售后服务_客户支持_服务与支持_绿盟科技

首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

网络入侵防护系统(IPS)规则5.6.10升级包列表

名称： eoi.unify.allrulepatch.ips.5.6.10.31877.rule	版本：5.6.10.31877
MD5：b03d1449fce51fba5cefb20705997932	大小：29.52M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31877。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26475]:ZOHO ManageEngine SupportCenter Plus Executor 命令注入漏洞(CVE-2023-23076) 2. 攻击[30990]:通达OA delete.php SQL注入漏洞(CVE-2023-5019) 3. 攻击[26476]:Redis 主从复制命令执行漏洞(CNVD-2019-21763) 4. 攻击[26473]:Zabbix Geomap 存储型跨站脚本漏洞(CVE-2023-29452) 5. 攻击[26477]:Oracle WebLogic Server 反序列化漏洞(CVE-2020-14756) 6. 攻击[26479]:Oracle WebLogic Server 反序列化漏洞(CVE-2020-14825) 7. 攻击[26478]:GitLab 跨站脚本(XSS)漏洞(CVE-2023-0050) 8. 攻击[26480]:Zoho Manageengine Servicedesk Plus 跨站脚本(XSS)漏洞(CVE-2023-23074) 9. 攻击[26481]:GitLab CE/EE import api 远程代码执行漏洞(CVE-2022-2884) 10. 攻击[26482]:Oracle WebLogic Server 反序列化漏洞(CVE-2020-2798) 11. 攻击[26483]:用友GRP-U8 bx_historyDataCheck.jsp SQL注入漏洞 12. 攻击[26484]:Contec CONPROSYS HMI System 操作系统命令注入漏洞(CVE-2022-44456) 13. 攻击[42003]:Revive Adserver 输入验证错误漏洞(CVE-2021-22873) 14. 攻击[26485]:Gila CMS 任意文件上传漏洞(CVE-2020-28692) 15. 攻击[26486]:PHP-FPM fastcgi未授权访问漏洞 16. 攻击[30992]:Casdoor平台 SQL注入(CVE-2022-24124) 17. 攻击[26487]:Struts2远程代码执行漏洞(S2-048)(CVE-2017-9791) 18. 攻击[26488]:冰蝎jsp内存马下载 19. 攻击[26489]:Typesetter任意文件上传漏洞(CVE-2020-25790) 20. 攻击[26490]:冰蝎加密ASP Webshell文件下载 21. 攻击[26491]:Django 任意url重定向漏洞(CVE-2018-14574) 22. 攻击[26492]:Django debug页面跨站脚本(XSS)漏洞(CVE-2017-12794) 23. 攻击[26480]:Zoho Manageengine Servicedesk Plus 跨站脚本(XSS)漏洞(CVE-2023-23074) 更新规则: 1. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞(CVE-2019-2725/CVE-2019-2729) 2. 攻击[25145]:Weblogic Server远程代码执行漏洞(CVE-2021-2109) 3. 攻击[25411]:Weblogic 二次序列化漏洞(CVE-2021-2135) 4. 攻击[25522]:Oracle WebLogic Server远程执行代码漏洞(CVE-2021-2394) 5. 攻击[23009]:PHP-CGI远程源码泄露和任意代码执行漏洞（CVE-2012-1823） 6. 攻击[25996]:74cms远程命令执行漏洞(CVE-2020-35339) 7. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31877. This package include changed rules: new rules: 1. threat[26475]:ZOHO ManageEngine SupportCenter Plus Executor Command Injection Vulnerability(CVE-2023-23076) 2. threat[30990]:Tongda OA delete.php SQL Injection Vulnerability (CVE-2023-5019) 3. threat[26476]:Redis Master-Slave Copy Command Execution Vulnerability (CNVD-2019-21763) 4. threat[26473]:Zabbix Geomap Stored Cross-Site Scripting Vulnerability(CVE-2023-29452) 5. threat[26477]:Oracle WebLogic Server Deserialization Vulnerability(CVE-2020-14756) 6. threat[26479]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2020-14825) 7. threat[26478]:GitLab Cross-Site Scripting Vulnerability (CVE-2023-0050) 8. threat[26480]:Zoho Manageengine Servicedesk Plus Cross-Site Scripting Vulnerability (CVE-2023-23074) 9. threat[26481]:GitLab CE/EE import api remote code execution vulnerability (CVE-2022-2884) 10. threat[26482]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2020-2798) 11. threat[26483]:Yonyou GRP-U8 bx_historyDataCheck.jsp SQL Injection Vulnerability 12. threat[26484]:Contec CONPROSYS HMI System Command Injection Vulnerability (CVE-2022-44456) 13. threat[42003]:Revive Adserver Input Validation Error Vulnerability (CVE-2021-22873) 14. threat[26485]:Gila CMS Arbitrary File Upload Vulnerability (CVE-2020-28692) 15. threat[26486]:PHP-FPM fastcgi Unauthorized Access Vulnerability 16. threat[30992]:Casdoor Platform SQL Injection (CVE-2022-24124) 17. threat[26487]:Struts2 Remote Code Execution Vulnerability(S2-048)(CVE-2017-9791) 18. threat[26488]:Behinder jsp Memory Shell Dowanload 19. threat[26489]:Typesetter Arbitrary File Upload Vulnerability (CVE-2020-25790) 20. threat[26490]:件上传 Behinder Encrypted ASP Webshell File Download 21. threat[26491]:Django Arbitrary url Redirection Vulnerability (CVE-2018-14574) 22. threat[26492]:Django Debug Page Cross-Site Scripting Vulnerability (CVE-2017-12794) 23. threat[26480]:Zoho Manageengine Servicedesk Plus Cross-Site Scripting Vulnerability (CVE-2023-23074) update rules: 1. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725/CVE-2019-2729) 2. threat[25145]:Weblogic Server Remote Code Execution Vulnerability(CVE-2021-2109) 3. threat[25411]:Weblogic Secondary Serialization Vulnerability(CVE-2021-2135) 4. threat[25522]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2021-2394) 5. threat[23009]:PHP-CGI Remote source leakage and Arbitrary Code Execution Vulnerability(CVE-2012-1823) 6. threat[25996]:74cms Remote Command Execution Vulnerability (CVE-2020-35339) 7. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-09-28 15:52:36

名称： eoi.unify.allrulepatch.ips.5.6.10.31812.rule	版本：5.6.10.31812
MD5：6b24d67eeb3d0e6a77fea88a317579e1	大小：29.51M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31812。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26455]:phpunit 远程代码执行漏洞(CVE-2017-9841) 2. 攻击[30986]:Kyan 网络监控设备敏感信息泄漏漏洞(CNVD-2021-49589) 3. 攻击[26457]:Kyan 网络监控设备任意命令执行漏洞(CNVD-2021-32077) 4. 攻击[26458]:中国移动禹路由越权访问漏洞(CNVD-2020-73307) 5. 攻击[30987]:烽火 HG6245D 信息泄露漏洞 6. 攻击[26459]:XWiki.org XWiki SchedulerJobSheet 代码注入漏洞(CVE-2023-29524) 7. 攻击[26460]:XWiki.org XWiki.UIExtensionClass 代码注入漏洞(CVE-2023-35166) 8. 攻击[26462]:WordPress Metform Elementor插件form-data.php存储跨站点脚本(CVE-2023-0084) 9. 攻击[26463]:Jenkins Pipeline构建步骤插件存储型跨站点脚本(CVE-2023-25762) 10. 攻击[26467]:Oracle Reports Forms远程代码执行漏洞(CVE-2012-3152) 11. 攻击[26464]:NodeBB socket.io权限提升漏洞(CVE-2022-46164) 12. 攻击[26466]:Oracle WebLogic Server 反序列化漏洞(CVE-2020-2884) 13. 攻击[26469]:Cisco产品跨站脚本漏洞（CVE-2020-3580） 14. 攻击[26465]:MobileIron产品安全漏洞（CVE-2020-15505） 15. 攻击[26470]:OpenCATS Questionnaire.php 存储型XSS漏洞(CVE-2023-27293) 16. 攻击[26471]:Oracle WebLogic Server 反序列化漏洞(CVE-2020-2963) 17. 攻击[26468]:HAProxy h1_headers_to_hdr_list空标头名称访问控制绕过漏洞(CVE-2023-25725) 18. 攻击[26472]:WordPress Forminator 插件反射型跨站脚本漏洞(CVE-2023-3134) 19. 攻击[30989]:JumpServer 授权问题漏洞(CVE-2023-42442) 20. 攻击[26474]:致远OA resetPassword 存在用户重置密码行为更新规则: 1. 攻击[26453]:ThinkCMF框架任意内容包含漏洞 2. 攻击[26060]:Nette远程代码执行漏洞(CVE-2020-15227) 3. 攻击[60471]:HTTP目录遍历读取/etc/passwd文件 4. 攻击[24991]:F5 BIG-IP TMUI 远程代码执行漏洞(CVE-2020-5902) 5. 攻击[24259]:TBK DVR硬盘录像机认证绕过漏洞（CVE-2018-9995） 6. 攻击[25313]:Microsoft Exchange 服务器端请求伪造(SSRF)漏洞(CVE-2021-26855) 7. 攻击[25564]:Vmware Workspace One Access服务端模板注入漏洞(CVE-2022-22954) 8. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞（CVE-2020-2555） 9. 攻击[24917]:Oracle WebLogic 不安全反序列化漏洞(CVE-2020-2883) 10. 攻击[25056]:Oracle WebLogic 不安全反序列化漏洞(CVE-2020-14644) 11. 攻击[25018]:Weblogic UniversalExtractor 反序列化漏洞(CVE-2020-14645) 12. 攻击[40958]:木马后门程序Chopper Webshell检测注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31812. This package include changed rules: new rules: 1. threat[26455]:phpunit Remote Code Execution Vulnerability (CVE-2017-9841) 2. threat[30986]:Kyan Network Monitoring Equipment Sensitive Information Leakage Vulnerability (CNVD-2021-49589) 3. threat[26457]:Kyan Network Monitoring Device Arbitrary Command Execution Vulnerability (CNVD-2021-32077) 4. threat[26458]:China Mobile Yu Router Unauthorized Access Vulnerability (CNVD-2020-73307) 5. threat[30987]:Fiberhome HG6245D information leakage vulnerability 6. threat[26459]:XWiki.org XWiki SchedulerJobSheet Code Injection Vulnerability(CVE-2023-29524) 7. threat[26460]:XWiki.org XWiki.UIExtensionClass Code Injection Vulnerability(CVE-2023-35166) 8. threat[26462]:WordPress Metform Elementor Plugin form-data.php Stored Cross-Site Scripting(CVE-2023-0084) 9. threat[26463]:Jenkins Pipeline Build Step Plugin Job Name Stored Cross-Site Scripting(CVE-2023-25762) 10. threat[26467]:Oracle Reports Forms Remote Code Execution Vulnerability (CVE-2012-3152) 11. threat[26464]:NodeBB socket.io Elevation of Privilege Vulnerability(CVE-2022-46164) 12. threat[26466]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2020-2884) 13. threat[26469]:Cisco product cross-site scripting vulnerability (CVE-2020-3580) 14. threat[26465]:MobileIron product security vulnerability (CVE-2020-15505) 15. threat[26470]:OpenCATS Questionnaire.php Stored XSS Vulnerability (CVE-2023-27293) 16. threat[26471]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2020-2963) 17. threat[26468]:HAProxy h1_headers_to_hdr_list Empty Header Name Access Control Bypass Vulnerability(CVE-2023-25725) 18. threat[26472]:WordPress Forminator Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2023-3134) 19. threat[30989]:JumpServer authorization issue vulnerability (CVE-2023-42442) 20. threat[26474]:Seeyon OA resetPassword There is a user reset password behavior update rules: 1. threat[26453]:ThinkCMF Framework Arbitrary Content Contains Vulnerabilities 2. threat[26060]:Nette Remote Code Execution Vulnerability (CVE-2020-15227) 3. threat[60471]:HTTP Directory Traversal Access /etc/passwd 4. threat[24991]:F5 BIG-IP TMUI Remote Code Execution Vulnerability(CVE-2020-5902) 5. threat[24259]:TBK DVR Devices Authentication Bypass Vulnerability(CVE-2018-9995) 6. threat[25313]:Microsoft Exchange Server Side Request Forgery(SSRF) Vulnerability(CVE-2021-26855) 7. threat[25564]:Vmware Workspace One Access Server Template Injection Vulnerability(CVE-2022-22954) 8. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555) 9. threat[24917]:Oracle WebLogic Insecure Deserialization(CVE-2020-2883) 10. threat[25056]:Oracle WebLogic Insecure Deserialization( CVE-2020-14644) 11. threat[25018]:Weblogic UniversalExtractor Deserialization Vulnerability(CVE-2020-14645) 12. threat[40958]:Backdoor/Trojan Chopper Webshell Detection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-09-22 11:05:49

名称： eoi.unify.allrulepatch.ips.5.6.10.31741.rule	版本：5.6.10.31741
MD5：e1d23c5c14323315069b44fe9987f234	大小：29.50M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31741。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26435]:WeBid 任意文件读取漏洞(CVE-2022-41477) 2. 攻击[26436]:WordPress Plugin HTML2WP 文件上传漏洞(CVE-2022-1574) 3. 攻击[26438]:若依(Ruoyi)SQ注入漏洞 4. 攻击[26439]:Zoo Management System 跨站脚本漏洞(CVE-2022-31914) 5. 攻击[26437]:DataEase 数据可视化分析工具 SQL i注入漏洞(CVE-2023-40771) 6. 攻击[26441]:若依(RuoYi)弱口令登录成功 7. 攻击[26443]:ZOHOcorp ManageEngine认证错误漏洞 8. 攻击[26442]:Oracle WebLogic Server 反序列化漏洞 (CVE-2016-0638) 9. 攻击[26445]:Oracle WebLogic Server 反序列化漏洞(CVE-2016-3510) 10. 攻击[26446]:Oracle WebLogic Server 反序列化漏洞(CVE-2017-3248) 11. 攻击[26447]:Oracle WebLogic Server 反序列化漏洞(CVE-2018-2893) 12. 攻击[26444]:Cacti graph_view.php SQL注入漏洞(CVE-2023-39361) 13. 攻击[30983]:时空智友 Login任意文件读取漏洞 14. 攻击[26448]:Oracle WebLogic Server 反序列化漏洞(CVE-2019-2725) 15. 攻击[30984]:YAWS 未经身份验证的远程文件泄露漏洞(CVE-2017-10974) 16. 攻击[26450]:Oracle WebLogic Server 反序列化漏洞(CVE-2019-2729) 17. 攻击[26449]:Uvdesk v1.1.3 文件上传漏洞(CVE-2023-39147) 18. 攻击[26451]:Oracle WebLogic Server 反序列化漏洞(CVE-2019-2890) 19. 攻击[26452]:Citrix多产品授权绕过漏洞(CVE-2020-8193) 20. 攻击[26453]:ThinkCMF框架任意内容包含漏洞 21. 攻击[26454]:Oracle WebLogic Server 反序列化漏洞(CVE-2020-2551) 22. 攻击[26456]:PyroCMS 服务器端模板注入漏洞(CVE-2023-29689) 更新规则: 1. 攻击[30859]:Eclipse Jetty敏感信息泄露漏洞(CVE-2021-28169) 2. 攻击[24207]:Oracle WebLogic Server远程代码执行漏洞（CVE-2017-10271/CVE-2017-3506） 3. 攻击[25543]:Oracle WebLogic Server 反序列化漏洞(CVE-2018-2628) 4. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894) 5. 攻击[25407]:Oracle Weblogic WLS组件远程代码执行漏洞（CVE-2018-3191） 6. 攻击[25408]:Oracle Weblogic远程代码执行漏洞（CVE-2018-3245） 7. 攻击[63388]:Zend Framework Zend_XmlRpc类信息泄露漏洞 8. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞 9. 攻击[30722]:Coremail 配置信息泄漏漏洞（CNVD-2019-16798）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31741. This package include changed rules: new rules: 1. threat[26435]:Webid Arbitrary Files Read Vulnerability (CVE-2022-41477) 2. threat[26436]:WordPress Plugin HTML2WP File Upload Vulnerability(CVE-2022-1574) 3. threat[26438]:RuoYi SQL Injection Vulnerability 4. threat[26439]:Zoo Management System Cross-Site Scripting Vulnerability (CVE-2022-31914) 5. threat[26437]:DataEase Data visualization analysis tool SQL injection vulnerability(CVE-2023-40771) 6. threat[26441]:RuoYi successfully logged in with weak password 7. threat[26443]:ZOHOcorp ManageEngine Improper Authentication Vulnerability 8. threat[26442]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2016-0638) 9. threat[26445]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2016-3510) 10. threat[26446]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2017-3248) 11. threat[26447]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2018-2893) 12. threat[26444]:Cacti graph_view.php SQL injection vulnerability(CVE-2023-39361) 13. threat[30983]:ShiKong Zhiyou Login Arbitrary File Read Vulnerability 14. threat[26448]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2019-2725) 15. threat[30984]:YAWS Unauthenticated Remote File Disclosure Vulnerability (CVE-2017-10974) 16. threat[26450]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2019-2729) 17. threat[26449]:Uvdesk v1.1.3 File Upload Vulnerability(CVE-2023-39147) 18. threat[26451]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2019-2890) 19. threat[26452]:Citrix Multiple Products Authorization Bypass Vulnerability (CVE-2020-8193) 20. threat[26453]:ThinkCMF Framework Arbitrary Content Contains Vulnerabilities 21. threat[26454]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2020-2551) 22. threat[26456]:PyroCMS Server-Side Template Injection Vulnerability(CVE-2023-29689) update rules: 1. threat[30859]:Eclipse Jetty Sensitive Information Leakage Vulnerability (CVE-2021-28169) 2. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability（CVE-2017-10271/CVE-2017-3506） 3. threat[25543]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2018-2628) 4. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894) 5. threat[25407]:Oracle Weblogic WLS Core Components Remote Code Execution Vulnerability(CVE-2018-3191) 6. threat[25408]:Oracle Weblogic Remote Code Execution Vulnerability(CVE-2018-3245) 7. threat[63388]:Zend Framework Zend_XmlRpc Class Information Disclosure Vulnerability 8. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability 9. threat[30722]:Coremail Configuration Information Disclosure Vulnerability(CNVD-2019-16798) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-09-15 14:01:34

名称： eoi.unify.allrulepatch.ips.5.6.10.31664.rule	版本：5.6.10.31664
MD5：563a17e9a0d02894d25fe4a6b077751e	大小：29.46M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31664。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26425]:泛微ecology 登录绕过漏洞 2. 攻击[26428]:Company Website CMS未授权网站篡改漏洞(CVE-2022-2765) 3. 攻击[26427]:Telos Alliance Omnia MPX Node信息泄露漏洞(CVE-2022-36642) 4. 攻击[10547]:Tenda AC6 堆栈溢出漏洞(CVE-2022-25459) 5. 攻击[26431]:Eyoucms 任意文件删除漏洞(CVE-2021-46255) 6. 攻击[30982]:Lansweeper目录遍历漏洞(CVE-2022-29511) 7. 攻击[26424]:POS Codekop v2.0经认证的远程代码执行漏洞(CVE-2023-36348) 8. 攻击[26432]:哥斯拉Godzilla ASP_AES_BASE64 Webshell 连接_2 9. 攻击[26433]:XWiki Platform Eval 远程命令执行漏洞(CVE-2023-37462) 10. 攻击[30981]:GDidees 3.9.1任意文件读取漏洞(CVE-2023-27179) 11. 攻击[42002]:远控木马 FatalRAT 通信 12. 攻击[26430]:锐捷RG-EW1200G远程代码执行漏洞(CVE-2023-3306) 13. 攻击[26434]:DedeCMS tags.php SQL注入漏洞(CVE-2023-4747) 14. 攻击[26429]:u5cms URL重定向漏洞(CVE-2022-32444) 更新规则: 1. 攻击[41576]:恶意程序linux/MrBlackDDos_a网络通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31664. This package include changed rules: new rules: 1. threat[26425]:Weaver ecology Login Bypass Vulnerability 2. threat[26428]:Company Website CMS Unauthorized Site Tampering Vulnerability (CVE-2022-2765) 3. threat[26427]:Telos Alliance Omnia MPX Node Information Leakage Vulnerability(CVE-2022-36642) 4. threat[10547]:Tenda AC6 Stack Overflow Vulnerability(CVE-2022-25459) 5. threat[26431]:Eyoucms Arbitrary File Deletion Vulnerability (CVE-2021-46255) 6. threat[30982]:Lansweeper directory traversal vulnerability (CVE-2022-29511) 7. threat[26424]:POS Codekop v2.0 Authenticated Remote Code Execution Vulnerability(CVE-2023-36348) 8. threat[26432]:Godzilla ASP_AES_BASE64 Webshell Connect_2 9. threat[26433]:XWiki Platform Eval remote command execution vulnerability (CVE-2023-37462) 10. threat[30981]:GDidees 3.9.1 Arbitrary File Read Vulnerability(CVE-2023-27179) 11. threat[42002]:Remote Control Trojan FatalRAT Communication 12. threat[26430]:Ruijie RG-EW1200G Remote Code Execution Vulnerability(CVE-2023-3306) 13. threat[26434]:DedeCMS tags.php SQL Injection Vulnerability(CVE-2023-4747) 14. threat[26429]:u5cms URL Redirection Vulnerability (CVE-2022-32444) update rules: 1. threat[41576]:Malicious linux/MrBlackDDos_a network communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-09-11 11:08:21

名称： eoi.unify.allrulepatch.ips.5.6.10.31619.rule	版本：5.6.10.31619
MD5：cf46ecd0e0a7992b30ad67e9338235c0	大小：29.44M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31619。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30976]:华测监测预警系统 FileDownLoad.ashx 任意文件读取漏洞 2. 攻击[26416]:致远A8前台上传解压漏洞 3. 攻击[26415]:时空智友企业流程化管控系统文件上传漏洞 4. 攻击[30977]:华测监测预警系统 Config 数据库泄露漏洞 5. 攻击[30978]:Zivif 网络摄像头敏感信息泄漏漏洞(CVE-2017-17106) 6. 攻击[26417]:亿赛通电子文档安全管理系统 DecryptApplicationService2 任意文件上传漏洞 7. 攻击[30979]:杭州三汇SMG 网关管理软件 down.php 任意文件读取漏洞 8. 攻击[26418]:网康 NS-ASG 应用安全网关任意命令执行漏洞 9. 攻击[26420]:Smartbi RMIServlet 权限绕过漏洞2 10. 攻击[26419]:phpThumb 任意命令执行漏洞(CVE-2010-1598) 11. 攻击[26421]:Centreon 远程命令注入漏洞(CVE-2015-1561) 12. 攻击[26422]:Online Admission System 任意文件上传漏洞(CVE-2021-45835) 13. 攻击[26423]:D-Link DIR-846 远程代码执行漏洞(CVE-2022-46552) 14. 攻击[30980]:DrayTek Vigor 2960 任意文件读取漏洞(CVE-2023-1163) 15. 攻击[26403]:Jeecg-Boot SQL注入漏洞更新规则: 1. 攻击[30967]:CM 邮件系统信息泄露漏洞 2. 攻击[26244]:Struts2远程代码执行漏洞(CVE-2012-0838)(S2-007) 3. 攻击[21374]:Apache Struts2远程命令执行漏洞 4. 攻击[25261]:哥斯拉Godzilla ASP_AES_RAW Webshell 连接 5. 攻击[41548]:Webshell后门伪装404错误页面 6. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播 7. 攻击[25260]:哥斯拉Godzilla ASP_AES_BASE64 Webshell 连接 8. 攻击[24515]:致远OA协同管理软件A6/A8任意文件上传漏洞 9. 攻击[25826]:泛微E-cology uploaderOperate.jsp 文件上传漏洞 10. 攻击[30799]:用友 NC Cloud fs/console SQL注入漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31619. This package include changed rules: new rules: 1. threat[30976]:Huace Monitoring and Warning System FileDownLoad.ashx Arbitrary File Reading Vulnerability 2. threat[26416]:Seeyon A8 Frontend Upload and Decompression Vulnerability 3. threat[26415]:ShiKong Zhiyou Enterprise Process Control System File Upload Vulnerability 4. threat[30977]:Huace Monitoring and Warning System Config Database Leakage Vulnerability 5. threat[30978]:Zivif Webcam Sensitive Information Leakage Vulnerability (CVE-2017-17106) 6. threat[26417]:Esaiton Electronic Document Security Management System DecryptApplicationService2 Arbitrary File Upload Vulnerability 7. threat[30979]:Hangzhou Synway SMG Gateway Management Software down.php Arbitrary File Read Vulnerability 8. threat[26418]:NS-ASG Application Security Gateway Arbitrary Command Execution Vulnerability 9. threat[26420]:Smartbi RMIServlet Permission Bypass Vulnerability2 10. threat[26419]:phpThumb Arbitrary Command Execution Vulnerability (CVE-2010-1598) 11. threat[26421]:Centreon Remote Command Injection Vulnerability (CVE-2015-1561) 12. threat[26422]:Online Admission System Arbitrary File Upload Vulnerability (CVE-2021-45835) 13. threat[26423]:D-Link DIR-846 Remote Code Execution Vulnerability(CVE-2022-46552) 14. threat[30980]:DrayTek Vigor 2960 Arbitrary File Read Vulnerability(CVE-2023-1163) 15. threat[26403]:Jeecg-Boot SQL Injection Vulnerability update rules: 1. threat[30967]:CM Mail System Information Leakage Vulnerability 2. threat[26244]:Struts2 Remote Code Execution Vulnerability(CVE-2012-0838)(S2-007) 3. threat[21374]:Apache Struts2 Remote Command Execution Vulnerability 4. threat[25261]:Godzilla ASP_AES_RAW Webshell Connect 5. threat[41548]:Webshell Backdoor Pretended as 404 Page 6. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread 7. threat[25260]:Godzilla ASP_AES_BASE64 Webshell Connect 8. threat[24515]:Seeyon OA Collaboration Software A6/A8 Arbitrary File Upload Vulnerability 9. threat[25826]:Weaver E-cology uploaderOperate.jsp File Upload Vulnerability 10. threat[30799]:YonYou NC Cloud fs/console SQL Injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-31 15:39:12

名称： eoi.unify.allrulepatch.ips.5.6.10.31562.rule	版本：5.6.10.31562
MD5：e5f9bf343761f61b1f5e0d4dff4f4244	大小：29.44M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31562。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30971]:网神下一代极速防火墙 pki_file_download 任意文件读取漏洞 2. 攻击[26411]:蓝凌 OA jg_service 任意文件上传漏洞 3. 攻击[26409]:致远 OA 反序列化漏洞 4. 攻击[30973]:GrandNode 路径遍历漏洞(CVE-2019-12276) 5. 攻击[30972]:网神 SecIPS 3600 debug_info_export 任意文件下载漏洞 6. 攻击[30974]:Oracle GlassFish Server 任意文件访问漏洞（CVE-2013-3827） 7. 攻击[26412]:易思软件智能物流无人值守系统任意文件上传漏洞 8. 攻击[26413]:Mlflow 目录遍历漏洞(CVE-2023-3765) 9. 攻击[30975]:AWVS 扫描工具 10. 攻击[26414]:Linksys WVBR0-25 远程命令执行漏洞(CVE-2017-17411) 更新规则: 1. 攻击[41702]:Nmap扫描攻击探测 2. 攻击[60464]:HTTP服务目录遍历漏洞 3. 攻击[66891]:PHP CGI查询字符串参数处理信息泄露及拒绝服务漏洞 4. 攻击[25894]:Microsoft Exchange Server远程代码执行漏洞攻击(CVE-2021-34473) 5. 攻击[25475]:Apache Log4j2 远程代码执行漏洞（CVE-2021-44228）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31562. This package include changed rules: new rules: 1. threat[30971]:Wangshen Next Generation Fast Firewall pki_file_download Arbitrary File Reading Vulnerability 2. threat[26411]:Landray OA jg_service arbitrary file upload vulnerability 3. threat[26409]:Zhiyuan OA Deserialization Vulnerability 4. threat[30973]:GrandNode Path Traversal Vulnerability (CVE-2019-12276) 5. threat[30972]:Wangshen SecIPS 3600 debug_Info_Export Arbitrary File Download Vulnerability 6. threat[30974]:Oracle GlassFish Server Arbitrary File Access Vulnerability (CVE-2013-3827) 7. threat[26412]:Eosine Intelligent Logistics Unattended System Arbitrary File Upload Vulnerability 8. threat[26413]:Mlflow Directory Traversal Vulnerability (CVE-2023-3765) 9. threat[30975]:AWVS Scanning Tool 10. threat[26414]:Linksys WVBR0-25 Remote Command Execution Vulnerability(CVE-2017-17411) update rules: 1. threat[41702]:Nmap scan attack detection 2. threat[60464]:HTTP Directory Traversal Vulnerability 3. threat[66891]:PHP CGI Query String Parameter Handling Information Disclosure and DoS Vulnerability 4. threat[25894]:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473) 5. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-23 23:58:21

名称： eoi.unify.allrulepatch.ips.5.6.10.31530.rule	版本：5.6.10.31530
MD5：62e7097a827b226a8925c0e8deeeec48	大小：29.43M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31530。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26394]:时空智友企业流程化管控系统 formservice SQL 注入漏洞 2. 攻击[26397]:亿赛通 UploadFileFromClientServiceForClient 任意文件上传漏洞 3. 攻击[26396]:RichMail /noCookiesMail任意用户登录漏洞 4. 攻击[26395]:远秋医学技能考试系统 /NewsDetailPage.aspx SQL注入漏洞 5. 攻击[30968]:亿赛通 ClientAjax 任意文件下载漏洞 6. 攻击[26398]:联软安界 UniSDP 软件定义边界系统 commondRetSt 命令执行漏洞 7. 攻击[26400]:Semcms Shop V4.2后台文件上传(CVE-2023-30090) 8. 攻击[26404]:锐捷RG-EW1200G 登录绕过漏洞(CVE-2023-4415) 9. 攻击[26405]:联想企业网盘任意文件上传漏洞 10. 攻击[30969]:深信服应用交付管理系统 sys_user.conf 敏感信息泄露漏洞 11. 攻击[26401]:KEADCOM 数字系统接入网关 FileDownloadServlet 任意文件读取漏洞 12. 攻击[26402]:万户协同办公平台接口 wpsservlet 文件上传漏洞 13. 攻击[26406]:睿因Wavlink WL_WNJ575A3远程命令执行漏洞 14. 攻击[30970]:深信服SG上网优化管理系统 catjs.php 文件读取漏洞 15. 攻击[26407]:新点OA组件命令执行漏洞 16. 攻击[26408]:傲盾信息安全管理系统 sichuan_login 前台远程命令执行漏洞 17. 攻击[26393]:红帆 iOffice 协同办公系统硬编码漏洞更新规则: 1. 攻击[25696]:金蝶OA server_file 目录遍历漏洞(CNVD-2021-43484) 2. 攻击[26363]:Jeecg-boot JDBC testConnection 任意代码执行漏洞 3. 攻击[41921]:ZeroTier内网穿透工具通信 4. 攻击[41702]:Nmap扫描攻击探测 5. 攻击[26055]:Dedecms 文件上传漏洞(CVE-2022-43192/CVE-2022-40886) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31530. This package include changed rules: new rules: 1. threat[26394]:ShiKong Zhiyou Enterprise Process Control System formservice SQL Injection Vulnerability 2. threat[26397]:Yisaitong UploadFileFromClientServiceForClient Arbitrary File Upload Vulnerability 3. threat[26396]:Richmail /noCookiesMail arbitrary user login vulnerability 4. threat[26395]:Yuanqiu medical skill examination system /NewsDetailPage.aspx sql injection 5. threat[30968]:Yisetong ClientAjax Any File Download Vulne 6. threat[26398]:Unisdp software defined boundary system Commondretst Command Execution Vulnerability 7. threat[26400]:Semcms shop v4.2 background file upload(CVE-2023-30090) 8. threat[26404]:Ruijie RG-EW1200G Login Bypass Vulnerability (CVE-2023-4415) 9. threat[26405]:Lenovo Enterprise Network Disk Arbitrary File Upload Vulnerability 10. threat[30969]:Sangfor Application DeliveryReport System sys_user.conf Sensitive information leakage vulnerability 11. threat[26401]: KEADCOM Digital System Access Gateway FileDownloadServlet Arbitrary File Read Vulnerability 12. threat[26402]:Wanhu collaboration office platform interface wpsservlet file upload vulnerability 13. threat[26406]:Ruiin Wavlink WL_WNJ575A3 Remote Command Execution Vulnerability 14. threat[30970]:Sangfor SG Internet Optimization Management System Catjs.php File Reading Vulnerability 15. threat[26407]:Epoint OA Component Command Execution Vulnerability 16. threat[26408]:Aodun Information Security Management System sichuan_login Foreground Remote Command Execution Vulnerability 17. threat[26393]:Hongfan iOffice Collaborative Office System Hardcoded Vulnerability update rules: 1. threat[25696]:Kingdee OA server_file Directory Traversal Vulnerability(CNVD-2021-43484) 2. threat[26363]:Jeecg-boot JDBC testConnection arbitrary code execution vulnerability 3. threat[41921]:ZeroTier Intranet penetrating tool communication 4. threat[41702]:Nmap scan attack detection 5. threat[26055]:Dedecms File Upload Vulnerability(CVE-2022-43192/CVE-2022-40886) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-22 23:07:35

名称： eoi.unify.allrulepatch.ips.5.6.10.31485.rule	版本：5.6.10.31485
MD5：a4cdb54ca49bcea7eaca5aa9a6a06903	大小：29.39M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31485。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26385]:大华智慧园区综合管理平台 devicePoint_addImgIco 文件上传漏洞 2. 攻击[26384]:亿赛通电子文档安全管理系统任意文件上传漏洞 3. 攻击[26386]:大华车载系统/icon/import任意文件上传漏洞 4. 攻击[30965]:启明 4A统一安全管控平台 getMaster 信息泄露漏洞 5. 攻击[26387]:禅道18.0 backstage 命令注入漏洞 6. 攻击[26389]:锐捷NBR 1300G路由器越权CLI 命令执行漏洞 7. 攻击[26388]:泛微 ShowDocsImagesql注入漏洞 8. 攻击[30966]:华天动力 OA 协同办公系统任意文件读取漏洞 9. 攻击[26392]:东华协同医疗 OA 任意文件读取漏洞 10. 攻击[30962]:CODING 平台 idna 目录信息泄露漏洞更新规则: 1. 攻击[26318]:华天动力 OA 协同办公系统 ntkoupload.jsp 任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31485. This package include changed rules: new rules: 1. threat[26385]:Dahua Smart Park Comprehensive Management Platform DevicePoint_AddImgIco File Upload Vulnerability 2. threat[26384]:ESAFENET Electronic Document Security Management System Arbitrary File Upload Vulnerabilities 3. threat[26386]:Dahua Car System/icon/import Arbitrary File Upload Vulnerability 4. threat[30965]:Qiming 4A Unified Security Control Platform Getmaster Information Leakage Vulnerability 5. threat[26387]:Zentao 18.0 Backstage Command Injection Vulnerability 6. threat[26389]:Ruijie NBR 1300G Router Ultra Vires CLI Command Execution Vulnerability 7. threat[26388]:Weaver ShowDocsImagesql injection vulnerability 8. threat[30966]:Huatian Power OA Collaborative Office System Arbitrary Fle Read Vulnerability 9. threat[26392]:Donghua Synergy Medical OA Arbitrary File Reading Vulnerability 10. threat[30962]:CODING Platform IDNA Directory Information Disclosure Vulnerability update rules: 1. threat[26318]:Huatian Power OA Collaborative Office System ntkoupload.jsp Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-19 21:06:24

名称： eoi.unify.allrulepatch.ips.5.6.10.31465.rule	版本：5.6.10.31465
MD5：2eb0dde1adb832bf738abfb0678d4f8d	大小：29.39M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31465。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26367]:DataEase后台SQL注入漏洞(CVE-2023-37258) 2. 攻击[26377]:金山终端安全系统 V9 代码执行漏洞 3. 攻击[26376]:Eramba远程代码执行漏洞(CVE-2023-36255) 4. 攻击[26379]:明源云 ERP ApiUpdate.ashx 文件上传漏洞 5. 攻击[30963]:奇安信 Vpn存在x遍历及任意账号密码修改漏洞 6. 攻击[26371]:中远麒麟堡垒机 tokens SQL注入漏洞 7. 攻击[26370]:契约锁电子签署平台文件上传漏洞 8. 攻击[26372]:金和OA C6 协同办公系统 editeprint 文件上传漏洞 9. 攻击[26373]:安恒明御安全网关 aaa_portal_auth_local_submit 远程命令执行漏洞 10. 攻击[26374]:PaperCut 目录穿越漏洞(CVE-2023-39143) 11. 攻击[26375]:深信服应用交付报表系统 download.php 任意文件读取漏洞 12. 攻击[26383]:Hytec Inter HWL-2511-SS popen.cgi命令注入漏洞 13. 攻击[30964]:金笛短信中间件Web版 log 后台任意文件下载漏洞(CNVD-2021-57336) 14. 攻击[26380]:锐捷网络多个系列产品命令注入漏洞（CVE-2023-38902） 15. 攻击[26381]:Lexmark远程代码执行漏洞(CVE-2023-26067) 16. 攻击[26382]:深信服数据中心管理系统 XML 实体注入漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31465. This package include changed rules: new rules: 1. threat[26367]:DataEase backend SQL injection vulnerability(CVE-2023-37258) 2. threat[26377]:Kingsoft terminal security system V9 code execution vulnerability 3. threat[26376]:Eramba Remote Code Execution Vulnerability(CVE-2023-36255) 4. threat[26379]:Mingyuan Cloud ERP ApiUpdate.ashx File Upload Vulnerability 5. threat[30963]:Qianxin Vpn has vulnerabilities in x traversal and arbitrary account password modification 6. threat[26371]:COSCO Kirin Bastion Host tokens SQL Injection Vulnerability 7. threat[26370]:Qiyuesuo eSeal Platform Document Upload Vulnerability 8. threat[26372]:Gold and OA C6 Collaborative Office System Editeprint File Upload Vulnerability 9. threat[26373]:Anheng Ming Imperial Security Gateway aaa_portal_auth_local_submit Remote Command Execution Vulnerability 10. threat[26374]:PaperCut Directory Traversal Vulnerability (CVE-2023-39143) 11. threat[26375]: Sangfor Application DeliveryReport System download.php Arbitrary File Reading Vulnerability 12. threat[26383]:Hytec Inter HWL-2511-SS popen.cgi Command Injection Vulnerability 13. threat[30964]:Golden flute SMS middleware web version log background arbitrary file download vulnerability (CNVD-2021-57336) 14. threat[26380]:Ruijie Networks Command Injection Vulnerability in Multiple Series Products (CVE-2023-38902) 15. threat[26381]:Lexmark Remote Code Execution Vulnerability (CVE-2023-26067) 16. threat[26382]:Sangfor Data Center Management System XML Entity Injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-18 22:06:39

名称： eoi.unify.allrulepatch.ips.5.6.10.31444.rule	版本：5.6.10.31444
MD5：7a559331e432940a92f0fec53948dd24	大小：29.37M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31444。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26362]:Jeecg-Boot SQL注入漏洞 2. 攻击[26363]:Jeecg-boot JDBC 任意代码执行漏洞 3. 攻击[26361]:杭州三汇SMG网关管理软件 debug.php 远程命令执行漏洞 4. 攻击[30961]:蓝凌 EKP 未授权访问漏洞 5. 攻击[26364]:明源地产ERP SQL注入漏洞 6. 攻击[26365]:新开普智慧校园系统代码执行漏洞 7. 攻击[26366]:用友时空 KSOATaskRequestServlet SQL注入漏洞 8. 攻击[26368]:金山终端安全系统 V9 任意文件读上传漏洞 9. 攻击[26369]:科荣 AIO 一体化运营管理系统文件读取漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31444. This package include changed rules: new rules: 1. threat[26362]:Jeecg-Boot SQL Injection Vulnerability 2. threat[26363]:Jeecg-boot JDBC arbitrary code execution vulnerability 3. threat[26361]:Hangzhou Sanhui SMG Gateway Management Software debug.php Remote Command Execution Vulnerability 4. threat[30961]:Landray EKP Unauthorized Access Vulnerability 5. threat[26364]:Mingyuan real estate ERP SQL injection vulnerability 6. threat[26365]:Newcapec Smart Campus System Code execution vulnerability 7. threat[26366]:Yonyou KSOATaskRequestServlet SQL Injection vulnerability 8. threat[26368]:Kingsoft EDR V9 Arbitrary File Upload Vulnerabilities 9. threat[26369]:Koronsoft AIO Integrated Operation Management System File Read Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-18 01:02:14

名称： eoi.unify.allrulepatch.ips.5.6.10.31420.rule	版本：5.6.10.31420
MD5：54df45f2fa6e75759c5cb8f268ae742b	大小：29.37M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31420。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26356]:SEMCMS /SEMCMS_upload.php文件上传漏洞 2. 攻击[30960]:用友 U8 Cloud upload 文件上传漏洞 3. 攻击[30959]:1Panel loadfile 后台文件读取漏洞 4. 攻击[26357]:Jeecg-Boot Freemarker 模版注入漏洞 5. 攻击[26358]:LiveBos showImage.do 任意文件读取漏洞 6. 攻击[26359]:蓝凌OA sysUiExtend文件上传漏洞 7. 攻击[26360]:启明天钥安全网关前台 SQL 注入漏洞更新规则: 1. 攻击[25615]:致远OA JDBC接口反序列化漏洞 2. 攻击[26351]:泛微 Ecology 后台SQL注入RCE漏洞 3. 攻击[68654]:可疑Webshell脚本文件上传行为 4. 攻击[26357]:Jeecg-Boot Freemarker 模版注入漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31420. This package include changed rules: new rules: 1. threat[26356]:SEMCMS /SEMCMS_upload.php File Upload Vulnerability 2. threat[30960]:Yonyou U8 Cloud upload file upload vulnerability 3. threat[30959]:1Panel loadfile backend file read vulnerability 4. threat[26357]:Jeecg-Boot Freemarker Template Injection Vulnerability 5. threat[26358]:LiveBos showImage.do Arbitrary File Read Vulnerability 6. threat[26359]:Lanling OA sysUiExtend file upload vulnerability 7. threat[26360]:Qiming Tianya Security Gateway Foreground SQL injection vulnerability update rules: 1. threat[25615]:Seeyon OA JDBC API Deserialization Vulnerability 2. threat[26351]:Weaver Ecology Background SQL Injection RCE Vulnerability 3. threat[68654]:Suspicious Webshell Script Files Upload Behavior 4. threat[26357]:Jeecg-Boot Freemarker Template Injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-17 09:07:11

