-2021-27275)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-27 15:25:57
名称: eoi.unify.allrulepatch.ips.5.6.11.26071.rule 版本:5.6.11.26071
MD5:47820a56ea0414227571a422784b5c43 大小:25.42M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26071。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10529]:OpenLDAP slapd Search断言失败拒绝服务漏洞(CVE-2021-27212)
2. 攻击[25384]:Schneider Electric C-Bus Toolkit 目录遍历漏洞(CVE-2021-22718)
3. 攻击[25385]:Ruby Net::FTP 命令注入漏洞(CVE-2017-17405)
4. 攻击[25383]:Apache OFBiz任意文件上传漏洞(CVE-2021-37608)
5. 攻击[25388]:VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985)
6. 攻击[25386]:Nagios XI email地址存储型跨站脚本漏洞
7. 攻击[30779]:Netgear ProSAFE NMS300 ConfigFileController 任意文件读取(CVE-2021-27275)
8. 攻击[25390]:Netgear ProSAFE NMS300 FileUploadUtils目录遍历
9. 攻击[25392]:Apache Spark未授权远程代码执行漏洞(REST方式)
10. 攻击[25393]:Fortinet FortiWeb 远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26071. This package include changed rules:

new rules:
1. threat[10529]:OpenLDAP slapd Search Assertion Failure Denial of Service Vulnerability(CVE-2021-27212)
2. threat[25384]:Schneider Electric C-Bus Toolkit Directory Traversal(CVE-2021-22718)
3. threat[25385]:Ruby Net::FTP Command Injection Vulnerability(CVE-2017-17405)
4. threat[25383]:Apache OFBiz Arbitrary File Upload Vulnerability(CVE-2021-37608)
5. threat[25388]:VMware vCenter Server Remote Code Execution Vulnerability(CVE-2021-21985)
6. threat[25386]:Nagios XI Account Email Address Stored Cross-Site Scripting
7. threat[30779]:Netgear ProSAFE NMS300 ConfigFileController getFileContext Arbitrary File Read(CVE-2021-27275)
8. threat[25390]:Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal
9. threat[25392]:Apache Spark Unauthorized Remote Code Execution Vulnerability (REST)
10. threat[25393]:Fortinet FortiWeb OS Command Injection Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-25 16:12:03
名称: eoi.unify.allrulepatch.ips.5.6.11.26038.rule 版本:5.6.11.26038
MD5:ecd456c438910f9a89831372c7dc7aee 大小:25.40M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26038。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25379]:Zoho ManageEngine Applications Manager Displayname 存储型跨站脚本漏洞
2. 攻击[25381]:Zoho ManageEngine Applications Manager URL monitor SQL注入漏洞
3. 攻击[25382]:OpenEMR phpGACL edit_group.php SQL注入漏洞(CVE-2020-13568)

更新规则:
1. 攻击[25378]:Jenkins 多个插件外部实体注入漏洞(CVE-2021-21659)(CVE-2021-21658)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26038. This package include changed rules:

new rules:
1. threat[25379]:Zoho ManageEngine Applications Manager Displayname Stored Cross-Site Scripting Vulnerability
2. threat[25381]:Zoho ManageEngine Applications Manager URL monitor SQL Injection Vulnerability
3. threat[25382]:OpenEMR phpGACL edit_group.php SQL Injection Vulnerability(CVE-2020-13568)

update rules:
1. threat[25378]:Jenkins Multiple Plugins External Entity Injection Vulnerability(CVE-2021-21659)(CVE-2021-21658)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-12 18:18:52
名称: eoi.unify.allrulepatch.ips.5.6.11.26005.rule 版本:5.6.11.26005
MD5:e32a31e8a0632a3b4aa0c7f0fb2ad62d 大小:25.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.26005。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25374]:ThinkPHP 2.x/3.0 远程代码执行漏洞
2. 攻击[25375]:SEO Panel反射型跨站脚本漏洞(CVE-2021-3002)
3. 攻击[25376]:TamronOS IPTV系统任意命令执行漏洞
4. 攻击[25377]:Gitlab服务器端请求伪造(SSRF)漏洞(CVE-2021-22214)
5. 攻击[25371]:Jenkins Active Choices 组件存储型跨站脚本漏洞(CVE-2021-21616)
6. 攻击[25372]:Jenkins Claim组件存储型跨站脚本漏洞(CVE-2021-21619)