名称： eoi.unify.allrulepatch.ips.5.6.10.31397.rule	版本：5.6.10.31397
MD5：1ecc39efef3dabd048806fccadfe77de	大小：29.37M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31397。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26346]:Jeecg-Boot /jmreport/show 存在SQL注入漏洞(CVE-2023-34659) 2. 攻击[26348]:KubePi LoginLogsSearch 未授权访问漏洞(CVE-2023-22478) 3. 攻击[26349]:KubePi 信任管理问题漏洞（CVE-2023-22463） 4. 攻击[30958]:飞企互联 FE 业务协作平台 ShowImageServlet 文件读取漏洞 5. 攻击[26347]:MotoCMS SQL 注入漏洞(CVE-2023-36213) 6. 攻击[26351]:泛微 Ecology getSourceFields 后台SQL注入RCE漏洞 7. 攻击[26350]:OfficeWeb365 任意文件写入漏洞 8. 攻击[26352]:Jeecg-Boot SQL注入漏洞(CVE-2023-38992) 9. 攻击[26355]:中远麒麟堡垒机后台远程代码执行漏洞 10. 攻击[26353]:JeecgBoot 企业级低代码平台qurestSql SQL注入漏洞(CVE-2023-1454) 更新规则: 1. 攻击[26349]:KubePi 硬编码凭证漏洞（CVE-2023-22463）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31397. This package include changed rules: new rules: 1. threat[26346]:Jeegg Boot/jmreport/show has an SQL injection vulnerability(CVE-2023-34659) 2. threat[26348]:KubePi LoginLogsSearch Unauthorized Access Vulnerability (CVE-2023-22478) 3. threat[26349]:KubePi Trust Management Issue Vulnerability (CVE-2023-22463) 4. threat[30958]:Flyrise FE Business Collaboration Platform ShowImageServlet File Reading Vulnerability 5. threat[26347]:MotoCMS SQL Injection Vulnerability(CVE-2023-36213) 6. threat[26351]:Weaver Ecology getSourceFields Background SQL Injection RCE Vulnerability 7. threat[26350]:OfficeWeb365 Arbitrary File Write Vulnerability 8. threat[26352]:Jeecg-Boot SQL Injection Vulnerability(CVE-2023-38992) 9. threat[26355]:Cosco Kirin fortress machine background remote code execution vulnerability 10. threat[26353]:JeecgBoot Enterprise-level Low-code Platform qurestSql SQL Injection Vulnerability(CVE-2023-1454) update rules: 1. threat[26349]:KubePi Hardcoded Credentials Vulnerability (CVE-2023-22463) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-15 22:05:26

名称： eoi.unify.allrulepatch.ips.5.6.10.31369.rule	版本：5.6.10.31369
MD5：b385ed7db1dbc644977b61cc7c758e49	大小：29.35M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31369。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30950]:大华智慧园区user_getUserInfoByUserName.action用户密码泄露漏洞 2. 攻击[26341]:用友畅捷通T+ GetStoreWarehouseByStore 反序列化命令执行漏洞 3. 攻击[30956]:锐捷交换机 WEB 管理系统 EXCU_SHELL 信息泄露漏洞 4. 攻击[26345]:金和 OA C6 GetSqlData.aspx SQL注入漏洞 5. 攻击[26343]:任我行 CRM /SmsDataList 存在 SQL 注入漏洞 6. 攻击[26342]:用友 U8 CRM 客户关系管理系统 getemaildata 文件上传漏洞 7. 攻击[26344]:PigCMS action_flashUpload 任意文件上传漏洞 8. 攻击[42001]:疑似Webshell通信更新规则: 1. 攻击[30955]:用友 U8 CRM 客户关系管理系统 getemaildata 文件读取漏洞 2. 攻击[23777]:GraphicsMagick和ImageMagick远程命令执行漏洞(CVE-2016-3714) 3. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31369. This package include changed rules: new rules: 1. threat[30950]:Dahua Smart Park user_getUserInfoByUserName.action User Password Disclosure Vulnerability 2. threat[26341]:Yonyou CHANJET T+ GetStoreWarehouseByStore Deserialization Command Execution Vulnerability 3. threat[30956]:Ruijie Switch WEB Management System EXCU_ SHELL Information Disclosure Vulnerability 4. threat[26345]:Jinher OA C6 GetSqlData.aspx SQL Injection vulnerability 5. threat[26343]:Ren Woxing CRM /SmsDataList has SQL injection vulnerability 6. threat[26342]:Yonyou U8 CRM Customer Relationship Management getemaildata File Upload Vulnerability 7. threat[26344]:PigCMS action_flashUpload arbitrary file upload vulnerability 8. threat[42001]:Suspected Webshell communication update rules: 1. threat[30955]:Yonyou U8 CRM Customer Relationship Management System getemaildata File Read Vulnerability 2. threat[23777]:GraphicsMagick and ImageMagick Remote code execution vulnerability(CVE-2016-3714) 3. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-14 21:11:17

名称： eoi.unify.allrulepatch.ips.5.6.10.31341.rule	版本：5.6.10.31341
MD5：7f18b72d5f74e4a82a94749784c3575c	大小：29.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31341。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26334]:企望制造 ERP 系统 comboxstore SQL 注入漏洞 2. 攻击[30953]:用友 NC wsncapplet.jsp 信息泄漏洞 3. 攻击[26335]:竹云 IAM 前台Hessian反序列化漏洞 4. 攻击[30954]:金盘微信管理平台 getsysteminfo 未授权访问漏洞 5. 攻击[26336]:百卓 Smart S85F importhtml.php SQL 注入漏洞(CVE-2023-4120) 6. 攻击[26337]:用友 M1server 反序列化命令执行漏洞 7. 攻击[26338]:用友时空 KSOA imagefield SQL 注入漏洞 8. 攻击[26339]:百卓 Smart S85F useratte 存在后台文件上传漏洞(CVE-2023-4121) 9. 攻击[30955]:用友 U8 CRM 客户关系管理系统 getemaildata 文件读取漏洞 10. 攻击[26340]:Cellinx NVT 摄像机 GetFileContent.cgi 文件读取漏洞 (CVE-2023-23063) 更新规则: 1. 攻击[23151]:Rejetto HTTP File Server ParserLib.pas远程命令执行漏洞(CVE-2014-6287) 2. 攻击[41978]:Mythic C2工具apollo http-profiler连接行为 3. 攻击[41980]:Mythic C2工具freyja http-profiler连接行为 4. 攻击[41988]:Mythic C2工具http-profiler心跳检测1 5. 攻击[41989]:Mythic C2工具http-profiler心跳检测2 6. 攻击[41998]:Brute Ratel C4 C2工具HTTP心跳检测 7. 攻击[41999]:Brute Ratel C4 C2工具HTTP连接检测注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31341. This package include changed rules: new rules: 1. threat[26334]:QiWang ERP System comboxstore SQL Injection Vulnerability 2. threat[30953]:Yonyou NC wsncapplet.jsp Information Leakage Vulnerability 3. threat[26335]:Bamboo Cloud IAM foreground Hessian deserialization vulnerability 4. threat[30954]:Jinpan WeChat Management Platform getsysteminfo Unauthorized Access Vulnerability 5. threat[26336]:Byzoro Smart S85F importhtml.php SQL Injection Vulnerability (CVE-2023-4120) 6. threat[26337]:Yonyou M1server deserialization command execution vulnerability 7. threat[26338]:Yongyou KSOA imagefield SQL Injection Vulnerability 8. threat[26339]:Byzoro Smart S85F useratte suffers from a background file upload vulnerability (CVE-2023-4121) 9. threat[30955]:Yonyou U8 CRM Customer Relationship Management System getemaildata File Read Vulnerability 10. threat[26340]:Cellinx NVT Camera GetFileContent.cgi File Reading Vulnerability (CVE-2023-23063) update rules: 1. threat[23151]:Rejetto HttpFileServer ParserLib.pas Remote Command Execution(CVE-2014-6287) 2. threat[41978]:Mythic C2 tool apollo http-profiler connection behavior 3. threat[41980]:Mythic C2 tool freyja http-profiler connection behavior 4. threat[41988]:Mythic C2 tool http-profiler Heartbeat detection 1 5. threat[41989]:Mythic C2 tool http-profiler Heartbeat Detection 2 6. threat[41998]:Brute Ratel C4 C2 tool HTTP Heartbeat detection 7. threat[41999]:Brute Ratel C4 C2 tool HTTP connection detection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-13 22:52:08

名称： eoi.unify.allrulepatch.ips.5.6.10.31310.rule	版本：5.6.10.31310
MD5：4578d42546425e9956998edd2b62d7c1	大小：29.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31310。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26330]:迪普负载均衡 ADX3000-GA 系统命令执行漏洞 2. 攻击[50644]:致远 OA 默认审计用户口令登录 3. 攻击[26332]:拓尔思 WCM loadrecord 任意文件上传漏洞 4. 攻击[26331]:泛微 E-Cology ifNewsCheckOutByCurrentUser SQL注入漏洞 5. 攻击[26333]:锐捷 NBR 路由器 fileupload.php 任意文件上传漏洞 6. 攻击[30952]:360天擎终端安全管理系统admin_log_conf日志信息泄露漏洞 7. 攻击[30951]:企业微信agentinfo接口未授权漏洞更新规则: 1. 攻击[49051]:发现mimikatz工具lsadump dcsync凭据盗窃行为 2. 攻击[25747]:Windows信息收集命令执行注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31310. This package include changed rules: new rules: 1. threat[26330]:DP Load Balancer ADX3000-GA System Command Execution Vulnerability 2. threat[50644]:Seeyon OA Default Audit User Password Login 3. threat[26332]:TRS WCM loadrecord arbitrary file upload vulnerability 4. threat[26331]:Weaver E-Cology ifNewsCheckOutByCurrentUser SQL Injection Vulnerability 5. threat[26333]:Ruijie NBR router fileupload.php arbitrary file upload vulnerability 6. threat[30952]:360 Tianqing terminal security management system admin_log_conf log information disclosure vulnerability 7. threat[30951]:WeChat Work agentinfo interface unauthorized vulnerability update rules: 1. threat[49051]:Discovery of mimikatz tool lsadump-dcsync credential theft behavior 2. threat[25747]:Windows Information Collection Command Execution Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-12 22:29:18

名称： eoi.unify.allrulepatch.ips.5.6.10.31290.rule	版本：5.6.10.31290
MD5：08218f6644dfdd19361ede497fc1bf36	大小：29.32M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31290。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26319]:用友移动管理系统 uploadApk.do 任意文件上传漏洞 2. 攻击[26321]:Arris VAP2500 list_mac_address 未授权远程代码执行漏洞（CNVD-2023-62027） 3. 攻击[26317]:华天动力OA 8000版 workFlowService SQL注入漏洞 4. 攻击[26322]:致远OA A8+ 前台 getAjaxDataServlet XXE漏洞 5. 攻击[30946]:万江科技山洪灾害预警系统 FileHandler.ashx 存在任意文件读取漏洞(CVE-2023-4172) 6. 攻击[26323]:海康威视（HIKVISION）综合安防管理平台report任意文件上传漏洞 7. 攻击[30947]:海康威视（HIKVISION）综合安防管理平台 env 信息泄漏漏洞 8. 攻击[26324]:大华智慧园区综合管理平台 publishing 文件上传漏洞 9. 攻击[26327]:用友时空 KSOA QueryService SQL 注入漏洞 10. 攻击[26326]:金和 OA C6 GetTreeDate.aspx SQL注入漏洞 11. 攻击[26318]:华天动力 OA 协同办公系统任意文件上传漏洞 12. 攻击[26325]:通达 OA gateway 前台反序列化漏洞 13. 攻击[26328]:大华智慧园区综合管理平台 searchJson SQL注入漏洞 14. 攻击[30949]:用友时空 KSOA PayBill SQL 注入漏洞更新规则: 1. 攻击[30814]:泛微E-offcie mysql_config.ini 信息泄露漏洞 2. 攻击[30918]:禅道16.5 SQL注入漏洞（CNVD-2022-42853） 3. 攻击[26309]:泛微OA uploadFiles_temp 文件上传漏洞 4. 攻击[24257]:Spring Framework isWritableProperty SpEL 表达式注入漏洞(CVE-2018-1273) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31290. This package include changed rules: new rules: 1. threat[26319]:Yonyou mobile management system uploadApk.do arbitrary file upload vulnerability 2. threat[26321]:Arris VAP2500 list_mac_address Unauthorized Remote Code Execution Vulnerability(CNVD-2023-62027) 3. threat[26317]:Huatian Power OA Version 8000 WorkFlowService SQL Injection Vulnerability 4. threat[26322]:Seeyon OA A8+ front getAjaxDataServlet XXE vulnerability 5. threat[30946]:Wanjiang Technology Mountain Flood Disaster Warning System FileHandler.ashx Arbitrary File Reading Vulnerability(CVE-2023-4172) 6. threat[26323]:Hikvision Comprehensive Security Management Platform report Arbitrary File Upload Vulnerability 7. threat[30947]:HIKVISION Integrated Security Management Platform env Information Leakage Vulnerabilities 8. threat[26324]:Dahua Smart Park Comprehensive Management Platform Publishing File Upload Vulnerability 9. threat[26327]:Yongyou KSOA QueryService SQL Injection Vulnerability 10. threat[26326]:Jinher OA C6 GetTreeDate.aspx SQL Injection Vulnerability 11. threat[26318]:Huatian Power OA Collaborative Office System Arbitrary File Upload Vulnerability 12. threat[26325]:Tongda OA gateway foreground deserialization vulnerability 13. threat[26328]:Dahua Smart Park Comprehensive Management Platform searchJson SQL Injection Vulnerability 14. threat[30949]:Yongyou KSOA PayBill SQL Injection Vulnerability update rules: 1. threat[30814]:E-offcie mysql_config.ini Information Disclosure Vulnerability 2. threat[30918]:Zentao 16.5 SQL Injection Vulnerability(CNVD-2022-42853) 3. threat[26309]:Weaver OA uploadFiles_temp File Upload Vulnerability 4. threat[24257]:Spring Framework isWritableProperty SpEL Injection Vulnerability(CVE-2018-1273) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-11 22:09:09

名称： eoi.unify.allrulepatch.ips.5.6.10.31255.rule	版本：5.6.10.31255
MD5：70f8581f3129962d654a1f72488a9632	大小：29.31M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31255。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26305]:深信服应用交付报表系统远程命令执行漏洞 2. 攻击[26306]:WPS Office For Windows代码执行漏洞 3. 攻击[26307]:辰信景云终端安全管理系统 login SQL注入漏洞 4. 攻击[26308]:安恒明御运维审计与风险控制系统service任意用户添加漏洞 5. 攻击[26309]:泛微OA uploadFiles_temp 文件上传漏洞 6. 攻击[30942]:泛微 Weaver E-Office9 Init.php 前台文件包含漏洞 7. 攻击[30943]:H3C多系列设备userLogin.asp敏感信息泄露漏洞 8. 攻击[26312]:广联达 OA 协同办公系统 msgbroadcastuploadfile.aspx 文件上传漏洞 9. 攻击[26314]:网神SecSSL 3600安全接入网关系统任意密码修改漏洞 10. 攻击[26313]:安恒明御安全网关sslvpn命令执行漏洞(CNVD-2023-03898) 11. 攻击[26311]:广联达 OA 协同办公系统 ConfigService.asmx SQL注入漏洞 12. 攻击[26310]:泛微OA RuleOperation 命令执行漏洞 13. 攻击[30944]:永洪 bi/Viewer 前台任意文件读取漏洞 14. 攻击[26315]:锐捷 EWEB 管理系统远程代码注入漏洞（CVE-2023-34644） 15. 攻击[26269]:Citrix ADC及Citrix Gateway远程代码执行漏洞(CVE-2023-3519) 更新规则: 1. 攻击[26282]:Atlassian Jira 身份验证绕过漏洞（CVE-2022-0540） 2. 攻击[26071]:泛微-Eoffice ajax.php 任意文件上传漏洞(CVE-2023-2523) 3. 攻击[41780]:DNSLog查询请求 4. 攻击[25475]:Apache Log4j2 远程代码执行漏洞（CVE-2021-44228）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31255. This package include changed rules: new rules: 1. threat[26305]:Sangfor Application Delivery Reporting System Remote Command Execution Vulnerability 2. threat[26306]:WPS Office For Windows Code Execution Vulnerability 3. threat[26307]:Chenxin cloud terminal security management system login SQL injection vulnerability 4. threat[26308]:AnHeng Mingyu Operation And Maintenance Audit And Risk Control System service Add Arbitrary User Vulnerability 5. threat[26309]:Weaver OA uploadFiles_temp File Upload Vulnerability 6. threat[30942]:Weaver E-Office9 Init.php File Inclusion Vulnerability 7. threat[30943]:H3C multi-series devices userLogin.asp sensitive information disclosure vulnerability 8. threat[26312]:Glodon OA Collaborative Office System ConfigService.asmx File Upload Vulnerabilities 9. threat[26314]:Wangshen SecSSL 3600 Secure Access Gateway System Arbitrary Password Modification Vulnerability 10. threat[26313]:AnHeng Mingyu Security Gateway sslvpn Command Execution Vulnerability(CNVD-2023-03898) 11. threat[26311]:Glodon OA Collaborative Office System ConfigService.asmx SQL injection Vulnerabilities 12. threat[26310]:Weaver OA RuleOperation Command Execution Vulnerability 13. threat[30944]:Yonghong BI Report Foreground Arbitrary File Reading Vulnerability 14. threat[26315]:Ruijie EWEB Management System Remote Code Injection Vulnerability (CVE-2023-34644) 15. threat[26269]:Citrix ADC And Citrix Gateway Remote Code Execution Vulnerability(CVE-2023-3519) update rules: 1. threat[26282]:Atlassian Jira Authentication Bypass Vulnerability(CVE-2022-0540) 2. threat[26071]:Eoffice ajax.php Arbitrary File Upload Vulnerability(CVE-2023-2523) 3. threat[41780]:DNSLog Query Request 4. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-11 09:34:08

名称： eoi.unify.allrulepatch.ips.5.6.10.31211.rule	版本：5.6.10.31211
MD5：93cd19bd9c1343ce5129436c81c3f44c	大小：29.29M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31211。该升级包新增/改进的规则有: 新增规则: 1. 攻击[49059]:才茂通信网关 formping 后台远程命令执行漏洞 2. 攻击[26281]:用友GRP-U8 U8AppProxy任意文件上传漏洞 3. 攻击[26283]:Sophos Firewall 代码执行漏洞(CVE-2022-1040) 4. 攻击[49061]:浪潮ClusterEngineV4.0 sysShell 任意命令执行漏洞 5. 攻击[26284]:用友NC ModelHandleServlet反序列化漏洞 6. 攻击[26285]:用友NC ConfigResourceServlet 反序列化漏洞 7. 攻击[26286]:用友NC ECFileManageServlet 反序列化漏洞 8. 攻击[26287]:用友NC MonitorServlet 反序列化漏洞 9. 攻击[26289]:ThinkPHP6 反序列化任意命令执行漏洞(CVE-2022-45982) 10. 攻击[26290]:TOTOLINK CA300-PoE 命令注入漏洞（CVE-2023-24160） 11. 攻击[26291]:TOTOLINK CA300-PoE 命令注入漏洞（CVE-2023-24159） 12. 攻击[26292]:TOTOLINK CP900 命令注入漏洞(CVE-2022-28495) 13. 攻击[26293]:万户OA smartUpload.jsp 任意文件上传漏洞 14. 攻击[30937]:飞企互联 FE企业运营管理平台任意文件读取漏洞 15. 攻击[26288]:Citrix Sharefile upload.aspx任意文件上传漏洞(CVE-2023-24489) 16. 攻击[26294]:SonicWall SSL-VPN 远程命令执行漏洞 17. 攻击[26296]:TOTOLINK CP900 命令注入漏洞(CVE-2022-28494) 18. 攻击[26295]:TOTOLINK CP900 命令注入漏洞(CVE-2022-28491) 19. 攻击[30938]:通达OA delete_seal SQL注入漏洞 20. 攻击[30940]:通达OA delete_log SQL注入漏洞 21. 攻击[30939]:TOTOLINK CA300-PoE 命令注入漏洞（CVE-2023-24139） 22. 攻击[26297]:GDidees CMS任意文件上传漏洞（CVE-2023-27178） 23. 攻击[26299]:宏景eHR OfficeServer.jsp任意文件上传漏洞 24. 攻击[30941]:金蝶云星空CommonFileServer任意文件读取漏洞 25. 攻击[26300]:CloudExplorer Lite 命令注入漏洞(CVE-2023-38692) 26. 攻击[26303]:Nuxt远程代码执行漏洞(CVE-2023-3224) 27. 攻击[30941]:金蝶云星空任意文件读取漏洞 28. 攻击[26259]:正方软件股份有限公司统一身份认证服务平台(ZFIAM）存在文件上传漏洞更新规则: 1. 攻击[26274]:FUDForum 3.1.2 文件上传漏洞(CVE-2022-30860) 2. 攻击[25199]:Apache Solr config 任意文件读取漏洞(CNVD-2023-27598) 3. 攻击[26029]:TOTOLink NR1800X 路由器命令执行漏洞 (CVE-2022-41525) 4. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228) 5. 攻击[60464]:HTTP服务目录遍历漏洞 6. 攻击[26238]:Adobe ColdFusion 代码问题漏洞(CVE-2023-29300) 7. 攻击[10541]:TOTOLINK A7000R路由器堆栈溢出漏洞(CVE-2022-37084) 8. 攻击[26178]:TOTOLINK A7000R路由器命令执行漏洞(CVE-2022-37076) 9. 攻击[41989]:Mythic C2工具http-profiler心跳检测2 10. 攻击[25084]:Elasticsearch未授权访问漏洞 11. 攻击[30810]:泛微 E-Office UserSelect 具备权限访问注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31211. This package include changed rules: new rules: 1. threat[49059]:CAIMORE-Gateway Formatting Background Remote Command Execution Vulnerability 2. threat[26281]:Yonyou GRP-U8 U8AppProxy Arbitrary File Upload Vulnerability 3. threat[26283]:Sophos Firewall Code Execution Vulnerability (CVE-2022-1040) 4. threat[49061]:Inspur ClusterEngine V4.0 sysShell Arbitrary Command Execution Vulnerability 5. threat[26284]:YonyouNC ModelHandleServlet Deserialization Vulnerability 6. threat[26285]:YonyouNC ConfigResourceServlet Deserialization Vulnerability 7. threat[26286]:YonyouNC ECFileManageServlet Deserialization Vulnerability 8. threat[26287]:YonyouNC MonitorServlet Deserialization Vulnerability 9. threat[26289]:ThinkPHP6 Deserialization Arbitrary Command Execution Vulnerability (CVE-2022-45982) 10. threat[26290]:TOTOLINK CA300-PoE Command Injection Vulnerability (CVE-2023-24160) 11. threat[26291]:TOTOLINK CA300-PoE Command Injection Vulnerability (CVE-2023-24159) 12. threat[26292]:TOTOLINK CP900 Command Injection Vulnerability (CVE-2022-28495) 13. threat[26293]:Wanhu OA smartUpload.jsp arbitrary file upload vulnerability 14. threat[30937]:Flyrise FE Enterprise Operations Management Platform Arbitrary File Read Vulnerability 15. threat[26288]:Citrix Sharefile upload.aspx Arbitrary File Upload Vulnerability(CVE-2023-24489) 16. threat[26294]:SonicWall SSL-VPN remote command execution vulnerability 17. threat[26296]: TOTOLINK CP900 Command Injection Vulnerability (CVE-2022-28494) 18. threat[26295]: TOTOLINK CP900 Command Injection Vulnerability (CVE-2022-28491) 19. threat[30938]:Tongda OA delete_seal SQL Injection Vulnerability 20. threat[30940]:Tongda OA delete_log SQL Injection Vulnerability 21. threat[30939]:TOTOLINK CA300-PoE Command Injection Vulnerability (CVE-2023-24139) 22. threat[26297]:GDidees CMS Arbitrary File Upload Vulnerability(CVE-2023-27178) 23. threat[26299]:Hongjing eHR OfficeServer.jsp Arbitrary File Upload Vulnerability 24. threat[30941]:Kingdee Cloud Xingkong CommonFileServer Arbitrary File Read Vulnerability 25. threat[26300]:CloudExplorer Lite Command Injection Vulnerability(CVE-2023-38692) 26. threat[26303]:Nuxt Remote Code Execution Vulnerability(CVE-2023-3224) 27. threat[30941]:Kingdee Cloud Xingkong Arbitrary File Read Vulnerability 28. threat[26259]:Zhengfang Software Co., Ltd. Unified Identity Authentication Service Platform (ZFIAM) File Upload Vulnerability update rules: 1. threat[26274]:FUDForum 3.1.2 File Upload Vulnerability (CVE-2022-30860) 2. threat[25199]:Apache Solr config Arbitrarily File Read Vulnerability(CNVD-2023-27598) 3. threat[26029]:TOTOLink NR1800X Router Command Execution Vulnerability (CVE-2022-41525) 4. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) 5. threat[60464]:HTTP Directory Traversal Vulnerability 6. threat[26238]:Adobe ColdFusion Code Issue Vulnerability (CVE-2023-29300) 7. threat[10541]:TOTOLINK A7000R Router Stack Overflow Vulnerability (CVE-2022-37084) 8. threat[26178]:TOTOLINK A7000R Router Command Execution Vulnerability (CVE-2022-37076) 9. threat[41989]:Mythic C2 tool http-profiler Heartbeat Detection 2 10. threat[25084]:Elasticsearch Unauthorized Access Vulnerability 11. threat[30810]:E-Office UserSelect with Privileged Access Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-10 14:39:55

名称： eoi.unify.allrulepatch.ips.5.6.10.31137.rule	版本：5.6.10.31137
MD5：79f1967c277bdf487f2dccc6e24d0a9c	大小：29.26M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31137。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26270]:Metabase 远程代码执行漏洞(CVE-2023-38646) 2. 攻击[26271]:Fastjson 1.2.80 反序列化漏洞(CVE-2022-25845) 3. 攻击[30894]:Visual Slide Box Builder 3.2.9 SQL注入漏洞(CVE-2022-1182) 4. 攻击[26273]:Codoforum 文件上传漏洞(CVE-2022-31854) 5. 攻击[26275]:海康威视（HIKVISION）综合安防管理平台任意文件上传漏洞 6. 攻击[49057]:VR Calendar 2.3.1未经验证的远程代码执行(CVE-2022-2314) 7. 攻击[26277]:致远OA sursenServlet 远程命令执行漏洞 8. 攻击[26278]:致远OA main.do 远程命令执行漏洞 9. 攻击[26279]:HaloCMS 文件上传漏洞 (CVE-2022-32994) 10. 攻击[26276]:Ivanti Endpoint Manager Mobile身份验证绕过漏洞(CVE-2023-35078) 11. 攻击[26280]:Smartbi RMIServlet 权限绕过漏洞 12. 攻击[49058]:禅道系统权限绕过与命令执行漏洞(CNVD-2023-02709) 13. 攻击[41997]:发现impacket-secretsdump模块利用卷影复制机制(VSS)获取域控的用户密码哈希值 14. 攻击[41989]:Mythic C2工具http-profiler心跳检测2 15. 攻击[41978]:Mythic C2工具apollo http-profiler连接行为 16. 攻击[41995]:发现Metasploit利用卷影复制机制(VSS)获取域控的用户密码哈希值 17. 攻击[42000]:发现利用Kerberos协议查询禁用了身份预验证的用户 18. 攻击[26267]:Microsoft Exchange Server 远程代码执行漏洞(CVE-2022-41082) 19. 攻击[41988]:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082) 20. 攻击[41998]:Brute Ratel C4 C2工具HTTP心跳检测 21. 攻击[41980]:Mythic C2工具freyja http-profiler连接行为 22. 攻击[26261]:发现CrackMapExec工具wmiexec远程命令执行行为 23. 攻击[41992]:发现Sharphound进行LDAP枚举行为 24. 攻击[41999]:Brute Ratel C4 C2工具HTTP连接检测 25. 攻击[50642]:Kerberos TGS 票据服务请求 26. 攻击[50643]:发现域内机器更改操作 27. 攻击[49049]:发现CrackMapExec smbexec远程命令执行行为 28. 攻击[41993]:Havoc C2流量-POST请求心跳数据包检测 29. 攻击[41991]:发现Metasploit工具 psexec远程命令执行行为 30. 攻击[49050]:发现Impacket工具secretsdump-dcsync凭据窃取行为 31. 攻击[49051]:发现mimikatz工具lsadump dcsync凭据盗窃行为 32. 攻击[49048]:发现Impacket smbexec远程命令执行行为 33. 攻击[41990]:发现impacket工具 psexec远程命令执行行为 34. 攻击[41976]:发现AT定时任务远程命令执行行为 35. 攻击[41996]:发现Metasploit工具 psexec_psh远程命令执行行为 36. 攻击[41984]:发现CrackMapExec工具 Winrm远程命令执行行为 37. 攻击[41985]:发现Metasploit工具 Winrm远程命令执行行为 38. 攻击[41987]:发现Impacket工具wmiexec远程命令执行行为 39. 攻击[26260]:发现Metasploit工具wmiexec远程命令执行行为 40. 攻击[41972]:Sliver 渗透攻击工具 Beacon 连接 41. 攻击[41977]:发现schtasks定时任务远程命令执行行为 42. 攻击[41974]:发现impacket工具 DCOM远程命令执行行为 43. 攻击[41983]:发现Winrm/Winrs 远程命令执行行为 44. 攻击[41975]:发现Metasploit工具 DCOM远程命令执行行为 45. 攻击[41982]:发现CrackMapExec工具 atexec定时任务远程命令执行行为 46. 攻击[41973]:发现DCOM远程命令执行行为 47. 攻击[41971]:winexesvc.exe 横向移动工具建立连接 48. 攻击[26239]:MS14-068权限绕过漏洞攻击(CVE-2014-6324) 49. 攻击[30914]:红帆 CAWS SQL注入漏洞更新规则: 1. 攻击[26208]:海康威视（HIKVISION）综合安防管理平台Fastjson远程命令执行漏洞 2. 攻击[25748]:Linux信息收集隐匿命令执行 3. 攻击[26078]:csvde AD域攻击命令执行 4. 攻击[26222]:瑞友天翼应用虚拟化系统ConsoleExternalUploadApi.XGI SQL注入漏洞 5. 攻击[25374]:ThinkPHP 2.x/3.0 远程代码执行漏洞 6. 攻击[23991]:Fastjson远程代码执行漏洞 7. 攻击[26232]:泛微ecology deleteUserRequestInfoByxml/ReceiveCCRequestByXml XXE漏洞 8. 攻击[26037]:权限维持命令web执行注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31137. This package include changed rules: new rules: 1. threat[26270]:Metabase Remote Code Execution Vulnerability (CVE-2023-38646) 2. threat[26271]:Fastjson 1.2.80 Deserialization Vulnerability (CVE-2022-25845) 3. threat[30894]:Visual Slide Box Builder 3.2.9 SQL Injection Vulnerability(CVE-2022-1182) 4. threat[26273]:Codoforum File Upload Vulnerability (CVE-2022-31854) 5. threat[26275]:Hikvision Comprehensive Security Management Platform Arbitrary File Upload Vulnerability 6. threat[49057]:VR Calendar 2.3.1 Unauthenticated Remote Code Execution(CVE-2022-2314) 7. threat[26277]:Seeyon OA sursenServlet Remote Command Execution Vulnerability 8. threat[26278]:Seeyon OA main.do Remote Command Execution Vulnerability 9. threat[26279]:HaloCMS File Upload Vulnerability (CVE-2022-32994) 10. threat[26276]:Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability (CVE-2023-35078) 11. threat[26280]:Smartbi RMIServlet Permission Bypass Vulnerability 12. threat[49058]:Zentao System Permission Bypass and Command Execution Vulnerability(CNVD-2023-02709) 13. threat[41997]:The impacket-secretsdump module obtains the user password hash of the domain controller using the shadow volume replication (VSS) mechanism 14. threat[41989]:Mythic C2 tool http-profiler Heartbeat Detection 2 15. threat[41978]:Mythic C2 tool apollo http-profiler connection behavior 16. threat[41995]:Discover that Metasploit uses the Volume Shadow replication mechanism (VSS) to obtain the user password hash value of the domain controller 17. threat[42000]:The user whose pre-authentication is disabled is queried using the Kerberos protocol 18. threat[26267]:Brute Ratel C4 C2 tool HTTP Heartbeat detection 19. threat[41988]:Mythic C2 tool freyja http-profiler connection behavior 20. threat[41998]:Brute Ratel C4 C2 tool HTTP Heartbeat detection 21. threat[41980]:Mythic C2 tool freyja http-profiler connection behavior 22. threat[26261]:Discover the CrackMapExec tool wmiexec Remote Command Execution Behavior 23. threat[41992]:LDAP enumeration was performed on Sharphound. Procedure 24. threat[41999]:Brute Ratel C4 C2 tool HTTP connection detection 25. threat[50642]:Kerberos TGS Ticket Service Request 26. threat[50643]:Discover in-domain machine change operations 27. threat[49049]:Discovering CrackMapExec-smbexec remote command execution behavior 28. threat[41993]:Havoc C2 traffic - POST request heartbeat packets detection 29. threat[41991]:Discover Metasploit Tool psexec Remote Command Execution Behavior 30. threat[49050]:Discovery of Impact tool secretsdump-dcsync credential theft behavior 31. threat[49051]:Discovery of mimikatz tool lsadump-dcsync credential theft behavior 32. threat[49048]:Discovering Impacket-smbexec remote command execution behavior 33. threat[41990]:Discover Impacket Tool psexec Remote Command Execution Behavior 34. threat[41976]:Discover AT Timing Task Remote Command Execution Behavior 35. threat[41996]:Discover Metasploit Tool psexec_psh Remote Command Execution Behavior 36. threat[41984]:Discover the CrackMapExec tool Winrm Remote Command Execution Behavior 37. threat[41985]:Discover Metasploit Tool Winrm Remote Command Execution Behavior 38. threat[41987]:Discover the Impacket tool wmiexec Remote Command Execution Behavior 39. threat[26260]:Discover the Metasploit tool wmiexec Remote Command Execution Behavior 40. threat[41972]:Sliver Penetration Attack Tool Beacon Connection 41. threat[41977]:Discover schtasks Timing Task Remote Command Execution Behavior 42. threat[41974]:Discover the DCOM Remote Command Execution Behavior of the Impacket Tool 43. threat[41983]:Discover Winrm/Winrs Remote Command Execution Behavior 44. threat[41975]:Discover the DCOM Remote Command Execution Behavior of the Metasploit Tool 45. threat[41982]:Discover CrackMapExec Tool atexec Timing Task Remote Command Execution Behavior 46. threat[41973]:Discover The Behavior of DCOM Remote Command Execution 47. threat[41971]:winexesvc.exe Lateral Movement Tool Establish Connection 48. threat[26239]:MS14-068 Privilege Bypass Exploit (CVE-2014-6324) 49. threat[30914]:Hongfan CAWS SQL Injection Vulnerability update rules: 1. threat[26208]:Hikvision comprehensive security management platform Fastjson remote command execution vulnerability 2. threat[25748]:Linux Information Collection Hidden Command Execution 3. threat[26078]:csvde AD Domain Attack Command Execution 4. threat[26222]:Auspicious friend physical application virtualization system ConsoleExternalUploadApi XGI SQL injection vulnerabilities 5. threat[25374]:ThinkPHP 2.x/3.0 Remote Code Execution Vulnerability 6. threat[23991]:Fastjson Remote Code Execution Vulnerability 7. threat[26232]:Weaver ecology deleteUserRequestInfoByxml/ReceiveCCRequestByXml XXE Vulnerability 8. threat[26037]:Permission maintenance command web execution Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-08-05 21:33:40

名称： eoi.unify.allrulepatch.ips.5.6.10.31081.rule	版本：5.6.10.31081
MD5：2d85f36ce3a98940039e93640d1689a9	大小：29.21M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.31081。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26236]:PopojiCMS文件上传漏洞(CVE-2022-47766) 2. 攻击[26240]:锐捷(Ruijie) RG-BCR860 命令执行漏洞(CVE-2023-3450) 3. 攻击[26242]:Struts2远程代码执行漏洞(CVE-2007-4556)(S2-001) 4. 攻击[26241]:WAVLINK WN535 G3 信息泄露漏洞（CVE-2022-31846） 5. 攻击[26244]:Struts2远程代码执行漏洞(CVE-2012-0838)(S2-007) 6. 攻击[26248]:Struts2远程代码执行漏洞(CVE-2012-0391/0392/0393/0394)(S2-008) 7. 攻击[26254]:Struts2远程代码执行漏洞(CVE-2011-3923)(S2-009) 8. 攻击[26243]:用友NC ContactsFuzzySearchServlet 反序列化漏洞 9. 攻击[26245]:用友NC ContactsQueryServiceServlet反序列化漏洞 10. 攻击[26252]:用友NC UserQueryServiceServlet 反序列化漏洞 11. 攻击[26255]:Oracle WebLogic Server JNDI注入远程代码执行漏洞(CVE-2020-14841) 12. 攻击[26258]:Struts2远程代码执行漏洞(CVE-2013-1965/1966/2115)(S2-012/S2-013/S2-014) 13. 攻击[26264]:Struts2远程代码执行漏洞(CVE-2013-2134/2135)(S2-015) 14. 攻击[26265]:Struts2远程代码执行漏洞(CVE-2016-3081)(S2-032) 15. 攻击[26266]:Struts2远程代码执行漏洞(CVE-2016-4438)(S2-037) 16. 攻击[26253]:用友NC UserSynchronizationServlet 反序列化漏洞 17. 攻击[26249]:用友NC OAUserAuthenticationServlet 反序列化漏洞 18. 攻击[26250]:用友NC OAUserQryServlet 反序列化漏洞 19. 攻击[26251]:用友NC UserAuthenticationServlet 反序列化漏洞 20. 攻击[26247]:用友NC OAContactsFuzzySearchServlet 反序列化漏洞 21. 攻击[26246]:用友NC fileupload反序列化漏洞 22. 攻击[26268]:用友NC LfwFileUploadServlet 任意文件上传漏洞 23. 攻击[65538]:Struts2远程代码执行漏洞(CVE-2008-6504/CVE-2010-1870)(S2-003/S2-005) 更新规则: 1. 攻击[26182]:Smartbi RMIServlet 身份认证绕过漏洞 2. 攻击[23360]:MongoDB phpMoAdmin远程代码执行漏洞 3. 攻击[23794]:Struts2远程代码执行漏洞(CVE-2016-3087)(S2-033) 4. 攻击[23151]:Rejetto HTTP File Server ParserLib.pas远程命令执行漏洞(CVE-2014-6287) 5. 攻击[21374]:Apache Struts远程命令执行漏洞 6. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611)(S2-053) 7. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.31081. This package include changed rules: new rules: 1. threat[26236]:PopojiCMS File Upload Vulnerability(CVE-2022-47766) 2. threat[26240]:Ruijie RG-BCR860 Command Execution Vulnerability (CVE-2023-3450) 3. threat[26242]:Struts2 Remote Code Execution Vulnerability(CVE-2007-4556)(S2-001) 4. threat[26241]:WAVLINK WN535 G3 Information Disclosure Vulnerability (CVE-2022-31846) 5. threat[26244]:Struts2 Remote Code Execution Vulnerability(CVE-2012-0838)(S2-007) 6. threat[26248]:Struts2 Remote Code Execution Vulnerability(CVE-2012-0391/0392/0393/0394)(S2-008) 7. threat[26254]:Struts2 Remote Code Execution Vulnerability(CVE-2011-3923)(S2-009) 8. threat[26243]:YonyouNC ContactsFuzzySearchServlet Deserialization Vulnerability 9. threat[26245]:YonYouNC ContactsQueryServiceServlet Deserialization Vulnerability 10. threat[26252]:YonyouNC UserQueryServiceServlet Deserialization Vulnerability 11. threat[26255]:Oracle WebLogic Server JNDI Injection Remote Code Execution Vulnerability(CVE-2020-14841) 12. threat[26258]:Struts2 Remote Code Execution Vulnerability(CVE-2013-1965/1966/2115)(S2-012/S2-013/S2-014) 13. threat[26264]:Struts2 Remote Code Execution Vulnerability(CVE-2013-2134/2135)(S2-015) 14. threat[26265]:Struts2 Remote Code Execution Vulnerability(CVE-2016-3081)(S2-032) 15. threat[26266]:Struts2 Remote Code Execution Vulnerability(CVE-2016-4438)(S2-037) 16. threat[26253]:YonyouNC UserSynchronizationServlet Deserialization Vulnerability 17. threat[26249]:YonyouNC OAUserAuthenticationServlet Deserialization Vulnerability 18. threat[26250]:YonyouNC OAUserQryServlet Deserialization Vulnerability 19. threat[26251]:YonyouNC UserAuthenticationServlet Deserialization Vulnerability 20. threat[26247]:YonyouNC OAContactsFuzzySearchServlet Deserialization Vulnerability 21. threat[26246]:YonyouNC fileupload Deserialization Vulnerability 22. threat[26268]:YonyouNC LfwFileUploadServlet Arbitrary File Upload Vulnerability 23. threat[33446]:Struts2 Remote Command Execution Vulnerability(CVE-2008-6504/CVE-2010-1870)(S2-003/S2-005) update rules: 1. threat[26182]:Smartbi RMIServlet Authentication Bypass Vulnerability 2. threat[23360]:MongoDB phpMoAdmin Remote Code Execution Vulnerability 3. threat[23794]:Struts2 Remote Command Execution Vulnerability(CVE-2016-3087)(S2-033) 4. threat[23151]:Rejetto HttpFileServer ParserLib.pas Remote Command Execution(CVE-2014-6287) 5. threat[21374]:Apache Struts Remote Command Execution Vulnerability 6. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611)(S2-053) 7. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-07-31 09:28:01

名称： eoi.unify.allrulepatch.ips.5.6.10.30918.rule	版本：5.6.10.30918
MD5：3f888139ad6185e924db1be422e254be	大小：29.31M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30918。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26234]:D-Link DIR-823G 授权问题漏洞(CVE-2023-26615) 2. 攻击[26232]:泛微ecology deleteUserRequestInfoByXml/ReceiveCCRequestByXml XXE漏洞 3. 攻击[30936]:Subrion CMS SQL注入漏洞(CVE-2021-41947) 4. 攻击[30935]:DedeCMS rank_1参数 SQL注入漏洞 5. 攻击[26235]:AyaCMS 命令执行漏洞(CVE-2022-45550) 6. 攻击[26237]:Apache RocketMQ NameServer 远程代码执行漏洞(CVE-2023-37582) 7. 攻击[26238]:Adobe ColdFusion 代码问题漏洞(CVE-2023-29300) 8. 攻击[50641]:蒲公英VPN远程控制软件运行 9. 攻击[26225]:XStream 反序列化代码执行漏洞(CVE-2021-39151) 10. 攻击[26226]:XStream 反序列化 SSRF漏洞(CVE-2021-39152) 11. 攻击[26227]:睿因路由 WN535 K2-k3 命令执行漏洞 12. 攻击[26228]:睿因路由 WN535 K2_k3 命令执行漏洞 13. 攻击[26229]:宏电H8922后台命令注入漏洞 14. 攻击[26230]:WBCE CMS 任意文件上传漏洞(CVE-2022-25099) 15. 攻击[30933]:Ecshop Checkorder SQL注入漏洞 16. 攻击[26231]:XStream 反序列化代码执行漏洞(CVE-2021-39153) 更新规则: 1. 攻击[41781]:FRP内网穿透工具通信 2. 攻击[41658]:Webshell后门程序中国菜刀访问控制 3. 攻击[25839]:Node.js命令注入漏洞（CVE-2021-21315） 4. 攻击[30896]:MYSQL JDBC任意文件读取漏洞 5. 攻击[63682]:HTTP SQL注入尝试类型三 6. 攻击[26022]:XStream反序列化远程代码执行漏洞(CVE-2021-39146) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30918. This package include changed rules: new rules: 1. threat[26234]:D-Link DIR-823G Authorization Issue Vulnerability (CVE-2023-26615) 2. threat[26232]:Weaver ecology deleteUserRequestInfoByXml/ReceiveCCRequestByXml XXE Vulnerability 3. threat[30936]:Subrion CMS SQL Injection Vulnerability (CVE-2021-41947) 4. threat[30935]:DedeCMS rank_1 SQL Injection Vulnerability 5. threat[26235]:AyaCMS Command Execution Vulnerability (CVE-2022-45550) 6. threat[26237]:Apache RocketMQ NameServer Remote Code Execution Vulnerability (CVE-2023-37582) 7. threat[26238]:Adobe ColdFusion Code Issue Vulnerability (CVE-2023-29300) 8. threat[50641]: Dandelion VPN remote control software running 9. threat[26225]:XStream Deserialization Code Execution Vulnerability (CVE-2021-39151) 10. threat[26226]:XStream Deserialization SSRF Vulnerability (CVE-2021-39152) 11. threat[26227]:WAVLINK WN535 K2-k3 Command Execution Vulnerability 12. threat[26228]:WAVLINK WN535 K2_k3 Command Execution Vulnerability 13. threat[26229]:Hongdian H8922 Background Command Injection Vulnerability 14. threat[26230]:WBCE CMS Arbitrary File Upload Vulnerability (CVE-2022-25099) 15. threat[30933]:Ecshop Checkorder SQL Injection Vulnerability 16. threat[26231]:XStream Deserialization Code Execution Vulnerability (CVE-2021-39153) update rules: 1. threat[41781]:Communication of FRP Intranet Penetration Tool 2. threat[41658]:Webshell Backdoor Chinese Chopper Access and Control 3. threat[25839]:Node.js Command Injection Vulnerability（CVE-2021-21315） 4. threat[30896]:MYSQL JDBC arbitrary file read vulnerability 5. threat[63682]:HTTP SQL Injection Attempt Type Three 6. threat[26022]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39146) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-07-22 17:21:09

名称： eoi.unify.allrulepatch.ips.5.6.10.30880.rule	版本：5.6.10.30880
MD5：bd6ae17cea740685b8199b46be570246	大小：26.75M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30880。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26176]:lazagne工具Web执行 2. 攻击[26210]:UCMS 文件上传漏洞 (CVE-2022-35426) 3. 攻击[26211]:CuppaCMS 本地文件包含漏洞 (CVE-2022-34121) 4. 攻击[30923]:红帆 ioCtlSet SQL注入漏洞 5. 攻击[26213]:红帆 ioEmpFocusSelType SQL注入漏洞 6. 攻击[26214]:Cisco UCS Manager 2.2 远程命令执行漏洞(CVE-2015-6435) 7. 攻击[30924]:MotionEye-Project MotionEye 信息泄露漏洞(CVE-2022-25568) 8. 攻击[26216]:Spring Boot Actuator H2远程代码执行漏洞 9. 攻击[26152]:Windows NFS远程代码执行漏洞(CVE-2023-24941) 10. 攻击[26217]:GetSimpleCMS 跨站脚本漏洞(CVE-2022-1503) 11. 攻击[26218]:SPIP远程代码执行漏洞(CVE-2023-27372) 12. 攻击[30925]:红帆 ioDesktopData SQL注入漏洞 13. 攻击[10545]:XStream 拒绝服务漏洞(CVE-2021-21348) 14. 攻击[30928]:Jira插件STAGIL Navigation目录遍历漏洞(CVE-2023-26255/CVE-2023-26256) 15. 攻击[30927]:红帆 ioAssistance2 SQL注入漏洞 16. 攻击[26219]:XStream 反序列化远程代码执行漏洞(CVE-2021-39139) 17. 攻击[26220]:Smartbi WindowUnloading 反序列化远程代码执行漏洞 18. 攻击[30929]:上海孚盟软件有限公司孚盟云AjaxMethod.ashx SQL注入漏洞(CNVD-2021-25330) 19. 攻击[26221]:博华网龙防火墙cmd.php远程命令执行漏洞 20. 攻击[10546]:XStream 拒绝服务漏洞(CVE-2021-39140) 21. 攻击[30930]:红帆 fmSeachDataList SQL注入漏洞 22. 攻击[26222]:瑞友天翼应用虚拟化系统ConsoleExternalUploadApi.XGI SQL注入漏洞 23. 攻击[26223]:XStream 反序列化代码执行漏洞(CVE-2021-39141) 24. 攻击[30931]:泛微 E-Cology FileDownloadForOutDoc SQL注入漏洞 25. 攻击[26224]:XStream 反序列化 SSRF漏洞(CVE-2021-39150) 26. 攻击[30932]:ThinkPHP 5.x SQL注入漏洞更新规则: 1. 攻击[21384]:Alcatel-Lucent OmniPCX Enterprise远程命令注入漏洞 2. 攻击[26128]:Openfire 路径穿越漏洞(CVE-2023-32315) 3. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088) 4. 攻击[25374]:ThinkPHP 2.x/3.0 远程代码执行漏洞 5. 攻击[63680]:HTTP SQL注入尝试类型七 6. 攻击[21374]:Apache Struts远程命令执行漏洞 7. 攻击[25606]:Apache Solr JMX服务远程代码执行漏洞(CVE-2019-12409) 8. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564) 9. 攻击[24703]:戴尔KACE K1000远程执行代码漏洞 10. 攻击[23320]:FritzBox Webcm 未认证命令注入漏洞(CVE-2014-9727) 11. 攻击[24676]:Satellian 1.1.2远程代码执行漏洞（CVE-2020-7980） 12. 攻击[24735]:NETGEAR DGN2200v1/v2/v3/v4 授权命令注入漏洞（CVE-2017-6077） 13. 攻击[24736]:NETGEAR DGN2200 10.0.0.50 授权命令执行漏洞（CVE-2017-6334） 14. 攻击[25739]:Linux反弹shell命令执行 15. 攻击[30899]:GeoServer SQL注入漏洞(CVE-2023-25157) 16. 攻击[26201]:D-Link DNS-320 ShareCenter网络存储设备远程命令执行漏洞 17. 攻击[63682]:HTTP SQL注入尝试类型三注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30880. This package include changed rules: new rules: 1. threat[26176]:lazagne tool web execution 2. threat[26210]:UCMS File Upload Vulnerability (CVE-2022-35426) 3. threat[26211]:CuppaCMS Local File Contains Vulnerability (CVE-2022-34121) 4. threat[30923]:Hongfan ioCtlSet SQL Injection Vulnerability 5. threat[26213]:Hongfan ioEmpFocusSelType SQL Injection Vulnerability 6. threat[26214]:Cisco UCS Manager 2.2 Remote Command Execution Vulnerability (CVE-2015-6435) 7. threat[30924]:MotionEye-Project MotionEye Information Leakage Vulnerability (CVE-2022-25568) 8. threat[26216]:Spring Boot Actuator H2 remote code execution vulnerability 9. threat[26152]:Windows NFS Remote Command Execution Vulnerability(CVE-2023-24941) 10. threat[26217]:GetSimpleCMS Cross-Site Scripting Vulnerability (CVE-2022-1503) 11. threat[26218]:SPIP Remote Code Execution Vulnerability (CVE-2023-27372) 12. threat[30925]:Hongfan ioDesktopData SQL Injection Vulnerability 13. threat[10545]:XStream Denial of Service Vulnerability (CVE-2021-21348) 14. threat[30928]:Jira plugin STAGIL Navigation directory traversal vulnerability (CVE-2023-26255/CVE-2023-26256) 15. threat[30927]:Hongfan ioAssistance2 SQL Injection Vulnerability 16. threat[26219]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39139) 17. threat[26220]:Smartbi WindowUnloading Deserializes Remote Code Execution Vulnerabilities 18. threat[30929]:Shanghai FML Software Co., LTD. FML Cloud AjaxMethod.ashx SQL Injection vulnerability (CNVD-2021-25330) 19. threat[26221]:Bohua Netdragon firewall cmd.php remote command execution vulnerability 20. threat[10546]:XStream Denial of Service Vulnerability (CVE-2021-39140) 21. threat[30930]:Hongfan fmSeachDataList SQL Injection Vulnerability 22. threat[26222]:Auspicious friend physical application virtualization system ConsoleExternalUploadApi XGI SQL injection vulnerabilities 23. threat[26223]:XStream Deserialization Code Execution Vulnerability (CVE-2021-39141) 24. threat[30931]:Weaver E-Cology FileDownloadForOutDoc SQL Injection Vulnerability 25. threat[26224]:XStream Deserialization SSRF Vulnerability (CVE-2021-39150) 26. threat[30932]:ThinkPHP 5.x SQL injection vulnerability update rules: 1. threat[21384]:Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution 2. threat[26128]:Openfire Path Traversal Vulnerability (CVE-2023-32315) 3. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088) 4. threat[25374]:ThinkPHP 2.x/3.0 Remote Code Execution Vulnerability 5. threat[63680]:HTTP SQL Injection Attempt Type Seven 6. threat[21374]:Apache Struts Remote Command Execution Vulnerability 7. threat[25606]:Apache Solr JMX Service Remote Code Execution Vulnerability(CVE-2019-12409) 8. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564) 9. threat[24703]:Dell KACE K1000 Remote Code Execution Vulnerability 10. threat[23320]:FritzBox Webcm Unauthenticated Command Injection(CVE-2014-9727) 11. threat[24676]:Satellian 1.1.2 remote code execution vulnerability(CVE-2020-7980) 12. threat[24735]:NETGEAR DGN2200v1 / v2 / v3 / v4 Authorized Command Injection Vulnerability (CVE-2017-6077) 13. threat[24736]:NETGEAR DGN2200 10.0.0.50 Authorized Command Execution Vulnerability (CVE-2017-6334) 14. threat[25739]:Linux Shell Reverse Command Execution 15. threat[30899]:GeoServer SQL Injection Vulnerability (CVE-2023-25157) 16. threat[26201]:D-Link DNS-320 ShareCenter Network Storage Device Remote Command Execution Vulnerability 17. threat[63682]:HTTP SQL Injection Attempt Type Three Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-07-14 15:26:02

名称： eoi.unify.allrulepatch.ips.5.6.10.30759.rule	版本：5.6.10.30759
MD5：d2bd44d28902afdb0d233609377b033b	大小：26.72M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30759。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26185]:MozillaRhino 反序列化命令注入漏洞2 2. 攻击[30902]:红帆jssrmyysql文件SQL注入漏洞 3. 攻击[30903]:红帆 ioAssistance文件SQL注入漏洞 4. 攻击[26186]:Apache Myfaces 反序列化代码执行漏洞 5. 攻击[26187]:Rome 反序列化代码执行漏洞 6. 攻击[30904]:红帆 GetWorkUnit SQL注入漏洞 7. 攻击[26188]:Vaadin 反序列化命令执行漏洞 8. 攻击[30905]:红帆 gzykdx SQL注入漏洞 9. 攻击[26189]:TP-LINK Archer AX21 命令注入漏洞(CVE-2023-1389) 10. 攻击[30907]:Apache Solr信息泄露漏洞(CVE-2021-44548) 11. 攻击[30906]:GetSimple CMS信息泄露漏洞(CVE-2019-11231) 12. 攻击[26190]:网康下一代防火墙远程命令执行漏洞 13. 攻击[30908]:智蜂网科技 ifw8 Router ROM信息泄露漏洞(CVE-2019-16313) 14. 攻击[26191]:天融信TopApp-LB负载均衡系统命令执行漏洞 15. 攻击[26192]:Apache CommonsCollections 反序列化命令注入漏洞(CC8) 16. 攻击[30909]:泛微 changeuserinfo.jsp 信息泄露漏洞 17. 攻击[26194]:Fastjson 1.2.59 反序列化漏洞 18. 攻击[26195]:Elasticsearch写入webshell漏洞(WooYun-2015-110216) 19. 攻击[26196]:Fastjson 1.2.60 反序列化漏洞 20. 攻击[30910]:红帆 zyy_AttFile SQL注入漏洞 21. 攻击[30911]:Spring Framework 反射型文件下载漏洞(CVE-2020-5398) 22. 攻击[26197]:Fastjson 1.2.61 反序列化漏洞 23. 攻击[30912]:Spring Boot Actuator jolokia XML实体注入漏洞 24. 攻击[10543]:Redis Labs Redis 命令注入漏洞（CVE-2023-28425） 25. 攻击[30913]:飞鱼星上网行为管理系统信息泄露漏洞 26. 攻击[30914]:红帆 CAWS SQL注入漏洞 27. 攻击[26175]:wmiexec工具Web执行 28. 攻击[41969]:Fastjson 反序列化漏洞探测 29. 攻击[26199]:nginxWebUI runCmd 远程命令执行漏洞 30. 攻击[26200]:若依（RuoYi）任意文件下载漏洞（CVE-2023-27025） 31. 攻击[30915]:红帆 wssRtSyn SQL注入漏洞 32. 攻击[26201]:D-Link DNS-320 ShareCenter网络存储设备远程命令执行漏洞 33. 攻击[26198]:ONLYOFFICE 路径穿越文件上传漏洞(CVE-2023-34939) 34. 攻击[10544]:XStream 拒绝服务漏洞(CVE-2021-21341) 35. 攻击[26202]:Contec SolarView Compact 跨站脚本漏洞(CVE-2022-31373) 36. 攻击[30917]:Penta Security Systems WAPPLES 信息泄露漏洞(CVE-2022-35413) 37. 攻击[26203]:PHPCMS 2008远程代码执行漏洞(CVE-2018-19127) 38. 攻击[30918]:禅道16.5 SQL注入漏洞 39. 攻击[30916]:Powertek 密码读取漏洞 40. 攻击[30919]:Complete 在线求职系统SQL注入漏洞(CVE-2022-32015) 41. 攻击[30920]:Complete 在线求职系统SQL注入漏洞(CVE-2022-32007) 42. 攻击[26204]:WordPress plugin BackupBuddy 任意文件读取漏洞(CVE-2022-31474) 43. 攻击[26208]:海康威视（HIKVISION）综合安防管理平台Fastjson远程命令执行漏洞 44. 攻击[30921]:wordpress 任意文件读取漏洞(CVE-2022-33901) 45. 攻击[26207]:Parallels H-Sphere 跨站脚本漏洞(CVE-2022-30777) 46. 攻击[26209]:Atmail 跨站脚本漏洞(CVE-2022-30776) 47. 攻击[26205]:VMware 多产品权限绕过漏洞(CVE-2022-31656) 48. 攻击[26164]:ZOHO ManageEngine ADManager Plus 命令注入漏洞（CVE-2023-29084） 49. 攻击[30896]:MYSQL JDBC任意文件读取漏洞更新规则: 1. 攻击[24538]:Xstream反序列化远程代码执行漏洞(CVE-2013-7285/CVE-2019-10173) 2. 攻击[25858]:Roxy-Wi 远程命令执行漏洞(CVE-2022-31137) 3. 攻击[25841]:Roxy-WI 代码执行漏洞 (CVE-2022-31126) 4. 攻击[23725]:Glassfish任意文件读取漏洞(CVE-2017-1000028) 5. 攻击[30922]:Gitblit Web路径遍历漏洞(CVE-2022-31268) 6. 攻击[49013]:挖矿程序连接矿池服务器通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30759. This package include changed rules: new rules: 1. threat[26185]:MozillaRhino deserialization Command Injection Vulnerability 2 2. threat[30902]:Hongfan jssrmyysql File SQL Injection Vulnerability 3. threat[30903]:Hongfan ioAssistance File SQL Injection Vulnerability 4. threat[26186]:Apache Myfaces Deserialized Code Execution vulnerability 5. threat[26187]:Rome Deserialization Code Execution Vulnerability 6. threat[30904]:Hongfan GetWorkUnit SQL Injection Vulnerability 7. threat[26188]:Vaadin Deserialization Command Execution Vulnerability 8. threat[30905]:Hongfan gzykdx SQL Injection Vulnerability 9. threat[26189]:TP-LINK Archer AX21 Command Injection Vulnerability (CVE-2023-1389) 10. threat[30907]:Apache Solr Information Disclosure Vulnerability (CVE-2021-44548) 11. threat[30906]:GetSimple CMS Information Disclosure Vulnerability(CVE-2019-11231) 12. threat[26190]:NGFW Remote Command Execution Vulnerability 13. threat[30908]:ifw8 Router ROM Information Leakage Vulnerability (CVE-2019-16313) 14. threat[26191]:Topsec TopApp-LB Load Balancer System Command Execution Vulnerability 15. threat[26192]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC8) 16. threat[30909]:Weaver changeuserinfo.jsp information disclosure vulnerability 17. threat[26194]:Fastjson 1.2.59 Deserialization Vulnerability 18. threat[26195]:Elasticsearch writes webshell vulnerability (WooYun-2015-110216) 19. threat[26196]:Fastjson 1.2.60 Deserialization Vulnerability 20. threat[30910]:Hongfan zyy_AttFile SQL Injection Vulnerability 21. threat[30911]:Spring Framework Reflective File Download Vulnerability (CVE-2020-5398) 22. threat[26197]:Fastjson 1.2.61 Deserialization Vulnerability 23. threat[30912]:Spring Boot Actuator jolokia XML entity injection vulnerability 24. threat[10543]:Redis Labs Redis Command Injection Vulnerability (CVE-2023-28425) 25. threat[30913]:Volans Online Behavior Management System Information Disclosure Vulnerability 26. threat[30914]:Hongfan CAWS SQL Injection Vulnerability 27. threat[26175]:wmiexec tool web execution 28. threat[41969]:Fastjson Deserialization Vulnerability Detection 29. threat[26199]:nginxWebUI runCmd remote command execution vulnerability 30. threat[26200]:RuoYi Arbitrary File Download Vulnerability (CVE-2023-27025) 31. threat[30915]:Hongfan wssRtSyn SQL Injection Vulnerability 32. threat[26201]:D-Link DNS-320 ShareCenter Network Storage Device Remote Command Execution Vulnerability 33. threat[26198]:ONLYOFFICE Path Traversal File Upload vulnerability (CVE-2023-34939) 34. threat[10544]:XStream Denial of Service Vulnerability (CVE-2021-21341) 35. threat[26202]:Contec SolarView Compact Cross-Site Scripting Vulnerability (CVE-2022-31373) 36. threat[30917]:Penta Security Systems WAPPLES Information Leakage Vulnerability (CVE-2022-35413) 37. threat[26203]:PHPCMS 2008 Remote Code Execution Vulnerability(CVE-2018-19127) 38. threat[30918]:Zentao 16.5 SQL Injection Vulnerability 39. threat[30916]:Powertek Password Reading Vulnerability 40. threat[30919]:Complete Online Job Search System SQL Injection Vulnerability(CVE-2022-32015) 41. threat[30920]:Complete Online Job Search System SQL Injection Vulnerability(CVE-2022-32007) 42. threat[26204]:WordPress plugin BackupBuddy Arbitrary File Read Vulnerability (CVE-2022-31474) 43. threat[26208]:Hikvision Comprehensive Security Management Platform Fastjson Remote Command execution Vulnerability 44. threat[30921]:Wordpress Arbitrary File Read Vulnerability (CVE-2022-33901) 45. threat[26207]:Parallels H-Sphere Cross-site Scripting Vulnerability (CVE-2022-30777) 46. threat[26209]:Atmail Cross-site Scripting Vulnerability (CVE-2022-30776) 47. threat[26205]:VMware Multi-product Privilege Bypass Vulnerability (CVE-2022-31656) 48. threat[26164]:ZOHO ManageEngine ADManager Plus Command Injection Vulnerability (CVE-2023-29084) 49. threat[30896]:MYSQL JDBC arbitrary file read vulnerability update rules: 1. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285/CVE-2019-10173) 2. threat[25858]:Roxy-Wi Remote Command Execution Vulnerability(CVE-2022-31137) 3. threat[25841]:Roxy-WI Code Execution Vulnerability (CVE-2022-31126) 4. threat[23725]:Glassfish Directory Traversal Vulnerability(CVE-2017-1000028) 5. threat[30922]:Gitblit Web path traversal Vulnerability (CVE-2022-31268) 6. threat[49013]:Mining program connects mine pool server communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-07-07 19:01:19

名称： eoi.unify.allrulepatch.ips.5.6.10.30640.rule	版本：5.6.10.30640
MD5：1711ecb0b7b773256d553d5bf407a14d	大小：26.69M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30640。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26120]:D-Link Go-RT-AC750 命令注入漏洞(CVE-2023-26822) 2. 攻击[30892]:一米OA getfile.jsp 任意文件读取漏洞 3. 攻击[30893]:万户OA evoInterfaceServlet信息泄露漏洞 4. 攻击[26151]:Fastjson 1.2.66 反序列化漏洞 5. 攻击[26153]:Fastjson 1.2.68 反序列化漏洞 6. 攻击[10540]:Tenda AX1803 路由器缓冲区溢出漏洞(CVE-2022-30040) 7. 攻击[26154]:frpc工具Web执行 8. 攻击[26155]:npc工具Web执行 9. 攻击[26158]:Tenda AX1803栈溢出漏洞(CVE-2022-40876) 10. 攻击[26157]:gost工具Web执行 11. 攻击[26156]:iox工具Web执行 12. 攻击[26160]:泛微 E-cology getInterfaceRegisterCustomOperation 后台命令执行漏洞 13. 攻击[26161]:浙江宇视科技网络视频录像机 ISC LogReport.php 远程命令执行漏洞 14. 攻击[26162]:浙江宇视科技((Uniview))网络视频录像机 ISC DNSServerAdrr 远程命令执行漏洞 15. 攻击[26163]:Terramaster TOS 路径遍历漏洞(CVE-2020-28187) 16. 攻击[26165]:D-Link DIR-867 远程命令执行漏洞(CVE-2023-24762) 17. 攻击[26166]:D-Link DIR820LA1 操作系统命令注入漏洞(CVE-2023-25280) 18. 攻击[26167]:D-Link DIR820LA1 命令注入漏洞(CVE-2023-25279) 19. 攻击[26168]:InsightCloudSec 任意文件写入漏洞(CVE-2023-1305) 20. 攻击[26169]:InsightCloudSec 代码注入漏洞(CVE-2023-1306) 21. 攻击[26170]:LB-LINK产品命令注入漏洞(CVE-2023-26801) 22. 攻击[26171]:Apache Dubbo 反序列化远程代码执行漏洞(CVE-2023-23638) 23. 攻击[26172]:Google Chrome WebGPU UAF 漏洞(CVE-2022-2399) 24. 攻击[26177]:Roxy-WI目录遍历漏洞(CVE-2023-29004) 25. 攻击[26174]:ew工具Web执行 26. 攻击[26173]:pingtunnel 工具Web执行 27. 攻击[26178]:TOTOLINK A7000R路由器命令执行漏洞(CVE-2022-37076) 28. 攻击[10541]:TOTOLINK A7000R路由器堆栈溢出漏洞(CVE-2022-37084) 29. 攻击[26180]:Gerapy 任意命令执行漏洞(CVE-2021-43857) 30. 攻击[26181]:Glpi 目录遍历漏洞(CVE-2021-43778) 31. 攻击[26182]:Smartbi存在身份认证绕过漏洞 32. 攻击[26183]:Chamilo 命令执行漏洞(CVE-2023-34960) 33. 攻击[30897]:Splunk 7.0.1 信息泄露漏洞 (CVE-2018-11409) 34. 攻击[30898]:Discuz! 3.0 路径信息泄露 35. 攻击[26184]:Atlassian Bitbucket Server命令注入漏洞(CVE-2022-43781) 36. 攻击[30899]:GeoServer SQL注入漏洞(CVE-2023-25157) 37. 攻击[30900]:红帆OA udfGetDocStep文件SQL注入漏洞 38. 攻击[26146]:Fastjson 1.2.43 反序列化漏洞 39. 攻击[26147]:Fastjson 1.2.45 反序列化漏洞 40. 攻击[26148]:Fastjson 1.2.47 反序列化漏洞 41. 攻击[26149]:Fastjson 1.2.62 反序列化漏洞 42. 攻击[26150]:VMware Aria Operations 命令注入漏洞（CVE-2023-20887）更新规则: 1. 攻击[68655]:可疑Webshell后门访问控制 2. 攻击[23822]:Microsoft 浏览器内存破坏漏洞(CVE-2016-3259)(MS16-084/85) 3. 攻击[26120]:D-Link 系列路由器命令注入漏洞(CVE-2022-46476/CVE-2023-26822) 4. 攻击[25986]:Gerapy clone 命令注入漏洞(CVE-2021-32849) 5. 攻击[25970]:Zimbra任意文件上传漏洞（CVE-2022-27925） 6. 攻击[25890]:ZTE F460/F660 命令注入漏洞(CVE-2014-2321) 7. 攻击[25235]:Apache OFBiz RMI 反序列化漏洞(CVE-2021-26295) 8. 攻击[25526]:YouPHPTube Encoder 命令注入漏洞(CVE-2019-5127/CVE-2019-5128/CVE-2019-5129) 9. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112) 10. 攻击[25879]:GLPI 资产管理软件任意代码注入漏洞(CVE-2022-35914) 11. 攻击[26010]:Alibaba Nacos认证绕过漏洞(CVE-2021-29441) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30640. This package include changed rules: new rules: 1. threat[26120]:D-Link Go-RT-AC750 Command Injection vulnerability (CVE-2023-26822) 2. threat[30892]:Yimi OA getfile.jsp arbitrary file reading vulnerability 3. threat[30893]:Wando OA evoInterfaceServlet Information Disclosure Vulnerability 4. threat[26151]:Fastjson 1.2.66 Deserialization Vulnerability 5. threat[26153]:Fastjson 1.2.68 Deserialization Vulnerability 6. threat[10540]:Tenda AX1803 Router Buffer Overflow Vulnerability (CVE-2022-30040) 7. threat[26154]:frpc tool web execution 8. threat[26155]:npc tool web execution 9. threat[26158]:Tenda AX1803 Stack Overflow Vulnerability (CVE-2022-40876) 10. threat[26157]:gost tool web execution 11. threat[26156]:iox tool web execution 12. threat[26160]:Weaver E-cology getInterfaceRegisterCustomOperation background command execution vulnerability 13. threat[26161]:Zhejiang Uniview Network Video Recorder ISC LogReport.php remote command execution vulnerability 14. threat[26162]:Uniview Network Video Recorder ISC DNSServerAdrr remote command execution vulnerability 15. threat[26163]:Terramaster TOS Path Traversal Vulnerability (CVE-2020-28187) 16. threat[26165]:D-Link DIR-867 Remote Command Execution Vulnerability (CVE-2023-24762) 17. threat[26166]:D-Link DIR820LA1 Operating System Command Injection Vulnerability (CVE-2023-25280) 18. threat[26167]:D-Link DIR820LA1 Command Injection Vulnerability (CVE-2023-25279) 19. threat[26168]:InsightCloudSec Arbitrary File Write Vulnerability (CVE-2023-1305) 20. threat[26169]:InsightCloudSec Code Injection Vulnerability (CVE-2023-1306) 21. threat[26170]:LB-LINK Product Command Injection Vulnerabilities (CVE-2023-26801) 22. threat[26171]:Apache Dubbo Deserialization Remote Code Execution Vulnerability (CVE-2023-23638) 23. threat[26172]:Google Chrome WebGPU UAF Vulnerability (CVE-2022-2399) 24. threat[26177]:Roxy-WI Directory Traversal Vulnerability (CVE-2023-29004) 25. threat[26174]:ew tool web execution 26. threat[26173]:pingtunnel tool web execution 27. threat[26178]:TOTOLINK A7000R Router Command Execution Vulnerability (CVE-2022-37076) 28. threat[10541]:TOTOLINK A7000R Router Stack Overflow Vulnerability (CVE-2022-37084) 29. threat[26180]:Gerapy Arbitrary Command Execution Vulnerability (CVE-2021-43857) 30. threat[26181]:Glpi Directory Traversal Vulnerability (CVE-2021-43778) 31. threat[26182]:Smartbi Authentication Bypass Vulnerability 32. threat[26183]:Chamilo Command Execution Vulnerability (CVE-2023-34960) 33. threat[30897]:Splunk 7.0.1 Information Disclosure Vulnerability (CVE-2018-11409) 34. threat[30898]:Discuz! 3.0 Path Information Leakage Vulnerability 35. threat[26184]:Atlassian Bitbucket Server Command Injection Vulnerability (CVE-2022-43781) 36. threat[30899]:GeoServer SQL Injection Vulnerability (CVE-2023-25157) 37. threat[30900]:Hongfan OA udfGetDocStep SQL Injection Vulnerability 38. threat[26146]:Fastjson 1.2.43 Deserialization Vulnerability 39. threat[26147]:Fastjson 1.2.45 Deserialization Vulnerability 40. threat[26148]:Fastjson 1.2.47 Deserialization Vulnerability 41. threat[26149]:Fastjson 1.2.62 Deserialization Vulnerability 42. threat[26150]:VMware Aria Operations Command Injection Vulnerability (CVE-2023-20887) update rules: 1. threat[68655]:Suspicious Webshell Backdoor Access and Control 2. threat[23822]:Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-3259)(MS16-084/85) 3. threat[26120]:D-Link Series Router Command Injection Vulnerability (CVE-2022-46476/CVE-2023-26822) 4. threat[25986]:Gerapy clone Command Injection Vulnerability (CVE-2021-32849) 5. threat[25970]:Zimbra Arbitrary File Upload Vulnerability (CVE-2022-27925) 6. threat[25890]:ZTE F460/F660 Command Injection Vulnerability (CVE-2014-2321) 7. threat[25235]:Apache OFBiz RMI Deserialization Vulnerability(CVE-2021-26295) 8. threat[25526]:YouPHPTube Encoder Command Injection Vulnerability(CVE-2019-5127/CVE-2019-5128/CVE-2019-5129) 9. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112) 10. threat[25879]:GLPI Asset Management Software Arbitrary Code Injection Vulnerability (CVE-2022-35914) 11. threat[26010]:Alibaba Nacos Authentication Bypass Vulnerability (CVE-2021-29441) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-07-03 10:23:41

名称： eoi.unify.allrulepatch.ips.5.6.10.30552.rule	版本：5.6.10.30552
MD5：0944c512993d6060ca9feec5a042ba73	大小：33.12M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30552。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26128]:Openfire 路径穿越漏洞(CVE-2023-32315) 2. 攻击[26125]:ServerScan扫描工具Web执行 3. 攻击[26126]:netspy工具Web执行 4. 攻击[26132]:DedeCMS任意文件删除漏洞(CVE-2022-43196) 5. 攻击[26133]:IP-COM M50 命令注入漏洞(CVE-2022-45711) 6. 攻击[26134]:IP-COM M50 命令注入漏洞 (CVE-2022-45717) 7. 攻击[26135]:Google Chrome 沙箱逃逸漏洞(CVE-2019-13768) 8. 攻击[26136]:Strapi 邮件模板注入漏洞(CVE-2023-22621) 9. 攻击[30889]:Strapi 信息泄露漏洞(CVE-2023-22894) 10. 攻击[26131]:nmap扫描工具Web执行 11. 攻击[26130]:hack-browser-data 工具Web执行 12. 攻击[30890]:BigAnt Server 密码hash泄露漏洞(CVE-2022-23348) 13. 攻击[30891]:BigAnt Server 目录穿越漏洞(CVE-2022-23347) 14. 攻击[26139]:NETGEAR R6300命令执行漏洞(CVE-2022-30078/CVE-2022-30079) 15. 攻击[26129]:x-crack扫描工具Web执行 16. 攻击[26140]:Fastjson 1.2.24 反序列化漏洞 17. 攻击[26142]:万户OA DownloadServlet 任意文件读取漏洞 18. 攻击[26144]:Fastjson 1.2.41 反序列化漏洞 19. 攻击[26141]:Ubiquiti EdgeRouter远程命令执行漏洞(CVE-2023-1458) 20. 攻击[26143]:EasyNAS存储管理系统远程命令执行漏洞(CVE-2023-0830) 21. 攻击[26145]:Fastjson 1.2.42 反序列化漏洞更新规则: 1. 攻击[30835]:致远OA 帆软组件 ReportServer 目录遍历漏洞 2. 攻击[25084]:Elasticsearch未授权访问漏洞 3. 攻击[25887]:天蝎 ASP WebShell上传/下载注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30552. This package include changed rules: new rules: 1. threat[26128]:Openfire Path Traversal Vulnerability (CVE-2023-32315) 2. threat[26125]:ServerScan scan tool web execution 3. threat[26126]:netspy tool web execution 4. threat[26132]:DedeCMS Arbitrary File Deletion Vulnerability (CVE-2022-43196) 5. threat[26133]:IP-COM M50 Command Injection Vulnerability (CVE-2022-45711) 6. threat[26134]:IP-COM M50 Command Injection Vulnerability (CVE-2022-45717) 7. threat[26135]:Google Chrome Sandbox Escape Vulnerability (CVE-2019-13768) 8. threat[26136]:Strapi Mail Template Injection Vulnerability (CVE-2023-22621) 9. threat[30889]:Strapi Information Disclosure Vulnerability (CVE-2023-22894) 10. threat[26131]:nmap scan tool web execution 11. threat[26130]:hack-browser-data tool web execution 12. threat[30890]:BigAnt Server Password hash leak Vulnerability (CVE-2022-23348) 13. threat[30891]:BigAnt Server Directory Traversal Vulnerability (CVE-2022-23347) 14. threat[26139]:NETGEAR R6300 Command Execution Vulnerability (CVE-2022-30078/CVE-2022-30079) 15. threat[26129]:x-crack scan tool web execution 16. threat[26140]:Fastjson 1.2.24 Deserialization Vulnerability 17. threat[26142]:Wanhu OA DownloadServlet Arbitrary File Upload Vulnerability 18. threat[26144]:Fastjson 1.2.41 Deserialization Vulnerability 19. threat[26141]:Ubiquiti EdgeRouter Remote Command Execution Vulnerability (CVE-2023-1458) 20. threat[26143]:EasyNAS Storage Management System Remote Command Execution Vulnerability (CVE-2023-0830) 21. threat[26145]:Fastjson 1.2.42 Deserialization Vulnerability update rules: 1. threat[30835]:Seeyon Sailsoft Component ReportServer Directory Traversal Vulnerability 2. threat[25084]:Elasticsearch Unauthorized Access Vulnerability 3. threat[25887]:SkyScorpion ASP WebShell Upload/Download Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-06-25 15:14:19

名称： eoi.unify.allrulepatch.ips.5.6.10.30491.rule	版本：5.6.10.30491
MD5：f43b426d5d78e58e74916ca645b45cf2	大小：33.09M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30491。该升级包新增/改进的规则有: 新增规则: 1. 攻击[10538]:Tenda W6 栈溢出漏洞(CVE-2022-35561) 2. 攻击[26113]:Tenda W6 远程命令执行漏洞(CVE-2022-35555) 3. 攻击[26112]:HTTP SQL时间盲注尝试 4. 攻击[24356]:Apache Struts 2 Commons 不安全的文件上传反序列化漏洞（CVE-2016-1000031） 5. 攻击[30883]:用友 TurboCrm SQL注入漏洞 (CVE-2021-41746) 6. 攻击[26114]:Jython 反序列化命令注入漏洞 7. 攻击[30884]:宏电H8922信息泄露漏洞(CVE-2021-28150) 8. 攻击[10539]:TP-LINK TL-WR840N整数溢出漏洞(CVE-2022-25062) 9. 攻击[26116]:PbootCMS SQL注入漏洞(CVE-2018-16356) 10. 攻击[26117]:TP-LINK TL-WR840N远程代码执行漏洞(CVE-2022-25064) 11. 攻击[26119]:Tenda AX1803命令注入漏洞(CVE-2022-34595) 12. 攻击[26118]:TRENDnet TEW-755AP路由器命令注入漏洞(CVE-2022-46597) 13. 攻击[30885]:睿因WL-WN530H4路由器信息泄露漏洞(CVE-2022-48165) 14. 攻击[26115]:用友畅捷通T+前台远程命令执行漏洞 15. 攻击[26111]:Nacos Raft 协议反序列化代码执行漏洞(CNVD-2023-45001) 16. 攻击[26122]:MozillaRhino 反序列化命令注入漏洞 17. 攻击[26124]:D-Link Dir-505认证绕过漏洞 18. 攻击[26123]:OpenSNS AuthorizeController.class.php 远程代码执行漏洞(CNVD-2019-24397) 19. 攻击[30886]:Jira未授权访问漏洞(CVE-2019-8442) 20. 攻击[50640]:Chrome Remote Desktop 远程控制软件运行 21. 攻击[30887]:OpenSNS ThemeController.class.php 任意文件下载漏洞(CNVD-2019-45335) 22. 攻击[30888]:用友畅捷通T+ SQL注入漏洞更新规则: 1. 攻击[26076]:net AD域攻击命令执行 2. 攻击[25896]:Ueditor编辑器.net版本任意文件上传漏洞（CNVD-2017-20077） 3. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞 4. 攻击[23991]:Fastjson远程代码执行漏洞 5. 攻击[63739]:MSSQL xp_cmdshell执行 6. 攻击[26010]:Alibaba Nacos认证绕过漏洞(CVE-2021-29441) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30491. This package include changed rules: new rules: 1. threat[10538]:Tenda W6 Stack Overflow Vulnerability (CVE-2022-35561) 2. threat[26113]:Tenda W6 Remote Command Execution Vulnerability (CVE-2022-35555) 3. threat[26112]:HTTP SQL Time Blind Injection Attempt 4. threat[24356]:Apache Struts 2 Commons FileUpload Insecure Deserialization（CVE-2016-1000031） 5. threat[30883]:YonYou TurboCrm SQL Injection Vulnerability (CVE-2021-41746) 6. threat[26114]:Jython Deserialization Command Injection vulnerability 7. threat[30884]:Hongdian H8922 Information Disclosure Vulnerability(CVE-2021-28150) 8. threat[10539]:TP-LINK TL-WR840N Integer Overflow Vulnerability (CVE-2022-25062) 9. threat[26116]:PbootCMS SQL Injection Vulnerability (CVE-2018-16356) 10. threat[26117]:TP-LINK TL-WR840N Remote Code Execution Vulnerability (CVE-2022-25064) 11. threat[26119]:Tenda AX1803 Command Injection Vulnerability (CVE-2022-34595) 12. threat[26118]:TRENDnet TEW-755AP Router Command Injection Vulnerability(CVE-2022-46597) 13. threat[30885]:Wavlink WL-WN530H4 Router Information Disclosure Vulnerability(CVE-2022-48165) 14. threat[26115]:Yongyou Smooth T+ Frontend Remote Command Execution Vulnerability 15. threat[26111]:Nacos Raft Protocol Deserialization Code Execution Vulnerability（CNVD-2023-45001） 16. threat[26122]:MozillaRhino Deserialization Command Injection Vulnerability 17. threat[26124]:D-Link Dir-505 Authentication Bypass Vulnerability 18. threat[26123]:OpenSNS AuthorizeController.class.php Remote Code Execution Vulnerability(CNVD-2019-24397) 19. threat[30886]:Jira Unauthorized Access Vulnerability (CVE-2019-8442) 20. threat[50640]:Remote Control Chrome Remote Desktop Running 21. threat[30887]:OpenSNS ThemeController.class.php Arbitrary File Download Vulnerability(CNVD-2019-45335) 22. threat[30888]:Yongyou CHANJET T+ SQL Injection Vulnerability update rules: 1. threat[26076]:net AD Domain Attack Command Execution 2. threat[25896]:Ueditor Editor.net version arbitrary file upload vulnerability(CNVD-2017-20077) 3. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability 4. threat[23991]:Fastjson Remote Code Execution Vulnerability 5. threat[63739]:MSSQL xp_cmdshell Execution 6. threat[26010]:Alibaba Nacos Authentication Bypass Vulnerability (CVE-2021-29441) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-06-16 17:13:56

名称： eoi.unify.allrulepatch.ips.5.6.10.30412.rule	版本：5.6.10.30412
MD5：195186f8f155c0c8cde2879e21751ebf	大小：32.20M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30412。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26082]:大华智慧园区综合管理平台远程代码执行漏洞 2. 攻击[26084]:Zenario CMS 9.3 远程代码执行漏洞(CVE-2022-44136) 3. 攻击[26086]:FLIR-AX8热像仪远程命令执行漏洞(CVE-2022-37061) 4. 攻击[30881]:泛微 E-cology ResourceServlet任意文件下载漏洞 5. 攻击[26085]:AspectJ Weaver 反序列化命令注入漏洞 6. 攻击[26087]:MetInfoCMS olupdate.php 远程代码执行漏洞 7. 攻击[26088]:Apache Airflow 命令注入漏洞(CVE-2022-24288) 8. 攻击[30882]:Laravel .env配置文件泄露漏洞(CVE-2017-16894) 9. 攻击[26089]:Apache RocketMQ远程代码执行漏洞(CVE-2023-33246) 10. 攻击[26090]:IBM Aspera Faspex反序列化漏洞(CVE-2022-47986) 11. 攻击[26091]:ntdsutil AD域攻击命令执行 12. 攻击[26093]:Discuz! 1.5-2.5 远程代码执行漏洞(CVE-2018-14729) 13. 攻击[26094]:Airspan AirSpot 5410 diagnostics.cgi 远程命令执行漏洞(CVE-2022-36267) 14. 攻击[26095]:DedeCMS v5.7.93 远程代码执行漏洞(CVE-2022-35516) 15. 攻击[26096]:腾达G系列路由器命令注入漏洞(CVE-2021-27691) 16. 攻击[26097]:ShirneCMS 任意文件读取漏洞(CVE-2022-37299) 17. 攻击[26092]:vssadmin AD域攻击命令执行 18. 攻击[26098]:腾达G1、G3路由器命令注入漏洞(CVE-2021-27692) 19. 攻击[26101]:用友U8 cloud MonitorServlet反序列化漏洞 20. 攻击[26100]:Apache Click 反序列化命令注入漏洞 21. 攻击[26103]:海康威视 iVMS-8700 resourceOperations 文件上传上传漏洞 22. 攻击[26104]:华硕 RT-N53 路由器命令执行漏洞(CVE-2022-31874) 23. 攻击[26105]:Sonlogger/FortiLogger 任意文件上传漏洞(CVE-2021-3378/CVE-2021-27964) 24. 攻击[26102]:OpenSNS ShareController.class.php命令执行漏洞(CNVD-2021-34590) 25. 攻击[26106]:久其财务报表 download.jsp 任意文件读取漏洞 26. 攻击[26107]:diskshadow AD域攻击命令执行 27. 攻击[26108]:TRENDnet TEW-652BRP路由器命令注入漏洞(CVE-2023-0611) 28. 攻击[26109]:TRENDnet TEW-652BRP路由器命令注入漏洞(CVE-2023-0640) 更新规则: 1. 攻击[50563]:Elasticsearch服务敏感路径访问 2. 攻击[25084]:Elasticsearch未授权访问漏洞 3. 攻击[24856]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2020-10199) 4. 攻击[24207]:Oracle WebLogic Server远程代码执行漏洞（CVE-2017-10271/CVE-2017-3506） 5. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞（CVE-2017-10271） 6. 攻击[25215]:Zabbix远程代码执行漏洞(CVE-2020-11800/CVE-2017-2824) 7. 攻击[25563]:Spring Boot H2 Database 远程命令执行漏洞 (CVE-2021-42392) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30412. This package include changed rules: new rules: 1. threat[26082]:DAHUA Smart Park Integrated Management Platform Remote Code Execution Vulnerabilities 2. threat[26084]:Zenario CMS 9.3 Remote Code Execution Vulnerability (CVE-2022-44136) 3. threat[26086]:Remote Command Execution Vulnerability of FLIR-AX8 Thermal Imager (CVE-2022-37061) 4. threat[30881]:Weaver E-cology ResourceServlet Arbitrary File Download Vulnerability 5. threat[26085]:AspectJ Weaver Deserialization Command Injection Vulnerability 6. threat[26087]:MetInfoCMS olupdate.php Remote Command Execution Vulnerability 7. threat[26088]:The Apache Airflow Command Injection Vulnerability (CVE-2022-24288) 8. threat[30882]:Laravel.env Config File Leak Vulnerability (CVE-2017-16894) 9. threat[26089]:Apache RocketMQ Remote Code Execution Vulnerability(CVE-2023-33246) 10. threat[26090]:IBM Aspera Faspex Deserialization Vulnerability (CVE-2022-47986) 11. threat[26091]:ntdsutil AD Domain Attack Command Execution 12. threat[26093]:Discuz! 1.5-2.5 Remote Code Execution Vulnerability(CVE-2018-14729) 13. threat[26094]:Airspan AirSpot 5410 diagnostics.cgi Remote Command Execution Vulnerability (CVE-2022-36267) 14. threat[26095]:DedeCMS v5.7.93 Remote Code Execution Vulnerability (CVE-2022-35516) 15. threat[26096]:Tengda G Series Router Command Injection Vulnerability (CVE-2021-27691) 16. threat[26097]:ShirneCMS Arbitrary File Read Vulnerability (CVE-2022-37299) 17. threat[26092]:vssadmin AD Domain Attack Command Execution 18. threat[26098]:Tenda G1 and G3 Router Command Injection Vulnerability (CVE-2021-27692) 19. threat[26101]:YonYou U8 cloud MonitorServlet Deserialization Vulnerability 20. threat[26100]:Apache Click Deserialization Command Injection Vulnerability 21. threat[26103]:Hikvision iVMS-8700 resourceOperations File Upload Vulnerability 22. threat[26104]:ASUS RT-N53 Router Command Execution Vulnerability(CVE-2022-31874) 23. threat[26105]:Sonlogger/FortiLogger Arbitrary File Upload Vulnerability (CVE-2021-3378/CVE-2021-27964) 24. threat[26102]:OpenSNS ShareController.class.php Command Execution Vulnerability(CNVD-2021-34590) 25. threat[26106]:Join-Cheer Financial Statement download.jsp Arbitrary File Read Vulnerability 26. threat[26107]:diskshadow AD Domain Attack Command Execution 27. threat[26108]:TRENDnet TEW-652BRP Router Command Injection Vulnerability(CVE-2023-0611) 28. threat[26109]:TRENDnet TEW-652BRP Router Command Injection Vulnerability(CVE-2023-0640) update rules: 1. threat[50563]:Elasticsearch service sensitive path access 2. threat[25084]:Elasticsearch Unauthorized Access Vulnerability 3. threat[24856]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2020-10199) 4. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability（CVE-2017-10271/CVE-2017-3506） 5. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability(CVE-2017-10271) 6. threat[25215]:Zabbix Remote Code Execution Vulnerability(CVE-2020-11800/CVE-2017-2824) 7. threat[25563]:Spring Boot H2 Database RCE Vulnerability (CVE-2021-42392) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-06-10 08:48:42