更新规则:
1. 攻击[41702]:Nmap扫描攻击探测
2. 攻击[41060]:木马后门程序PHP一句话木马


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.26005. This package include changed rules:

new rules:
1. threat[25374]:ThinkPHP 2.x/3.0 Remote Code Execution Vulnerability
2. threat[25375]:SEO Panel Reflected Cross-Site Scripting Vulnerability(CVE-2021-3002)
3. threat[25376]:TamronOS IPTV System Arbitrary Command Execution Vulnerability
4. threat[25377]:Gitlab Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-22214)
5. threat[25371]:Jenkins Active Choices Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21616)
6. threat[25372]:Jenkins Claim Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21619)

update rules:
1. threat[41702]:Nmap scan attack detection
2. threat[41060]:Trojan/Backdoor General PHP trojan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-05 19:56:07
名称: eoi.unify.allrulepatch.ips.5.6.11.25946.rule 版本:5.6.11.25946
MD5:3fcc60daf5207dd94ea0b333675c3711 大小:25.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25946。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25363]:Netgate pfSense services_wol_edit.php 存储型跨站脚本漏洞(CVE-2021-27933)
2. 攻击[25364]:Cisco HyperFlex HX Auth远程代码执行漏洞(CVE-2021-1497)
3. 攻击[25366]:GitLab Graphql信息泄露漏洞(CVE-2020-26413)
4. 攻击[25367]:Citrix XenMobile 任意文件读取漏洞(CVE-2020-8209)
5. 攻击[25370]:Apache Pulsar JSON Web Token 认证绕过漏洞(CVE-2021-22160)
6. 攻击[25368]:IceWarp WebClient 跨站脚本漏洞(CVE-2020-25925)
7. 攻击[25369]:IceWarp WebClient basic 远程命令执行漏洞

更新规则:
1. 攻击[63144]:Microsoft Windows注册表写入尝试
2. 攻击[63143]:Microsoft Windows注册表读取尝试


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25946. This package include changed rules:

new rules:
1. threat[25363]:Netgate pfSense services_wol_edit.php Stored Cross-Site Scripting Vulnerability(CVE-2021-27933)
2. threat[25364]:Cisco HyperFlex HX Auth Remote Command Execution Vulnerability(CVE-2021-1497)
3. threat[25366]:GitLab Graphql Information Disclosure Vulnerability(CVE-2020-26413)
4. threat[25367]:Citrix XenMobile Arbitrary File Read Vulnerability(CVE-2020-8209)
5. threat[25370]:Apache Pulsar JSON Web Token Authentication Bypass Vulnerability(CVE-2021-22160)
6. threat[25368]:IceWarp WebClient Cross Site Scripting Vulnerability(CVE-2020-25925)
7. threat[25369]:IceWarp WebClient basic Remote Command Execution Vulnerability

update rules:
1. threat[63144]:Microsoft Windows Registry Write Attempt
2. threat[63143]:Microsoft Windows Registry Read Attempt


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-29 17:51:36
名称: eoi.unify.allrulepatch.ips.5.6.11.25909.rule 版本:5.6.11.25909
MD5:d067b4774f681205efff1853ffcfe1ae 大小:25.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25909。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25354]:phpMyadmin Scripts/setup.php反序列化漏洞
2. 攻击[25356]:Adobe ColdFusion管理控制台目录遍历漏洞(CVE-2010-2861 )
3. 攻击[25357]:VMware vRealize Operations任意文件写入漏洞(CVE-2021-21983)
4. 攻击[25358]:WordPress 外部实体注入漏洞(CVE-2021-29447)
5. 攻击[25359]:Jenkins Credentials Plugin 反射型跨站脚本漏洞(CVE-2021-21648)
6. 攻击[25361]:Apache Dubbo YAML不安全反序列化漏洞(CVE-2021-30180)
7. 攻击[25362]:Apache Dubbo Script Routing 远程代码执行漏洞(CVE-2021-30181)
8. 攻击[25360]:Jenkins Dashboard View Plugin 存储型跨站脚本漏洞(CVE-2021-21649)

更新规则:
1. 攻击[25122]:XStream任意文件删除漏洞(CVE-2020-26259)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25909. This package include changed rules:

new rules:
1. threat[25354]:phpMyadmin Scripts/setup.php Deserialization Vulnerability
2. threat[25356]:Adobe ColdFusion Administrator Console Directory Traversal Vulnerability(CVE-2010-2861 )
3. threat[25357]:VMware vRealize Operations Arbitrary File Write Vulnerability(CVE-2021-21983)
4. threat[25358]:WordPress External Entity Injection Vulnerability(CVE-2021-29447)
5. threat[25359]:Jenkins Credentials Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2021-21648)
6. threat[25361]:Apache Dubbo Unsafe YAML Unmarshalling Vulnerability(CVE-2021-30180)
7. threat[25362]:Apache Dubbo Script Routing Remote Code Execution Vulnerability(CVE-2021-30181)
8. threat[25360]:Jenkins Dashboard View Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21649)

update rules:
1. threat[25122]:XStream Arbitrary File Deletion Vulnerability (CVE-2020-26259)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-22 17:55:02
名称: eoi.unify.allrulepatch.ips.5.6.11.25836.rule 版本:5.6.11.25836
MD5:060f42e86786472a3e999f0b142d81b9 大小:25.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25836。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25347]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2020-10204)
2. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25836. This package include changed rules:

new rules:
1. threat[25347]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2020-10204)
2. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-15 17:56:26
名称: eoi.unify.allrulepatch.ips.5.6.11.25814.rule 版本:5.6.11.25814
MD5:b4516203b7b5148bc9aaf8234e385a57 大小:25.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25814。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30778]:Oracle E-Business电子商务套件iStore跨站脚本注入漏洞(CVE-2021-2182)
2. 攻击[25341]:Saltstack SaltStack Salt 目录遍历漏洞(CVE-2021-25282)
3. 攻击[25342]:Gitea 1.4.0 目录穿越漏洞
4. 攻击[25343]:YAPI Mock功能远程代码执行漏洞
5. 攻击[25340]:Apache Dubbo反序列化漏洞(CVE-2021-25641)
6. 攻击[25339]:Websvn 2.6.0 - 远程代码执行漏洞(CVE-2021-32305)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25814. This package include changed rules:

new rules:
1. threat[30778]:Oracle E-Business Suite iStore Cross-Site Scripting Vulnerability(CVE-2021-2182)
2. threat[25341]:Saltstack SaltStack Salt Directory Traversal Vulnerability(CVE-2021-25282)
3. threat[25342]:Gitea 1.4.0 Directory Traversal Vulnerability
4. threat[25343]:YAPI Mock Script Remote Code Execution Vulnerability
5. threat[25340]:Apache Dubbo Unsafe Deserialization Vulnerability(CVE-2021-25641)
6. threat[25339]:Websvn 2.6.0 - Remote Code Execution Vulnerability(CVE-2021-32305)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-13 10:18:12
名称: eoi.unify.allrulepatch.ips.5.6.11.25788.rule 版本:5.6.11.25788
MD5:1db291aa6f854f1fc46624223671acbc 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25788。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25335]:Apache Airflow 1.10.10 远程代码执行漏洞(CVE-2020-11978)
2. 攻击[25338]:Umbraco CMS 存储型跨站脚本漏洞(CVE-2020-5810)

更新规则:
1. 攻击[25326]:Microsoft Windows Print Spooler权限提升漏洞(CVE-2021-1675,CVE-2021-34527)
2. 攻击[21374]:Apache Struts远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25788. This package include changed rules:

new rules:
1. threat[25335]:Apache Airflow 1.10.10 Remote Code Execution Vulnerability(CVE-2020-11978)
2. threat[25338]:Umbraco CMS Stored Cross-Site Scripting(CVE-2020-5810)

update rules:
1. threat[25326]:Microsoft Windows Print Spooler Privilege Escalation Vulnerability(CVE-2021-1675,CVE-2021-34527)
2. threat[21374]:Apache Struts Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-06 15:39:21
名称: eoi.unify.allrulepatch.ips.5.6.11.25756.rule 版本:5.6.11.25756
MD5:47fffcaf5f56ed930cb0fa93a86d7d51 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25753。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25326]:Microsoft Windows Print Spooler权限提升漏洞(CVE-2021-1675)
2. 攻击[25327]:OpenEMR Usergroup_admin.php存储型跨站脚本漏洞
3. 攻击[25328]:Oracle商务组件Common Applications Calendar跨站脚本漏洞(CVE-2021-2114)
4. 攻击[25330]:OpenEMR patient_report.php 存储型跨站脚本漏洞(CVE-2021-25921)
5. 攻击[25331]:phpGACL acl_admin.php反射型跨站脚本漏洞(CVE-2020-13562)
6. 攻击[25333]:Microsoft Scripting Engine内存破坏漏洞(CVE-2021-31959)
7. 攻击[25325]:Netgear ProSAFE NMS300 ReportTemplateController 任意文件删除漏洞(CVE-2021-27272)

更新规则:
1. 攻击[24840]:jboss反序列化漏洞(CVE-2017-7504)
2. 攻击[25283]:Tenda USAC15 addWifiMacFilter缓冲区溢出(CVE-2018-18731)
3. 攻击[25236]:致远OA远程命令执行漏洞 - post请求
4. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25753. This package include changed rules:

new rules:
1. threat[25326]:Microsoft Windows Print Spooler Privilege Escalation Vulnerability(CVE-2021-1675)
2. threat[25327]:OpenEMR Usergroup_admin.php Stored Cross-Site Scripting
3. threat[25328]:Oracle E-Business Suite Common Applications Calendar Cross-Site Scripting Vulnerability(CVE-2021-2114)
4. threat[25330]:OpenEMR patient_report.php Stored Cross-Site Scripting Vulnerability(CVE-2021-25921)
5. threat[25331]:phpGACL acl_admin.php Reflected Cross-Site Scripting Vulnerability(CVE-2020-13562)
6. threat[25333]:Microsoft Scripting Engine Memory Corruption Vulnerability(CVE-2021-31959)
7. threat[25325]:Netgear ProSAFE NMS300 ReportTemplateController Arbitrary File Deletion Vulnerability(CVE-2021-27272)

update rules:
1. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504)
2. threat[25283]:Tenda USAC15 addWifiMacFilter Buffer Overflow Vulnerability(CVE-2018-18731)
3. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request
4. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-02 15:24:33
名称: eoi.unify.allrulepatch.ips.5.6.11.25687.rule 版本:5.6.11.25687
MD5:fe918cc0d4dd4fb2e3576eb56af38d3b 大小:25.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25687。该升级包新增/改进的规则有:

更新规则:
1. 攻击[29001]:Web服务远程SQL注入攻击可疑行为(startracker)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25687. This package include changed rules:

update rules:
1. threat[29001]:Web Service Remote SQL Injection Suspicious Behavior(startracker)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-06-22 15:46:47
名称: eoi.unify.allrulepatch.ips.5.6.11.25623.rule 版本:5.6.11.25623
MD5:cae726434a0958803625ade74cc90293 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25623。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25311]:伊顿智能电源管理器任意文件删除漏洞(CVE-2021-23279)
2. 攻击[25312]:用友NC6.5 bsh.servlet.BshServlet 远程命令执行漏洞
3. 攻击[25313]:Microsoft Exchange 服务器端请求伪造(SSRF)漏洞(CVE-2021-26855)
4. 攻击[25314]:Jenkins参数插件存储型跨站点脚本漏洞(CVE-2021-21622)
5. 攻击[25317]:Foxit Reader and PhantomPDF Field Format Event 释放后重用漏洞(CVE-2020-13560)
6. 攻击[25319]:OpenEMR Backup.php命令注入漏洞(CVE-2020-36243)
7. 攻击[25320]:PHP 8.1.0-dev 后门远程命令执行漏洞
8. 攻击[25315]:F5 BIG-IP 认证绕过漏洞(CVE-2021-22986)

更新规则:
1. 攻击[24567]:泛微e-cology/用友NC OA系统BeanShell远程代码执行漏洞
2. 攻击[25314]:Jenkins Artifact Repository参数插件存储型跨站点脚本漏洞(CVE-2021-21622)
3. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞(CVE-2020-17144)
4. 攻击[24539]:Drupal Core远程代码执行漏洞(CVE-2019-6339)
5. 应用:向日葵远控


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25623. This package include changed rules:

new rules:
1. threat[25311]:Eaton Intelligent Power Management Arbitrary File Deletion Vulnerability(CVE-2021-23279)
2. threat[25312]:Yonyou NC6.5 bsh.servlet.BshServlet Remote Command Execution Vulnerability
3. threat[25313]:Microsoft Exchange Server Side Request Forgery(SSRF) Vulnerability(CVE-2021-26855)
4. threat[25314]:Jenkins Parameter Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21622)
5. threat[25317]:Foxit Reader and PhantomPDF Field Format Event Use After Free(CVE-2020-13560)
6. threat[25319]:OpenEMR Backup.php Command Injection Vulnerability(CVE-2020-36243)
7. threat[25320]:PHP 8.1.0-dev Backdoor Remote Command Execution Vulnerability
8. threat[25315]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2021-22986)

update rules:
1. threat[24567]:Weaver e-cology/Yonyou NC OA System BeanShell Remote Code Execution Vulnerability
2. threat[25314]:Jenkins Artifact Repository Parameter Plugin Stored Cross Site Scripting Vulnerability(CVE-2021-21622)
3. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144)
4. threat[24539]:Drupal Core Remote Code Execution Vulnerability(CVE-2019-6339)
5. app:sunlogin


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-06-10 18:02:12
名称: eoi.unify.allrulepatch.ips.5.6.11.25571.rule 版本:5.6.11.25571
MD5:4b4fdacea9dffe478d47e926d4b9b9e7 大小:25.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25571。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30776]:Apache Tapestry 信息泄漏漏洞(CVE-2021-27850)
2. 攻击[41821]:ABPTTS隧道工具通信

更新规则:
1. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播
2. 攻击[25206]:Advantech iView 目录遍历漏洞(CVE-2020-16245)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25571. This package include changed rules:

new rules:
1. threat[30776]:Apache Tapestry Information Disclosure Vulnerablity(CVE-2021-27850)
2. threat[41821]:ABPTTS Tunnel Communication

update rules:
1. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread
2. threat[25206]:Advantech iView Directory Traversal Vulnerability(CVE-2020-16245)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-06-03 16:46:37
名称: eoi.unify.allrulepatch.ips.5.6.11.25537.rule 版本:5.6.11.25537
MD5:5bc991c9c065909473a3e671320614ca 大小:25.28M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25537。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25301]:WordPress Plugin Stop Spammers 'log' 反射型跨站脚本漏洞(CVE-2021-24245)
2. 攻击[25303]:Apache Cocoon XML外部实体注入漏洞(CVE-2020-11991)
3. 攻击[41820]:HTTP CRLF注入攻击
4. 攻击[25307]:FreePBX 1314文件名命令注入漏洞

更新规则:
1. 攻击[23817]:wget下载重定向任意文件写入漏洞(CVE-2016-4971)
2. 攻击[24173]:Magento 2.0.6反序列化远程代码执行漏洞(CVE-2016-4010)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25537. This package include changed rules:

new rules:
1. threat[25301]:WordPress Plugin Stop Spammers 'log' Reflected Cross-site Scripting Vulnerability(CVE-2021-24245)
2. threat[25303]:Apache Cocoon XML External Entity Injection Vulnerability (CVE-2020-11991)
3. threat[41820]:HTTP CRLF Injection Attack
4. threat[25307]:Freepbx 1314 Filename Command Injection Vulnerability

update rules:
1. threat[23817]:wget Download Redirection Arbitrary Files Written Vulnerability(CVE-2016-4971)
2. threat[24173]:Magento 2.0.6 Unserialize Remote Code Execution Vulnerability(CVE-2016-4010)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-27 18:44:58
名称: eoi.unify.allrulepatch.ips.5.6.11.25506.rule 版本:5.6.11.25506
MD5:797fc6adedd44c4c6de130b8bccada49 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25506。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25294]:Advantech iView ZTPConfigTable SQL注入漏洞(CVE-2021-22654)
2. 攻击[25295]:Jenkins Repository Connector Plugin 存储型跨站脚本漏洞(CVE-2021-21618)
3. 攻击[25297]:Microsoft SharePoint远程代码执行漏洞(CVE-2021-31181)
4. 攻击[25298]:金山V8 终端安全系统任意文件读取漏洞


更新规则:
1. 攻击[25292]:Adobe Magento DownloadCss跨站脚本漏洞(CVE-2021-21029)
2. 攻击[25294]:Advantech iView ZTPConfigTable SQL注入漏洞(CVE-2021-22654)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25506. This package include changed rules:

new rules:
1. threat[25294]:Advantech iView ZTPConfigTable SQL Injection(CVE-2021-22654)
2. threat[25295]:Jenkins Repository Connector Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21618)
3. threat[25297]:Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2021-31181)
4. threat[25298]:Kingsoft V8 Terminal Security System Arbitrary File Read Vulnerability

update rules:
1. threat[25292]:Adobe Magento DownloadCss Cross Site Scripting Vulnerability(CVE-2021-21029)
2. threat[25294]:Advantech iView ZTPConfigTable SQL Injection Vulnerability(CVE-2021-22654)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-21 09:27:53
名称: eoi.unify.allrulepatch.ips.5.6.11.25433.rule 版本:5.6.11.25433
MD5:38f54554cd03669e5542c932de9418a1 大小:25.23M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25433。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25277]:Linksys远程代码执行漏洞(CNVD-2014-01260)
2. 攻击[25275]:HUAWEI HG532e 命令注入漏洞(CVE-2017-17215)
3. 攻击[25280]:Tenda AC15 Cookie远程代码执行漏洞(CVE-2018-5767)
4. 攻击[10521]:Tenda USAC15 setMacFilterCfg远程代码执行(CVE-2018-18708)
5. 攻击[25278]: Linksys wap54gv3远程代码执行漏洞
6. 攻击[25279]:Tenda USAC9 setUsbUnload远程命令注入漏洞(CVE-2018-14558、CVE-2020-10987)
7. 攻击[25286]:VMware View Planner logupload 目录遍历漏洞(CVE-2021-21978)

更新规则:
1. 攻击[10520]:OpenSSL服务重协商处理空指针引用漏洞(CVE-2021-3449)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25433. This package include changed rules:


new rules:
1. threat[25277]:Linksys Remote Code Execution Vulnerability(CNVD-2014-01260)
2. threat[25275]:HUAWEI HG532e Command Injection Vulnerability
3. threat[25280]:Tenda AC15 Cookie Remote Code Execution Vulnerability
4. threat[10521]:Tenda USAC15 setMacFilterCfg Remote Code Execution Vulnerability
5. threat[25278]:Linksys wap54gv3 Remote Code Execution Vulnerability
6. threat[25279]:Tenda USAC9 setUsbUnload Remote Command Injection Vulnerability
7. threat[25286]:VMware View Planner logupload Directory Traversal Vulnerability(CVE-2021-21978)

update rules:
1. threat[10520]:OpenSSL Server Renegotiation Handling NULL Pointer Dereference Vulnerability(CVE-2021-3449)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-13 17:03:30
名称: eoi.unify.allrulepatch.ips.5.6.11.25418.rule 版本:5.6.11.25418
MD5:7539cfe0ba476b024e7266715f2cd21a 大小:25.23M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25418。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41818]:DarkSide勒索软件与C2服务器通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25418. This package include changed rules:

new rules:
1. threat[41818]:Ransomware DarkSide Communication with C2 Server


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-11 16:36:24
名称: eoi.unify.allrulepatch.ips.5.6.11.25365.rule 版本:5.6.11.25365
MD5:dbf353264452fbc6c2f2693b276f19c7 大小:25.22M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25365。该升级包新增/改进的规则有:

新增规则:
1. 攻击[50605]:Weblogic T3协议连接
2. 攻击[10520]:OpenSSL服务重协商处理空指针引用漏洞(CVE-2021-3449)
3. 攻击[50606]:Weblogic GIOP/IIOP协议连接

更新规则:
1. 攻击[25272]:D-Link DIR645敏感信息泄露漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25365. This package include changed rules:

new rules:
1. threat[50605]:Weblogic T3 Protocol Connection
2. threat[10520]:OpenSSL Server Renegotiation Handling NULL Pointer Dereference Vulnerability(CVE-2021-3449)
3. threat[50606]:Weblogic GIOP/IIOP Protocol Connection

update rules:
1. threat[25272]:D-Link DIR645 Sensitive Information Disclosure Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-07 16:51:24
名称: eoi.unify.allrulepatch.ips.5.6.11.25343.rule 版本:5.6.11.25343
MD5:ba5b49bb6fbdc0ef15b5de487110d858 大小:25.22M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25343。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25268]:电信网关配置管理系统默认弱口令登录
2. 攻击[41816]:Reverse DNS Shell隧道通信
3. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播
4. 攻击[25270]:NETGEAR WND930远程代码执行漏洞
5. 攻击[25271]:NETGEAR WND930 mfgwrite.php远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25343. This package include changed rules:

new rules:
1. threat[25268]:Telecom Gateway Configuration Management System default weak password login
2. threat[41816]:Reverse DNS Shell Tunnel Communication
3. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread
4. threat[25270]:NETGEAR WND930 Remote Code Execution Vulnerability
5. threat[25271]:NETGEAR WND930 mfgwrite.php Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-30 13:15:09
名称: eoi.unify.allrulepatch.ips.5.6.11.25307.rule 版本:5.6.11.25307
MD5:9c90f285be90596e8ea1d8e7f98cc257 大小:25.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25307。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25263]:亿邮电子邮件系统远程命令执行漏洞
2. 攻击[25264]:Google Chrome远程代码执行漏洞(CVE-2021-21220)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25307. This package include changed rules:

new rules:
1. threat[25263]:eyou Email System Remote Command Execution Vulnerability
2. threat[25264]:Google Chrome Remote Code Execution Vulnerability(CVE-2021-21220)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-26 09:37:35
名称: eoi.unify.allrulepatch.ips.5.6.11.25296.rule 版本:5.6.11.25296
MD5:6842e6b3e5045ad7004bea95f93645f3 大小:25.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25296。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25262]:泛微OA9任意文件上传漏洞
2. 攻击[25260]:哥斯拉Godzilla ASP_AES_BASE64 Webshell 连接
3. 攻击[25261]:哥斯拉Godzilla ASP_AES_RAW Webshell 连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25296. This package include changed rules:

new rules:
1. threat[25262]:Weaver OA9 Arbitrary File Upload Vulnerability
2. threat[25260]:Godzilla ASP_AES_BASE64 Webshell Connect
3. threat[25261]:Godzilla ASP_AES_RAW Webshell Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-18 22:30:40
名称: eoi.unify.allrulepatch.ips.5.6.11.25280.rule 版本:5.6.11.25280
MD5:384cff593c796283af6c153d5f3a53cc 大小:25.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25280。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25253]:锐捷NBR路由器EWEB网管系统远程命令执行漏洞(CNVD-2021-09650)
2. 攻击[25256]:哥斯拉Godzilla JAVA_AES_RAW Webshell 连接
3. 攻击[25257]:冰蝎 3.0 beta 3 Webshell 连接(PHP)
4. 攻击[25258]:TongWeb隐藏控制接口


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25280. This package include changed rules:

new rules:
1. threat[25253]:Ruijie NBR Routers EWEB Remote Command Execution Vulnerability(CNVD-2021-09650)
2. threat[25256]:Godzilla JAVA_AES_RAW Webshell Connect
3. threat[25257]:Behinder 3.0 beta 3 Webshell Connect(PHP)
4. threat[25258]:TongWeb Hidden Control Interface


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-15 22:07:23
名称: eoi.unify.allrulepatch.ips.5.6.11.25263.rule 版本:5.6.11.25263
MD5:9d3867608cf563567979d992b54bf6b3 大小:25.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25263。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25251]:Jira SSRF 跳转漏洞(CVE-2017-9506)
2. 攻击[25252]:哥斯拉Godzilla JAVA_AES_BASE64 Webshell 连接