名称： eoi.unify.allrulepatch.ips.5.6.10.30326.rule	版本：5.6.10.30326
MD5：bb56536c813de449f96c884a9ba2a3e5	大小：31.93M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30326。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26061]:setspn AD域攻击命令执行 2. 攻击[26066]:dsquery AD域攻击命令执行 3. 攻击[26063]:vBulletin SQL 注入漏洞(CVE-2020-12720) 4. 攻击[26069]:Exchange远程命令执行漏洞(CVE-2020-16875) 5. 攻击[26065]:nltest AD域攻击命令执行 6. 攻击[26068]:Dnscmd AD域攻击命令执行 7. 攻击[30874]:Mingsoft MCMS 前台SQL注入(CVE-2022-4375) 8. 攻击[30875]:泛微 OA SyncUserInfo SQL 注入漏洞 9. 攻击[30876]:泛微e-cology MonitorStatusForServer.jsp信息泄露漏洞 10. 攻击[26071]:泛微-Eoffice ajax.php 任意文件上传漏洞 11. 攻击[30877]:泛微 OA ecology8 Action.jsp SQL注入漏洞 12. 攻击[30873]:RConfig v3.9.6 敏感信息泄露漏洞(CVE-2021-29006) 13. 攻击[26072]:Exchange 跨站脚本注入漏洞(CVE-2021-41349) 14. 攻击[26070]:RConfig SQL 注入漏洞 (CVE-2020-10547) 15. 攻击[26073]:GitLab 16.0.0 任意文件读取漏洞(CVE-2023-2825) 16. 攻击[26074]:vBulletin searchprefs 反序列化代码执行漏洞(CVE-2023-25135) 17. 攻击[41967]:JspSpy JSP Webshell 通信-上传文件 18. 攻击[30879]:泛微 E-mobile client SQL注入漏洞(CNVD-2021-25287) 19. 攻击[30878]:泛微 Emobile messageType.do 远程命令执行漏洞(CNVD-2021-25287) 20. 攻击[26081]:泛微 ecology clusterupgrade 文件上传漏洞 21. 攻击[26076]:net AD域攻击命令执行 22. 攻击[26078]:csvde AD域攻击命令执行 23. 攻击[26079]:wevtutil AD域攻击命令执行 24. 攻击[26075]:Neo4j Shell Server 反序列化漏洞(CVE-2021-34371) 25. 攻击[26077]:MetInfoCMS common.inc.php 远程代码执行漏洞 26. 攻击[30880]:泛微OA validate.jsp SQL注入漏洞 27. 攻击[26083]:AyaCMS v3.1.2 任意文件操作漏洞(CVE-2022-43074) 28. 攻击[26080]:klist AD域攻击命令执行 29. 攻击[26060]:Nette远程代码执行漏洞(CVE-2020-15227) 30. 攻击[26041]:后渗透隐匿命令执行更新规则: 1. 攻击[26049]:XStream 反序列化服务端请求伪造漏洞(CVE-2021-21342) 2. 攻击[41767]:哥斯拉Godzilla Webshell ASPX脚本上传 3. 攻击[41720]:蚁剑Webshell管理工具连接控制 4. 攻击[26010]:Alibaba Nacos认证绕过漏洞(CVE-2021-29441) 5. 攻击[26048]:XStream 反序列化命令注入漏洞(CVE-2020-26217) 6. 攻击[26046]:XStream 反序列化服务端请求伪造漏洞(CVE-2021-21349) 7. 攻击[26018]:XStream反序列化远程代码执行漏洞(CVE-2021-39145) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30326. This package include changed rules: new rules: 1. threat[26061]:Setspn AD Domain Attack Command Execution 2. threat[26066]: dsquery AD Domain Attack Web Execution 3. threat[26063]:vBulletin SQL Injection Vulnerability (CVE-2020-12720) 4. threat[26069]:Exchange Remote Command Execution Vulnerability (CVE-2020-16875) 5. threat[26065]:nltest AD Domain Attack Command Execution 6. threat[26068]:Dnscmd AD Domain Attack Command Execution 7. threat[30874]:Mingsoft MCMS Foreground SQL Injection (CVE-2022-4375) 8. threat[30875]:Weaver OA SyncUserInfo SQL Injection Vulnerability 9. threat[30876]: e-cology MonitorStatusForServer .jsp Information Disclosure Vulnerability 10. threat[26071]:Eoffice ajax.php Arbitrary File Upload Vulnerability 11. threat[30877]:Ecology8 Action.jsp SQL Injection Vulnerability 12. threat[30873]:RConfig v3.9.6 Sensitive Information Leakage Vulnerability (CVE-2021-29006) 13. threat[26072]:Exchange Cross-Site Scripting Injection Vulnerability (CVE-2021-41349) 14. threat[26070]:RConfig SQL Injection Vulnerability (CVE-2020-10547) 15. threat[26073]:GitLab 16.0.0 Arbitrary File Read Vulnerability (CVE-2023-2825) 16. threat[26074]:vBulletin searchprefs phar Deserialization Code Execution Vulnerability (CVE-2023-25135) 17. threat[41967]:JspSpy JSP Webshell Communication - Upload Files 18. threat[30879]:Weaver E-mobile client SQL Injection Vulnerability(CNVD-2021-25287) 19. threat[30878]:Weaver Emobile messageType.do Remote Command Execution Vulnerability(CNVD-2021-25287) 20. threat[26081]:Weaver Ecology ClusterUpgrade File Upload Vulnerability 21. threat[26076]:net AD Domain Attack Command Execution 22. threat[26078]:csvde AD Domain Attack Command Execution 23. threat[26079]:wevtutil AD Domain Attack Command Execution 24. threat[26075]:Neo4j Shell Server Deserialization Vulnerability (CVE-2021-34371) 25. threat[26077]:MetInfoCMS common.inc.php Remote Command Execution Vulnerability 26. threat[30880]:Weaver OA validate.jsp SQL Injection Vulnerability 27. threat[26083]:AyaCMS v3.1.2 Arbitrary File Manipulation Vulnerability (CVE-2022-43074) 28. threat[26080]:klist AD Domain Attack Command Execution 29. threat[26060]:Nette Remote Code Execution Vulnerability (CVE-2020-15227) 30. threat[26041]: Post infiltration stealth command execution update rules: 1. threat[26049]:XStream Deserialization Server Request Forgery Vulnerability (CVE-2021-21342) 2. threat[41767]:Godzilla Webshell ASPX Scripts Upload 3. threat[41720]:AntSword Webshell Management Tool Connection and Control 4. threat[26010]:Alibaba Nacos Authentication Bypass Vulnerability (CVE-2021-29441) 5. threat[26048]: XStream deserialization command injection vulnerability (CVE-2020-26217) 6. threat[26046]: XStream Deserialization Server-Side Request Forgery Vulnerability (CVE-2021-21349) 7. threat[26018]: XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39145) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-06-01 17:24:25

名称： eoi.unify.allrulepatch.ips.5.6.10.30258.rule	版本：5.6.10.30258
MD5：1fa4f3cc9ba83540c38fbd8e282d007b	大小：30.83M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30258。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26036]:WordPress Essential Addons for Elementor插件任意用户密码重置漏洞(CVE-2023-32243) 2. 攻击[26037]:权限维持命令web执行 3. 攻击[26038]:权限维持命令隐匿执行 4. 攻击[26039]:WordPress Paid Memberships Pro插件SQL注入漏洞(CVE-2023-23488) 5. 攻击[26042]:DedeCMS 前台任意用户密码重置漏洞 6. 攻击[26045]:Dedecms前台文件上传漏洞（CVE-2018-20129） 7. 攻击[26046]:XStream 反序列化服务端请求伪造漏洞(CVE-2021-21349) 8. 攻击[26047]:XStream 反序列化文件删除漏洞(CVE-2021-21343) 9. 攻击[26048]:XStream 反序列化命令注入漏洞(CVE-2020-26217) 10. 攻击[26040]:后渗透命令web执行 11. 攻击[30859]:Eclipse Jetty敏感信息泄露漏洞(CVE-2021-28169) 12. 攻击[26049]:XStream 反序列化服务端请求伪造漏洞(CVE-2021-21342) 13. 攻击[26050]:Request-Line反弹shell命令执行 14. 攻击[26051]:内容管理系统Doyocms SQL 注入漏洞(CVE-2021-26739) 15. 攻击[26053]:Tikiwiki内容管理系统任意用户登录漏洞(CVE-2020-15906) 16. 攻击[26056]:Tikiwiki内容管理系统远程命令执行漏洞(CVE-2021-26119) 17. 攻击[26054]:Apache Solr 越权访问漏洞(CVE-2020-13941) 18. 攻击[26055]:Dedecms 文件上传漏洞(CVE-2022-43192/CVE-2022-40886) 19. 攻击[26057]:Voipmonitor远程命令执行漏洞(CVE-2021-30461) 20. 攻击[26058]:Automated Logic Webctrl跨站脚本注入漏洞(CVE-2021-31682) 21. 攻击[30871]:Node-Red-Dashboard文件读取漏洞(CVE-2021-3223) 22. 攻击[26059]:Webmin 跨站脚本注入漏洞(CVE-2021-31761) 23. 攻击[50639]:Dedecms 文件管理器模块上传php文件行为 24. 攻击[30872]:Weiphp 5.0 文件读取漏洞(CNVD-2020-68596) 25. 攻击[26062]:Terramaster-Os远程命令执行漏洞(CVE-2020-15568) 26. 攻击[26043]:泛微E-cology ofsLogin.jsp 任意用户登录 27. 攻击[24566]:Safari 内存破坏漏洞(CVE-2018-4438) 28. 攻击[24556]:HPE智能管理中心 SoapConfigBean表达式语言注入(CVE-2019-11943) 29. 攻击[26043]:泛微E-cology ofsLogin.jsp 任意用户登录 30. 攻击[26044]:用友nc NCMessageServlet 反序列化漏洞 31. 攻击[30870]:Gocd敏感信息泄露漏洞(CVE-2021-43287) 更新规则: 1. 攻击[25392]:Apache Spark未授权远程代码执行漏洞(REST方式) 2. 攻击[60991]:HTTP XSS URL请求跨站脚本攻击尝试 3. 攻击[25121]:SaltStack Salt API SSH客户端命令注入漏洞（CVE-2020-16846） 4. 攻击[25199]:Apache Solr config 任意文件读取漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30258. This package include changed rules: new rules: 1. threat[26036]:WordPress Essential Addons for Elementor Plugin Arbitrary user password reset Vulnerability(CVE-2023-32243) 2. threat[26037]:Permission maintenance command web execution 3. threat[26038]:Permission maintenance command stealth execution 4. threat[26039]:WordPress Paid Memberships Pro Plugin SQL Injection Vulnerability(CVE-2023-23488) 5. threat[26042]:DedeCMS Foreground Arbitrary User Password Reset Vulnerability 6. threat[26045]:Dedecms Foreground File Upload Vulnerability (CVE-2018-20129) 7. threat[26046]:XStream Deserialization Server Request Forgery Vulnerability (CVE-2021-21349) 8. threat[26047]:XStream Deserialization File Deletion Vulnerability (CVE-2021-21343) 9. threat[26048]:XStream Deserialization Command Injection Vulnerability (CVE-2020-26217) 10. threat[26040]:post-exploitation command web execution 11. threat[30859]:Eclipse Jetty Sensitive Information Leakage Vulnerability (CVE-2021-28169) 12. threat[26049]:XStream Deserialization Server Request Forgery Vulnerability (CVE-2021-21342) 13. threat[26050]:Request-Line Shell Reverse Command Execution 14. threat[26051]:Content Management System Doyocms SQL Injection Vulnerability (CVE-2021-26739) 15. threat[26053]:Tikiwiki Content Management System Arbitrary User Login Vulnerability (CVE-2020-15906) 16. threat[26056]:Remote Command Execution Vulnerability of Tikiwiki (CVE-2021-26119) 17. threat[26054]:Apache Solr Unauthorized Access Vulnerability (CVE-2020-13941) 18. threat[26055]:Dedecms File Upload Vulnerability(CVE-2022-43192/CVE-2022-40886) 19. threat[26057]:Voipmonitor Remote Command Execution Vulnerability (CVE-2021-30461) 20. threat[26058]:Automated Logic Webctrl Cross-site Script Injection Vulnerability (CVE-2021-31682) 21. threat[30871]:Node-Red-Dashboard File Reading Vulnerability (CVE-2021-3223) 22. threat[26059]:Webmin Cross-Site Scripting Injection Vulnerability (CVE-2021-31761) 23. threat[50639]:Dedecms File Manager Module Uploading PHP File 24. threat[30872]:Weiphp 5.0 File Reading Vulnerability (CNVD-2020-68596) 25. threat[26062]:Terramaster-Os Remote Command Execution Vulnerability (CVE-2020-15568) 26. threat[26043]:E-cology ofsLogin.jsp Arbitrary User Login Vulnerability 27. threat[24566]:Safari memory corruption (CVE-2018-4438) 28. threat[24556]:HPE Intelligent Management Center SoapConfigBean Expression Language Injection(CVE-2019-11943) 29. threat[26043]:E-cology sLogin.jsp Arbitrary User Login Vulnerability 30. threat[26044]:Yonyou NCMessageServlet Deserialization Vulnerability 31. threat[30870]:GOCD Sensitive Information Disclosure Vulnerability - CVE-2021-43287 update rules: 1. threat[25392]:Apache Spark Unauthorized Remote Code Execution Vulnerability (REST) 2. threat[60991]:HTTP XSS URL Cross Site Scripting Attempt 3. threat[25121]:SaltStack Salt API SSH Client Command Injection Vunlerability (CVE-2020-16846) 4. threat[25199]:Apache Solr config Arbitrarily File Read Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-05-26 22:00:45

名称： eoi.unify.allrulepatch.ips.5.6.10.30179.rule	版本：5.6.10.30179
MD5：8784948ece92625d6507e9298d27cdd5	大小：30.66M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30179。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41966]:哥斯拉Godzilla JAVA_AES_RAW Webshell 连接_3 2. 攻击[26019]:通达OA getdata 任意命令执行漏洞 3. 攻击[26020]:凭据获取命令web执行 4. 攻击[26021]:凭据获取命令隐匿执行 5. 攻击[26022]:XStream反序列化远程代码执行漏洞(CVE-2021-39146) 6. 攻击[41965]:哥斯拉Godzilla JAVA_AES_RAW Webshell 连接_2 7. 攻击[26023]:XStream反序列化远程代码执行漏洞(CVE-2021-39147) 8. 攻击[26024]:XStream反序列化远程代码执行漏洞(CVE-2021-39148) 9. 攻击[26025]:中新金盾信息安全管理系统默认管理员密码漏洞(CNVD-2021-22984) 10. 攻击[30868]:宏景人力系统 sql注入漏洞(CNVD-2023-08743) 11. 攻击[26026]:TOTOLink download.cgi 远程命令执行漏洞(CVE-2022-25084) 12. 攻击[30869]:泛微E-office leave_record.php sql注入漏洞 13. 攻击[26027]:Dedecms V5.7任意文件写入漏洞(CNVD-2018-01221) 14. 攻击[26029]:TOTOLink NR1800X 路由器命令执行漏洞 (CVE-2022-41525) 15. 攻击[26028]:泛微 Ecology fileupload/uploadfile 文件上传漏洞 16. 攻击[26030]:睿因路由 WN535 K2-k3 命令执行漏洞 (CVE-2022-2487) 17. 攻击[26031]:睿因路由 WN535 K2-k3 命令执行漏洞 (CVE-2022-2488) 18. 攻击[26032]:Discuz X3.4 uc_center 后台代码执行漏洞 19. 攻击[26033]:用友-NC-Cloud jsinvoke 任意文件上传漏洞 20. 攻击[26034]:Dedecms stepselect_main.php 远程代码执行漏洞(CVE-2018-9175) 21. 攻击[26035]:泛微E-office uploadify.php 文件上传漏洞 22. 应用:力控更新规则: 1. 攻击[25194]:XStream反序列化远程代码执行漏洞(CVE-2021-21346) 2. 攻击[25256]:哥斯拉Godzilla JAVA_AES_RAW Webshell 连接 3. 攻击[30865]:Spring Boot Actuator端点未授权敏感信息访问注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30179. This package include changed rules: new rules: 1. threat[41966]:Godzilla JAVA_AES_RAW Webshell Connect_3 2. threat[26019]:Tongda OA getdata Arbitrary Command Execution Vulnerability 3. threat[26020]:Credential acquisition command web execution 4. threat[26021]:Credentials acquisition command stealth execution 5. threat[26022]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39146) 6. threat[41965]:Godzilla JAVA_AES_RAW Webshell Connect_2 7. threat[26023]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39147) 8. threat[26024]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39148) 9. threat[26025]:ZX ISMS Default Admin Password Vulnerability(CNVD-2021-22984) 10. threat[30868]:SQL Injection Vulnerability in Hongjing Human System (CNVD-2023-08743) 11. threat[26026]:TOTOLink download.cgi Remote Command Execution Vulnerability (CVE-2022-25084) 12. threat[30869]:E-office leave_record.php SQL Injection Vulnerability 13. threat[26027]:Dedecms V5.7 Arbitrary File Write Vulnerability(CNVD-2018-01221) 14. threat[26029]:TOTOLink NR1800X Router Command Execution Vulnerability (CVE-2022-41525) 15. threat[26028]:Ecology fileupload/uploadfile File Upload Vulnerability 16. threat[26030]:WAVLINK WN535 K2-k3 Command Execution Vulnerability (CVE-2022-2487) 17. threat[26031]:WAVLINK WN535 K2-k3 Command Execution Vulnerability (CVE-2022-2488) 18. threat[26032]:Discuz X3.4 uc_center Background Code Execution Vulnerability 19. threat[26033]:Yonyou-NC-Cloud jsinvoke Arbitrary File Upload Vulnerability 20. threat[26034]:Dedecms stepselect_main.php Remote Code Execution Vulnerability (CVE-2018-9175) 21. threat[26035]:E-office uploadify.php File Upload Vulnerability 22. app: update rules: 1. threat[25194]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21346) 2. threat[25256]:Godzilla JAVA_AES_RAW Webshell Connect 3. threat[30865]:Spring Boot Actuator Endpoint Unauthorized Access to Sensitive Information Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-05-21 18:04:58

名称： eoi.unify.allrulepatch.ips.5.6.10.30101.rule	版本：5.6.10.30101
MD5：8b6735397ad7eb3332ffd80ede37d491	大小：30.58M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30101。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26007]:XStream反序列化远程代码执行漏洞（CVE-2021-39144） 2. 攻击[26008]:XStream反序列化远程代码执行漏洞（CVE-2021-39149） 3. 攻击[50638]:crawlergo 爬虫 4. 攻击[30867]:通达OA v11.6 insert SQL注入漏洞 5. 攻击[30864]:泛微E-cology checkserver.jsp sql注入漏洞 6. 攻击[26009]:Desdev DedeCMS 远程命令执行漏洞 (CVE-2022-36216) 7. 攻击[26011]:Java反弹shell base64编码绕过空格命令 8. 攻击[30865]:Spring Boot Actuator端点未授权敏感信息访问 9. 攻击[30866]:通达OA get_contactlist.php 信息泄漏漏洞 10. 攻击[26012]:GitLab 任意文件读取漏洞（CVE-2021-22201） 11. 攻击[41963]:Webshell后门程序中国菜刀连接(aspx) 12. 攻击[41961]:Webshell后门程序中国菜刀连接(php) 13. 攻击[41964]:Webshell后门程序中国菜刀连接(asp) 14. 攻击[30863]:fscan扫描工具-nbns 15. 攻击[26016]:通达OA action_upload.php 任意文件上传漏洞 16. 攻击[26013]:Compiler.exe隐匿命令执行 17. 攻击[26017]:InfDefaultInstall隐匿命令执行 18. 攻击[26014]:MYSQL JDBC反序列化漏洞 19. 攻击[26015]:DedeCMS任意文件删除漏洞(CVE-2022-30508) 20. 攻击[49047]:通达OA video_file.php 任意文件下载漏洞 21. 攻击[41958]:JspSpy JSP Webshell 通信 22. 攻击[41960]:JspSpy JSP Webshell 通信-获取截图 23. 攻击[26010]:Alibaba Nacos认证绕过漏洞(CVE-2021-29441) 更新规则: 1. 攻击[25163]:Jumpserver v2.6.1 远程命令执行漏洞 2. 攻击[25913]:Apache CommonsCollections 反序列化命令注入漏洞(CC5) 3. 攻击[25909]:Apache CommonsCollections 反序列化命令注入漏洞(CC1) 4. 攻击[25910]:Apache CommonsCollections 反序列化命令注入漏洞(CC2) 5. 攻击[25911]:Apache CommonsCollections 反序列化命令注入漏洞(CC3) 6. 攻击[25912]:Apache CommonsCollections 反序列化命令注入漏洞(CC4) 7. 攻击[25914]:Apache CommonsCollections 反序列化命令注入漏洞(CC6) 8. 攻击[25915]:Apache CommonsCollections 反序列化命令注入漏洞(CC7) 9. 攻击[25747]:Windows信息收集命令执行 10. 攻击[25978]:Apache Kylin 命令注入漏洞(CVE-2021-45456) 11. 攻击[25989]:Klogserver远程命令执行漏洞(CVE-2021-3317) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30101. This package include changed rules: new rules: 1. threat[26007]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39144) 2. threat[26008]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39149) 3. threat[50638]:crawlergo Crawler 4. threat[30867]:Tongda OA v11.6 insert SQL Injection Vulnerability 5. threat[30864]:E-cology checkserver.jsp sql Injection Vulnerability 6. threat[26009]:Desdev DedeCMS Remote Command Execution Vulnerability (CVE-2022-36216) 7. threat[26011]:Java bounce shell base64 encoding bypasses the whitespace command 8. threat[30865]:Spring Boot Actuator Endpoint Unauthorized Access to Sensitive Information 9. threat[30866]:Tongda OA get_contactlist.php Information Leakage Vulnerability 10. threat[26012]:GitLab Arbitrary File Read Vulnerability (CVE-2021-22201) 11. threat[41963]:Webshell backdoor program Chinese chopper connection (aspx) 12. threat[41961]:Webshell backdoor program Chinese chopper connection (php) 13. threat[41964]:Webshell backdoor program Chinese chopper connection (asp) 14. threat[30863]:fscan Scanning Tool - nbns 15. threat[26016]:Tongda OA action_upload.php Arbitrary File Upload Vulnerability 16. threat[26013]:Compiler.exe Hidden Command Execution 17. threat[26017]:InfDefaultInstall Hidden Command Execution 18. threat[26014]:MYSQL JDBC Deserialization Vulnerability 19. threat[26015]:DedeCMS Arbitrary File Deletion Vulnerability(CVE-2022-30508) 20. threat[49047]:Tongda OA video_file.php arbitrary File Download Vulnerability 21. threat[41958]:JspSpy JSP Webshell Communication 22. threat[41960]:JspSpy JSP Webshell Communication - Get screenshots 23. threat[26010]:Alibaba Nacos Authentication Bypass Vulnerability (CVE-2021-29441) update rules: 1. threat[25163]:Jumpserver v2.6.1 Remote Conmmand Execution Vulnerability 2. threat[25913]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC5) 3. threat[25909]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC1) 4. threat[25910]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC2) 5. threat[25911]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC3) 6. threat[25912]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC4) 7. threat[25914]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC6) 8. threat[25915]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC7) 9. threat[25747]:Windows Information Collection Command Execution 10. threat[25978]:Apache Kylin Command Injection Vulnerability(CVE-2021-45456) 11. threat[25989]:Klogserver Remote Command Execution Vulnerability(CVE-2021-3317) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-05-12 09:43:19

名称： eoi.unify.allrulepatch.ips.5.6.10.30032.rule	版本：5.6.10.30032
MD5：87f788309e5b944380df2bbd2730225e	大小：30.54M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.30032。该升级包新增/改进的规则有: 新增规则: 1. 攻击[26000]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-36188/CVE-2020-36189) 2. 攻击[26001]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-9548/CVE-2020-24616) 3. 攻击[26002]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-9547) 4. 攻击[26003]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-24750) 5. 攻击[26004]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-10673) 6. 攻击[26005]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-14195) 7. 攻击[30862]:FasterXML Jackson-databind服务器端请求伪造(SSRF)漏洞(CVE-2020-20190) 8. 攻击[41957]:ASPXSpy ASP Webshell 通信 9. 攻击[41959]:JspSpy JSP Webshell 通信-下载文件 10. 攻击[26006]:WebLogic未授权访问漏洞(CVE-2020-14750) 更新规则: 1. 攻击[25158]:FasterXML Jackson-databind远程代码执行漏洞(CVE-2020-14060/CVE-2020-14062/CVE-2020-35728/CVE-2020-36183) 2. 攻击[49013]:挖矿程序连接矿池服务器通信 3. 攻击[24306]:Jenkins 任意文件读取漏洞(CVE-2018-1999002) 4. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882) 5. 攻击[20171]:Microsoft IIS 4.0/5.0 CGI文件名错误解码攻击 6. 攻击[25751]:Windows信息收集命令执行成功注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.30032. This package include changed rules: new rules: 1. threat[26000]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-36188/CVE-2020-36189) 2. threat[26001]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-9548/CVE-2020-24616) 3. threat[26002]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-9547) 4. threat[26003]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-24750) 5. threat[26004]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-10673) 6. threat[26005]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-14195) 7. threat[30862]:FasterXML Jackson-databind Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2020-20190) 8. threat[41957]:ASPXSpy ASP Webshell Communication 9. threat[41959]:JspSpy JSP Webshell Communication - Download files 10. threat[26006]:WebLogic Unauthorized Access Vulnerability (CVE-2020-14750) update rules: 1. threat[25158]:FasterXML Jackson-databind Remote Code Execution Vulnerability(CVE-2020-14060/CVE-2020-14062/CVE-2020-35728/CVE-2020-36183) 2. threat[49013]:Mining program connects mine pool server communication 3. threat[24306]:Jenkins Arbitrary File Read Vulnerability(CVE-2018-1999002) 4. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882) 5. threat[20171]:Microsoft IIS 4.0/5.0 CGI Filename Incorrect Decoding Vulnerability 6. threat[25751]:Windows Information Collection Command Execution Success Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-05-06 10:19:08

名称： eoi.unify.allrulepatch.ips.5.6.10.29993.rule	版本：5.6.10.29993
MD5：90c936ca5ac96f9cb56b8839663e06ab	大小：30.49M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29993。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30846]:Joomla! 未授权访问漏洞(CVE-2023-23752) 2. 攻击[25977]:通达OA getway.php 远程文件包含漏洞 3. 攻击[25978]:Apache Kylin 命令注入漏洞(CVE-2021-45456) 4. 攻击[30848]:SVN 信息泄露漏洞 5. 攻击[25981]:通达OA login_code 任意用户登录漏洞 6. 攻击[25980]:3CX DesktopApp代码执行漏洞(CVE-2023-29059)(C2连接) 7. 攻击[50636]:恶意类访问 8. 攻击[30849]:通达OA photo.php 文件读取漏洞 9. 攻击[30850]:Atlassian Jira 未经身份验证的用户枚举漏洞 (CVE-2020-36289) 10. 攻击[30851]:Atlassian Jira 信息泄露漏洞CVE-2020-14179 11. 攻击[25982]:Pentaho越权访问漏洞(CVE-2021-31602) 12. 攻击[25984]:Revive Adserver跨站脚本XSS漏洞(CVE-2020-8115) 13. 攻击[30852]:Jira敏感信息泄露漏洞（CVE-2020-36287） 14. 攻击[25985]:Sco跨站脚本注入漏洞(CVE-2020-25495) 15. 攻击[50637]:LDAP 服务端返回 Reference 对象 16. 攻击[30853]:Nexus3 XML实体注入漏洞(CVE-2020-29436) 17. 攻击[25987]:金蝶EAS uploadLogo.action 任意文件上传漏洞 18. 攻击[25988]:Wordpress文件上传漏洞(CVE-2020-24948) 19. 攻击[25989]:Klogserver远程命令执行漏洞(CVE-2021-3317) 20. 攻击[25990]:Wordpress文件包含漏洞(CVE-2020-35749) 21. 攻击[25991]:契约锁电子签章系统代码执行漏洞 22. 攻击[30855]:Gateone文件下载漏洞(CVE-2020-35736) 23. 攻击[25992]:PliggCMS文件读取漏洞(CVE-2020-25287) 24. 攻击[30856]:Wordpress文件读取漏洞(CVE-2020-11738) 25. 攻击[30858]:Eyoucms跨站脚本注入漏洞(CVE-2021-39499) 26. 攻击[25993]:cmstp隐匿命令执行 27. 攻击[25994]:Regsvcs隐匿命令执行 28. 攻击[25996]:74cms远程命令执行漏洞(CVE-2020-35339) 更新规则: 1. 攻击[25119]:Struts2远程代码执行漏洞(S2-061/062)(CVE-2020-17530/CVE-2021-31805) 2. 攻击[25305]:Microsoft Visual Studio Code Remote- Containers Extension远程代码执行漏洞(CVE-2021-27083) 3. 攻击[50634]:Bitsadmin远程下载命令 4. 攻击[41696]:冰蝎加密PHP Webshell文件上传 5. 攻击[25062]:Apache OFBiz XMLRPC不安全反序列化(CVE-2020-9496) 6. 攻击[41699]:冰蝎加密JSP Webshell文件上传 7. 攻击[25159]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36184/CVE-2020-36186/CVE-2020-35490/CVE-2020-35491) 8. 攻击[25752]:Linux信息收集命令执行成功注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29993. This package include changed rules: new rules: 1. threat[30846]:Joomla! Unauthorized Access Vulnerability(CVE-2023-23752) 2. threat[25977]:Tongda OA getway.php Remote File Inclusion Vulnerability 3. threat[25978]:Apache Kylin Command Injection Vulnerability(CVE-2021-45456) 4. threat[30848]:SVN Information Leakage Vulnerability 5. threat[25981]:Tongda OA login_code Arbitrary User Login Vulnerability 6. threat[25980]:3CX DesktopApp Remote Code Execution Vulnerability(CVE-2023-29059)(C2 Connection) 7. threat[50636]:Malicious class access 8. threat[30849]:Tongda OA photo.php File Reading Vulnerability 9. threat[30850]:Atlassian Jira Unauthenticated User Enumeration Vulnerability (CVE-2020-36289) 10. threat[30851]:Atlassian Jira Information Disclosure VulnerabilityCVE-2020-14179 11. threat[25982]:Pentaho Unauthorized Access Vulnerability(CVE-2021-31602) 12. threat[25984]:Revive Adserver Cross-Site Scripting XSS Vulnerability (CVE-2020-8115) 13. threat[30852]:Jira Sensitive Information Disclosure Vulnerability (CVE-2020-36287) 14. threat[25985]:Sco Cross-site Scripting Injection Vulnerability(CVE-2020-25495) 15. threat[50637]:The LDAP Server Returns The Reference Object 16. threat[30853]:Nexus3 XML Entity Injection Vulnerability(CVE-2020-29436) 17. threat[25987]:Kingdee EAS uploadLogo.action Arbitrary File Upload Vulnerability 18. threat[25988]:Wordpress File Upload Vulnerability (CVE-2020-24948) 19. threat[25989]:Klogserver Remote Command Execution Vulnerability(CVE-2021-3317) 20. threat[25990]:VE-2020-35749)[Wordpress File Inclusion Vulnerability (CVE-2020-35749) 21. threat[25991]:Qiyuesuo eSeal System Code Execution Vulnerability 22. threat[30855]:Gateone File Download Vulnerability(CVE-2020-35736) 23. threat[25992]:PliggCMS File Reading Vulnerability (CVE-2020-25287) 24. threat[30856]:Wordpress File Reading Vulnerability (CVE-2020-11738) 25. threat[30858]:Eyoucms Cross-site Script Injection Vulnerability (CVE-2021-39499) 26. threat[25993]:cmstp Hidden Command Execution 27. threat[25994]:Regsvcs Hidden Command Execution 28. threat[25996]:74cms Remote Command Execution Vulnerability (CVE-2020-35339) update rules: 1. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061/062)(CVE-2020-17530/CVE-2021-31805) 2. threat[25305]:Microsoft Visual Studio Code Remote- Containers Extension Remote Code Execution Vulnerability(CVE-2021-27083) 3. threat[50634]:Bitsadmin Remote Download Command 4. threat[41696]:Behinder Encrypted PHP Webshell File Upload 5. threat[25062]:Apache OFBiz XMLRPC Insecure Deserialization(CVE-2020-9496) 6. threat[41699]:Behinder Encrypted JSP Webshell File Upload 7. threat[25159]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36184/CVE-2020-36186/CVE-2020-35490/CVE-2020-35491) 8. threat[25752]:Linux Information Collection Command Execution Success Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-04-28 17:58:48

名称： eoi.unify.allrulepatch.ips.5.6.10.29900.rule	版本：5.6.10.29900
MD5：641aa134929fdee019868c5aa23f1e6a	大小：30.43M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29900。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25964]:Apache Airflow远程代码执行漏洞(CVE-2021-38540) 2. 攻击[25963]:Eonweb 任意文件下载漏洞(CVE-2017-13780) 3. 攻击[25944]:MetInfo v5.1.7 任意文件上传漏洞 4. 攻击[30841]:ZZCMS 敏感信息请求漏洞 (CVE-2022-40443) 5. 攻击[25961]:Lanproxy任意文件读取漏洞(CVE-2021-3019) 6. 攻击[25967]:瑞友天翼应用虚拟化系统 SQL注入漏洞 7. 攻击[30842]:Apache Axis2 敏感信息泄露漏洞 8. 攻击[25969]:Jenkins Script Console 远程脚本命令执行 9. 攻击[25962]:Lanproxy登录成功 10. 攻击[30843]:Gitlab wiki API 远程代码执行漏洞CVE-2018-18649 11. 攻击[25971]:InstallUtil隐匿命令执行 12. 攻击[25972]:rundll32隐匿命令执行 13. 攻击[30844]:通达OA header.inc.php 登录绕过漏洞 14. 攻击[50635]:向日葵远程控制软件连接服务器_2 15. 攻击[25973]:Advisto PEEL SHOPPING 跨站脚本漏洞(CVE-2021-27190) 16. 攻击[30845]:Spring Cloud Config 路径遍历漏洞 (CVE-2020-5405) 17. 攻击[25974]:Apache InLong JDBC反序列化漏洞(CVE-2023-27296) 18. 攻击[25975]:Oracle WebLogic Server远程代码执行漏洞(CVE-2023-21931) 更新规则: 1. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON) 2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名 3. 攻击[25615]:致远OA JDBC接口反序列化漏洞 4. 攻击[10496]:SSDP协议搜索树ALL查询 5. 攻击[30748]:Discuz X前台任意文件删除漏洞 6. 攻击[24303]:HPE智能管理中心PLATtftp服务器fread函数堆栈缓冲区溢出漏洞（CVE-2018-7074） 7. 攻击[25393]:Fortinet FortiWeb 远程命令执行漏洞 8. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552) 9. 攻击[25872]:VMware ESXi OpenSLP堆溢出命令执行漏洞(CVE-2021-21974) 10. 攻击[25383]:Apache OFBiz任意文件上传漏洞(CVE-2021-37608) 11. 攻击[25459]:Microsoft Edge 内存破坏漏洞(CVE-2016-3386) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29900. This package include changed rules: new rules: 1. threat[25964]:Apache Airflow Remote Code Execution Vulnerability(CVE-2021-38540) 2. threat[25963]:Eonweb Arbitrary File Download Vulnerability (CVE-2017-13780) 3. threat[25944]:MetInfo v5.1.7 Arbitrary File Upload Vulnerability 4. threat[30841]:ZZCMS Sensitive Information Request Vulnerability (CVE-2022-40443) 5. threat[25961]:Lanproxy Arbitrary File Reading Vulnerability(CVE-2021-3019) 6. threat[25967]:Realor GWT System SQL Injection Vulnerability 7. threat[30842]:Apache Axis2 Sensitive Information Disclosure Vulnerability 8. threat[25969]:Jenkins Script Console Remote Script Command Execution 9. threat[25962]:Lanproxy Login Success 10. threat[30843]:Gitlab wiki API Remote Code Execution Vulnerability CVE-2018-18649 11. threat[25971]:InstallUtil Hidden Command Execution 12. threat[25972]:rundll32 Hidden Command Execution 13. threat[30844]:Tongda OA header.inc.php login bypass vulnerability 14. threat[50635]:Remote Control Tool Sunlogin Connecting Server_2 15. threat[25973]:Adviso PEEL SHOPPING Cross Site Scripting Vulnerability(CVE-2021-27190) 16. threat[30845]:Spring Cloud Config Directory Traversal Vulnerability (CVE-2020-5405) 17. threat[25974]:Apache InLong JDBC Deserialization Vulnerability(CVE-2023-27296) 18. threat[25975]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2023-21931) update rules: 1. threat[41903]:Behinder 4.0 Webshell Connect(JSON)) 2. threat[49014]:Mining program query DNS mine pool server domain name 3. threat[25615]:Seeyon OA JDBC API Deserialization Vulnerability 4. threat[10496]:Search Tree ALL Query of SSDP Protocol 5. threat[30748]:Discuz X foreground any file deletion vulnerability 6. threat[24303]:HPE Intelligent Management Center PLAT tftpserver fread Stack Buffer Overflow Vulnerability(CVE-2018-7074) 7. threat[25393]:Fortinet FortiWeb OS Command Injection Vulnerability 8. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552) 9. threat[25872]:VMware ESXi OpenSLP Heap Overflow Command Execution Vulnerability (CVE-2021-21974) 10. threat[25383]:Apache OFBiz Arbitrary File Upload Vulnerability(CVE-2021-37608) 11. threat[25459]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3386) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-04-21 00:58:42

名称： eoi.unify.allrulepatch.ips.5.6.10.29819.rule	版本：5.6.10.29819
MD5：ba91e1607af2df130188099bd3ae0160	大小：30.42M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29819。该升级包新增/改进的规则有: 新增规则: 1. 攻击[50632]:Powershell invoke-webrequest远程下载命令 2. 攻击[25951]:Atlassian Jira任意文件读取漏洞(CVE-2021-26086) 3. 攻击[50633]:Certutil远程下载命令 4. 攻击[50634]:Bitsadmin远程下载命令 5. 攻击[25952]:金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞（CNVD-2020-73297） 6. 攻击[30836]:OpenSNS ChinaCityController.class.php SQL注入漏洞 7. 攻击[25953]:Drupal远程代码执行漏洞(CVE-2017-6920) 8. 攻击[30837]:通达OA 11.7 auth_mobi.php 任意用户登录漏洞 9. 攻击[25954]:Gitlab OAuth App硬编码漏洞(CVE-2022-1162) 10. 攻击[25955]:EmpireCMS V7.5后台 phome.php 任意代码执行漏洞 11. 攻击[41953]:Burp Collaborator DNSLog 查询请求 12. 攻击[41954]:Interactsh DNSLog 查询请求 13. 攻击[25956]:MSBuild隐匿命令执行 14. 攻击[25957]:msiexec隐匿命令执行 15. 攻击[30838]:会捷通云视讯 list 目录文件敏感信息泄漏漏洞 16. 攻击[30840]:图创图书管理系统ShowImage任意文件读取漏洞 17. 攻击[30839]:Grafana信息泄露漏洞(CVE-2021-39226) 18. 攻击[25959]:会捷通云视讯 fileDownload 任意文件读取漏洞 19. 攻击[41955]:Cobalt Strike渗透攻击工具Beacon SMB通信 20. 攻击[25958]:Churchdesk Church Rota 代码问题漏洞（CVE-2021-3164）更新规则: 1. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085) 2. 攻击[25548]:齐治堡垒机命令执行漏洞（CNVD-2019-20835） 3. 攻击[41763]:Cobalt Strike渗透攻击工具Beacon DNS通信 4. 攻击[41780]:DNSLog查询请求 5. 攻击[25727]:Linux样本下载命令执行 6. 攻击[25731]:Linux样本下载隐匿命令执行 7. 攻击[25747]:Windows信息收集命令执行 8. 攻击[25750]:Windows信息收集隐匿命令执行 9. 攻击[30825]:fscan扫描工具Web执行 10. 攻击[25335]:Apache Airflow 1.10.10 远程代码执行漏洞(CVE-2020-11978) NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29819. This package include changed rules: new rules: 1. threat[50632]:Powershell invoke-webrequest Remote Download Command 2. threat[25951]:Atlassian Jira Arbitrary File Reading Vulnerability(CVE-2021-26086) 3. threat[50633]:Certutil Remote Download Command 4. threat[50634]:Bitsadmin Remote Download Command 5. threat[25952]:Kingsoft V8 terminal security system pdf_maker.php command execution vulnerability (CNVD-2020-73297) 6. threat[30836]:OpenSNS ChinaCityController.class.php SQL Injection Vulnerability 7. threat[25953]:Drupal Remote Code Execution Vulnerability (CVE-2017-6920) 8. threat[30837]:Tongda OA 11.7 auth_mobi.php Arbitrary User Login Vulnerability 9. threat[25954]:Gitlab OAuth App Hardcoding Vulnerability (CVE-2022-1162) 10. threat[25955]:EmpireCMS V7.5 backend phome.php arbitrary code execution vulnerability 11. threat[41953]:Burp Collaborator DNSLog Query Request 12. threat[41954]:Interactsh DNSLog Query Request 13. threat[25956]:MSBuild Hidden Command Execution 14. threat[25957]:msiexec Hidden Command Execution 15. threat[30838]:HexMeet List Directory File Sensitive Information Leakage Vulnerabilities 16. threat[30840]:Tucron Library Management System ShowImage Arbitrary File Reading Vulnerability 17. threat[30839]:Grafana Information Disclosure Vulnerability(CVE-2021-39226) 18. threat[25959]:HexMeet fileDownload Arbitrary File Reading Vulnerability 19. threat[41955]:Penetration Test Tool Cobalt Strike Beacon SMB Communication 20. threat[25958]:Churchdesk Church Rota Code Issue Vulnerability (CVE-2021-3164) update rules: 1. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085) 2. threat[25548]:Shterm Security Management System Command Execution Vulnerability(CNVD-2019-20835) 3. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication 4. threat[41780]:DNSLog Query Request 5. threat[25727]:Linux Sample Download Command Execution 6. threat[25731]:Linux Sample Download Hidden Command Execution 7. threat[25747]:Windows Information Collection Command Execution 8. threat[25750]:Windows Information Collection Hidden Command Execution 9. threat[30825]:fscan scan tool web execution 10. threat[25335]:Apache Airflow 1.10.10 Remote Code Execution Vulnerability(CVE-2020-11978) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-04-14 14:10:35

名称： eoi.unify.allrulepatch.ips.5.6.10.29757.rule	版本：5.6.10.29757
MD5：1d7e99d59294e819888069bdd495418b	大小：30.35M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29757。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25939]:Dedecms V5.7后台任意代码执行漏洞 2. 攻击[25940]:JavassistWeld 反序列化代码注入漏洞 3. 攻击[25942]:nginxWebUI cmdOver后台命令执行漏洞 4. 攻击[25941]:JBossInterceptor 反序列化代码注入漏洞 5. 攻击[30832]:齐博CMS V7 job.php 任意文件读取漏洞 6. 攻击[25943]:PHPCMS v9 任意文件上传漏洞 7. 攻击[30833]:Caucho Resin viewfile 远程文件读取漏洞 8. 攻击[25947]:Imagetragick命令注入漏洞（CVE-2016-3714） 9. 攻击[25948]:MSSQL sp_oacreate执行 10. 攻击[25949]:MSSQL xp_dirtree执行 11. 攻击[30834]:致远 A8 status.jsp 信息泄露漏洞 12. 攻击[24566]:Safari 内存破坏漏洞(CVE-2018-4438) 13. 攻击[24556]:HPE智能管理中心 SoapConfigBean表达式语言注入(CVE-2019-11943) 14. 攻击[24293]:Foxit Reader Annotations borderEffectIntensity 释放后重利用漏洞(CVE-2018-14300) 15. 攻击[25946]:Redis 反弹shell命令执行 16. 攻击[30835]:致远OA 帆软组件 ReportServer 目录遍历漏洞更新规则: 1. 攻击[25945]:Spring 反序列化代码注入漏洞 2. 攻击[24439]:FreeBSD NFS 服务 NFSv4 操作码越界写(CVE-2018-17157) 3. 攻击[24236]:Asterisk 越界写漏洞 4. 攻击[24383]:Hucart CMS CSRF漏洞 5. 攻击[24525]:HPE Intelligent Management Center AccessMgrServlet反序列化漏洞(CVE-2019-11945) 6. 攻击[24741]:D-Link DIR-859未经身份验证的远程命令执行(CVE-2019-17621) 7. 攻击[24769]:Sangoma Asterisk manager.c 命令执行漏洞(CVE-2019-18610) 8. 攻击[24823]:MVPower DVR Shell未授权远程命令执行漏洞 9. 攻击[24853]:Pippo FastjsonEngine Fastjson远程代码执行漏洞(CVE-2017-18349) 10. 攻击[24858]:通达OA 任意用户远程代码执行漏洞 11. 攻击[24926]:泛微ecology8 任意文件上传漏洞 12. 攻击[24933]:Cisco Data Center Network Manager storeFileContentInFS 目录遍历漏洞(CVE-2019-15981) 13. 攻击[25050]:Jenkins FileParameterValue目录遍历漏洞(CVE-2019-10352) 14. 攻击[25104]:Adobe Acrobat Reader DC内存释放后重用漏洞(CVE-2020-24437) 15. 攻击[25134]:JavaMelody XXE漏洞 (CVE-2018-15531) 16. 攻击[25147]:Trend Micro InterScan Messaging PolicyWSAction 外部实体注入漏洞(CVE-2020-27017) 17. 攻击[25390]:Netgear ProSAFE NMS300 FileUploadUtils目录遍历 18. 攻击[25543]:Oracle WebLogic Server 反序列化漏洞 (CVE-2018-2628) 19. 攻击[30768]:华硕路由器未授权信息泄露漏洞 20. 攻击[25848]:泛微OA WorkflowServiceXml 远程代码执行漏洞 21. 攻击[25880]:PostgreSQL JDBC Driver任意代码执行漏洞(CVE-2022-21724) 22. 攻击[41337]:远程连接windows命令行 23. 攻击[41525]:IoT蠕虫DarkCat传播 24. 攻击[41548]:Webshell后门伪装404错误页面 25. 攻击[41566]:恶意程序windows/vertexnet_b网络通信 26. 攻击[41581]:恶意程序windows/drive_d网络通信 27. 攻击[41618]:恶意软件Xbash C2服务器通信 28. 攻击[41816]:Reverse DNS Shell隧道通信 29. 攻击[50624]:Anydesk远程控制软件HTTPS通信 30. 攻击[25863]:SolarView Compact 命令注入漏洞(CVE-2022-29303) 31. 攻击[41763]:Cobalt Strike渗透攻击工具Beacon DNS通信 32. 攻击[25686]:PHPCMS 9.6.0 任意文件上传漏洞(CVE-2018-14399) 33. 攻击[24257]:Spring Framework isWritableProperty SpEL 表达式注入漏洞(CVE-2018-1273) 34. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057) 35. 攻击[60464]:HTTP服务目录遍历漏洞 36. 攻击[23991]:Fastjson远程代码执行漏洞 37. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞 38. 攻击[24510]:WordPress Ninja Forms插件远程代码执行漏洞（CVE-2019-10869） 39. 攻击[25200]:趋势科技InterScan Web安全网关MailNotification缓冲区溢出漏洞（CVE-2020-28579） 40. 攻击[25466]:Apache Druid LoadData 任意文件读取漏洞(CVE-2021-36749) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29757. This package include changed rules: new rules: 1. threat[25939]:Dedecms V5.7 Background Arbitrary Code Execution Vulnerability 2. threat[25940]:JavassistWeld Deserialized Code Injection Vulnerability 3. threat[25942]:nginxWebUI cmdOver Background Command Execution Vulnerability 4. threat[25941]:JBossInterceptor Deserialized Code Injection Vulnerability 5. threat[30832]:Qibo CMS V7 job.php Arbitrary File Reading Vulnerability 6. threat[25943]:PHPCMS v9 Arbitrary File Upload Vulnerability 7. threat[30833]:Caucho Resin Viewfile Remote File Reading Vulnerability 8. threat[25947]:Imagetragick Command Injection Vulnerability (CVE-2016-3714) 9. threat[25948]:MSSQL sp_oacreate Execution 10. threat[25949]:MSSQL xp_dirtree Execution 11. threat[30834]:Seeyon A8 status.jsp Information Disclosure Vulnerability 12. threat[24566]:Safari memory corruption (CVE-2018-4438) 13. threat[24556]:HPE Intelligent Management Center SoapConfigBean Expression Language Injection(CVE-2019-11943) 14. threat[24293]:Foxit Reader Annotations borderEffectIntensity Use After Free Vulnerability(CVE-2018-14300) 15. threat[25946]:Redis Shell Reverse Command Execution 16. threat[30835]:Seeyon Sailsoft Component ReportServer Directory Traversal Vulnerability update rules: 1. threat[25945]:Spring Deserialization Code Injection Vulnerability 2. threat[24439]:FreeBSD NFS Server NFSv4 Opcode Out-of-Bounds Write(CVE-2018-17157) 3. threat[24236]:Asterisk out-of-bounds write vulnerability 4. threat[24383]:Hucart CMS Cross Site Request Forgery 5. threat[24525]:HPE Intelligent Management Center AccessMgrServlet Deserialization Vulnerability(CVE-2019-11945) 6. threat[24741]:D-Link DIR-859 Unauthenticated Remote Command Execution(CVE-2019-17621) 7. threat[24769]:Sangoma Asterisk manager.c Command Execution Vulnerability(CVE-2019-18610) 8. threat[24823]:MVPower DVR Shell Unauthenticated Command Execution 9. threat[24853]:Pippo FastjsonEngine Fastjson RCE Vulnerability(CVE-2017-18349) 10. threat[24858]:TongDa OA Remote Code Execution Vulnerability 11. threat[24926]:Weaver Ecology8 Arbitrary File Upload Vulnerability 12. threat[24933]:Cisco Data Center Network Manager storeFileContentInFS Directory Traversal Vulnerability(CVE-2019-15981) 13. threat[25050]:Jenkins FileParameterValue Directory Traversal Vulnerability(CVE-2019-10352) 14. threat[25104]:Adobe Acrobat and Reader form Field Format Use After Free Vulnerability(CVE-2020-24437) 15. threat[25134]:JavaMelody XXE Vulnerability (CVE-2018-15531) 16. threat[25147]:Trend Micro InterScan Messaging PolicyWSAction External Entity Injection Vulnerability(CVE-2020-27017) 17. threat[25390]:Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal 18. threat[25543]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2018-2628) 19. threat[30768]:ASUS Routers Unauthorized Information Disclosure Vulnerability 20. threat[25848]:E-cology WorkflowServiceXml Remote Code Execution Vulnerability 21. threat[25880]:PostgreSQL JDBC Driver Arbitrary Code Execution Vulnerability (CVE-2022-21724) 22. threat[41337]:Remote Connections to Windows cmd Command Line 23. threat[41525]:IoT Worm DarkCat Spreading 24. threat[41548]:Webshell Backdoor Pretended as 404 Page 25. threat[41566]: Malware Windows/vertexnet_b network communication 26. threat[41581]:Malware windows/drive_d Network Connection 27. threat[41618]:Malware Xbash Communicating with C2 Server 28. threat[41816]:Reverse DNS Shell Tunnel Communication 29. threat[50624]:Anydesk Remote Control software HTTPS Communication 30. threat[25863]:SolarView Compact Command Injection Vulnerability (CVE-2022-29303) 31. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication 32. threat[25686]:PHPCMS 9.6.0 Arbitrary File Upload Vulnerability(CVE-2018-14399) 33. threat[24257]:Spring Framework isWritableProperty SpEL Injection Vulnerability(CVE-2018-1273) 34. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057) 35. threat[60464]:HTTP Directory Traversal Vulnerability 36. threat[23991]:Fastjson Remote Code Execution Vulnerability 37. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability 38. threat[24510]:WordPress Ninja Forms Plugin Remote Code Execution(CVE-2019-10869) 39. threat[25200]:Trend Micro InterScan Web Security Virtual Appliance MailNotification Buffer Overflow Vulnerability(CVE-2020-28579) 40. threat[25466]:Apache Druid LoadData Arbitrary File Read Vulnerability (CVE-2021-36749) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-04-07 14:14:17

名称： eoi.unify.allrulepatch.ips.5.6.10.29678.rule	版本：5.6.10.29678
MD5：3f271a610d588f1dc0294c11dcec83e0	大小：30.28M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29678。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25847]:Apache Linkis反序列化漏洞(CVE-2022-44645) 2. 攻击[25930]:Oracle E-Business Suite 远程命令执行漏洞(CVE-2022-21587) 3. 攻击[25931]:Hibernate 反序列化代码注入漏洞 4. 攻击[25932]:Beanshell 反序列化代码注入漏洞 5. 攻击[30828]:致远-A6-test.jsp-SQL注入漏洞 6. 攻击[25933]:Clojure 反序列化代码注入漏洞 7. 攻击[25935]:致远-A8-htmlofficeservlet-任意文件上传漏洞 8. 攻击[30829]:MinIO 信息泄露漏洞(CVE-2023-28432) 9. 攻击[30826]:凭据获取工具Web执行 10. 攻击[25936]:Groovy 反序列化代码注入漏洞 11. 攻击[30827]:凭据获取工具隐匿执行 12. 攻击[30830]:用友畅捷通CRM get_usedspace.php SQL注入漏洞 13. 攻击[25937]:蓝海卓越计费管理系统 debug.php远程命令执行漏洞 14. 攻击[25938]:亿赛通电子文档安全管理系统dataimport远程命令执行漏洞 15. 攻击[41948]:恶意挖矿程序DDG获取挖矿任务 16. 攻击[41947]:恶意挖矿程序Outlaw获取挖矿任务 17. 攻击[25925]:Java URLDNS 反序列化攻击 18. 攻击[25926]:JRMP 反序列化代码执行漏洞 19. 攻击[30825]:fscan扫描工具Web执行更新规则: 1. 攻击[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication 2. 攻击[25924]:JDK 8u20 反序列化代码注入漏洞 3. 攻击[24434]:Supervisord 远程命令执行漏洞(CVE-2017-11610) 4. 攻击[24652]:mongo-express远程代码执行漏洞(CVE-2019-10758) 5. 攻击[25289]:SonarQube api 信息泄露漏洞(CVE-2020-27986) 6. 攻击[24649]:joomla 3.7 SQL注入漏洞（CVE-2017-8917）) 7. 攻击[25598]:VMware Spring Cloud Function SpEL代码执行漏洞(CVE-2022-22963) 8. 攻击[41781]:FRP内网穿透工具通信 9. 攻击[25219]:GitLab 12.9.0 任意文件读取漏洞(CVE-2020-10977) 10. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) 11. 攻击[50629]:向日葵远程控制软件客户端向受控端发送信息（UDP） 12. 攻击[41534]:网页包含挖矿脚本代码 13. 攻击[62428]:HTTP Javascript跨站脚本攻击尝试 14. 攻击[23002]:Apache Struts2 (CVE-2014-0094)(S2-020)漏洞修补绕过 15. 攻击[41887]:Ngrok内网穿透工具通信 16. 攻击[41775]:冰蝎 Webshell 连接(PHP) 17. 攻击[50602]:Burp Suite Web攻击工具启动 18. 攻击[41780]:DNSLog查询请求 19. 攻击[25747]:Windows信息收集命令执行注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29678. This package include changed rules: new rules: 1. threat[25847]:Apache Linkis Deserialization Vulnerability(CVE-2022-44645) 2. threat[25930]:Oracle E-Business Suite Unauthenticated RCE(CVE-2022-21587) 3. threat[25931]:Hibernate Deserialization Code Injection Vulnerability 4. threat[25932]:Beanshell Deserialization Code Injection Vulnerability 5. threat[30828]:Seeyon A6 test.jsp SQL Injection Vulnerability 6. threat[25933]:Clojure Deserialization Code Injection Vulnerabilities 7. threat[25935]:Seeyon A8 htmlofficeservlet Arbitrary File Upload Vulnerability 8. threat[30829]:MinIO Information Disclosure Vulnerability(CVE-2023-28432) 9. threat[30826]:Credential Acquisition Tool Web Execution 10. threat[25936]:Groovy Deserialization Code Injection Vulnerabilities 11. threat[30827]:Credential acquisition tool executes stealthily 12. threat[30830]:Yonyou Changjietong CRM get_usedspace.php SQL injection vulnerability 13. threat[25937]:BlueOcean Excellent Billing Management System debug.php Remote Command Execution Vulnerability 14. threat[25938]:ESAFENET Electronic Document Security Management System dataimport Remote Command Execution Vulnerability 15. threat[41948]:Malware Mining DDG Obtains Mining Tasks 16. threat[41947]:Malware Mining Outlaw Obtains Mining Tasks 17. threat[25925]:Java URLDNS Deserialization Attack 18. threat[25926]:JRMP Deserialization Code Execution Vulnerability 19. threat[30825]:fscan scan tool web execution update rules: 1. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication 2. threat[25924]:JDK 8u20 Deserialization Code Injection Vulnerability 3. threat[24434]:Supervisord Remote Command Execution Vulnerability(CVE-2017-11610) 4. threat[24652]:mongo-express Remote Code Execution Vulnerability(CVE-2019-10758) 5. threat[25289]:SonarQube api Information Disclosure Vulnerability(CVE-2020-27986) 6. threat[24649]:joomla 3.7 SQL Injection Vulnerability (CVE-2017-8917) 7. threat[25598]:VMware Spring Cloud Function SpEL Code Injection Vulnerability(CVE-2022-22963) 8. threat[41781]:Communication of FRP Intranet Penetration Tool 9. threat[25219]:GitLab 12.9.0 Read Arbitrary Files Vulnerability(CVE-2020-10977) 10. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084) 11. threat[50629]:Sunflower remote control software client sends information to the controlled end (UDP) 12. threat[41534]:Web Page Contains Mining Script Code 13. threat[62428]:HTTP Javascript Cross Site Scripting Attempt 14. threat[23002]:Apache Struts2 (CVE-2014-0094)(S2-020) Vulnerability Repair Bypass Vulnerability 15. threat[41887]:Ngrok Intranet Penetration Tool Communication 16. threat[41775]:Behinder Webshell Connect(PHP) 17. threat[50602]:Burp Suite Web Attack Tool Startup 18. threat[41780]:DNSLog Query Request 19. threat[25747]:Windows Information Collection Command Execution Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-03-31 23:43:36

名称： eoi.unify.allrulepatch.ips.5.6.10.29573.rule	版本：5.6.10.29573
MD5：d93a305a4f7de8680f6ab277f7121fbc	大小：29.96M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29573。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30820]:致远A8-V5-officeservlet任意文件读取漏洞 2. 攻击[30821]:致远-A6-initDataAssess.jsp-用户敏感信息泄露漏洞 3. 攻击[25919]:SeaCMS 命令执行漏洞(CVE-2022-23878) 4. 攻击[25918]:SharpHound渗透工具Web执行 5. 攻击[25921]:Apache CommonsBeanutils 反序列化命令注入漏洞(CB1) 6. 攻击[25922]:C3P0 0.9.5.2 反序列化代码注入漏洞 7. 攻击[25923]:JDK 7u21 反序列化代码注入漏洞 8. 攻击[25924]:JDK 8u20 反序列化代码注入漏洞 9. 攻击[30822]:致远 A6 config.jsp-敏感信息泄漏漏洞 10. 攻击[50627]:ShowMyPC远程控制软件运行 11. 攻击[30823]:致远 A6 setextno.jsp-SQL注入漏洞更新规则: 1. 攻击[24465]:Confluence远程代码执行漏洞(CVE-2019-3396) 2. 攻击[25531]:Spring Framework spring-bean远程代码执行漏洞(CVE-2022-22965) 3. 攻击[25413]:Apache Tomcat Session远程代码执行漏洞（CVE-2020-9484） 4. 攻击[41738]:Cobalt Strike渗透攻击工具Beacon HTTP受控端上线 5. 攻击[49014]:挖矿程序查询DNS矿池服务器域名 6. 攻击[25516]:Spring Cloud Gateway远程代码执行漏洞(CVE-2022-22947) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29573. This package include changed rules: new rules: 1. threat[30820]:Seeyon A8-V5-Officeservlet Arbitrary File Reading Vulnerability 2. threat[30821]:Seeyon A6-initDataAssess.jsp-User Sensitive Information Disclosure Vulnerability 3. threat[25919]:SeaCMS Command Execution vulnerability (CVE-2022-23878) 4. threat[25918]:SharpHound Penetration Tool Web Execution 5. threat[25921]:Apache CommonsBeanutils Deserialization Command Injection Vulnerability (CB1) 6. threat[25922]:C3P0 0.9.5.2 Deserialization code injection vulnerability 7. threat[25923]:JDK 7u21 deserialization code injection vulnerability 8. threat[25924]:JDK 8u20 Deserialization Code Injection Vulnerability 9. threat[30822]:Seeyon A6 config.jsp Sensitive Information Leakage Vulnerability 10. threat[50627]:ShowMyPC remote control software running 11. threat[30823]:Seeyon A6 setextno.jsp SQL Injection Vulnerability update rules: 1. threat[24465]:Confluence Remote Code Execution Vulnerability (CVE-2019-3396) 2. threat[25531]:Spring Framework spring-bean Remote Code Execution Vulnerability(CVE-2022-22965) 3. threat[25413]:Apache Tomcat Session Remote Code Execution Vulnerability(CVE-2020-9484) 4. threat[41738]:Penetration Test Tool Cobalt Strike Beacon HTTP Botnet Connect to the Server 5. threat[49014]:Mining program query DNS mine pool server domain name 6. threat[25516]:Spring Cloud Gateway Remote Code Execution Vulnerability(CVE-2022-22947) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-03-23 18:05:29

名称： eoi.unify.allrulepatch.ips.5.6.10.29515.rule	版本：5.6.10.29515
MD5：f228d9f063c983aa8ba0198667fbd989	大小：29.95M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29515。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25906]:OXID_Find渗透工具Web执行 2. 攻击[30817]:致远 A6 DownExcelBeanServlet 用户敏感信息泄露 3. 攻击[25878]:ssh横向移动工具Web执行 4. 攻击[25908]:Froxlor 命令注入漏洞(CVE-2023-0315) 5. 攻击[30818]:致远 A6 createMysql.jsp 数据库敏感信息泄露漏洞 6. 攻击[25907]:天蝎 JSP WebShell上传/下载 7. 攻击[25909]:Apache CommonsCollections 反序列化命令注入漏洞(CC1) 8. 攻击[25910]:Apache CommonsCollections 反序列化命令注入漏洞(CC2) 9. 攻击[25911]:Apache CommonsCollections 反序列化命令注入漏洞(CC3) 10. 攻击[25912]:Apache CommonsCollections 反序列化命令注入漏洞(CC4) 11. 攻击[25913]:Apache CommonsCollections 反序列化命令注入漏洞(CC5) 12. 攻击[25916]:Spring Security OAuth2 远程代码执行漏洞(CVE-2018-1260) 13. 攻击[25914]:Apache CommonsCollections 反序列化命令注入漏洞(CC6) 14. 攻击[25915]:Apache CommonsCollections 反序列化命令注入漏洞(CC7) 更新规则: 1. 攻击[25524]:Oracle WebLogic Server本地文件包含漏洞(CVE-2022-21371) 2. 攻击[25739]:Linux反弹shell命令执行 3. 攻击[25740]:Linux反弹shell隐匿命令执行 4. 攻击[23991]:Fastjson远程代码执行漏洞 5. 攻击[25727]:Linux样本下载命令执行 6. 攻击[25731]:Linux样本下载隐匿命令执行 7. 攻击[25747]:Windows信息收集命令执行 8. 攻击[25750]:Windows信息收集隐匿命令执行 9. 攻击[25746]:Linux信息收集命令执行 10. 攻击[25748]:Linux信息收集命令隐匿命令 11. 攻击[41943]:天蝎WebShell管理工具通信(aspx) 12. 攻击[24927]:Apache Dubbo Provider 反序列化漏洞(CVE-2020-1948) 13. 攻击[24577]:Atlassian Confluence服务器 PackageResourceManager信息泄露漏洞（CVE-2019-3394） 14. 攻击[30812]:泛微 E-cology browser.jsp SQL注入漏洞 15. 攻击[41809]:Tomcat后台部署war木马getshell 16. 攻击[25490]:go-http-tunnel隧道工具通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29515. This package include changed rules: new rules: 1. threat[25906]:OXID_Find Penetration Tool Web Execution 2. threat[30817]:Seeyon A6 DownExcelBeanServlet User Sensitive Information Disclosure Vulnerability 3. threat[25878]:ssh lateral movement tool web execution 4. threat[25908]:Froxlor Command Injection Vulnerability(CVE-2023-0315) 5. threat[30818]:Seeyon A6 createMysql.jsp Database Sensitive Information Disclosure Vulnerability 6. threat[25907]:SkyScorpion JSP WebShell Upload/Download 7. threat[25909]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC1) 8. threat[25910]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC2) 9. threat[25911]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC3) 10. threat[25912]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC4) 11. threat[25913]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC5) 12. threat[25916]:Spring Security OAuth2 remote code execution vulnerability (CVE-2018-1260) 13. threat[25914]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC6) 14. threat[25915]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC7) update rules: 1. threat[25524]:Oracle WebLogic Server Local File Inclusion Vulnerability(CVE-2022-21371) 2. threat[25739]:Linux Shell Reverse Command Execution 3. threat[25740]:Linux Shell Reverse Hidden Command Execution 4. threat[23991]:Fastjson Remote Code Execution Vulnerability 5. threat[25727]:Linux Sample Download Command Execution 6. threat[25731]:Linux Sample Download Hidden Command Execution 7. threat[25747]:Windows Information Collection Command Execution 8. threat[25750]:Windows Information Collection Hidden Command Execution 9. threat[25746]:Linux Information Collection Command Execution 10. threat[25748]:Linux Information Collection Hidden Command Execution 11. threat[41943]:SkyScorpion WebShell Management Tool Communication(aspx) 12. threat[24927]:Apache Dubbo Provider Deserialization Vulnerability(CVE-2020-1948) 13. threat[24577]:Atlassian Confluence Server PackageResourceManager Information Disclosure Vulnerability(CVE-2019-3394) 14. threat[30812]:E-cology browser.jsp SQL Injection Vulnerability 15. threat[41809]:Tomcat backstage deployment war Trojan gettshell 16. threat[25490]:go-http-tunnel Tunnel Communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-03-17 12:36:30

名称： eoi.unify.allrulepatch.ips.5.6.10.29447.rule	版本：5.6.10.29447
MD5：513f5b0814e649f29a1dc5d783ceda2f	大小：29.91M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29447。该升级包新增/改进的规则有: 新增规则: 1. 攻击[10535]:H3C magic R200 栈溢出漏洞(CVE-2022-34607) 2. 攻击[10536]:H3C magic R200 栈溢出漏洞(CVE-2022-34609) 3. 攻击[25886]:Zyxel NBG2105 认证绕过漏洞(CVE-2021-3297) 4. 攻击[25889]:Zyxel NWA1100-NH命令注入漏洞(CVE-2021-4039) 5. 攻击[25890]:ZTE F460/F660 命令注入漏洞(CVE-2014-2321) 6. 攻击[25891]:西迪特 Wi-Fi Web管理 jumpto.php 后台命令执行漏洞 7. 攻击[25892]:IonizeCMS 命令执行漏洞(CVE-2022-29307) 8. 攻击[25893]:Webmin 远程命令执行漏洞(CVE-2022-30708) 9. 攻击[25084]:Elasticsearch未授权访问漏洞 10. 攻击[25896]:Ueditor编辑器.net版本任意文件上传漏洞 11. 攻击[25897]:Windows NEGOEX 远程代码执行漏洞(CVE-2022-37958) 12. 攻击[25895]:泛微OA KtreeUploadAction 文件上传漏洞 13. 攻击[30813]:致远OA webmail.do任意文件下载（CNVD-2020-62422） 14. 攻击[30812]:泛微 E-cology browser.jsp SQL注入漏洞 15. 攻击[25885]:Confluence任意文件读取漏洞(CVE-2015-8399) 16. 攻击[25873]:kubectl集群管理工具Web执行 17. 攻击[25899]:Fortinet FortiWeb缓冲区溢出漏洞(CVE-2021-42756) 18. 攻击[25875]:docker工具Web执行 19. 攻击[25874]:etcdctl容器工具Web执行 20. 攻击[25900]:Hospital Management System 文件上传漏洞(CVE-2022-30448) 21. 攻击[25901]:Purchase Order Management System 文件上传漏洞(CVE-2022-28021) 22. 攻击[30816]:泛微 E-Cology jqueryFileTree.jsp 目录遍历漏洞 23. 攻击[25902]:红帆OA ssMarkPic 任意文件上传漏洞 24. 攻击[25903]:红帆OA PicFile 任意文件上传漏洞 25. 攻击[25904]:红帆OA iorepsavexml 任意文件上传漏洞 26. 攻击[41945]:SMTP服务发送恶意RTF文档邮件 27. 攻击[25905]:Social Codia SMS任意文件上传漏洞(CVE-2022-27349) 更新规则: 1. 攻击[30744]:帆软报表v8.0认证账号密码信息泄露漏洞 2. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228) 3. 攻击[25262]:泛微OA9 weaver.common.Ctrl 任意文件上传漏洞 4. 攻击[23818]:Spring Boot框架SPEL表达式注入漏洞 5. 攻击[25229]:帆软 V9getshell FineReport - 任意文件上传 6. 攻击[25290]:Apache Shiro 1.7.1 身份验证绕过漏洞(CVE-2020-17523) 7. 攻击[25740]:Linux反弹shell隐匿命令执行 8. 攻击[25739]:Linux反弹shell命令执行 9. 攻击[25887]:天蝎 ASP WebShell上传/下载 10. 攻击[25888]:天蝎 NET WebShell上传/下载注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29447. This package include changed rules: new rules: 1. threat[10535]:H3C magic R200 Stack Overflow Vulnerability (CVE-2022-34607) 2. threat[10536]:H3C magic R200 Stack Overflow Vulnerability (CVE-2022-34609) 3. threat[25886]:Zyxel NBG2105 Authentication Bypass Vulnerability(CVE-2021-3297) 4. threat[25889]:Zyxel NWA1100-NH Command Injection Vulnerability (CVE-2021-4039) 5. threat[25890]:ZTE F460/F660 Command Injection Vulnerability (CVE-2014-2321) 6. threat[25891]:Cdata Wi-Fi Web Management jumpto.php background command execution vulnerability 7. threat[25892]:IonizeCMS Command Execution Vulnerability (CVE-2022-29307) 8. threat[25893]:Webmin Remote Command Execution Vulnerability (CVE-2022-30708) 9. threat[25084]:Elasticsearch Unauthorized Access Vulnerability 10. threat[25896]:Ueditor Editor.net version arbitrary file upload vulnerability 11. threat[25897]:Windows NEGOEX Remote Code Execution Vulnerability(CVE-2022-37958) 12. threat[25895]:E-cology KtreeUploadAction File Upload Vulnerability 13. threat[30813]:Seeyon webmail.do Arbitrary File Download Vulnerability(CNVD-2020-62422) 14. threat[30812]:E-cology browser.jsp SQL Injection Vulnerability 15. threat[25885]:Confluence Arbitrary File Read Vulnerability(CVE-2015-8399) 16. threat[25873]:kubectl cluster management tool Web execution 17. threat[25899]:Fortinet FortiWeb Buffer Overflow Vulnerability (CVE-2021-42756) 18. threat[25875]:Docker Tools Web Execution 19. threat[25874]:etcdctl container tools web execution 20. threat[25900]:Hospital Management System File upload Vulnerability (CVE-2022-30448) 21. threat[25901]:Purchase Order Management System File Upload Vulnerability (CVE-2022-28021) 22. threat[30816]:E-Cology jqueryFileTree.jsp Directory traversal vulnerability 23. threat[25902]:Hongfan OA ssMarkPic Arbitrary File Upload Vulnerability 24. threat[25903]:Hongfan OA PicFile Arbitrary File Upload Vulnerability 25. threat[25904]:Hongfan OA iorepsavexml Arbitrary File Upload Vulnerability 26. threat[41945]:SMTP Service Sending Mails with Malicious RTF Document 27. threat[25905]:Social Codia SMS Arbitrary File Upload Vulnerability (CVE-2022-27349) update rules: 1. threat[30744]:FineReport v8.0 Authentication Account Password Information Disclosure Vulnerability 2. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) 3. threat[25262]:Weaver OA9 weaver.common.Ctrl Arbitrary File Upload Vulnerability 4. threat[23818]:Spring Boot Framework SPEL Expressions Injection Vulnerability 5. threat[25229]:FineReport V9 getshell - Arbitrary File Upload 6. threat[25290]:Apache Shiro 1.7.1 Authentication Bypass Vulnerability (CVE-2020-17523) 7. threat[25740]:Linux Shell Reverse Hidden Command Execution 8. threat[25739]:Linux Shell Reverse Command Execution 9. threat[25887]:SkyScorpion ASP WebShell Upload/Download 10. threat[25888]:SkyScorpion NET WebShell Upload/Download Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-03-10 20:49:39

名称： eoi.unify.allrulepatch.ips.5.6.10.29342.rule	版本：5.6.10.29342
MD5：d4802a8e5a6a583b563d702c0748bccd	大小：29.87M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29342。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25882]:Musical World文件上传漏洞(CVE-2022-27064) 2. 攻击[30811]:泛微E-cology SignatureDownLoad 任意文件读取漏洞 3. 攻击[25883]:E-Commerce Website 1.0 任意文件上传漏洞(CVE-2022-27357) 4. 攻击[41943]:天蝎WebShell管理工具通信(aspx) 5. 攻击[25884]:PHPGurukul Zoo Management System 1.0 文件上传漏洞(CVE-2022-27351) 6. 攻击[25876]:net横向移动工具Web执行 7. 攻击[25877]:winrs横向移动工具Web执行 8. 攻击[25887]:天蝎 ASP WebShell上传/下载更新规则: 1. 攻击[25731]:Linux样本下载类型二 2. 攻击[41883]:恶意软件T-Rex挖矿活动注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29342. This package include changed rules: new rules: 1. threat[25882]:Musical World File Upload Vulnerability (CVE-2022-27064) 2. threat[30811]:E-cology SignatureDownLoad Arbitrary File Read Vulnerability 3. threat[25883]:E-Commerce Website 1.0 Arbitrary File Upload Vulnerability (CVE-2022-27357) 4. threat[41943]:SkyScorpion WebShell Management Tool Communication(aspx) 5. threat[25884]:PHPGurukul Zoo Management System 1.0 File upload Vulnerability (CVE-2022-27351) 6. threat[25876]:net lateral movement tool web execution 7. threat[25877]:winrs lateral movement tool web execution 8. threat[25887]:SkyScorpion ASP WebShell Upload/Download update rules: 1. threat[25731]:Linux Sample Download Type Two 2. threat[41883]:Malware T-Rex Mining Activities Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-03-02 18:10:14

名称： eoi.unify.allrulepatch.ips.5.6.10.29297.rule	版本：5.6.10.29297
MD5：f07cd7f624ae1f9a8275e2eccc40282c	大小：29.86M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29297。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25865]:CDK渗透工具Web执行 2. 攻击[30807]:泛微 E-Cology HrmCareerApplyPerView.jsp SQL注入漏洞 3. 攻击[41940]:天蝎WebShell管理工具通信(jsp) 4. 攻击[25870]:AeroCMS v0.0.1 任意文件上传漏洞(CVE-2022-27061) 5. 攻击[25872]:VMware ESXi OpenSLP堆溢出命令执行漏洞(CVE-2021-21974) 6. 攻击[25867]:Ladon渗透工具Web执行 7. 攻击[25871]:AeroCMS v0.0.1 任意文件上传漏洞(CVE-2022-38305) 8. 攻击[25869]:nbtscan渗透工具Web执行 9. 攻击[30808]:泛微E-Office group_xml.php SQL注入漏洞 10. 攻击[30809]:泛微 E-Office officeserver.php 任意文件读取漏洞 11. 攻击[10534]:F5 BIG-IP格式字符串漏洞(CVE-2023-22374) 12. 攻击[25879]:GLPI 资产管理软件任意代码注入漏洞(CVE-2022-35914) 13. 攻击[41941]:天蝎WebShell管理工具通信(jsp)-交互终端请求 14. 攻击[25880]:PostgreSQL JDBC Driver任意代码执行漏洞(CVE-2022-21724) 15. 攻击[30810]:泛微 E-Office UserSelect 未授权访问漏洞 16. 攻击[41942]:天蝎WebShell管理工具通信(asp) 17. 攻击[25881]:Simple House Rental System v1文件上传漏洞(CVE-2022-27352) 18. 应用:最右-iOS 19. 应用:萤石云视频-Android 20. 应用:云蚁物联 21. 应用:智家e物联 22. 应用:哔哩哔哩动画-资源 23. 应用:ThinkHome-资源 24. 应用:物联查询-Android 25. 应用:物联查询-资源 26. 应用:ThinkHome-Android 27. 应用:有看头更新规则: 1. 攻击[24991]:F5 BIG-IP TMUI 远程代码执行漏洞(CVE-2020-5902) 2. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞（CVE-2015-1427）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29297. This package include changed rules: new rules: 1. threat[25865]:CDK Penetration Tool Web Execution 2. threat[30807]:E-Cology HrmCareerApplyPerView.jsp SQL Injection Vulnerability 3. threat[41940]:SkyScorpion WebShell Management Tool Communication(jsp) 4. threat[25870]:AeroCMS v0.0.1 Arbitrary File Upload Vulnerability (CVE-2022-27061) 5. threat[25872]:VMware ESXi OpenSLP Heap Overflow Command Execution Vulnerability (CVE-2021-21974) 6. threat[25867]:Ladon Penetration Tool Web Execution 7. threat[25871]:AeroCMS v0.0.1 Arbitrary File Upload Vulnerability (CVE-2022-38305) 8. threat[25869]:nbtscan Penetration Tool Web Execution 9. threat[30808]:E-Office group_xml.php SQL injection vulnerability 10. threat[30809]:E-Office officeserver.php Arbitrary File Reading Vulnerability 11. threat[10534]:F5 BIG-IP Format String Vulnerability(CVE-2023-22374) 12. threat[25879]:GLPI Asset Management Software Arbitrary Code Injection Vulnerability (CVE-2022-35914) 13. threat[41941]:SkyScorpion WebShell Management Tool Communication(jsp)-Interactive terminal request 14. threat[25880]:PostgreSQL JDBC Driver Arbitrary Code Execution Vulnerability (CVE-2022-21724) 15. threat[30810]:E-Office UserSelect Unauthorized Access Vulnerability 16. threat[41942]:SkyScorpion WebShell Management Tool Communication(asp) 17. threat[25881]:Simple House Rental System v1 File Upload Vulnerability (CVE-2022-27352) 18. app: 19. app:EZVIZ-Android 20. app:yunyi 21. app:zhijiaiot 22. app:bilibili-resource 23. app:ThinkHome-resource 24. app:91wlcx-Android 25. app:91wlcx-resource 26. app:ThinkHome-Android 27. app:Yousee update rules: 1. threat[24991]:F5 BIG-IP TMUI Remote Code Execution Vulnerability(CVE-2020-5902) 2. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-02-24 09:12:59

名称： eoi.unify.allrulepatch.ips.5.6.10.29236.rule	版本：5.6.10.29236
MD5：0726e6668912f59d8e387e455607543b	大小：29.73M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29236。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25856]:ActiveMQ目录遍历漏洞(CVE-2015-1830) 2. 攻击[41938]:天蝎WebShell管理工具通信(PHP) 3. 攻击[25858]:Roxy-Wi 远程命令执行漏洞(CVE-2022-31137) 4. 攻击[25860]:PHPIPAM SQL注入漏洞(CVE-2022-23046) 5. 攻击[30805]:泛微 E-cology users.data 信息泄漏漏洞 6. 攻击[30806]:泛微 E-Cology getSqlData SQL注入漏洞 7. 攻击[25862]:Apache ShenYu Admin 身份验证绕过漏洞(CVE-2021-37580) 8. 攻击[25863]:SolarView Compact 命令注入漏洞(CVE-2022-29303) 9. 攻击[25861]:天蝎PHP WebShell上传 10. 攻击[41939]:天蝎WebShell管理工具通信(PHP)-代码执行请求 11. 攻击[25859]:VMware ESXi OpenSLP堆溢出漏洞(CVE-2021-21974) 12. 攻击[25864]:天蝎PHP WebShell下载 13. 攻击[25853]:authotrized_keys认证文件写入 14. 攻击[25854]:cron定时任务写入 15. 攻击[25852]:H2 Console代码注入漏洞（CVE-2022-23221） 16. 攻击[25853]:authorized_keys认证文件写入 17. 攻击[25855]:Moodle SQL 注入漏洞（CVE-2022-0332） 18. 应用:95秀-Android 19. 应用:腾讯NOW直播 20. 应用:酷狗直播-Web 21. 应用:红人直播-Android 22. 应用:华为云会议 23. 应用:迅捷PDF转换器-Windows 24. 应用:青萍物联 25. 应用:考研帮-资源 26. 应用:移动办公 27. 应用:网易会议 28. 应用:迅捷PDF转换器-Android 29. 应用:UC云-Web 更新规则: 1. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行 2. 攻击[23833]:phpMyAdmin远程代码执行漏洞(CVE-2016-5734) 3. 攻击[25852]:H2 Console代码注入漏洞（CVE-2022-23221） 4. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013) 5. 应用:来疯直播-android 6. 应用:百度贴吧-Android 7. 应用:全民K歌-资源 8. 应用:乐嗨直播-android 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29236. This package include changed rules: new rules: 1. threat[25856]:ActiveMQ Directory Traversal Vulnerability(CVE-2015-1830) 2. threat[41938]:SkyScorpion WebShell Management Tool Communication(PHP) 3. threat[25858]:Roxy-Wi Remote Command Execution Vulnerability(CVE-2022-31137) 4. threat[25860]:PHPIPAM SQL Injection Vulnerability (CVE-2022-23046) 5. threat[30805]:E-cology users.data Information Leakage Vulnerability 6. threat[30806]:E-Cology getSqlData SQL Injection Vulnerability 7. threat[25862]:Apache ShenYu Admin Authentication Bypass Vulnerability(CVE-2021-37580) 8. threat[25863]:SolarView Compact Command Injection Vulnerability (CVE-2022-29303) 9. threat[25861]:SkyScorpion PHP WebShell Upload 10. threat[41939]:SkyScorpion WebShell Management Tool Communication(PHP)-Code Execution Request 11. threat[25859]:VMware ESXi OpenSLP heap overflow vulnerability (CVE-2021-21974) 12. threat[25864]:SkyScorpion PHP WebShell Download 13. threat[25853]:authotrized_keys authentication file write 14. threat[25854]:cron scheduled task write 15. threat[25852]:H2 Console Code Injection Vulnerability (CVE-2022-23221) 16. threat[25853]:authorized_keys authentication file write 17. threat[25855]:Moodle SQL Injection Vulnerability (CVE-2022-0332) 18. app:95show-Android 19. app: 20. app:Kugou Live Broadcast-web 21. app:HongrenLive-Android 22. app:HUaWeimeeting 23. app:xunjiePDF-Windows 24. app:qingping 25. app:kaoyan.com 26. app:andfx 27. app: 28. app:XunJiePDF-Android 29. app:UCLOUD update rules: 1. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command 2. threat[23833]:phpMyAdmin Remote Code Execution Vulnerability(CVE-2016-5734) 3. threat[25852]:H2 Console Code Injection Vulnerability (CVE-2022-23221) 4. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013) 5. app:laifeng-android 6. app:Baidu Tieba-Android 7. app:kg.qq 8. app:lehailive-android Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-02-17 20:55:47