更新规则:
1. 攻击[25236]:致远OA远程命令执行漏洞 - post请求
2. 攻击[41700]:Sqlmap扫描攻击探测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25263. This package include changed rules:

new rules:
1. threat[25251]:Jira SSRF Vulnerability(CVE-2017-9506)
2. threat[25252]:Godzilla JAVA_AES_BASE64 Webshell Connect

update rules:
1. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request
2. threat[41700]:Sqlmap scan attack detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-14 23:22:17
名称: eoi.unify.allrulepatch.ips.5.6.11.25241.rule 版本:5.6.11.25241
MD5:6bc5e7604a9095b16a094ccf5b6ec564 大小:25.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25241。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25242]:三星路由器远程命令执行漏洞
2. 攻击[25243]:ShopXO任意文件读取漏洞
3. 攻击[25245]:金山终端安全系统V8/V9任意文件上传漏洞
4. 攻击[25246]:银澎云计算 好视通视频会议系统 任意文件下载漏洞
5. 攻击[25247]:银澎云计算 好视通视频会议系统 任意文件下载漏洞
6. 攻击[25248]:爱快路由任意文件读取漏洞
7. 攻击[30771]:海康威视流媒体管理服务器任意文件读取(CNVD-2021-14544)
8. 攻击[25249]:禅道 8.2.6 SQL注入漏洞
9. 攻击[25250]:锐捷Smartweb管理系统信息泄露漏洞

更新规则:
1. 攻击[68654]:可疑Webshell脚本文件上传行为


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25241. This package include changed rules:

new rules:
1. threat[25242]:Samsung WLAN AP Remote Command Execution Vulnerability
2. threat[25243]:ShopXO Arbitrarily File Read Vulnerability
3. threat[25245]:Kingsoft Terminal Security System V8/V9 File Upload Vulnerability
4. threat[25246]:Yinpeng cloud computing FastMeeting Arbitary file download vulnerability
5. threat[25247]:Yonyou ERP-NC directory traversal vulnerability
6. threat[25248]:iKuai Router Arbitrarily File Read Vulnerability
7. threat[30771]:Hikvision Streaming Media Management Server Arbitrary File Reading (CNVD-2021-14544)
8. threat[25249]:Zentao 8.2.6 SQL Injection Vulnerability
9. threat[25250]:Ruijie SmartWeb Management System Information Leak Vulnerability

update rules:
1. threat[68654]:Suspicious Webshell Script Files Upload Behavior


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-14 17:23:08
名称: eoi.unify.allrulepatch.ips.5.6.11.25209.rule 版本:5.6.11.25209
MD5:54607cc1163c21dfe19f979cc94f40ef 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25209。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25239]:用友NC6.5 未授权反序列化漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25209. This package include changed rules:

new rules:
1. threat[25239]:Yonyou NC6.5 Unauthorized Deserialization Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-11 00:11:39
名称: eoi.unify.allrulepatch.ips.5.6.11.25201.rule 版本:5.6.11.25201
MD5:4a12dad2d59759d39a8e6a5f76ff4843 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25201。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25235]:Apache OFBiz RMI 反序列化漏洞(CVE-2021-26295)
2. 攻击[25236]:致远OA远程命令执行漏洞 - post请求

更新规则:
1. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25201. This package include changed rules:

new rules:
1. threat[25235]:Apache OFBiz RMI Deserialization Vulnerability(CVE-2021-26295)
2. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request

update rules:
1. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-09 23:06:00
名称: eoi.unify.allrulepatch.ips.5.6.11.25193.rule 版本:5.6.11.25193
MD5:7b3f88b4498545eb1e8f642dcedc4e54 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.25193。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25220]:Nagios XI 5.7.5 HTTP Request Windowswmi.inc.ph系统命令注入漏洞(CVE-2021-25296)
2. 攻击[25221]:Nagios XI 5.7.5 HTTP Request switch.inc.php 系统命令注入漏洞(CVE-2021-25297)
3. 攻击[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php系统命令注入漏洞(CVE-2021-25298)
4. 攻击[25223]:Nagios XI 5.7.5 sshterm.php跨站脚本漏洞(CVE-2021-25299)
5. 攻击[25224]:QuarkMail远程命令执行漏洞
6. 攻击[25225]:Nagios XI 5.5.10 跨站脚本漏洞
7. 攻击[25226]:帆软报表Remote Command Execution漏洞
8. 攻击[25228]:Vanderbilt IP Camera 远程凭据泄露漏洞
9. 攻击[25231]:和信创天云桌面文件上传漏洞
10. 攻击[25232]:Zabbix 2.2 - 3.0.3 远程代码执行漏洞
11. 攻击[25233]:泛微OA任意文件上传漏洞