名称： eoi.unify.allrulepatch.ips.5.6.10.29189.rule	版本：5.6.10.29189
MD5：28ec730ef9c5836930f5902fd198d13d	大小：29.68M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29189。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25857]:Apache Kafka远程代码执行漏洞(CVE-2023-25194) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29189. This package include changed rules: new rules: 1. threat[25857]:Apache Kafka Remote Code Execution Vulnerability(CVE-2023-25194) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-02-10 23:35:13

名称： eoi.unify.allrulepatch.ips.5.6.10.29169.rule	版本：5.6.10.29169
MD5：83dcaeb150a976857e86787bec38ec15	大小：29.66M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29169。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25844]:GetSimple CMS 命令执行漏洞 (CVE-2022-41544) 2. 攻击[25845]:ysoserial反序列化利用 3. 攻击[25846]:Splunk Enterprise远程代码执行漏洞(CVE-2022-43571) 4. 攻击[25848]:泛微OA WorkflowServiceXml 远程代码执行漏洞 5. 攻击[25849]:泛微OA LoginSSO.jsp SQL注入漏洞 6. 攻击[25850]:Bonitasoft Platform 远程命令执行漏洞(CVE-2022-25237) 7. 攻击[25851]:Apache Solr Log4j2远程代码执行漏洞 8. 攻击[49046]:通达OA menu_left本地文件包含漏洞 9. 攻击[25841]:Roxy-WI 代码执行漏洞 (CVE-2022-31126) 10. 攻击[25842]:D-link DIR-816 A2命令注入漏洞（CVE-2022-28915） 11. 攻击[25843]:D-LINK DIR-645 命令注入漏洞(CVE-2022-32092) 12. 攻击[30803]:VMware vRealize Log Insight信息泄露漏洞(CVE-2022-31711) 更新规则: 1. 攻击[25141]:Apache Solr远程代码执行漏洞(CVE-2020-13957) 2. 攻击[25299]:XStream反序列化远程代码执行漏洞(CVE-2021-29505) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29169. This package include changed rules: new rules: 1. threat[25844]:GetSimple CMS Command Execution Vulnerability (CVE-2022-41544) 2. threat[25845]:Ysoserial Deserialization Utilization 3. threat[25846]:Splunk Enterprise Remote Code Execution Vulnerability(CVE-2022-43571) 4. threat[25848]:Ecology WorkflowServiceXml Remote Code Execution Vulnerability 5. threat[25849]:Ecology LoginSSO.jsp SQL Injection Vulnerability 6. threat[25850]:Bonitasoft Platform Remote Command Execution Vulnerability(CVE-2022-25237) 7. threat[25851]:Apache Solr Log4j2 Remote Code Execution Vulnerability 8. threat[49046]:Tongda OA menu_left Local File Inclusion Vulnerability 9. threat[25841]:Roxy-WI Code Execution Vulnerability (CVE-2022-31126) 10. threat[25842]:D-link DIR-816 A2 Command Injection Vulnerability (CVE-2022-28915) 11. threat[25843]:D-LINK DIR-645 Command Injection Vulnerability (CVE-2022-32092) 12. threat[30803]:VMware vRealize Log Insight Information Disclosure Vulnerability(CVE-2022-31711) update rules: 1. threat[25141]:Apache Solr Remote Code Execution Vulnerability(CVE-2020-13957) 2. threat[25299]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-29505) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-02-09 21:58:39

名称： eoi.unify.allrulepatch.ips.5.6.10.29115.rule	版本：5.6.10.29115
MD5：91968d3970a1777cc21180775acce022	大小：29.62M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29115。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25836]:PHP Development Server信息泄露漏洞 2. 攻击[25838]:Apache APISIX Dashboard 远程代码执行漏洞(CVE-2021-45232) 3. 攻击[30802]:Apache Archiva任意文件读取漏洞(CVE-2022-40308) 4. 攻击[25839]:Node.js命令注入漏洞（CVE-2021-21315） 5. 攻击[25831]:Dynamicweb 逻辑漏洞(CVE-2022-25369) 6. 攻击[25833]:Pagekit CMS 文件上传漏洞 (CVE-2022-38916) 7. 攻击[25832]:Apache Dubbo 反序列化命令执行漏洞(CVE-2021-30179) 8. 攻击[25835]:PyLoad远程代码执行漏洞(CVE-2023-0297) 9. 攻击[25834]:Oracle WebLogic Server远程代码执行漏洞(CVE-2023-21839) 10. 攻击[25837]:泛微E-Office UploadFile.php文件上传漏洞 11. 应用:登录支付宝-web 12. 应用:天翼云会议-资源 13. 应用:美居-Android 14. 应用:百度网盘-Windows 15. 应用:美居-iOS 16. 应用:美居-资源 17. 应用:天翼云会议 18. 应用:腾讯会议更新规则: 1. 攻击[25235]:Apache OFBiz RMI 反序列化漏洞(CVE-2021-26295) 2. 攻击[41937]:Apache Archiva 任意目录删除漏洞(CVE-2022-40309) 3. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112) 4. 攻击[25750]:Windows信息收集命令类型二 5. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228) 6. 应用:百度网盘-资源 7. 应用:登录支付宝-Android 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29115. This package include changed rules: new rules: 1. threat[25836]:PHP Development Server Information Disclosure Vulnerability 2. threat[25838]:Apache APISIX Dashboard Remote Code Execution Vulnerability (CVE-2021-45232) 3. threat[30802]:Apache Archiva Arbitrary File Reading Vulnerability (CVE-2022-40308) 4. threat[25839]:Node.js Command Injection Vulnerability（CVE-2021-21315） 5. threat[25831]:Dynamicweb Logic Vulnerability (CVE-2022-25369) 6. threat[25833]:Pagekit CMS File Uploading Vulnerability (CVE-2022-38916) 7. threat[25832]:Apache Dubbo Deserialization Command Execution Vulnerability (CVE-2021-30179) 8. threat[25835]:PyLoad Remote Code Execution Vulnerability (CVE-2023-0297) 9. threat[25834]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2023-21839) 10. threat[25837]:E-Office UploadFile.php File Upload Vulnerability 11. app:loginAlipay - web 12. app:Skywing Cloud Conference 13. app:smartmidea-Android 14. app:BaiduNetdisk-Windows 15. app:midea-iOS 16. app:midea 17. app:CTMeeting 18. app:Tencent Meeting update rules: 1. threat[25235]:Apache OFBiz RMI Deserialization Vulnerability(CVE-2021-26295) 2. threat[41937]:Apache Archiva Arbitrary Directory Removal Vulnerability(CVE-2022-40309) 3. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112) 4. threat[25750]:Windows Information Collection Command Type Two 5. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) 6. app:BaiduNetdisk-Resources 7. app:loginAlipay - Android Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-02-05 10:15:55

名称： eoi.unify.allrulepatch.ips.5.6.10.29063.rule	版本：5.6.10.29063
MD5：8efe222387e1ea93c96d620992fb7184	大小：29.58M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29063。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25828]:MyBB 代码注入漏洞 (CVE-2022-24734) 2. 攻击[25827]:泛微E-Office do_excel.php 任意文件写入漏洞 3. 攻击[25829]:禅道命令执行漏洞更新规则: 1. 攻击[25252]:哥斯拉Godzilla JAVA_AES_BASE64 Webshell 连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29063. This package include changed rules: new rules: 1. threat[25828]:MyBB Code Injection Vulnerability (CVE-2022-24734) 2. threat[25827]:Panmicro E-Office do_excel.php Arbitrary File Writing Vulnerability 3. threat[25829]:ZenTao Command Execution Vulnerability update rules: 1. threat[25252]:Godzilla JAVA_AES_BASE64 Webshell Connect Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-01-26 23:12:04

名称： eoi.unify.allrulepatch.ips.5.6.10.29047.rule	版本：5.6.10.29047
MD5：30eb0eb444ed5ff4f44b49f47b22aaf3	大小：29.57M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29047。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25824]:D-Link DIR-823G 命令注入漏洞(CVE-2022-44808) 2. 攻击[41936]:哥斯拉Godzilla Webshell JSP脚本下载 3. 攻击[25825]:GitLab远程代码执行漏洞(CVE-2022-2992) 4. 攻击[25826]:泛微E-cology uploaderOperate.jsp 文件上传漏洞 5. 攻击[41935]:Phpspy Webshell 下载更新规则: 1. 攻击[41859]:恶意软件“匿影”挖矿程序DNS请求连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29047. This package include changed rules: new rules: 1. threat[25824]:D-Link DIR-823G Command Injection Vulnerability (CVE-2022-44808) 2. threat[41936]:Godzilla Webshell JSP Scripts Download 3. threat[25825]:GitLab Remote Code Execution Vulnerability(CVE-2022-2992) 4. threat[25826]:Weaver E-cology uploaderOperate.jsp file upload vulnerability 5. threat[41935]:Phpspy Webshell Download update rules: 1. threat[41859]:Malware Blackout Mining Program DNS Request Connection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-01-19 20:05:01

名称： eoi.unify.allrulepatch.ips.5.6.10.29031.rule	版本：5.6.10.29031
MD5：3493b2b01b6acb70d9ec1ed59bad74de	大小：29.52M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.29031。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25813]:HotelDruid 代码注入漏洞(CVE-2022-22909) 2. 攻击[25815]:WECON LeviStudioU Alarm Tag栈缓冲区溢出漏洞 3. 攻击[41931]:curl PE文件下载 4. 攻击[41932]:curl ELF文件下载 5. 攻击[25816]:AtomCMS 文件上传漏洞(CVE-2022-25487) 6. 攻击[25822]:Advantech iView NetworkServlet 命令注入漏洞(CVE-2022-2143) 7. 攻击[41933]:wget PE文件下载 8. 攻击[41934]:wget ELF文件下载 9. 攻击[25818]:KeySight N6854A and N6841A RF Sensor UserFirmwareRequestHandler目录遍历漏洞(CVE-2022-1661) 10. 攻击[25819]:Ivanti Avalanche EnterpriseServer Service getDisplayableTreeData SQL注入漏洞 11. 攻击[25820]:ASPXpy木马执行命令检测 12. 攻击[25817]:Zimbra Collaboration Memcached CRLF注入漏洞(CVE-2022-27924) 13. 攻击[25821]:Centos Web Panel 7未验证的远程代码执行(CVE-2022-44877) 14. 攻击[25823]:泛微E-Office OfficeServer 文件上传漏洞 15. 应用:暴风影音 16. 应用:Orbitz 17. 应用:京东物流 18. 应用:快手 19. 应用:最右-Android 20. 应用:Hotwire 21. 应用:有道词典-Android 22. 应用:和目摄像机 23. 应用:最右-资源 24. 应用:优酷视频-Android 更新规则: 1. 攻击[24538]:Xstream反序列化远程代码执行漏洞(CVE-2013-7285)(CVE-2019-10173) 2. 攻击[24561]:XStream Library ReflectionConverter反序列化漏洞(CVE-2019-10173) 3. 攻击[62199]:PHP远程文件包含漏洞之passthru执行 4. 攻击[41930]:iodine DNS隧道工具通信 5. 攻击[25259]:Apache Solr SSRF 漏洞 (CVE-2021-27905) 6. 攻击[25747]:Windows信息收集命令类型一 7. 攻击[25750]:Windows信息收集命令类型二 8. 攻击[25776]:泛微OA DownloadServlet任意文件上传漏洞 9. 攻击[25811]:Pharmacy Management System 文件上传漏洞(CVE-2022-30887) 10. 攻击[25812]:Part-DB 0.5.11 文件上传漏洞(CVE-2022-0848) 11. 攻击[41935]:Phpspy Webshell 下载 12. 攻击[25810]:Ivanti Avalanche 证书管服务器反序列化漏洞 13. 攻击[25754]:Covenant工具默认HTTP模板通信 14. 攻击[41710]:Linux系统Shell反向连接 15. 攻击[25739]:Linux反弹shell类型一注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.29031. This package include changed rules: new rules: 1. threat[25813]:HotelDruid Code Injection Vulnerability (CVE-2022-22909) 2. threat[25815]:WECON LeviStudioU Alarm Tag Stack Buffer Overflow Vulnerability 3. threat[41931]:Curl PE File Download 4. threat[41932]:curl ELF File Download 5. threat[25816]:AtomCMS File Upload Vulnerability (CVE-2022-25487) 6. threat[25822]:Advantech iView NetworkServlet Command Injection Vulnerability(CVE-2022-2143) 7. threat[41933]:Wget PE File Download 8. threat[41934]:wget ELF File Download 9. threat[25818]:KeySight N6854A and N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Vulnerability(CVE-2022-1661) 10. threat[25819]:Ivanti Avalanche EnterpriseServer Service getDisplayableTreeData SQL Injection Vulnerability 11. threat[25820]:ASPXpy Trojan Execution Command Detection 12. threat[25817]:Zimbra Collaboration Memcached CRLF Injection Vulnerability(CVE-2022-27924) 13. threat[25821]:Centos Web Panel 7 Unauthenticated Remote Code Execution(CVE-2022-44877) 14. threat[25823]:E-Office OfficeServer File Upload Vulnerability 15. app:Storm Player 16. app:Orbitz 17. app:JD Logistics 18. app:Kuaishou 19. app:izuyou.com 20. app:Hotwire 21. app:youdao dict-Android 22. app:HeMu Camera 23. app: 24. app:YouKu-Android update rules: 1. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285)(CVE-2019-10173) 2. threat[24561]:XStream Library ReflectionConverter Insecure Deserialization Vulnerability(CVE-2019-10173) 3. threat[62199]:PHle Inclusion Vulnerability Of Passthru Execution 4. threat[41930]:iodine DNS Tunnel Tool Communication 5. threat[25259]:Apache Solr SSRF Vulnerability (CVE-2021-27905) 6. threat[25747]:Windows Information Collection Command Type One 7. threat[25750]:Windows Information Collection Command Type Two 8. threat[25776]:Weaver OA DownloadServlet Arbitrary File Upload Vulnerability 9. threat[25811]:Pharmacy Management System File Upload Vulnerability (CVE-2022-30887) 10. threat[25812]:Part-DB 0.5.11 File Upload Vulnerability (CVE-2022-0848) 11. threat[41935]:Phpspy Webshell Download 12. threat[25810]:Ivanti Avalanche Certificate Management Server Insecure Deserialization Vulnerability 13. threat[25754]:Covenant tool default HTTP template communication 14. threat[41710]:Linux Shell Reverse Connect 15. threat[25739]:Linux Shell Reverse Type One Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-01-12 22:52:04

名称： eoi.unify.allrulepatch.ips.5.6.10.28982.rule	版本：5.6.10.28982
MD5：2f8b85605113704470076aef2261ef23	大小：29.52M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28982。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25811]:Pharmacy Management System 文件上传漏洞(CVE-2022-30887) 2. 攻击[25812]:Part-DB 0.5.11 文件上传漏洞(CVE-2022-0848) 更新规则: 1. 攻击[25796]:mySCADA myDESIGNER目录遍历漏洞 (CVE-2021-43555) 2. 攻击[25808]:Apache Storm nimbus 远程命令执行漏洞(CVE-2021-38294) 3. 攻击[25794]:信息收集工具执行类型一注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28982. This package include changed rules: new rules: 1. threat[25811]:Pharmacy Management System File Upload Vulnerability (CVE-2022-30887) 2. threat[25812]:Part-DB 0.5.11 File Upload Vulnerability (CVE-2022-0848) update rules: 1. threat[25796]:mySCADA myDESIGNER Directory Traversal Vulnerability(CVE-2021-43555) 2. threat[25808]:Apache Storm nimbus Remote Command Execution Vulnerability (CVE-2021-38294) 3. threat[25794]:Information Collection Tool Execution Type One Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2023-01-05 20:02:53

名称： eoi.unify.allrulepatch.ips.5.6.10.28950.rule	版本：5.6.10.28950
MD5：224c77bbf16bba5c4dd60b6a6ce654e7	大小：29.44M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28950。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25790]:Spring boot admin任意命令执行漏洞(CVE-2022-46166) 2. 攻击[10533]:OpenSSL拒绝服务漏洞漏洞攻击(CVE-2022-0778) 3. 攻击[25792]:用友nc XbrlPersistenceServlet反序列化漏洞 4. 攻击[25793]:Django SQL注入攻击(CVE-2022-28346) 5. 攻击[25791]:冰蝎jsp内存马上传 6. 攻击[25796]:mySCADA myDESIGNER目录遍历漏洞 (CVE-2021-43555) 7. 攻击[25794]:信息收集工具执行类型一 8. 攻击[25798]:用友NC DownloadServlet反序列化漏洞 9. 攻击[25799]:用友NC UploadServlet反序列化漏洞 10. 攻击[25797]:Webmin命令执行漏洞(CVE-2022-36446) 11. 攻击[30801]:用友 U8 getSessionList.jsp信息泄漏漏洞 12. 攻击[25801]:GoAhead Server 环境变量注入漏洞(CVE-2021-42342) 13. 攻击[25805]:用友NC mxservlet反序列化漏洞 14. 攻击[25806]:用友NC FileParserServlet反序列化漏洞 15. 攻击[25795]:信息收集工具执行类型二 16. 攻击[25809]:Zyxel防火墙远程代码执行漏洞(CVE-2022-30525) 更新规则: 1. 攻击[25149]:ImageMagick身份验证命令注入漏洞(CVE-2020-29599) 2. 攻击[24553]:冰蝎 Webshell 连接(JSP) 3. 攻击[25752]:Linux信息收集命令执行成功 4. 攻击[24811]:Apache Solr Velocity远程代码执行漏洞（CVE-2019-17558） 5. 攻击[25342]:Gitea 1.4.0 目录穿越漏洞 6. 攻击[25239]:用友NC6.5 DeleteServlet 未授权反序列化漏洞 7. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞 8. 攻击[24550]:Webmin远程代码执行漏洞（CVE-2019-15107） 9. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞 10. 攻击[41919]:Weevely Webshell 工具通信 11. 攻击[25697]:Microsoft Exchange Server服务器端请求伪造漏洞(CVE-2022-41040) 12. 攻击[25652]:用友NC actionhandlerservlet接口反序列化漏洞 13. 攻击[25344]:Apache Kylin 未授权配置泄露漏洞(CVE-2020-13937) 14. 攻击[25786]:Oracle ADF Faces 反序列化任意命令执行漏洞(CVE-2022-21445) 15. 攻击[25790]:Spring boot admin任意命令执行漏洞(CVE-2022-46166) 16. 攻击[25802]:Microsoft Exchange Server远程代码执行漏洞(CVE-2022-41082) 17. 攻击[25801]:GoAhead Server 环境变量注入漏洞(CVE-2021-42342) 18. 攻击[24163]:GoAhead httpd LD_PRELOAD 远程代码执行漏洞(CVE-2017-17562) 19. 攻击[23818]:Spring Boot框架SPEL表达式注入漏洞 20. 攻击[25638]:用友NC6.5任意文件上传漏洞(grouptemplet) 21. 攻击[23991]:Fastjson远程代码执行漏洞 22. 攻击[41780]:DNSLog查询请求注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28950. This package include changed rules: new rules: 1. threat[25790]:Spring boot admin Arbitrary Command Execution Vulnerability (CVE-2022-46166) 2. threat[10533]:OpenSSL Denial of Service Vulnerability (CVE-2022-0778) 3. threat[25792]:YonYou nc XbrlPersistenceServlet Deserialization Vulnerability 4. threat[25793]:Django SQL Injection Attack (CVE-2022-28346) 5. threat[25791]:Behinder jsp Memory Shell Upload 6. threat[25796]:mySCADA myDESIGNER Directory Traversal Vulnerability(CVE-2021-43555) 7. threat[25794]:Information Collection Tool Execution Type One 8. threat[25798]:YonYouNC DownloadServlet Deserialization Vulnerability 9. threat[25799]:YonYouNC UploadServlet Deserialization Vulnerability 10. threat[25797]:Webmin Command Execution Vulnerability (CVE-2022-36446) 11. threat[30801]:YonYou U8 getSessionList.jsp information leakage vulnerability 12. threat[25801]:GoAhead Server Environment Variable Injection Vulnerability(CVE-2021-42342) 13. threat[25805]:YonYouNC mxservlet Deserialization Vulnerability 14. threat[25806]:Yonyou NC FileParserServlet Interface Deserialization Vulnerability 15. threat[25795]:Information Collection Tool Execution Type Two 16. threat[25809]:Zyxel Firewall Remote Command Injection Vulnerability (CVE-2022-30525) update rules: 1. threat[25149]:ImageMagick Authenticate Command Injection Vulnerability(CVE-2020-29599) 2. threat[24553]:Behinder Webshell Connect(JSP) 3. threat[25752]:Linux Information Collection Command Execution Success 4. threat[24811]:Apache Solr Velocity Remote Code Execution Vulnerability (CVE-2019-17558) 5. threat[25342]:Gitea 1.4.0 Directory Traversal Vulnerability 6. threat[25239]:Yonyou NC6.5 DeleteServlet Unauthorized Deserialization Vulnerability 7. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability 8. threat[24550]:Webmin Remote Code Execution Vulnerability(CVE-2019-15107) 9. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability 10. threat[41919]:Weevely Webshell Tool Communication 11. threat[25697]:Microsoft Exchange Server Server-Side Request Forgery Vulnerability(CVE-2022-41040) 12. threat[25652]:Yonyou NC actionhandlerservlet Interface Deserialization Vulnerability 13. threat[25344]:Apache kylin unauthorized configuration leak vulnerability (CVE-2020-13937) 14. threat[25786]:Oracle ADF Faces Deserialization Arbitrary Command Execution Vulnerability (CVE-2022-21445) 15. threat[25790]:Spring boot admin Arbitrary Command Execution Vulnerability (CVE-2022-46166) 16. threat[25802]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2022-41082) 17. threat[25801]:GoAhead Server Environment Variable Injection Vulnerability(CVE-2021-42342) 18. threat[24163]:GoAhead httpd LD_PRELOAD Remote Code Execution Vulnerability(CVE-2017-17562) 19. threat[23818]:Spring Boot Framework SPEL Expressions Injection Vulnerability 20. threat[25638]:Yonyou NC6.5 Arbitrary File Upload Vulnerability(grouptemplet) 21. threat[23991]:Fastjson Remote Code Execution Vulnerability 22. threat[41780]:DNSLog Query Request Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-31 23:44:58

名称： eoi.unify.allrulepatch.ips.5.6.10.28923.rule	版本：5.6.10.28923
MD5：4b9ea3298d48de13606f1531e42e842a	大小：29.42M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28923。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25803]:Microsoft Exchange Server远程权限提升漏洞(CVE-2022-41080) 2. 攻击[25802]:Microsoft Exchange Server远程代码执行漏洞(CVE-2022-41082) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28923. This package include changed rules: new rules: 1. threat[25803]:Microsoft Exchange Server Remote Privilege Escalation Vulnerability(CVE-2022-41080) 2. threat[25802]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2022-41082) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-28 22:12:09

名称： eoi.unify.allrulepatch.ips.5.6.10.28853.rule	版本：5.6.10.28853
MD5：0082234d48e953fbf2ac1307d95e061a	大小：29.31M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28853。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30797]:TerraMaster TOS 敏感信息泄露漏洞(CVE-2022-24990) 2. 攻击[30796]:Jetty WEB-INF 敏感信息泄露漏洞(CVE-2021-28164) 3. 攻击[25751]:Windows信息收集命令执行成功 4. 攻击[30798]:Jetty WEB-INF 敏感信息泄露漏洞(CVE-2021-34429) 5. 攻击[41929]:内网隧道工具reGeorg通信 6. 攻击[25775]:LanDe Network O2oa 代码执行漏洞(CVE-2022-22916) 7. 攻击[25752]:Linux信息收集命令执行成功 8. 攻击[25776]:泛微OA DownloadServlet任意文件上传漏洞 9. 攻击[25777]:用友nc FileReceiveServlet反序列化文件上传漏洞 10. 攻击[30799]:用友 NCCloud fs/console SQL注入漏洞 11. 攻击[25781]:友点CMS SQL注入漏洞 (CVE-2022-32299) 12. 攻击[25782]:友点CMS SQL注入漏洞 (CVE-2022-32301) 13. 攻击[25779]:GitLab任意文件读取漏洞(CVE-2016-9086) 14. 攻击[25780]:Apache Airflow 代码注入漏洞（CVE-2022-40127） 15. 攻击[25784]:Atlassian Bitbucket 命令注入漏洞(CVE-2022-36804) 16. 攻击[25785]:Gitlist 0.6.0远程命令执行漏洞(CVE-2018-1000533) 17. 攻击[25786]:Oracle ADF Faces 反序列化任意命令执行漏洞(CVE-2022-21445) 18. 攻击[30800]:用友u8-test.jsp SQL注入漏洞 19. 攻击[25787]:Java Agent型内存马上传 20. 攻击[25788]:Spring 型内存马上传 21. 攻击[25789]:GitLab Community and Enterprise Edition Notes存储型跨站脚本漏洞(CVE-2022-1175) 22. 攻击[25774]:TerraMaster TOS 远程命令执行漏洞 (CVE-2022-24989) 23. 应用:MindMaster 24. 应用:应届生求职-资源 25. 应用:百视通-资源 26. 应用:公牛智家 27. 应用:印象笔记 28. 应用:CC直播-ios 29. 应用:微信读书 30. 应用:中国联通-Android 更新规则: 1. 攻击[25262]:泛微OA9任意文件上传漏洞 2. 攻击[24507]:HTTP请求uri/referer字段目录遍历 3. 攻击[25778]:友点CMS SQL注入漏洞 (CVE-2022-32300) 4. 攻击[25718]:Tendar Router AC11 缓冲区溢出漏洞(CVE-2021-31755) 5. 攻击[25247]:用友ERP-NC 目录遍历漏洞 6. 攻击[25768]:Cacti 命令注入漏洞(CVE-2022-46169) 7. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28853. This package include changed rules: new rules: 1. threat[30797]:TerraMaster TOS Sensitive Information Disclosure Vulnerability (CVE-2022-24990) 2. threat[30796]:Jetty WEB-INF Sensitive Information Disclosure Vulnerability(CVE-2021-28164) 3. threat[25751]:Windows Information Collection Command Execution Success 4. threat[30798]:Jetty WEB-INF Sensitive Information Disclosure Vulnerability(CVE-2021-34429) 5. threat[41929]:Intranet tunneling tool reGeorg communication 6. threat[25775]:LanDe Network O2oa Code Execution Vulnerability (CVE-2022-22916) 7. threat[25752]:Linux Information Collection Command Execution Success 8. threat[25776]:Weaver OA DownloadServlet Arbitrary File Upload Vulnerability 9. threat[25777]:YonYou nc FileReceiveServlet Deserialization File Upload Vulnerability 10. threat[30799]:YonYou NCCloud fs/console SQL Injection Vulnerability 11. threat[25781]:YoudianCMS SQL Injection Vulnerability (CVE-2022-32299) 12. threat[25782]:YoudianCMS SQL Injection Vulnerability (CVE-2022-32301) 13. threat[25779]:GitLab Arbitrary File Read Vulnerability(CVE-2016-9086) 14. threat[25780]:Apache Airflow Code Injection Vulnerability (CVE-2022-40127) 15. threat[25784]:Atlassian Bitbucket Command Injection Vulnerability (CVE-2022-36804) 16. threat[25785]:Gitlist 0.6.0 Remote Code Execution Vulnerability(CVE-2018-1000533) 17. threat[25786]:Oracle ADF Faces Deserialization Arbitrary Command Execution Vulnerability (CVE-2022-21445) 18. threat[30800]:YonYou u8-test.jsp SQL Injection Vulnerability 19. threat[25787]:Java Agent Memory Shell Upload 20. threat[25788]:Spring Memory Shell Upload 21. threat[25789]:GitLab Community and Enterprise Edition Notes Stored Cross-Site Scripting Vulnerability(CVE-2022-1175) 22. threat[25774]:TerraMaster TOS Remote Command Execution Vulnerability (CVE-2022-24989) 23. app:MindMaster 24. app:yingjiesheng.com 25. app: 26. app:iotbull.com 27. app:Evernote 28. app:CC live-ios 29. app:weread 30. app:10010.com-Android update rules: 1. threat[25262]:Weaver OA9 Arbitrary File Upload Vulnerability 2. threat[24507]:HTTP Request URL/Referer Field Directory Traversal 3. threat[25778]:Youdian CMS SQL Injection Vulnerability (CVE-2022-32300) 4. threat[25718]:Tendar Router AC11 Stack Buffer Overflow Vulnerability(CVE-2021-31755) 5. threat[25247]:Yonyou ERP-NC directory traversal vulnerability 6. threat[25768]:Cacti Command Injection Vulnerability (CVE-2022-46169) 7. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-22 22:04:45

名称： eoi.unify.allrulepatch.ips.5.6.10.28779.rule	版本：5.6.10.28779
MD5：3d30160a92cb50827499613381c5f22c	大小：29.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28779。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25760]:pgAdmin4 validate_binary_path远程代码执行漏洞(CVE-2022-4223) 2. 攻击[30795]:用友NC IUpdateService XXE漏洞 3. 攻击[25764]:用友u8 Uploadimg2File文件上传漏洞 4. 攻击[25765]:D-link gdrive.cgi 远程命令执行漏洞 5. 攻击[25766]:用友时空KSOA ImageUpload文件上传漏洞 6. 应用:联发科 7. 应用:车来了-Android 8. 应用:航天云网-INDICS 9. 应用:悦动圈 10. 应用:北京现代 11. 应用:小爱同学-Android 12. 应用:开源中国 13. 应用:韩饭网 14. 应用:汉王 15. 应用:机智云Gizwits平台 16. 应用:西瓜视频-资源 17. 应用:佳明 18. 应用:阿里云ET-工业大脑 19. 应用:个性网 20. 应用:西门子MindSphere平台 21. 应用:南昌交通学院 22. 应用:KK直播-资源 23. 应用:访问QQ邮箱网站 24. 应用:7808口碑创业网 25. 应用:掌阅 26. 应用:TCL智慧家居-Android 27. 应用:动漫屋 28. 应用:梨视频 29. 应用:KK直播-iOS 30. 应用:欧普智能家庭-Android 31. 应用:便民查询网怀孕计算器 32. 应用:分期乐 33. 应用:新浪微博-Web 34. 应用:快对-资源 35. 应用:西瓜视频-ios 36. 应用:慢慢买 37. 应用:快对-Android 38. 应用:喂车车 39. 应用:克拉克拉-iOS 40. 应用:KK直播-Android 41. 应用:美团-资源 42. 应用:中国移动OneNET平台 43. 应用:海尔-COSMOPlat 44. 应用:环球网校 45. 应用:邮乐 46. 应用:同盾科技 47. 应用:Soul-Android 48. 应用:金山词霸 49. 应用:Athmapp汽车之家 50. 应用:快对-iOS 51. 应用:西瓜视频-web 52. 应用:咕咚 53. 应用:法大大 54. 应用:中兴智能家居-Android 55. 应用:美团-Android 56. 应用:KK直播 57. 应用:西瓜视频-Android 58. 攻击[25771]:ThinkPHP多语言功能远程代码执行漏洞 59. 攻击[25768]:Cacti 命令注入漏洞(CVE-2022-46169) 60. 攻击[25770]:深信服 EDR 远程命令执行漏洞 61. 攻击[25767]:多个网络产品ping接口任意命令执行漏洞 62. 攻击[25769]:TP-LINK 后门漏洞通信更新规则: 1. 攻击[30794]:QNAP 任意文件读取漏洞(CVE-2019-7192) 2. 攻击[24550]:Webmin远程代码执行漏洞（CVE-2019-15107） 3. 攻击[25761]:Fortinet 防火墙身份认证绕过漏洞(CVE-2022-40684) 4. 攻击[41919]:Weevely Webshell 工具通信 5. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞 6. 攻击[30794]:QNAP 任意文件读取漏洞(CVE-2019-7194) 7. 应用:Postgresql 8. 攻击[25507]:Terramaster TOS 命令注入漏洞(CVE-2020-28188) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28779. This package include changed rules: new rules: 1. threat[25760]:pgAdmin4 validate_binary_path Remote Code Execution Vulnerability(CVE-2022-4223) 2. threat[30795]:YonYou NC IUpdateService XXE Vulnerability 3. threat[25764]:YonYou u8 Uploadimg2File File Upload Vulnerability 4. threat[25765]:D-link gdrive.cgi Remote Code Execution Vulnerability 5. threat[25766]:YonYou KSOA ImageUpload File Upload Vulnerability 6. app:MediaTek 7. app:车来了-Android 8. app:CASICloud-INDICS 9. app:51yund.com 10. app:beijing-hyundai.com.cn 11. app:xiaoailite-Android 12. app:OSChina 13. app:hanfan.cc 14. app:Hanvon 15. app:Gizwits 16. app:XiguaVideo-Resources 17. app:Garmin 18. app:Industrial Brain 19. app:gexing.com 20. app:MindSphere 21. app:Institute of Technology East China Jiaotong University 22. app:KKLive Resources 23. app:Visiting the QQ Mail Website 24. app:7808.cn 25. app:iReader 26. app:TCL Smart Home-Android 27. app:dm5.com 28. app:Pearvideo 29. app:KKLive-iOS 30. app:opple Smart Home-Android 31. app:51240 Pregnancy test 32. app:fenqile.com 33. app:Sina Micro-blog 34. app:kuaidui-资源 35. app:XiGuaVideo-ios 36. app:Manmanbuy 37. app:kuaidui-Android 38. app:weicheche.cn 39. app:kelakela 40. app:KKLive-Android 41. app:meituan-Resources 42. app:OneNET 43. app:COSMOPlat 44. app:hqwx.com 45. app:ule.com 46. app:Tongdun 47. app:soulapp 48. app:iciba 49. app:athmapp.com 50. app:kuaidui-iOS 51. app:XiGuaVideo-web 52. app:codoon.com 53. app:fadada.com 54. app:ztehome-Android 55. app:meituan-Android 56. app:KKLive 57. app:XiGuaVideo-Android 58. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability 59. threat[25768]:Cacti Command Injection Vulnerability (CVE-2022-46169) 60. threat[25770]:Sangfor EDR Remote Code Execution Vulnerability 61. threat[25767]:Multiple Network Products Ping Interface Arbitrary Command Execution Vulnerability 62. threat[25769]:TP-LINK Backdoor Vulnerability Communication update rules: 1. threat[30794]:QNAP Arbitrary File Reading Vulnerability (CVE-2019-7192) 2. threat[24550]:Webmin Remote Code Execution Vulnerability(CVE-2019-15107) 3. threat[25761]:Fortinet firewall authentication bypass vulnerability(CVE-2022-40684) 4. threat[41919]:Weevely Webshell Tool Communication 5. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability 6. threat[30794]:QNAP Arbitrary File Reading Vulnerability (CVE-2019-7194) 7. app:Postgresql 8. threat[25507]:Terramaster TOS Command Injection Vulnerability(CVE-2020-28188) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-16 10:24:28

名称： eoi.unify.allrulepatch.ips.5.6.10.28750.rule	版本：5.6.10.28750
MD5：f78ccfacf663e146fe4e7df3bdbd3e9b	大小：29.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28750。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41927]:WMI建立远程连接 2. 攻击[41926]:木马后门程序mrAgent通信更新规则: 1. 攻击[41336]:远程控制工具PSEXEC建立连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28750. This package include changed rules: new rules: 1. threat[41927]:WMI establishes remote connections 2. threat[41926]:Trojan Backdoor mrAgent Communication update rules: 1. threat[41336]:Remote Control Tool PSEXEC Establish Connections Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-09 22:48:45

名称： eoi.unify.allrulepatch.ips.5.6.10.28715.rule	版本：5.6.10.28715
MD5：9c506e639b349aaa52069172892b4b58	大小：29.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28715。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25753]:用友 u8 UploadFileData文件上传漏洞 2. 攻击[25746]:Linux信息收集命令类型一 3. 攻击[25748]:Linux信息收集命令类型二 4. 攻击[25747]:Windows信息收集命令类型一 5. 攻击[25750]:Windows信息收集命令类型二 6. 攻击[41918]:WeBaCoo Webshell工具通信 7. 攻击[41919]:Weevely Webshell 工具通信 8. 攻击[25759]:用友nc bsh.servlet.BshServlet命令执行漏洞 9. 攻击[41921]:ZeroTier内网穿透工具通信 10. 攻击[41922]:NSmartProxy工具通信 11. 攻击[41920]:Your Freedom工具通信更新规则: 1. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28715. This package include changed rules: new rules: 1. threat[25753]:Yonyou u8 UploadFileData file upload vulnerability 2. threat[25746]:Linux Information Collection Command Type One 3. threat[25748]:Linux Information Collection Command Type Two 4. threat[25747]:Windows Information Collection Command Type One 5. threat[25750]:Windows Information Collection Command Type Two 6. threat[41918]:WeBaCoo Webshell Tool Communication 7. threat[41919]:Weevely Webshell Tool Communication 8. threat[25759]:Yonyou nc bsh.servlet.BshServlet Command Execution Vulnerability 9. threat[41921]:ZeroTier Intranet penetrating tool communication 10. threat[41922]:NSmartProxy Tool Communication 11. threat[41920]:Your Freedom Tool Communication update rules: 1. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-08 20:38:22

名称： eoi.unify.allrulepatch.ips.5.6.10.28640.rule	版本：5.6.10.28640
MD5：abd8ba7399f02a926dcfe0af207fd77b	大小：29.20M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28640。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25749]:Advantech iView findCfgDeviceListDetailsExport目录遍历漏洞(CVE-2022-2139) 2. 攻击[25739]:Linux反弹shell类型一 3. 攻击[25740]:Linux反弹shell类型二 4. 攻击[25738]:Windows反弹shell类型一 5. 攻击[25741]:Windows反弹shell类型二更新规则: 1. 攻击[41720]:蚁剑Webshell管理工具连接控制 2. 攻击[25681]:Advantech iView getAllActiveTraps search_date SQL 注入漏洞(CVE-2022-2135) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28640. This package include changed rules: new rules: 1. threat[25749]:Advantech iView findCfgDeviceListDetailsExport Directory Traversal Vulnerability(CVE-2022-2139) 2. threat[25739]:Linux Shell Reverse Type One 3. threat[25740]:Linux Shell Reverse Type Two 4. threat[25738]:Windows Shell Reverse Type One 5. threat[25741]:Windows Shell Reverse Type Two update rules: 1. threat[41720]:AntSword Webshell Management Tool Connection and Control 2. threat[25681]:Advantech iView getAllActiveTraps search_date SQL Injection Vulnerability(CVE-2022-2135) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-12-01 22:33:29

名称： eoi.unify.allrulepatch.ips.5.6.10.28617.rule	版本：5.6.10.28617
MD5：03269b4d8d8608b3e898071092e3813c	大小：29.17M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28617。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25743]:联软it安全运维管理系统ScanAcutaInfoController/deleteChoosed反序列化漏洞 2. 攻击[25744]:慧点 OA wordOperationRest/taoda 任意文件上传 3. 攻击[50622]:Anydesk远程控制软件运行更新规则: 1. 攻击[25449]:XXL-JOB（REST接口）未授权远程执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28617. This package include changed rules: new rules: 1. threat[25743]:LeagSoft IT Security Operation And Maintenance Management System ScanAcutaInfoController/deleteChoosed Deserialization Vulnerability 2. threat[25744]:WisePoint OA wordOperationRest/taoda Arbitrary File Upload Vulnerability 3. threat[50622]:Remote Control Tool Anydesk Running update rules: 1. threat[25449]:XXL-JOB (REST API) Unauthorized Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-11-25 14:47:45

名称： eoi.unify.allrulepatch.ips.5.6.10.28552.rule	版本：5.6.10.28552
MD5：e797cba057c84f320c274168cdd2c4d2	大小：29.18M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28552。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25737]:用友FE templateOfTaohong_manager.jsp 目录遍历漏洞 2. 攻击[41907]:reDuh http隧道内网代理连接 (php) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28552. This package include changed rules: new rules: 1. threat[25737]:Yonyou FE templateOfTaohong_manager.jsp Directory Traversal Vulnerability 2. threat[41907]:reDuh http tunnel proxy connection (php) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-11-17 19:21:23

名称： eoi.unify.allrulepatch.ips.5.6.10.28523.rule	版本：5.6.10.28523
MD5：2edef5f028ef66b1b3d281d879b34dc0	大小：28.27M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28523。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25733]:Ivanti Avalanche EnterpriseServer getApplicationData SQL注入漏洞 2. 攻击[25734]:Servlet型内存马上传 3. 攻击[25735]:Filter型内存马上传 4. 攻击[25736]:Listener型内存马上传 5. 攻击[25731]:Linux样本下载类型二 6. 攻击[25732]:Windows样本下载类型二注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28523. This package include changed rules: new rules: 1. threat[25733]:Ivanti Avalanche EnterpriseServer getApplicationData SQL Injection Vulnerability 2. threat[25734]:Servlet Memory Shell Upload 3. threat[25735]:Filter Memory Shell Upload 4. threat[25736]:Listener Memory Shell Upload 5. threat[25731]:Linux Sample Download Type Two 6. threat[25732]:Windows Sample Download Type Two Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-11-10 18:08:35

名称： eoi.unify.allrulepatch.ips.5.6.10.28498.rule	版本：5.6.10.28498
MD5：8d471c6eb529d673faeba3c457bb9b71	大小：28.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28498。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25721]:Microsoft Windows SChannel缓冲区溢出漏洞(CVE-2014-6321) 2. 攻击[25722]:ForgeRock Access Management and OpenAM Jato反序列化漏洞(CVE-2021-35464) 3. 攻击[25723]:JBoss JMX Console Deployer 任意文件上传漏洞(CVE-2007-1036) 4. 攻击[25724]:TrendNET路由器权限绕过漏洞 (CVE-2018-7034) 5. 攻击[25725]:WordPress True Ranker 目录遍历漏洞 (CVE-2021-39312) 6. 攻击[25729]:Aria2 任意文件写入漏洞 7. 攻击[25727]:Linux样本下载类型一 8. 攻击[25726]:Windows样本下载类型一更新规则: 1. 攻击[41720]:蚁剑Webshell管理工具连接控制 2. 攻击[60464]:HTTP服务目录遍历漏洞 3. 攻击[25614]:Apache Spark UI doAs命令注入漏洞 (CVE-2022-33891) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28498. This package include changed rules: new rules: 1. threat[25721]:Microsoft Windows SChannel Buffer Overflow Vulnerability(CVE-2014-6321) 2. threat[25722]:ForgeRock Access Management and OpenAM Jato Insecure Deserialization Vulnerability (CVE-2021-35464) 3. threat[25723]:JBoss JMX Console Deployer Arbitrary File Upload Vulnerability(CVE-2007-1036) 4. threat[25724]:TrendNET Router Authorization Bypass Vulnerability(CVE-2018-7034) 5. threat[25725]:WordPress True Ranker Directory Traversal Vulnerability (CVE-2021-39312) 6. threat[25729]:Aria2 Arbitrary File Write Vulnerability 7. threat[25727]:Linux Sample Download Type One 8. threat[25726]:Windows Sample Download Type One update rules: 1. threat[41720]:AntSword Webshell Management Tool Connection and Control 2. threat[60464]:HTTP Directory Traversal Vulnerability 3. threat[25614]:Apache Spark UI doAs Command Injection Vulnerability (CVE-2022-33891) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-11-04 17:14:32

名称： eoi.unify.allrulepatch.ips.5.6.10.28462.rule	版本：5.6.10.28462
MD5：67f903b0b041cf8dc829aefb8cc76193	大小：28.21M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28462。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25708]:Ivanti Avalanche SmartDeviceServer DeviceLogsManager 目录遍历漏洞 2. 攻击[25709]:Netgear ProSafe 远程命令执行漏洞 3. 攻击[25710]:BEWARD N100 H.264 VGA 网络摄像机远程代码执行漏洞 4. 攻击[25712]:WordPress Slider Revolution Responsive 任意文件下载漏洞(CVE-2014-9734) 5. 攻击[25713]:Joomla DT Register SQL注入漏洞(CVE-2018-6584) 6. 攻击[25714]:WordPress 内容注入漏洞(CVE-2017-5487) 7. 攻击[25715]:Atlassian Questions 硬编码漏洞(CVE-2022-26138) 8. 攻击[25716]:VMware vCenter Server 任意文件上传漏洞(CVE-2021-22005) 9. 攻击[25717]:Laravel _ignition 远程代码执行漏洞(CVE-2021-3129) 10. 攻击[25718]:Tendar Router AC11 缓冲区溢出漏洞(CVE-2021-31755) 11. 攻击[25711]:nostromo nhttpd 目录遍历漏洞(CVE-2019-16278) 12. 攻击[25719]:ASUS b1m projector applg.cgi 远程命令执行漏洞更新规则: 1. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552) 2. 攻击[24670]:PandoraFMS v7.0NG 远程代码执行漏洞（CVE-2019-20224） 3. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28462. This package include changed rules: new rules: 1. threat[25708]:Ivanti Avalanche SmartDeviceServer DeviceLogsManager Directory Traversal Vulnerability 2. threat[25709]:Netgear ProSafe Remote Command Execution Vulnerability 3. threat[25710]:BEWARD N100 H.264 VGA IP Camera Remote Code Execution Vulnerability 4. threat[25712]:WordPress Slider Revolution Responsive Arbitrary File Download Vulnerability(CVE-2014-9734) 5. threat[25713]:Joomla DT Register SQL Injection Vulnerability(CVE-2018-6584) 6. threat[25714]:WordPress Content Injection Vulnerability(CVE-2017-5487) 7. threat[25715]:Atlassian Questions Hardcoded Password Vulnerability(CVE-2022-26138) 8. threat[25716]:VMware vCenter Server Arbitrary File Upload Vulnerability(CVE-2021-22005) 9. threat[25717]:Laravel _ignition Remote Code Execution Vulnerability(CVE-2021-3129) 10. threat[25718]:Tendar Router AC11 Stack Buffer Overflow Vulnerability(CVE-2021-31755) 11. threat[25711]:nostromo nhttpd Directory Traversal Vulnerability(CVE-2019-16278) 12. threat[25719]:ASUS b1m projector applg.cgi Remote Code Execution Vulnerability update rules: 1. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552) 2. threat[24670]:PandoraFMS v7.0NG Remote Code Execution Vulnerability (CVE-2019-20224) 3. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-10-28 13:48:23

名称： eoi.unify.allrulepatch.ips.5.6.10.28434.rule	版本：5.6.10.28434
MD5：5da2e7f58219967141008f903aac8274	大小：28.15M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28434。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25700]:Teleport堡垒机 do-login 任意用户登录漏洞 2. 攻击[25701]:SeaCMS search.php 远程代码执行漏洞 3. 攻击[25702]:Realtek Jungle SDK命令注入漏洞(CVE-2021-35394) 4. 攻击[25703]:Craft CMS SEOmatic 注入漏洞(CVE-2020-9757) 5. 攻击[25704]:Apache Commons JXPath 远程代码执行漏洞(CVE-2022-41852) 6. 攻击[25705]:Apache Commons-Text 远程命令执行漏洞 (CVE-2022-42889) 7. 攻击[25706]:Cobalt Strike远程代码执行漏洞 (CVE-2022-39197) 8. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552) 更新规则: 1. 攻击[25377]:Gitlab服务器端请求伪造(SSRF)漏洞(CVE-2021-22214) 2. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388) 3. 攻击[24846]:phpcms2008 代码注入漏洞 4. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞 5. 攻击[25614]:Apache Spark UI 命令注入漏洞 (CVE-2022-33891) 6. 攻击[41901]:冰蝎 Webshell 连接(image) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28434. This package include changed rules: new rules: 1. threat[25700]:Teleport do-login Arbitrary User Login Vulnerability 2. threat[25701]:SeaCMS search.php Remote Code Execution Vulnerability 3. threat[25702]:Realtek Jungle SDK Command Injection Vulnerability(CVE-2021-35394) 4. threat[25703]:Craft CMS SEOmatic Server-Side Template Injection Vulnerability(CVE-2020-9757) 5. threat[25704]:Apache Commons JXPath Remote Code Execution Vulnerability(CVE-2022-41852) 6. threat[25705]:Apache Commons-Text Remote Code Execution Vulnerability (CVE-2022-42889) 7. threat[25706]:Cobalt Strike Remote Code Execution Vulnerability (CVE-2022-39197) 8. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552) update rules: 1. threat[25377]:Gitlab Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-22214) 2. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388) 3. threat[24846]:phpcms2008 code injection vulnerability 4. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability 5. threat[25614]:Apache Spark UI Command Injection Vulnerability (CVE-2022-33891) 6. threat[41901]:Behinder Webshell Connect(image) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-10-21 17:29:14

名称： eoi.unify.allrulepatch.ips.5.6.10.28396.rule	版本：5.6.10.28396
MD5：71034dd8cb7baf9e371547c623fc19f8	大小：28.12M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28396。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25691]:LILIN DVR命令注入漏洞 2. 攻击[25692]:Seowon Intech SWC-9100 命令注入漏洞(CVE-2013-7179) 3. 攻击[25694]:蓝凌OA EKP 后台SQL注入漏洞(CNVD-2021-01363) 4. 攻击[25693]:安川机器人Telnet默认密码漏洞 5. 攻击[25695]:Atlassian Jira Server and Data Center 服务器端请求伪造漏洞(CVE-2022-26135) 6. 攻击[25696]:金蝶OA server_file 目录遍历漏洞(CNVD-2021-43484) 7. 攻击[25698]:用友畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞 8. 攻击[25699]:用友畅捷通T+ RecoverPassword.aspx 管理员密码修改漏洞 9. 攻击[25697]:Exchange Server服务器端请求伪造漏洞(CVE-2022-41040) 更新规则: 1. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361) 2. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞 3. 攻击[25637]:万户OA任意文件上传漏洞 4. 攻击[24560]:Totaljs CMS 12.0 目录遍历漏洞（CVE-2019-15952） 5. 攻击[21898]:V-CMS PHP文件上传和执行漏洞(CVE-2011-4828) 6. 攻击[25603]:致远OA(A6/A8) wpsAssistServlet 任意文件上传漏洞 7. 攻击[25641]:H3C CAS虚拟化平台任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28396. This package include changed rules: new rules: 1. threat[25691]:LILIN DVR Command Injection Vulnerability 2. threat[25692]:Seowon Intech SWC-9100 Command Injection Vulnerability(CVE-2013-7179) 3. threat[25694]:Landray-OA EKP SQL Injection Vulnerability(CNVD-2021-01363) 4. threat[25693]:Yaskawa robot Telnet default password vulnerability 5. threat[25695]:Atlassian Jira Server and Data Center Server-Side Request Forgery Vulnerability(CVE-2022-26135) 6. threat[25696]:Kingdee OA server_file Directory Traversal Vulnerability(CNVD-2021-43484) 7. threat[25698]:Yonyou CHANJET T+ DownloadProxy.aspx Arbitrary File Read Vulnerability 8. threat[25699]:Yonyou CHANJET T+ RecoverPassword.aspx Admin Password Reset Vulnerability 9. threat[25697]:Exchange Server Server-Side Request Forgery Vulnerability(CVE-2022-41040) update rules: 1. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361) 2. threat[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 remote code execution vulnerability 3. threat[25637]:Wanhu OA Arbitrary File Upload Vulnerability 4. threat[24560]:Totaljs CMS 12.0 Path Traversal Vulnerability(CVE-2019-15952) 5. threat[21898]:V-CMS PHP File Upload and Execute Vulnerability(CVE-2011-4828) 6. threat[25603]:Seeyon OA (A6/A8) wpsAssistServlet Arbitrary File Upload Vulnerability 7. threat[25641]:H3C CAS Virtualization Platform Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-10-15 17:17:26

名称： eoi.unify.allrulepatch.ips.5.6.10.28343.rule	版本：5.6.10.28343
MD5：a398063a093dabf9d23fe445f5b86aa2	大小：28.08M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28343。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25689]:Jenkins Rundeck插件存储型跨站脚本漏洞(CVE-2022-30956) 2. 攻击[25690]:Wordpress Paid Memberships Pro 插件SQL注入漏洞(CVE-2021-25114) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28343. This package include changed rules: new rules: 1. threat[25689]:Jenkins Rundeck Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-30956) 2. threat[25690]:Wordpress Paid Memberships Pro Plugin SQL Injection Vulnerability(CVE-2021-25114) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-10-06 20:04:02

名称： eoi.unify.allrulepatch.ips.5.6.10.28334.rule	版本：5.6.10.28334
MD5：e3794ec9b347c1929747db92d6b20c8c	大小：28.08M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28334。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25686]:PHPCMS 9.6.0 任意文件上传漏洞(CVE-2018-14399) 2. 攻击[25687]:Advantech iView updatePROMFile SQL注入漏洞(CVE-2022-2136) 3. 攻击[25688]:Jenkins GitLab Plugin 跨站脚本漏洞(CVE-2022-34777) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28334. This package include changed rules: new rules: 1. threat[25686]:PHPCMS 9.6.0 Arbitrary File Upload Vulnerability(CVE-2018-14399) 2. threat[25687]:Advantech iView updatePROMFile SQL Injection Vulnerability(CVE-2022-2136) 3. threat[25688]:Jenkins GitLab Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-34777) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-09-30 15:11:31

名称： eoi.unify.allrulepatch.ips.5.6.10.28324.rule	版本：5.6.10.28324
MD5：21bbf6be83a3043af4a9a506f5141f05	大小：28.07M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28324。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25682]:Zoho ManageEngine ADAudit Plus外部实体注入漏洞(CVE-2022-28219) 2. 攻击[25683]:Horde Groupware Webmail Edition 反序列化漏洞(CVE-2022-30287) 3. 攻击[25684]:Zimbra Collaboration Calendar 反射型跨站脚本漏洞(CVE-2022-24682) 4. 攻击[25685]:GLPI-Project GLPI SQL漏洞(CVE-2022-31061) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28324. This package include changed rules: new rules: 1. threat[25682]:Zoho ManageEngine ADAudit Plus External Entity Injection Vulnerability (CVE-2022-28219) 2. threat[25683]:Horde Groupware Webmail Edition Deserialization Vulnerability(CVE-2022-30287) 3. threat[25684]:Zimbra Collaboration Calendar Reflected Cross-Site Scripting Vulnerability(CVE-2022-24682) 4. threat[25685]:GLPI-Project GLPI SQL Injection Vulnerability(CVE-2022-31061) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-09-26 09:21:40

名称： eoi.unify.allrulepatch.ips.5.6.10.28291.rule	版本：5.6.10.28291
MD5：de389e2518e26c16104ff14808b1775a	大小：28.06M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28291。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25680]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2022-26887) 2. 攻击[25681]:Advantech iView getAllActiveTraps search_date SQL 注入漏洞(CVE-2022-2135) 更新规则: 1. 攻击[50621]:Todesk远程控制软件运行注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28291. This package include changed rules: new rules: 1. threat[25680]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2022-26887) 2. threat[25681]:Advantech iView getAllActiveTraps search_date SQL Injection Vulnerability(CVE-2022-2135) update rules: 1. threat[50621]:Remote Control Tool Todesk Running Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-09-16 17:11:06

名称： eoi.unify.allrulepatch.ips.5.6.10.28277.rule	版本：5.6.10.28277
MD5：8f05a25b8c9433417940259b8cca9204	大小：28.05M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28277。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25672]:Windows LNK 远程代码执行漏洞（CVE-2020-1421） 2. 攻击[25674]:WordPress Popup Maker Plugin Popup Settings存储型跨站脚本漏洞(CVE-2022-1104) 3. 攻击[25675]:Microsoft Windows DHCP Client 远程代码执行漏洞(CVE-2019-0547) 4. 攻击[25676]:Gogs Git Endpoints目录遍历漏洞(CVE-2022-1993) 5. 攻击[25677]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2022-1367) 6. 攻击[25678]:Any800 框架任意文件写入漏洞 7. 攻击[25679]:Wordpress Google Tag Manager for WordPress 插件反射型跨站脚本漏洞(CVE-2022-1707) 更新规则: 1. 攻击[24955]:Windows LNK快捷方式文件远程代码执行漏洞(CVE-2020-0729) 2. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530) 3. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611) 4. 攻击[23793]:Microsoft Internet Explorer Scripting Engine远程内存破坏漏洞(CVE-2016-3210) 5. 攻击[25670]:VanDyke VShell Server Trigger 命令注入漏洞 (HTTP协议) (CVE-2022-28054) 6. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28277. This package include changed rules: new rules: 1. threat[25672]:Windows LNK remote code execution vulnerability (CVE-2020-1421) 2. threat[25674]:WordPress Popup Maker Plugin Popup Settings Stored Cross-Site Scripting Vulnerability(CVE-2022-1104) 3. threat[25675]:Microsoft Windows DHCP Client Remote Code Execution Vulnerability(CVE-2019-0547) 4. threat[25676]:Gogs Git Endpoints Directory Traversal Vulnerability(CVE-2022-1993) 5. threat[25677]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2022-1367) 6. threat[25678]:Any800 Framework Arbitrary File Write Vulnerability 7. threat[25679]:Wordpress Google Tag Manager for WordPress Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2022-1707) update rules: 1. threat[24955]:Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729) 2. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530) 3. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611) 4. threat[23793]:Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-3210) 5. threat[25670]:VanDyke VShell Server Trigger Command Injection Vulnerability (HTTP protocol) (CVE-2022-28054) 6. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-09-09 23:06:58

名称： eoi.unify.allrulepatch.ips.5.6.10.28230.rule	版本：5.6.10.28230
MD5：114ece8be699a662dd0e01f9c860c691	大小：28.05M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28230。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25666]:Acquia Mautic Tracking Pixel 存储型跨站脚本漏洞(CVE-2022-25772) 2. 攻击[25667]:Gitlab远程代码执行漏洞(CVE-2018-14364) 3. 攻击[25668]:致远OA未授权访问漏洞更新规则: 1. 攻击[25663]:Eaton Intelligent Power Management存储型跨站脚本漏洞(CVE-2021-23282) 2. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485) 3. 攻击[24083]:Zabbix Server Active Proxy Trapper 命令注入漏洞(CVE-2017-2824) 4. 攻击[21816]:FCKeditor connectors模块文件上传代码执行漏洞 5. 攻击[10108]:Microsoft Windows 2000 RPC DCOM接口拒绝服务攻击 6. 攻击[25669]:用友畅捷通T+任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28230. This package include changed rules: new rules: 1. threat[25666]:Acquia Mautic Tracking Pixel Stored Cross-Site Scripting Vulnerability(CVE-2022-25772) 2. threat[25667]:GitLab Remote Command Execution Vulnerability(CVE-2018-14364) 3. threat[25668]:Seeyon OA Unauthorized Access Vulnerability update rules: 1. threat[25663]:Eaton Intelligent Power Management Stored Cross-Site Scripting Vulnerability(CVE-2021-23282) 2. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485) 3. threat[24083]:Zabbix Server Active Proxy Trapper Command Injection Vulnerability(CVE-2017-2824) 4. threat[21816]:ColdFusion 8.0.1 Arbitrary File Upload and Execute Vulnerability 5. threat[10108]:Microsoft Windows 2000 RPC DCOM Interface Denial of Service 6. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-09-02 19:47:17

名称： eoi.unify.allrulepatch.ips.5.6.10.28218.rule	版本：5.6.10.28218
MD5：a04a6dafe422b8dcc00d6a60c44cefe8	大小：28.04M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28218。该升级包新增/改进的规则有: 更新规则: 1. 攻击[25669]:用友畅捷通T+任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28218. This package include changed rules: update rules: 1. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-30 22:58:49

名称： eoi.unify.allrulepatch.ips.5.6.10.28213.rule	版本：5.6.10.28213
MD5：05d13f14bacff2263f94fa5bee361db4	大小：28.04M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28213。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25669]:用友畅捷通T+任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28213. This package include changed rules: new rules: 1. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-30 15:58:44

名称： eoi.unify.allrulepatch.ips.5.6.10.28186.rule	版本：5.6.10.28186
MD5：87366357a32dc1da217e644efef96696	大小：28.03M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28186。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25659]:Zoho ManageEngine ADSelfService Plus 命令注入漏洞(CVE-2022-28810) 2. 攻击[25661]:Ivanti Avalanche EnterpriseServer Service getProfileApplicationData SQL注入漏洞 3. 攻击[25663]:Eaton Intelligent Power Management存储型跨站脚本漏洞(CVE-2021-23282) 4. 攻击[25662]:Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL注入漏洞(CVE-2022-1378) 5. 攻击[25664]:GitLab存储型跨站脚本漏洞(CVE-2022-2230) 6. 攻击[25665]:Lansweeper lansweeper AssetActions SQL注入漏洞(CVE-2022-21210) 更新规则: 1. 攻击[24463]:Apache Tomcat远程代码执行漏洞(CVE-2019-0232) 2. 攻击[25658]:Pimcore GridHelperService.php SQL注入漏洞(CVE-2022-1429) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28186. This package include changed rules: new rules: 1. threat[25659]:Zoho ManageEngine ADSelfService Plus Command Injection Vulnerability(CVE-2022-28810) 2. threat[25661]:Ivanti Avalanche EnterpriseServer Service getProfileApplicationData SQL Injection Vulnerability 3. threat[25663]:Eaton Intelligent Power Management Stored Cross-Site Scripting Vulnerability(CVE-2021-23282) 4. threat[25662]:Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL Injection(CVE-2022-1378) 5. threat[25664]:GitLab Community and Enterprise Edition Project Settings Stored Cross-Site Scripting Vulnerability(CVE-2022-2230) 6. threat[25665]:Lansweeper lansweeper AssetActions SQL Injection Vulnerability(CVE-2022-21210) update rules: 1. threat[24463]:Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232) 2. threat[25658]:Pimcore GridHelperService.php SQL Injection Vulnerability(CVE-2022-1429) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-26 10:22:21

名称： eoi.unify.allrulepatch.ips.5.6.10.28154.rule	版本：5.6.10.28154
MD5：71ce90c07c65711958326e18657be52b	大小：27.98M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28154。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25656]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2022-29535) 2. 攻击[25657]:Open-Falcon Falcon-Plus SQL注入漏洞(CVE-2022-26245) 3. 攻击[25658]:Pimcore GridHelperService.php SQL注入漏洞(CVE-2022-1429) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28154. This package include changed rules: new rules: 1. threat[25656]:Zoho ManageEngine OpManager SQL Injection Vulnerability(CVE-2022-29535) 2. threat[25657]:Open-Falcon Falcon-Plus SQL Injection Vulnerability(CVE-2022-26245) 3. threat[25658]:Pimcore GridHelperService.php SQL Injection Vulnerability(CVE-2022-1429) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-19 11:12:45

名称： eoi.unify.allrulepatch.ips.5.6.10.28135.rule	版本：5.6.10.28135
MD5：b55cb4b2d11f24cb47dbc851237013c9	大小：27.99M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28135。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25654]:WordPress Modern Events Calendar Lite插件存储型跨站脚本漏洞(CVE-2022-0364) 2. 攻击[25655]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33734) 更新规则: 1. 攻击[25647]:帆软报表反序列化漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28135. This package include changed rules: new rules: 1. threat[25654]:WordPress Modern Events Calendar Lite Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-0364) 2. threat[25655]:Siemens SINEC NMS SQL Injection Vulnerabolity(CVE-2021-33734) update rules: 1. threat[25647]:FineReport Deserialization Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-12 10:24:57

名称： eoi.unify.allrulepatch.ips.5.6.10.28125.rule	版本：5.6.10.28125
MD5：75a902d6ae7d575f1ae3ddd80cb3b5e0	大小：27.98M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28125。该升级包新增/改进的规则有: 新增规则: 1. 攻击[50621]:Todesk远程控制软件运行 2. 攻击[41905]:Webshell样本1005007上传注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28125. This package include changed rules: new rules: 1. threat[50621]:Remote Control Tool Todesk Running 2. threat[41905]:Webshell Sample 1005007 Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-07 22:22:13

名称： eoi.unify.allrulepatch.ips.5.6.10.28118.rule	版本：5.6.10.28118
MD5：da5deac878e6333c0ca0d1ac42405b9a	大小：27.97M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28118。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25652]:用友NC actionhandlerservlet接口反序列化漏洞 2. 攻击[25653]:用友NC ResourceManagerServlet接口反序列化漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28118. This package include changed rules: new rules: 1. threat[25652]:Yonyou NC actionhandlerservlet Interface Deserialization Vulnerability 2. threat[25653]:Yonyou NC ResourceManagerServlet Interface Deserialization Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-06 21:34:27

名称： eoi.unify.allrulepatch.ips.5.6.10.28110.rule	版本：5.6.10.28110
MD5：5f590045f0edf27e10145febf2dc2cb2	大小：27.98M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28110。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25650]:泛微e-cologyH2数据库远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28110. This package include changed rules: new rules: 1. threat[25650]:Weaver e-Cologyh2 Database Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-06 08:55:40

名称： eoi.unify.allrulepatch.ips.5.6.10.28105.rule	版本：5.6.10.28105
MD5：1c06c9762113f1a5fdfa70092c5b5f1f	大小：27.97M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28105。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30789]:迈普ISG1000任意文件下载漏洞更新规则: 1. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134) 2. 攻击[25648]:普元EOS反序列化漏洞 3. 攻击[25647]:帆软报表反序列化漏洞 4. 攻击[25600]:蓝凌OA远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28105. This package include changed rules: new rules: 1. threat[30789]:MPSec ISG1000 Arbitrary File Download Vulnerability update rules: 1. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134) 2. threat[25648]:Primeton EOS Deserialization Vulnerability 3. threat[25647]:FineReport Deserialization Vulnerability 4. threat[25600]:Landray-OA Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-05 10:55:05

名称： eoi.unify.allrulepatch.ips.5.6.10.28091.rule	版本：5.6.10.28091
MD5：fc4036b578e766c7de8a482997cf51a8	大小：27.94M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28091。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25648]:普元EOS反序列化漏洞(URLDNS) 更新规则: 1. 攻击[25620]:用友NC6.5任意文件上传漏洞 2. 攻击[41904]:隐匿命令执行攻击 3. 攻击[41781]:FRP内网穿透工具通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28091. This package include changed rules: new rules: 1. threat[25648]:Primeton EOS Deserialization Vulnerability(URLDNS) update rules: 1. threat[25620]:Yonyou NC6.5 Arbitrary File Upload Vulnerability 2. threat[41904]:Hidden Command Execution Attack 3. threat[41781]:Communication of FRP Intranet Penetration Tool Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-08-01 20:50:04

名称： eoi.unify.allrulepatch.ips.5.6.10.28082.rule	版本：5.6.10.28082
MD5：65b77171c5c0af8e2ae4405c1d7a8420	大小：27.93M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28082。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25646]:网神防火墙任意上传漏洞 2. 攻击[25647]:帆软报表反序列化漏洞 3. 攻击[41904]:HTTP请求头隐匿命令执行攻击注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28082. This package include changed rules: new rules: 1. threat[25646]:SecGate Firewall Arbitrary File Upload Vulnerability 2. threat[25647]:FineReport Deserialization Vulnerability 3. threat[41904]:HTTP Header Hidden Command Execution Attack Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-31 22:32:17

名称： eoi.unify.allrulepatch.ips.5.6.10.28073.rule	版本：5.6.10.28073
MD5：14db4f7ecf4e3aa1295ceab27084ec4f	大小：27.93M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28073。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25641]:H3C CAS虚拟化平台任意文件上传漏洞 2. 攻击[25645]:用友GRP-U8任意文件上传漏洞 3. 攻击[25638]:用友NC6.5任意文件上传漏洞(grouptemplet) 4. 攻击[25639]:用友时空KSOA任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28073. This package include changed rules: new rules: 1. threat[25641]:H3C CAS Virtualization Platform Arbitrary File Upload Vulnerability 2. threat[25645]:Yonyou GRP-U8 Arbitrary File Upload Vulnerability 3. threat[25638]:Yonyou NC6.5 Arbitrary File Upload Vulnerability(grouptemplet) 4. threat[25639]:Yonyou KSOA Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-31 09:56:00

名称： eoi.unify.allrulepatch.ips.5.6.10.28066.rule	版本：5.6.10.28066
MD5：48bfb58098d8592ca9005b2e5db308b3	大小：27.93M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28066。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25642]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞更新规则: 1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28066. This package include changed rules: new rules: 1. threat[25642]:Weblogic WLS component IIOP protocol remote code execution vulnerability update rules: 1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-30 16:49:20

名称： eoi.unify.allrulepatch.ips.5.6.10.28054.rule	版本：5.6.10.28054
MD5：f3302a5a916e6782023ccc4cf1b5e9e0	大小：27.93M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28054。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25632]:中远麒麟堡垒机SQL注入漏洞 2. 攻击[25637]:万户OA任意文件上传漏洞更新规则: 1. 攻击[25629]:拓尔思MAS 远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28054. This package include changed rules: new rules: 1. threat[25632]:Zhongyuan Kylin Security Management System SQL Injection Vulnerability 2. threat[25637]:Wanhu OA Arbitrary File Upload Vulnerability update rules: 1. threat[25629]:TRS-MAS Remote Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-30 09:34:49

名称： eoi.unify.allrulepatch.ips.5.6.10.28043.rule	版本：5.6.10.28043
MD5：3ff8d23b98efc7b234aabba2ef03ff21	大小：27.92M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28043。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25626]:天融信上网行为管理系统命令执行漏洞 2. 攻击[25629]:TRS-MAS testCommandExecutor.jsp 远程命令执行漏洞 3. 攻击[25628]:泛微OA任意管理员登陆漏洞更新规则: 1. 攻击[25619]:泛微e-mobile远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28043. This package include changed rules: new rules: 1. threat[25626]:Topsec Internet Behavior Management System Command Execution Vulnerability 2. threat[25629]:TRS-MAS testCommandExecutor.jsp Remote Command Execution Vulnerability 3. threat[25628]:Weaver OA Arbitrary Administrator Login Vulnerability update rules: 1. threat[25619]:Weaver e-mobile Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-28 13:56:41

名称： eoi.unify.allrulepatch.ips.5.6.10.28034.rule	版本：5.6.10.28034
MD5：8703cdb77bcf9d614bbcdc729a218901	大小：27.92M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28034。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25625]:禅道 16.5 SQL注入漏洞更新规则: 1. 攻击[25084]:Elasticsearch未授权访问漏洞 2. 攻击[41780]:DNSLog查询请求注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28034. This package include changed rules: new rules: 1. threat[25625]:Zentao 16.5 SQL Injection Vulnerability update rules: 1. threat[25084]:Elasticsearch Unauthorized Access Vulnerability 2. threat[41780]:DNSLog Query Request Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-27 20:00:58

名称： eoi.unify.allrulepatch.ips.5.6.10.28025.rule	版本：5.6.10.28025
MD5：dace619a89c9644766b01c497fb53a0e	大小：27.91M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28025。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41901]:冰蝎 Webshell 连接(image) 2. 攻击[25619]:泛微e-mobile远程代码执行漏洞 3. 攻击[25620]:用友NC任意文件上传漏洞 4. 攻击[25621]:泛微E-cology任意文件上传漏洞更新规则: 1. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON) 2. 攻击[41697]:冰蝎加密ASP Webshell文件上传 3. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传 4. 攻击[41699]:冰蝎加密JSP Webshell文件上传 5. 攻击[41696]:冰蝎加密PHP Webshell文件上传注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28025. This package include changed rules: new rules: 1. threat[41901]:Behinder Webshell Connect(image) 2. threat[25619]:Weaver e-mobile Remote Code Execution Vulnerability 3. threat[25620]:Yonyou NC Arbitrary File Upload Vulnerability 4. threat[25621]:Weaver E-cology Arbitrary File Upload Vulnerability update rules: 1. threat[41903]:Behinder 4.0 Webshell Connect(JSON) 2. threat[41697]:Behinder Encrypted ASP Webshell File Upload 3. threat[41698]:Behinder Encrypted ASPX Webshell File Upload 4. threat[41699]:Behinder Encrypted JSP Webshell File Upload 5. threat[41696]:Behinder Encrypted PHP Webshell File Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-27 09:23:17

名称： eoi.unify.allrulepatch.ips.5.6.10.28008.rule	版本：5.6.10.28008
MD5：b062e57e2bc9e53b5ac771add2b6f937	大小：27.90M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.28008。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25615]:致远OA JDBC接口反序列化漏洞 2. 攻击[25616]:通达OA 任意文件上传漏洞 3. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON) 更新规则: 1. 攻击[41699]:冰蝎加密JSP Webshell文件上传 2. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传 3. 攻击[41696]:冰蝎加密PHP Webshell文件上传注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28008. This package include changed rules: new rules: 1. threat[25615]:Seeyon OA JDBC API Deserialization Vulnerability 2. threat[25616]:TongDa OA Arbitrary File Upload Vulnerability 3. threat[41903]:Behinder 4.0 Webshell Connect(JSON) update rules: 1. threat[41699]:Behinder Encrypted JSP Webshell File Upload 2. threat[41698]:Behinder Encrypted ASPX Webshell File Upload 3. threat[41696]:Behinder Encrypted PHP Webshell File Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-26 00:07:02

名称： eoi.unify.allrulepatch.ips.5.6.10.27982.rule	版本：5.6.10.27982
MD5：1c83a35f109a1b0d0a9ad08b60bfd9d7	大小：27.92M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27982。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25606]:Apache Solr JMX服务远程代码执行漏洞(CVE-2019-12409) 2. 攻击[25608]:Gogs 文件上传命令注入漏洞(CVE-2022-0415) 3. 攻击[25609]:dotCMS 任意文件上传漏洞(CVE-2022-26352) 4. 攻击[25610]:Oracle MySQL Cluster Management API dumpState堆栈缓冲区溢出漏洞(CVE-2022-21280) 5. 攻击[25611]:Delta Industrial Automation CNCSoft ScreenEditor堆栈缓冲区溢出漏洞(CVE-2021-43982) 6. 攻击[25612]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2022-27908) 7. 攻击[25613]:Django SQL注入漏洞(CVE-2022-34265) 8. 攻击[25614]:Apache Spark UI 命令注入漏洞 (CVE-2022-33891) 更新规则: 1. 攻击[41776]:冰蝎 Webshell 连接(ASP) 2. 攻击[25600]:蓝凌OA远程代码执行漏洞 3. 攻击[25027]:Tea LaTex 1.0-远程执行代码漏洞 4. 攻击[41499]:HTTP请求敏感路径访问尝试 5. 攻击[25315]:F5 BIG-IP 认证绕过漏洞(CVE-2021-22986) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27982. This package include changed rules: new rules: 1. threat[25606]:Apache Solr JMX Service Remote Code Execution Vulnerability(CVE-2019-12409) 2. threat[25608]:Gogs File Upload tree_path Command Injection Vulnerability(CVE-2022-0415) 3. threat[25609]:dotCMS Arbitrary File Upload Vulnerability(CVE-2022-26352) 4. threat[25610]:Oracle MySQL Cluster Management API dumpState Stack Buffer Overflows Vulnerability(CVE-2022-21280) 5. threat[25611]:Delta Industrial Automation CNCSoft ScreenEditor Stack Buffer Overflow Vulnerability(CVE-2021-43982) 6. threat[25612]:Zoho ManageEngine OpManager Inventory Reports SQL Injection Vulnerability(CVE-2022-27908) 7. threat[25613]:Django SQL Injection Vulnerability(CVE-2022-34265) 8. threat[25614]:Apache Spark UI Command Injection Vulnerability (CVE-2022-33891) update rules: 1. threat[41776]:Behinder Webshell Connect(ASP) 2. threat[25600]:Landray-OA Remote Code Execution Vulnerability 3. threat[25027]:Tea LaTex 1.0 - Remote Code Execution Vulnerability 4. threat[41499]:HTTP Request Sensitive Path Access Attempt 5. threat[25315]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2021-22986) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-21 17:51:25

名称： eoi.unify.allrulepatch.ips.5.6.10.27944.rule	版本：5.6.10.27944
MD5：7fb7f6587fc98c2ac8e2ccc20be9d5cd	大小：27.92M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27944。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25604]:nopCommerce nopCommerce BackupAction目录遍历漏洞(CVE-2022-28451) 2. 攻击[41900]:FastTunnel内网穿透工具通信 3. 攻击[25605]:WECON LeviStudioU ScreenInfo ScrnFile堆缓冲区溢出漏洞(CVE-2021-23157) 4. 攻击[25601]:WSO2 API Manager ToolsAnyFileUploadExecutor目录遍历漏洞(CVE-2022-29464) 5. 攻击[25602]:OpenEMR C_DocumentCategory.class.php存储型跨站脚本漏洞(CVE-2022-1178) 更新规则: 1. 攻击[41893]:MetaSploit渗透攻击工具Beacon加密通信 2. 攻击[41894]:Cobalt Strike攻击工具Beacon加密通信 3. 攻击[50620]:Cobalt Strike/MetaSploit攻击工具Beacon加密通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27944. This package include changed rules: new rules: 1. threat[25604]:nopCommerce nopCommerce BackupAction Directory Traversal Vulnerability(CVE-2022-28451) 2. threat[41900]:FastTunnel Intranet Penetration Tool Communication 3. threat[25605]:WECON LeviStudioU ScreenInfo ScrnFile Heap Buffer Overflow Vulnerability(CVE-2021-23157) 4. threat[25601]:WSO2 API Manager ToolsAnyFileUploadExecutor Directory Traversal Vulnerability(CVE-2022-29464) 5. threat[25602]:OpenEMR C_DocumentCategory.class.php Stored Cross-Site Scripting(CVE-2022-1178) update rules: 1. threat[41893]:Penetration Test Tool MetaSploit Beacon Encrypted Communication 2. threat[41894]:Penetration Test Tool Cobalt Strike Beacon Encrypted Communication 3. threat[50620]:Penetration Test Tool Cobalt Strike/ MetaSploit Beacon Encrypted Communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-14 18:49:52

名称： eoi.unify.allrulepatch.ips.5.6.10.27924.rule	版本：5.6.10.27924
MD5：08394d212fadc18e0aa0c6f39a477adb	大小：27.92M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27924。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25603]:致远OA(A6/A8) 任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27924. This package include changed rules: new rules: 1. threat[25603]:Seeyon OA (A6/A8) Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-12 13:45:29

名称： eoi.unify.allrulepatch.ips.5.6.10.27905.rule	版本：5.6.10.27905
MD5：c43b08e1479cfabdc8c42b867d39f2c0	大小：27.91M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27905。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25594]:Spring Shiro/Security框架认证绕过漏洞(CVE-2022-32532/CVE-2022-22978) 2. 攻击[41898]:APT-C-40可疑域名访问 3. 攻击[25595]:Patrowl PatrowlManager Unrestricted文件上传漏洞(CVE-2021-43829) 4. 攻击[25596]:Jenkins Credentials Plugin存储型跨站脚本漏洞(CVE-2022-29036) 5. 攻击[25597]:Delta Industrial Automation DIALink存储型跨站脚本漏洞(CVE-2021-38488) 6. 攻击[25598]:VMware Spring Cloud Function SpEL代码执行漏洞(CVE-2022-22963) 7. 攻击[41893]:MetaSploit渗透攻击工具Beacon加密通信 8. 攻击[50620]:Cobalt Strike/MetaSploit攻击工具Beacon加密通信 9. 攻击[25599]:蓝凌OA任意文件读取漏洞 10. 攻击[25600]:蓝凌OA远程代码执行漏洞 11. 攻击[41894]:Cobalt Strike攻击工具Beacon加密通信更新规则: 1. 攻击[22591]:FCKEditor 'FileUpload()'函数任意文件上传漏洞 2. 攻击[24999]:Spring Boot Actuator未授权访问 3. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接 4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388) 5. 攻击[25011]:哥斯拉Godzilla PHP_XOR_RAW Webshell 连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27905. This package include changed rules: new rules: 1. threat[25594]:Spring Shiro/Security Framework Authentication Bypass Vulnerability(CVE-2022-32532/CVE-2022-22978) 2. threat[41898]:APT-C-40 Suspicious Domain Access 3. threat[25595]:Patrowl PatrowlManager Unrestricted File Upload Vulnerability(CVE-2021-43829) 4. threat[25596]:Jenkins Credentials Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-29036) 5. threat[25597]:Delta Industrial Automation DIALink events Stored Cross-Site Scripting Vulnerability(CVE-2021-38488) 6. threat[25598]:VMware Spring Cloud Function SpEL Code Injection Vulnerability(CVE-2022-22963) 7. threat[41893]:Penetration Test Tool MetaSploit Beacon Encrypted Communication 8. threat[50620]:Penetration Test Tool Cobalt Strike/ MetaSploit Beacon Encrypted Communication 9. threat[25599]:Landray-OA Arbitrary File Read Vulnerability 10. threat[25600]:Landray-OA Remote Code Execution Vulnerability 11. threat[41894]:Penetration Test Tool Cobalt Strike Beacon Encrypted Communication update rules: 1. threat[22591]:FCKEditor 'FileUpload()' Function Arbitray File Upload Vulnerability 2. threat[24999]:Spring Boot Actuator Unauthorized Access 3. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect 4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388) 5. threat[25011]:Godzilla PHP_XOR_RAW Webshell Connect Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-07-09 10:46:11

名称： eoi.unify.allrulepatch.ips.5.6.10.27845.rule	版本：5.6.10.27845
MD5：2ff28e73bdbc877fb874699cf272f07f	大小：27.69M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27845。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25591]:Webmin 远程代码执行漏洞(CVE-2022-0824) 2. 攻击[25592]:NginxProxyManager Proxy Host 存储型跨站脚本漏洞(CVE-2022-28379) 3. 攻击[25593]:Lansweeper Lansweeper HelpdeskSetupActions SQL注入漏洞(CVE-2022-22149) 更新规则: 1. 攻击[25182]:nps http内网代理连接 2. 应用:ssl 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27845. This package include changed rules: new rules: 1. threat[25591]:Webmin Remote Code Execution Vulnerability(CVE-2022-0824) 2. threat[25592]:NginxProxyManager Proxy Host Stored Cross-Site Scripting Vulnerability (CVE-2022-28379) 3. threat[25593]:Lansweeper lansweeper HelpdeskSetupActions SQL Injection Vulnerability (CVE-2022-22149) update rules: 1. threat[25182]:nps http proxy connection 2. app:ssl Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-06-30 15:04:45

名称： eoi.unify.allrulepatch.ips.5.6.10.27812.rule	版本：5.6.10.27812
MD5：9fad890ba8b61a748053e4bf8af217a7	大小：27.64M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27812。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25580]:OPF OpenProject Activities API SQL注入漏洞(CVE-2019-11600) 2. 攻击[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL注入漏洞(CVE-2017-17420) 3. 攻击[25581]:SolarWinds SRM Profiler SQL注入漏洞(CVE-2016-4350) 4. 攻击[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS漏洞(CVE-2017-7309) 5. 攻击[25585]:Oracle E-Business Suite General Ledger SQL注入漏洞(CVE-2019-2638) 6. 攻击[25589]:Netgate pfSense diag_routes.php 命令注入漏洞(CVE-2021-41282) 7. 攻击[25590]:SalesAgility SuiteCRM 远程代码执行漏洞(CVE-2022-23940) 更新规则: 1. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27812. This package include changed rules: new rules: 1. threat[25580]:OPF OpenProject Activities API SQL Injection Vulnerability(CVE-2019-11600) 2. threat[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL Injection Vulnerability(CVE-2017-17420) 3. threat[25581]:SolarWinds SRM Profiler SQL Injection Vulnerability(CVE-2016-4350) 4. threat[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS Vulnerability(CVE-2017-7309) 5. threat[25585]:Oracle E-Business Suite General Ledger SQL Injection Vulnerability(CVE-2019-2638) 6. threat[25589]:Netgate pfSense diag_routes.php Command Injection Vulnerability(CVE-2021-41282) 7. threat[25590]:SalesAgility SuiteCRM email_recipients Remote Code Execution Vulnerability(CVE-2022-23940) update rules: 1. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-06-23 18:03:44

名称： eoi.unify.allrulepatch.ips.5.6.10.27748.rule	版本：5.6.10.27748
MD5：a5e03c424d90010ad0964399109b2824	大小：27.61M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27748。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41896]:Goby工具扫描攻击探测 2. 攻击[41897]:Xray工具扫描攻击探测 3. 攻击[25578]:Spring Security 认证绕过漏洞(CVE-2022-22978) 4. 攻击[25576]:Lansweeper lansweeper WebUserActions存储型跨站脚本漏洞(CVE-2022-21145) 5. 攻击[25577]:Oracle Access Manager OpenSSO Agent不安全反序列化漏洞(CVE-2021-35587) 6. 攻击[10531]:HAProxy HTTP 头处理拒绝服务漏洞(CVE-2022-0711) 7. 攻击[25579]:WordPress Photo Gallery Plugin存储型跨站脚本漏洞(CVE-2022-0750) 更新规则: 1. 攻击[41820]:HTTP CRLF注入攻击 2. 攻击[41781]:FRP内网穿透工具通信 3. 攻击[41782]:FRP内网穿透工具 - 通过域名访问 4. 应用:pop3 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27748. This package include changed rules: new rules: 1. threat[41896]:Goby scan attack detection 2. threat[41897]:Xray scan attack detection 3. threat[25578]:Spring Security Authentication Bypass Vulnerability(CVE-2022-22978) 4. threat[25576]:Lansweeper lansweeper WebUserActions Stored Cross-Site Scripting Vulnerability(CVE-2022-21145) 5. threat[25577]:Oracle Access Manager OpenSSO Agent Insecure Deserialization(CVE-2021-35587) 6. threat[10531]:HAProxy Set-Cookie2 Header Handling Denial of Service Vulnerability (CVE-2022-0711) 7. threat[25579]:WordPress Photo Gallery Plugin Stored Cross Site Scripting Vulnerability(CVE-2022-0750) update rules: 1. threat[41820]:HTTP CRLF Injection Attack 2. threat[41781]:Communication of FRP Intranet Penetration Tool 3. threat[41782]:FRP intranet penetration tool - Access via domain name 4. app:pop3 Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-06-16 23:56:51