更新规则:
1. 攻击[25078]:禅道项目管理系统远程文件包含漏洞
2. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.25193. This package include changed rules:

new rules:
1. threat[25220]:Nagios XI 5.7.5 HTTP Request Windowswmi.inc.php OS Command Injection Vulnerability(CVE-2021-25296)
2. threat[25221]:Nagios XI 5.7.5 HTTP Request switch.inc.php OS Command Injection Vulnerability(CVE-2021-25297)
3. threat[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php OS Command Injection Vulnerability(CVE-2021-25298)
4. threat[25223]:Nagios XI 5.7.5 sshterm.php Cross Site Scripting Vulnerability(CVE-2021-25299)
5. threat[25224]:QuarkMail Remote Command Execution Vulnerability
6. threat[25225]:Nagios XI 5.5.10 XSS vulnerability
7. threat[25226]:Fine Report Remote Command Execution Vulnerability
8. threat[25228]:Vanderbilt IP Camera Remote Credential Vulnerability
9. threat[25231]:Hexinchuang Tianyun Desktop File Upload Vulnerability
10. threat[25232]:Zabbix 2.2-3.0.3 Remote Code Execution Vulnerability
11. threat[25233]:Weaver OA Arbitrary File Upload

update rules:
1. threat[25078]:Zentao PMS Remote File Inclusion Vulnerability
2. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-09 09:41:45
名称: eoi.unify.allrulepatch.ips.5.6.11.24993.rule 版本:5.6.11.24993
MD5:20dddbbf9bc2a91768e0dfbd4261301a 大小:25.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.24993。该升级包新增/改进的规则有:


更新规则:
1. 攻击[41781]:FRP内网穿透工具通信
2. 攻击[21906]:VSFTPD v2.3.4后门命令执行
3. 攻击[68654]:可疑Webshell脚本文件上传行为
4. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞
5. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级。

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.24993. This package include changed rules:


update rules:
1. threat[41781]:Communication of FRP Intranet Penetration Tool
2. threat[21906]:VSFTPD v2.3.4 Backdoor Command Execution
3. threat[68654]:Suspicious Webshell Script Files Upload Behavior
4. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability
5. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-03-29 14:07:05
名称: eoi.unify.allrulepatch.ips.5.6.11.24806.rule 版本:5.6.11.24806
MD5:b16d78a888ef76e45af5f0960147cce9 大小:24.96M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.24806。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41802]:Nemty勒索病毒URI特征
2. 攻击[41803]:Nemty勒索病毒DNS特征


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级。

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.24806. This package include changed rules:


new rules:
1. threat[41802]:Nemty ransomware URI characteristics
2. threat[41803]:Nemty Ransomware DNS Features


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-03-19 11:50:09
名称: eoi.unify.allrulepatch.ips.5.6.11.23362.rule 版本:5.6.11.23362
MD5:c12eeda41cf00c48fc01f3aa460720d4 大小:26.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.23362。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)
2. 攻击[25116]:Confluence路径穿越漏洞(CVE-2019-3398)
3. 攻击[25118]:Atlassian Crowd远程代码执行漏洞(CVE-2019-11580)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级。

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.23362. This package include changed rules:


new rules:
1. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)
2. threat[25116]:Confluence Path Traversal Vulnerability(CVE-2019-3398)
3. threat[25118]:Atlassian Crowd Remote Code Execution Vulnerability(CVE-2019-11580)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-31 18:14:36
名称: eoi.unify.allrulepatch.ips.5.6.11.23350.rule 版本:5.6.11.23350
MD5:52f358c566d970f9b911adb5feccc33d 大小:41.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.23350。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41763]:Cobalt Strike渗透攻击工具Beacon DNS通信
2. 攻击[24990]:Apache Spark未授权远程代码执行漏洞(CVE-2020-9480)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级。

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.23350. This package include changed rules:


new rules:
1. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication
2. threat[24990]:Apache Spark Unauthorized Remote Code Execution Vulnerability(CVE-2020-9480)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-08 21:38:00
名称: eoi.unify.allrulepatch.ips.5.6.11.23340.rule 版本:5.6.11.23340
MD5:df76c22a6a0f3f7f46aaf77b4c9c33ea 大小:41.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R11F00之上,引擎版本5.6R11F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.11.23340。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23994]:Windows SMB远程代码执行漏洞(Shadow Brokers EternalBlue)(CVE-2017-0144)(MS17-010)
2. 攻击[41489]:后门程序Doublepulsar通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级。

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F00 and engine version 5.6R11F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.23340. This package include changed rules:


update rules:
1. threat[23994]:Windows SMB Remote Code Execution Vulnerability(Shadow Brokers EternalBlue)(CVE-2017-0144)(MS17-010)
2. threat[41489]:Backdoor Doublepulsar Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-11-19 03:27:32