名称： eoi.unify.allrulepatch.ips.5.6.10.27711.rule	版本：5.6.10.27711
MD5：0c0c9c2d0a1f3491330e9c67124f42b3	大小：27.60M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27711。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25573]:WordPress Photo Gallery插件SQL注入漏洞(CVE-2022-1281) 2. 攻击[25574]:WordPress All-in-One WP Migration 插件目录遍历漏洞(CVE-2022-1476) 3. 攻击[25575]:WordPress TI WooCommerce Wishlist插件SQL注入漏洞 (CVE-2022-0412) 4. 攻击[25570]:Tiny File Manager tinyfilemanager.php fullpath目录遍历漏洞(CVE-2021-45010) 5. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134) 6. 攻击[41895]:Fscan webtitle攻击探测更新规则: 1. 攻击[22915]:Microsoft IE内存破坏漏洞(CVE-2013-3914)(MS13-088) 2. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452) 3. 应用:mqtt 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27711. This package include changed rules: new rules: 1. threat[25573]:WordPress Photo Gallery Plugin filter_tag SQL Injection Vulnerability(CVE-2022-1281) 2. threat[25574]:WordPress All-in-One WP Migration Plugin Backups Directory Traversal Vulnerability(CVE-2022-1476) 3. threat[25575]:WordPress TI WooCommerce Wishlist Plugin SQL Injection Vulnerability (CVE-2022-0412) 4. threat[25570]:Tiny File Manager tinyfilemanager.php fullpath Directory Traversal Vulnerability(CVE-2021-45010) 5. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134) 6. threat[41895]:Fscan Webtitle attack detection update rules: 1. threat[22915]:Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2013-3914)(MS13-088) 2. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452) 3. app:mqtt Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-06-10 17:54:13

名称： eoi.unify.allrulepatch.ips.5.6.10.27646.rule	版本：5.6.10.27646
MD5：ffd9a60695956c6999d84993df6c41c6	大小：27.59M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27646。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25564]:Vmware Workspace One Access服务端模板注入漏洞(CVE-2022-22954) 2. 攻击[25566]:Lansweeper GetAssetsByGroupId SQL注入漏洞(CVE-2022-21234) 3. 攻击[25567]:VMware 认证绕过漏洞(CVE-2022-22972) 4. 攻击[25568]:Microsoft Windows Support Diagnostic Tool远程代码执行漏洞(CVE-2022-30190) 5. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112) 更新规则: 1. 攻击[41820]:HTTP CRLF注入攻击 2. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27646. This package include changed rules: new rules: 1. threat[25564]:Vmware Workspace One Access Server Template Injection Vulnerability(CVE-2022-22954) 2. threat[25566]:Lansweeper GetAssetsByGroupId SQL Injection Vulnerability(CVE-2022-21234) 3. threat[25567]:VMware Authentication Bypass Vulnerability(CVE-2022-22972) 4. threat[25568]:Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability(CVE-2022-30190) 5. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112) update rules: 1. threat[41820]:HTTP CRLF Injection Attack 2. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-06-02 20:50:59

名称： eoi.unify.allrulepatch.ips.5.6.10.27602.rule	版本：5.6.10.27602
MD5：7d3a2f83ca1091ac71ded488e37e70c2	大小：27.59M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27602。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25560]:Apache CouchDB 远程代码执行漏洞(CVE-2022-24706) 2. 攻击[25561]:Webmin 命令注入漏洞 (CVE-2019-15642) 3. 攻击[30787]:Swagger 敏感信息泄漏漏洞 4. 攻击[25563]:Spring Boot H2 Database 远程命令执行漏洞 (CVE-2021-42392) 5. 攻击[25562]:Windows Network File System 远程代码执行漏洞(CVE-2022-26937) 更新规则: 1. 攻击[23991]:Fastjson远程代码执行漏洞 2. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27602. This package include changed rules: new rules: 1. threat[25560]:Apache CouchDB Remote Code Execution Vulnerability(CVE-2022-24706) 2. threat[25561]:Webmin Command Injection Vulnerability (CVE-2019-15642) 3. threat[30787]:Swagger Sensitive Information Disclosure Vulnerability 4. threat[25563]:Spring Boot H2 Database RCE Vulnerability (CVE-2021-42392) 5. threat[25562]:Windows Network File System Remote Code Execution Vulnerability(CVE-2022-26937) update rules: 1. threat[23991]:Fastjson Remote Code Execution Vulnerability 2. threat[41766]:Godzilla Webshell JSP Scripts Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-05-27 15:39:46

名称： eoi.unify.allrulepatch.ips.5.6.10.27562.rule	版本：5.6.10.27562
MD5：9d0064fd2b78fa49e8f84d7daff15b16	大小：27.57M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27562。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452) 2. 攻击[25558]:ZZZCMS远程执行代码漏洞(CVE-2021-32605) 3. 攻击[25559]:Dolibarr ERP and CRM 代码注入漏洞( CVE-2022-0819) 更新规则: 1. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989) 2. 攻击[41887]:Ngrok内网穿透工具通信 3. 攻击[24835]:Discuz ML远程代码执行漏洞(CVE-2019-13956) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27562. This package include changed rules: new rules: 1. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452) 2. threat[25558]:ZZZCMS Remote Code Execution Vulnerability (CVE-2021-32605) 3. threat[25559]:Dolibarr ERP and CRM Code Injection Vulnerability( CVE-2022-0819) update rules: 1. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989) 2. threat[41887]:Ngrok Intranet Penetration Tool Communication 3. threat[24835]:Discuz ML RCE Vulnerability (CVE-2019-13956) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-05-20 17:09:56

名称： eoi.unify.allrulepatch.ips.5.6.10.27527.rule	版本：5.6.10.27527
MD5：888bd9dbab2f4b447c0227cecc837a76	大小：27.56M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27527。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25552]:Ruby On Rails 目录穿越漏洞(CVE-2018-3760) 2. 攻击[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL注入漏洞(CVE-2022-0169) 3. 攻击[25554]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33732) 4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388) 更新规则: 1. 攻击[20171]:Microsoft IIS 4.0/5.0 CGI文件名错误解码攻击 2. 攻击[24257]:Pivotal Spring Framework isWritableProperty SpEL 表达式注入漏洞(CVE-2018-1273) 3. 攻击[30748]:DiscuzX前台任意文件删除漏洞 4. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27527. This package include changed rules: new rules: 1. threat[25552]:Ruby On Rails Directory Traversal Vulnerability(CVE-2018-3760) 2. threat[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL Injection Vulnerability(CVE-2022-0169) 3. threat[25554]:Siemens SINEC NMS SQL Injection Vulnerability(CVE-2021-33732) 4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388) update rules: 1. threat[20171]:Microsoft IIS 4.0/5.0 CGI Filename Incorrect Decoding Vulnerability 2. threat[24257]:Pivotal Spring Framework isWritableProperty SpEL Injection Vulnerability(CVE-2018-1273) 3. threat[30748]:Discuz X foreground any file deletion vulnerability 4. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-05-12 18:23:40

名称： eoi.unify.allrulepatch.ips.5.6.10.27503.rule	版本：5.6.10.27503
MD5：c4e96ed13e1d31bd1860a08d9d777ce5	大小：27.55M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27503。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25548]:齐治堡垒机命令执行漏洞 2. 攻击[25549]:Spring Boot Eureka XStream 反序列化远程代码执行漏洞 3. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485) 4. 攻击[25551]:用友NC未授权反序列化漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27503. This package include changed rules: new rules: 1. threat[25548]:Shterm Security Management System Command Execution Vulnerability 2. threat[25549]:Spring Boot Eureka XStream Deserializable Remote Code Execution Vulnerability 3. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485) 4. threat[25551]:Yonyou NC Unauthorized Deserialization Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-05-07 20:09:31

名称： eoi.unify.allrulepatch.ips.5.6.10.27477.rule	版本：5.6.10.27477
MD5：13bdc2e3146c9edb1f23ed5e93cad5fe	大小：27.54M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27477。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25542]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2021-38391) 2. 攻击[25543]:Oracle WebLogic Server 反序列化漏洞 (CVE-2018-2628) 3. 攻击[25545]:WordPress WP Statistics SQL注入漏洞(CVE-2022-25148) 4. 攻击[25546]:WordPress WP Statistics SQL注入漏洞(CVE-2022-25149) 5. 攻击[25544]:Pimcore Title Field存储型跨站脚本漏洞(CVE-2022-0832) 6. 攻击[25547]:Pimcore Key Field存储型跨站脚本漏洞(CVE-2022-0831) 更新规则: 1. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530) 2. 攻击[23991]:Fastjson远程代码执行漏洞 3. 攻击[25418]:Python PIL/Pillow远程命令执行漏洞（Ghostscript）（CVE-2018-16509）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27477. This package include changed rules: new rules: 1. threat[25542]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2021-38391) 2. threat[25543]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2018-2628) 3. threat[25545]:WordPress WP Statistics Plugin current_page_id SQL Injection Vulnerability(CVE-2022-25148) 4. threat[25546]:WordPress WP Statistics Plugin ip SQL Injection Vulnerability(CVE-2022-25149) 5. threat[25544]:Pimcore Title Field Stored Cross-Site Scripting Vulnerability(CVE-2022-0832) 6. threat[25547]:Pimcore Key Field Stored Cross-Site Scripting Vulnerability(CVE-2022-0831) update rules: 1. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530) 2. threat[23991]:Fastjson Remote Code Execution Vulnerability 3. threat[25418]:Python PIL/Pillow Remote Code Execution Vulnerability(Ghostscript)(CVE-2018-16509) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-04-28 15:30:14

名称： eoi.unify.allrulepatch.ips.5.6.10.27443.rule	版本：5.6.10.27443
MD5：a22a2b420e6ad20d8b795b68c6274d86	大小：27.53M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27443。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25539]:Foxit PDF Reader and Editor Annotation rotate释放后重用漏洞(CVE-2021-34847) 2. 攻击[25540]:Apache OpenOffice dBase 缓冲区溢出漏洞(CVE-2021-33035) 3. 攻击[25541]:Microsoft Windows Remote Procedure Call Runtime远程代码执行漏洞(CVE-2022-26809) 更新规则: 1. 攻击[24881]:Zabbix latest.php SQL注入漏洞(CVE-2016-10134) 2. 攻击[25483]:HAProxy HTTP 头处理整数溢出漏洞(CVE-2021-40346) 3. 攻击[49014]:挖矿程序查询DNS矿池服务器域名 4. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145) 5. 攻击[41887]:Ngrok内网穿透工具通信 6. 攻击[41710]:Linux系统Shell反向连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27443. This package include changed rules: new rules: 1. threat[25539]:Foxit PDF Reader and Editor Annotation rotate Use After Free Vulnerability(CVE-2021-34847) 2. threat[25540]:Apache OpenOffice dBase Buffer Overflow Vulnerability(CVE-2021-33035) 3. threat[25541]:Microsoft Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability(CVE-2022-26809) update rules: 1. threat[24881]:Zabbix latest.php SQL injection vulnerability (CVE-2016-10134) 2. threat[25483]:HAProxy HTTP Header Handling Integer Overflow Vulnerability(CVE-2021-40346) 3. threat[49014]:Mining program query DNS mine pool server domain name 4. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145) 5. threat[41887]:Ngrok Intranet Penetration Tool Communication 6. threat[41710]:Linux Shell Reverse Connect Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-04-24 09:18:53

名称： eoi.unify.allrulepatch.ips.5.6.10.27394.rule	版本：5.6.10.27394
MD5：fbcbeb2e4fccd8a087a084eaccbf760d	大小：27.52M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27394。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25533]:Grafana Labs Grafana组件目录遍历漏洞(CVE-2021-43798) 2. 攻击[25534]:Apereo CAS 4.X反序列化漏洞 3. 攻击[25536]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2021-41288) 4. 攻击[25535]:Zoho ManageEngine ADSelfService Plus 认证绕过漏洞(CVE-2021-40539) 5. 攻击[25537]:Foxit PDF Reader and Editor Annotation richDefaults释放后重用漏洞(CVE-2021-34848) 6. 应用:百度手机端 7. 应用:反恐精英-全球攻势更新规则: 1. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接 2. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564) 3. 攻击[40339]:木马后门程序Matrix木马通信 4. 攻击[41887]:Ngrok内网穿透工具通信 5. 应用:滴滴出行 6. 应用:王者荣耀 7. 应用:网易云音乐 8. 应用:高德地图 9. 应用:美团团购 10. 应用:今日头条 11. 应用:1688阿里巴巴 12. 应用:百度地图 13. 应用:腾讯视频 14. 应用:BiliBili 15. 应用:优酷视频 16. 应用:ftp 17. 应用:telnet 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27394. This package include changed rules: new rules: 1. threat[25533]:Grafana Labs Grafana Plugin Directory Traversal Vulnerability(CVE-2021-43798) 2. threat[25534]:Apereo CAS 4.X Insecure Deserialization Vulnerability 3. threat[25536]:Zoho ManageEngine OpManager getReportData SQL Injection Vulnerability(CVE-2021-41288) 4. threat[25535]:Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability(CVE-2021-40539) 5. threat[25537]:Foxit PDF Reader and Editor Annotation richDefaults Use After Free Vulnerability(CVE-2021-34848) 6. app:Baidu mobile app 7. app:CSGO update rules: 1. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect 2. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564) 3. threat[40339]:Backdoor/Trojan Matrix Communication 4. threat[41887]:Ngrok Intranet Penetration Tool Communication 5. app:DIDI 6. app:Glory of Kings 7. app:NetEase CloudMusic 8. app:AMAP 9. app:MEITUAN 10. app:Toutiao 11. app:1688-Alibaba 12. app:Baidu Map 13. app:Tencent Video 14. app:BiliBili 15. app:Youku Video 16. app:ftp 17. app:telnet Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-04-18 09:37:14

名称： eoi.unify.allrulepatch.ips.5.6.10.27355.rule	版本：5.6.10.27355
MD5：6cdaf59d64b9f7acfdcecf0424b387e0	大小：27.50M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27355。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41888]:SSF代理工具连接建立 2. 攻击[41889]:Termite内网穿透工具通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27355. This package include changed rules: new rules: 1. threat[41888]:SSF Proxy Tool Connection 2. threat[41889]:Termite Intranet Penetration Tool Communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-04-07 18:02:17

名称： eoi.unify.allrulepatch.ips.5.6.10.27337.rule	版本：5.6.10.27337
MD5：c8f3681c8c10ed04642d9965105d299f	大小：27.49M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27337。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25530]:Spring Cloud Function SPEL表达式注入漏洞更新规则: 1. 攻击[25450]:GitLab远程命令执行漏洞(CVE-2021-22205) 2. 攻击[24853]:Pippo FastjsonEngine Fastjson远程代码执行漏洞(CVE-2017-18349) 3. 攻击[25312]:用友NC6.5 bsh.servlet.BshServlet 远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27337. This package include changed rules: new rules: 1. threat[25530]:Spring Cloud Function SPEL Injection Vulnerability update rules: 1. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205) 2. threat[24853]:Pippo FastjsonEngine Fastjson RCE Vulnerability(CVE-2017-18349) 3. threat[25312]:Yonyou NC6.5 bsh.servlet.BshServlet Remote Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-04-01 09:56:54

名称： eoi.unify.allrulepatch.ips.5.6.10.27310.rule	版本：5.6.10.27310
MD5：6d6101e2109e336a9af5cae432a89f30	大小：27.50M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27310。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25529]:Atlassian JIRA Data Center不安全反序列化漏洞 CVE-2020-36239 2. 攻击[41887]:Ngrok内网穿透工具通信更新规则: 1. 攻击[24250]:Drupal核心远程代码执行漏洞 2. 攻击[24797]:PHPUnit 远程代码执行漏洞(CVE-2017-9841) 3. 应用:iec104 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27310. This package include changed rules: new rules: 1. threat[25529]:Atlassian JIRA Data Center Insecure Deserialization Vulnerability CVE-2020-36239 2. threat[41887]:Ngrok Intranet Penetration Tool Communication update rules: 1. threat[24250]:Drupal Core Remote Code Execution Vulnerability 2. threat[24797]:PHPUnit Remote Code Execution Vulnerability(CVE-2017-9841) 3. app:iec104 Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-03-30 12:53:59

名称： eoi.unify.allrulepatch.ips.5.6.10.27270.rule	版本：5.6.10.27270
MD5：443b3770fc7190a19bb79fb732332828	大小：27.48M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27270。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41886]:Pystinger代理工具连接建立 2. 攻击[25526]:YouPHPTube Encoder 命令注入漏洞(CVE-2019-5129) 3. 攻击[25527]:Nagios XI Custom Includes Component任意文件上传漏洞(CVE-2021-40344) 4. 攻击[25528]:GitLab Community and Enterprise Edition DesignReferenceFilter存储型跨站脚本漏洞(CVE-2021-22238) 更新规则: 1. 攻击[25506]:Advantech WebAccess HMI Designer 堆缓冲区溢出漏洞(CVE-2021-33000) 2. 攻击[24361]:Cisco Prime Infrastructure swimtemp TFTP 任意文件上传漏洞(CVE-2018-15379) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27270. This package include changed rules: new rules: 1. threat[41886]:Pystinger Proxy Tool Connection 2. threat[25526]:YouPHPTube Encoder Command Injection Vulnerability(CVE-2019-5129) 3. threat[25527]:Nagios XI Custom Includes Component Arbitrary File Upload Vulnerability(CVE-2021-40344) 4. threat[25528]:GitLab Community and Enterprise Edition DesignReferenceFilter Stored Cross-Site Scripting(CVE-2021-22238) update rules: 1. threat[25506]:Advantech WebAccess HMI Designer Heap Buffer Overflow Vulnerability(CVE-2021-33000) 2. threat[24361]:Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload Vulnerability(CVE-2018-15379) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-03-24 17:49:47

名称： eoi.unify.allrulepatch.ips.5.6.10.27243.rule	版本：5.6.10.27243
MD5：f4cddd25ebc03aac57dd4903f6822f6b	大小：27.48M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27243。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30786]:Metabase任意文件读取漏洞(CVE-2021-41277) 2. 攻击[25522]:Oracle WebLogic Server远程执行代码漏洞(CVE-2021-2394) 3. 攻击[41884]:恶意挖矿程序ETHMiner通信 4. 攻击[25523]:Nagios XI cmdsubsys.php Archive Name命令注入漏洞(CVE-2021-40345) 5. 攻击[41885]:Ecloud代理工具连接建立 6. 攻击[25524]:Oracle WebLogic Server本地文件包含漏洞(CVE-2022-21371) 7. 攻击[25525]:D-link DSL-2888A 命令注入漏洞(CVE-2020-24581) 更新规则: 1. 攻击[24656]:Spring Web Flow远程代码执行漏洞(CVE-2017-4971) 2. 攻击[24880]:FasterXML jackson-databind 远程代码执行漏洞(CVE-2020-11113) 3. 攻击[49004]:Blackmoon银行木马通信 4. 应用:ftps 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27243. This package include changed rules: new rules: 1. threat[30786]:Metabase Arbitrary File Read Vulnerability(CVE-2021-41277) 2. threat[25522]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2021-2394) 3. threat[41884]:Malicious Mining Program Ethminer Communication 4. threat[25523]:Nagios XI cmdsubsys.php Archive Name Command Injection(CVE-2021-40345) 5. threat[41885]:Ecloud Proxy Tool Connection 6. threat[25524]:Oracle WebLogic Server Local File Inclusion Vulnerability(CVE-2022-21371) 7. threat[25525]:D-link DSL-2888A Command Injection Vulnerability(CVE-2020-24581) update rules: 1. threat[24656]:Spring Web Flow Remote Code Execution Vulnerability(CVE-2017-4971) 2. threat[24880]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-11113) 3. threat[49004]:Blackmoon Banking Trojan Communication 4. app:ftps Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-03-18 09:09:39

名称： eoi.unify.allrulepatch.ips.5.6.10.27207.rule	版本：5.6.10.27207
MD5：10f8b9a63d6e428dcd8a39a0ddc17c03	大小：27.47M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27207。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25516]:Spring Cloud Gateway远程代码执行漏洞(CVE-2022-22947) 2. 攻击[25517]:Schneider Electric Struxureware Data Center目录遍历漏洞(CVE-2021-22794) 3. 攻击[25518]:Schneider Electric Struxureware Data Center命令注入漏洞(CVE-2021-22795) 4. 攻击[25519]:Advantech WebAccess HMI Designer 内存破坏漏洞(CVE-2021-33004) 更新规则: 1. 攻击[30785]:D-Link DCS-2530L/DCS-2670L信息泄露漏洞(CVE-2020-25078) 2. 攻击[25511]:Autodesk FBX Review ZIP目录遍历漏洞(CVE-2021-27030) 3. 攻击[22722]:Apache Struts2远程代码执行漏洞(S2-013) 4. 应用:FTPS 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27207. This package include changed rules: new rules: 1. threat[25516]:Spring Cloud Gateway Remote Code Execution Vulnerability(CVE-2022-22947) 2. threat[25517]:Schneider Electric Struxureware Data Center Expert Firmware Update Directory Traversal Vulnerability(CVE-2021-22794) 3. threat[25518]:Schneider Electric Struxureware Data Center Expert testRepository Command Injection Vulnerability(CVE-2021-22795) 4. threat[25519]:Advantech WebAccess HMI Designer PM3 NHTrendGraph Memory Corruption Vulnerability(CVE-2021-33004) update rules: 1. threat[30785]:D-Link DCS-2530L/DCS-2670L Information Disclosure Vulnerability(CVE-2020-25078) 2. threat[25511]:Autodesk FBX Review ZIP Directory Traversal Vulnerability(CVE-2021-27030) 3. threat[22722]:Apache Struts2 Remote Command Execution(S2-013) 4. app:FTPS Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-03-11 09:10:48

名称： eoi.unify.allrulepatch.ips.5.6.10.27156.rule	版本：5.6.10.27156
MD5：0f7d8ea5722305d9a677529ed4e11893	大小：26.95M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27156。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25515]:Blueimp jQuery-File-Upload 文件上传漏洞(CVE-2018-9206) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27156. This package include changed rules: new rules: 1. threat[25515]:Blueimp jQuery-File-Upload File Upload Vulnerability(CVE-2018-9206) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-03-03 17:11:45

名称： eoi.unify.allrulepatch.ips.5.6.10.27135.rule	版本：5.6.10.27135
MD5：bb4a5ff44115cbfb244d383f843b6e05	大小：26.93M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27135。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25508]:Samba vfs_fruit越界读写漏洞(CVE-2021-44142) 2. 攻击[25509]:向日葵远程代码执行漏洞 3. 攻击[41883]:恶意软件T-Rex挖矿活动 4. 攻击[25510]:Fortinet FortiWeb SAML Server Configuration命令注入漏洞(CVE-2021-22123) 5. 攻击[30785]:D-Link DCS-2530L/DCS-2670L信息泄露漏洞(CVE-2020-25078) 6. 攻击[25511]:Autodesk FBX Review ZIP目录遍历漏洞(CVE-2021-27030) 7. 攻击[25512]:Sonatype Nexus Repository Manager跨站脚本漏洞(CVE-2021-37152) 8. 攻击[25513]:NETGEAR JGS516PE远程代码执行漏洞(CVE-2020-26919) 9. 应用:udt 10. 应用:ovation 11. 应用:moxa-nport 12. 应用:gbt-32960 13. 应用:jt905 14. 应用:tridium-niagara-fox 15. 应用:jt809 16. 应用:doip 17. 应用:ddp 18. 应用:foxboro 19. 应用:atg 20. 应用:ansi-c1222 更新规则: 1. 攻击[25289]:SonarQube api 信息泄露漏洞(CVE-2020-27986) 2. 应用:afp 3. 应用:amqp 4. 应用:cip 5. 应用:dhcp 6. 应用:edp 7. 应用:egd 8. 应用:iecmms 9. 应用:ike 10. 应用:imap 11. 应用:ipsec-esp-udp 12. 应用:jabber 13. 应用:jt808 14. 应用:l2tp 15. 应用:nfs 16. 应用:ntp 17. 应用:omron_fins 18. 应用:open-vpn 19. 应用:pop3 20. 应用:pptp 21. 应用:radius 22. 应用:rtcp 23. 应用:rtmp 24. 应用:rtp 25. 应用:smtp 26. 应用:snmp 27. 应用:socks 28. 应用:ssdp 29. 应用:tftp 30. 应用:xdmcp 31. 应用:xmpp 32. 应用:synchrophasor 33. 应用:iec104 34. 应用:smtps 35. 应用:dicom 36. 应用:ATG 37. 应用:modbus 38. 应用:rpc 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27135. This package include changed rules: new rules: 1. threat[25508]:Samba vfs_fruit Module ADEID_FINDERI Handling Out-Of-Bounds Read and Write Vulnerability(CVE-2021-44142) 2. threat[25509]:Sunlogin Remote Code Execution Vulnerability 3. threat[41883]:Malware T-Rex Mining Activities 4. threat[25510]:Fortinet FortiWeb SAML Server Configuration Command Injection Vulnerability(CVE-2021-22123) 5. threat[30785]:D-Link DCS-2530L/DCS-2670L Information Disclosure Vulnerability(CVE-2020-25078) 6. threat[25511]:Autodesk FBX Review ZIP Directory Traversal Vulnerability(CVE-2021-27030) 7. threat[25512]:Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability(CVE-2021-37152) 8. threat[25513]:NETGEAR JGS516PE Remote Code Execution Vulnerability(CVE-2020-26919) 9. app:udt 10. app:ovation 11. app:moxa-nport 12. app:gbt-32960 13. app:jt905 14. app:tridium-niagara-fox 15. app:jt809 16. app:doip 17. app:ddp 18. app:foxboro 19. app:atg 20. app:ansi-c1222 update rules: 1. threat[25289]:SonarQube api Information Disclosure Vulnerability(CVE-2020-27986) 2. app:afp 3. app:amqp 4. app:cip 5. app:dhcp 6. app:edp 7. app:egd 8. app:iecmms 9. app:ike 10. app:imap 11. app:ipsec-esp-udp 12. app:jabber 13. app:jt808 14. app:l2tp 15. app:nfs 16. app:ntp 17. app:omron_fins 18. app:open-vpn 19. app:pop3 20. app:pptp 21. app:radius 22. app:rtcp 23. app:rtmp 24. app:rtp 25. app:smtp 26. app:snmp 27. app:socks 28. app:ssdp 29. app:tftp 30. app:xdmcp 31. app:xmpp 32. app:synchrophasor 33. app:iec104 34. app:smtps 35. app:dicom 36. app:ATG 37. app:modbus 38. app:rpc Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-02-25 01:00:37

名称： eoi.unify.allrulepatch.ips.5.6.10.27090.rule	版本：5.6.10.27090
MD5：3a051d58dd062a86bd6254331e4d44bb	大小：26.89M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27090。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41881]:Lanproxy内网穿透工具通信 2. 攻击[41882]:reDuh http隧道内网代理连接 3. 攻击[25502]:MeterSphere任意文件读取漏洞(CVE-2021-45789) 4. 攻击[25503]:MeterSphere任意文件上传漏洞(CVE-2021-45790) 5. 攻击[25504]:phpKF CMS 3.00 Beta y6远程代码执行漏洞 6. 攻击[25505]:Delta Industrial Automation DIAEnergie HandlerEnergyType.aspx SQL注入漏洞(CVE-2021-38390) 7. 攻击[25506]:Advantech WebAccess HMI Designer 堆缓冲区溢出漏洞(CVE-2021-33000) 8. 攻击[50619]:PHP Xdebug远程调试 9. 攻击[25507]:Terramaster TOS 命令注入漏洞(CVE-2020-28188) 更新规则: 1.攻击[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL注入漏洞(CVE-2021-38393) 2. 攻击[23875]:IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385) 3. 攻击[41710]:Linux系统Shell反向连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27090. This package include changed rules: new rules: 1. threat[41881]:Lanproxy Intranet Penetration Tool Communication 2. threat[41882]:reDuh http tunnel proxy connection 3. threat[25502]:MeterSphere Arbitrary File Read Vulnerability(CVE-2021-45789) 4. threat[25503]:MeterSphere Arbitrary File Upload Vulnerability(CVE-2021-45790) 5. threat[25504]:phpKF CMS 3.00 Beta y6 Remote Code Execution Vulnerability 6. threat[25505]:Delta Industrial Automation DIAEnergie HandlerEnergyType.aspx SQL Injection Vulnerability(CVE-2021-38390) 7. threat[25506]:Advantech WebAccess HMI Designer Heap Buffer Overflow Vulnerability(CVE-2021-33000) 8. threat[50619]:PHP Xdebug Remote Debug 9. threat[25507]:Terramaster TOS Command Injection Vulnerability(CVE-2020-28188) update rules: 1. threat[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL Injection(CVE-2021-38393) 2. threat[23875]:IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385) 3. threat[41710]:Linux Shell Reverse Connect Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-02-18 09:59:26

名称： eoi.unify.allrulepatch.ips.5.6.10.27049.rule	版本：5.6.10.27049
MD5：3a4dbf41ca06230bb2df7803b7abaa8f	大小：26.86M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27049。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25499]:SearchBlox 任意文件读取漏洞 (CVE-2020-35580) 2. 攻击[25500]:Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL注入漏洞(CVE-2021-37558) 3. 攻击[25501]:Delta Industrial Automation DIAEnergie 任意文件上传漏洞(CVE-2021-32955) 更新规则: 1. 攻击[24582]:Jenkins FileParameterValue目录遍历漏洞(CVE-2019-10352) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27049. This package include changed rules: new rules: 1. threat[25499]:SearchBlox Arbitrary File Read Vulnerability (CVE-2020-35580) 2. threat[25500]:Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL Injection Vulnerability(CVE-2021-37558) 3. threat[25501]:Delta Industrial Automation DIAEnergie Arbitrary File Upload Vulnerability(CVE-2021-32955) update rules: 1. threat[24582]:Jenkins FileParameterValue Directory Traversal Vulnerability(CVE-2019-10352) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-02-11 13:07:23

名称： eoi.unify.allrulepatch.ips.5.6.10.27026.rule	版本：5.6.10.27026
MD5：0132e1d9faba18a6b85901c9d493abb4	大小：26.86M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27026。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41880]:Venom代理工具连接建立 2. 攻击[25497]:Microsoft Azure OMI认证绕过漏洞(CVE-2021-38647) 3. 攻击[25498]:D-Link DNS-320 命令注入漏洞 (CVE-2020-25506) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27026. This package include changed rules: new rules: 1. threat[41880]:Venom proxy tool connection establishment 2. threat[25497]:Microsoft Azure Open Management Infrastructure Authentication Bypass Vulnerability(CVE-2021-38647) 3. threat[25498]:D-Link DNS-320 Command Injection Vulnerability (CVE-2020-25506) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-02-03 20:05:18

名称： eoi.unify.allrulepatch.ips.5.6.10.27013.rule	版本：5.6.10.27013
MD5：adb868ee106a7edc37ce273bddd26f2f	大小：26.85M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.27013。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25494]:Yealink Device Management 命令注入漏洞(CVE-2021-27561) 2. 攻击[25495]:用友NC6.5任意文件上传漏洞 3. 攻击[41879]:OneForAll资产收集工具子域名扫描 4. 攻击[41878]:恶意软件Windows/Aspxor_general网络通信 5. 攻击[25496]:WordPress Query SQL注入漏洞(CVE-2022-21661) 更新规则: 1. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085) 2. 攻击[49009]:可疑僵尸网络通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27013. This package include changed rules: new rules: 1. threat[25494]:Yealink Device Management Command Injection Vulnerability(CVE-2021-27561) 2. threat[25495]:Yonyou NC6.5 Arbitrary File Upload Vulnerability 3. threat[41879]:OneForAll Asset Collection Tool Scanning Subdomains 4. threat[41878]:Malware Windows/Aspxor_general Network Communication 5. threat[25496]:WordPress Query SQL Injection Vulnerability(CVE-2022-21661) update rules: 1. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085) 2. threat[49009]:Suspicious Botnet Communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-01-27 18:45:17

名称： eoi.unify.allrulepatch.ips.5.6.10.26975.rule	版本：5.6.10.26975
MD5：8dca39e0d20d58eee29a68df6aba7cb9	大小：26.85M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26975。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41876]:恶意软件Windows/Trojan.BlackRev_general网络通信 2. 攻击[41875]:恶意软件Windows/BotnetKernel.BlackEnergy_o网络通信 3. 攻击[50617]:协议隧道工具splitBrain连接 4. 攻击[50618]:内网隧道工具Privotnacci连接 5. 攻击[41877]:恶意软件Windows/Fakocan_a网络通信 6. 攻击[25493]:Windows HTTP协议栈远程代码执行漏洞(CVE-2022-21907) 更新规则: 1. 攻击[50616]:DNS隧道通信建立SSH连接 2. 攻击[49009]:可疑僵尸网络通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26975. This package include changed rules: new rules: 1. threat[41876]:Malware Windows/Trojan.BlackRev_general Network Communication 2. threat[41875]:Malware Windows/BotnetKernel.BlackEnergy_o Network Communication 3. threat[50617]:Protocol Tunnel Tool splitBrain Connect 4. threat[50618]:Intranet tunneling tool Privotnacci connection 5. threat[41877]:Malware Windows/Fakocan_a Network Communication 6. threat[25493]:HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2022-21907) update rules: 1. threat[50616]:DNS tunnel communication is established through SSH connection 2. threat[49009]:Suspicious Botnet Communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-01-20 17:29:14

名称： eoi.unify.allrulepatch.ips.5.6.10.26941.rule	版本：5.6.10.26941
MD5：d7987189e98a7c720cc185bc2850ad99	大小：26.84M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26941。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25490]:go-http-tunnel隧道工具通信 2. 攻击[50616]:DNS隧道通信建立SSH连接 3. 攻击[25491]:MeterSphere远程代码执行漏洞 4. 攻击[41870]:恶意软件LifeCalendarWorm挖矿程序连接DNS服务器 5. 攻击[41873]:恶意软件Windows/Rukap_o网络通信 6. 攻击[41872]:恶意软件Windows/Prometei_o网络通信 7. 攻击[41871]:恶意软件Linux/Momentum_a网络通信 8. 攻击[25492]:Genexis Platinum 4410 远程代码执行漏洞 (CVE-2021-29003) 9. 攻击[41874]:firepass代理连接建立更新规则: 1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26941. This package include changed rules: new rules: 1. threat[25490]:go-http-tunnel Tunnel Communication 2. threat[50616]:DNS tunnel communication is established through SSH connection 3. threat[25491]:MeterSphere Remote Code Execution Vulnerability 4. threat[41870]:The Malware LifeCalendarWorm Mining Program Connects To DNS Server 5. threat[41873]:Malware Windows/Rukap_o Network Communication 6. threat[41872]:Malware Windows/Prometei_o Network Communication 7. threat[41871]:Malware Linux/Momentum_a Network Communication 8. threat[25492]:Genexis Platinum 4410 Remote Code Execution Vulnerability (CVE-2021-29003) 9. threat[41874]:Firepass proxy connection establishment update rules: 1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-01-14 16:56:00

名称： eoi.unify.allrulepatch.ips.5.6.10.26897.rule	版本：5.6.10.26897
MD5：d6f6e57aa64f0975337966d02dbc4fde	大小：26.83M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26897。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25488]:Netgear NETGEAR 命令注入漏洞(CVE-2021-33514) 2. 攻击[25489]:Apache httpd mod_proxy Unix Socket 服务器端请求伪造漏洞 (CVE-2021-40438) 3. 应用:TRDP 更新规则: 1. 应用:opcua 2. 应用:sip 3. 应用:mqtt 4. 应用:rssp 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26897. This package include changed rules: new rules: 1. threat[25488]:Netgear NETGEAR Command Injection Vulnerability(CVE-2021-33514) 2. threat[25489]:Apache httpd mod_proxy Unix Socket Server-Side Request Forgery Vulnerability (CVE-2021-40438) 3. app:TRDP update rules: 1. app:opcua 2. app:sip 3. app:mqtt 4. app:rssp Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2022-01-07 09:08:03

名称： eoi.unify.allrulepatch.ips.5.6.10.26861.rule	版本：5.6.10.26861
MD5：bf343514c182d5dc7161a0f541f768d6	大小：26.82M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26861。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25485]:Persistent Systems Radia Client Automation命令执行漏洞(CVE-2015-1497) 2. 攻击[25487]:IBM Tivoli Storage Manager FastBack Server Opcode命令注入漏洞(CVE-2015-1949) 3. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085) 4. 应用:Yaskawa Robot 5. 应用:beckhoff_ads 6. 应用:codesys2 7. 应用:ANKONG500 8. 应用:Fanuc-CNC 9. 应用:vertx-edge 10. 应用:GIOP 更新规则: 1. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞 2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名 3. 应用:MODBUS 4. 应用:UMAS 5. 应用:MELSECQ 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26861. This package include changed rules: new rules: 1. threat[25485]:Persistent Systems Radia Client Automation Command Execution Vulnerability(CVE-2015-1497) 2. threat[25487]:IBM Tivoli Storage Manager FastBack Server Opcode Command Injection Vulnerability(CVE-2015-1949) 3. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085) 4. app:Yaskawa Robot 5. app:beckhoff_ads 6. app:codesys2 7. app:ANKONG500 8. app:Fanuc-CNC 9. app:vertx-edge 10. app:GIOP update rules: 1. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability 2. threat[49014]:Mining program query DNS mine pool server domain name 3. app:MODBUS 4. app:UMAS 5. app:MELSECQ Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-30 17:45:35

名称： eoi.unify.allrulepatch.ips.5.6.10.26805.rule	版本：5.6.10.26805
MD5：ff27479d575a9426e279dfea400786a1	大小：26.80M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26805。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25479]:Adobe Acrobat and Acrobat Reader DC AcroForm Field Format Action释放后重用漏洞(CVE-2021-39840) 2. 攻击[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL注入漏洞(CVE-2021-38393) 3. 攻击[25481]:Adobe Acrobat and Acrobat Reader DC AcroForm buttonGetCaption释放后重用漏洞(CVE-2021-39838) 4. 攻击[25482]:GitLab Community and Enterprise Edition Branch Name 跨站脚本漏洞(CVE-2021-22241) 5. 攻击[25483]:HAProxy HTTP 头处理整数溢出漏洞(CVE-2021-40346) 6. 攻击[25484]:Grafana跨站脚本漏洞(CVE-2021-41174) 7. 攻击[41868]:恶意软件windows/ZeuS.ZbotCQJ_a僵尸网络通信更新规则: 1. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26805. This package include changed rules: new rules: 1. threat[25479]:Adobe Acrobat and Acrobat Reader DC AcroForm Field Format Action Use After Free Vulnerability(CVE-2021-39840) 2. threat[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL Injection(CVE-2021-38393) 3. threat[25481]:Adobe Acrobat and Acrobat Reader DC AcroForm buttonGetCaption Use After Free Vulnerability(CVE-2021-39838) 4. threat[25482]:GitLab Community and Enterprise Edition Branch Name Stored Cross-Site Scripting Vulnerability(CVE-2021-22241) 5. threat[25483]:HAProxy HTTP Header Handling Integer Overflow Vulnerability(CVE-2021-40346) 6. threat[25484]:Grafana Labs Grafana Cross-Site Scripting Vulnerability(CVE-2021-41174) 7. threat[41868]:Malware windows/ZeuS.ZbotCQJ_a Botnet Communication update rules: 1. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-23 17:06:58

名称： eoi.unify.allrulepatch.ips.5.6.10.26749.rule	版本：5.6.10.26749
MD5：c35cab9668b9ec9e2d774b4f9f9a2c8e	大小：26.78M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26749。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41867]:冰蝎 3.0 beta 9 Webshell 连接(PHP) 2. 攻击[25477]:WordPress LearnPress Plugin存储型跨站脚本漏洞(CVE-2021-39348) 3. 攻击[41866]:恶意软件Trojan.MSIL.Antiresys.A僵尸网络上线通信 4. 应用:ADB 更新规则: 1. 攻击[49014]:挖矿程序查询DNS矿池服务器域名 2. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013) 3. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26749. This package include changed rules: new rules: 1. threat[41867]:Behinder 3.0 beta 9 Webshell Connect(PHP) 2. threat[25477]:WordPress LearnPress Plugin Profile Settings Stored Cross-Site Scripting Vulnerability(CVE-2021-39348) 3. threat[41866]:Malware Trojan.MSIL.Antiresys.A Botnet Network Communication 4. app:ADB update rules: 1. threat[49014]:Mining program query DNS mine pool server domain name 2. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013) 3. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-16 17:59:08

名称： eoi.unify.allrulepatch.ips.5.6.10.26706.rule	版本：5.6.10.26706
MD5：36f198e1f17a48ed485b7843e6e84b48	大小：26.77M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26706。该升级包新增/改进的规则有: 更新规则: 1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26706. This package include changed rules: update rules: 1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-11 00:29:01

名称： eoi.unify.allrulepatch.ips.5.6.10.26697.rule	版本：5.6.10.26697
MD5：070c0efbadf29692f3ad157d7f25d79b	大小：26.78M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26697。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26697. This package include changed rules: new rules: 1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-10 04:36:45

名称： eoi.unify.allrulepatch.ips.5.6.10.26681.rule	版本：5.6.10.26681
MD5：16fa86765e7e410862e36a6e8941177f	大小：26.78M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26681。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25471]:VMware vCenter Server目录遍历漏洞 (CVE-2021-22013) 2. 攻击[25472]:VMware vCenter Server服务器端请求伪造(SSRF)漏洞(CVE-2021-21993) 3. 攻击[41864]:恶意软件Trojan.Linux.Orbiteibot.A僵尸网络上线通信 4. 攻击[41865]:恶意软件Trojan.MSIL.Ratblamik.A僵尸网络上线通信 5. 攻击[25473]:泛微e-office 9任意文件上传漏洞 6. 攻击[25474]:Centreon componentTemplates.php SQL注入漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26681. This package include changed rules: new rules: 1. threat[25471]:VMware vCenter Server Directory Traversal Vulnerability (CVE-2021-22013) 2. threat[25472]:VMware vCenter Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-21993) 3. threat[41864]:Malware Trojan.Linux.Orbiteibot.A Botnet Network Communication 4. threat[41865]:Malware Trojan.MSIL.Ratblamik.A Botnet Network Communication 5. threat[25473]:Weaver e-office 9 Arbitrary File Upload Vulnerability 6. threat[25474]:Centreon componentTemplates.php SQL Injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-09 17:25:16

名称： eoi.unify.allrulepatch.ips.5.6.10.26660.rule	版本：5.6.10.26660
MD5：cda0d0e442d293063d65d6a2f3a63d9c	大小：26.77M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26660。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41848]:Earthworm内网穿透工具SSH/Telnet通信 2. 攻击[41859]:恶意软件“匿影”挖矿程序DNS请求连接 3. 攻击[41860]:恶意软件ThanatosMiner挖矿程序DNS请求连接 4. 攻击[41849]:恶意软件MrbMiner挖矿程序DNS请求连接 5. 攻击[41850]:恶意软件Mykings挖矿程序DNS请求连接 6. 攻击[41852]:恶意软件Prometei挖矿程序DNS请求连接 7. 攻击[41853]:恶意软件TeamTNT挖矿程序DNS请求连接 8. 攻击[41851]:恶意软件z0Miner挖矿程序连接DNS服务器 9. 攻击[41854]:恶意软件Cleanfda挖矿程序连接DNS服务器 10. 攻击[41855]:Freakout挖矿程序连接DNS服务器 11. 攻击[41857]:恶意软件GuardMiner挖矿程序连接DNS服务器 12. 攻击[41858]:恶意软件LoggerMiner挖矿程序连接DNS服务器 13. 攻击[41861]:恶意程序DemonBot僵尸网络上线通信 14. 攻击[25470]:恶意挖矿程序ETHMiner获取挖矿任务 15. 攻击[41863]:恶意挖矿程序ETHMiner提交挖矿任务更新规则: 1. 攻击[49040]:驱动人生下载器木马恶意域名DNS查询注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26660. This package include changed rules: new rules: 1. threat[41848]:Earthworm Intranet Penetration Tool SSH/Telnet Communication 2. threat[41859]:Malware Blackout Mining Program DNS Request Connection 3. threat[41860]:Malware ThanatosMiner Mining Program DNS Request Connection 4. threat[41849]:Malware MrbMiner Mining Program DNS Request Connection 5. threat[41850]:Malware Mykings Mining Program DNS Request Connection 6. threat[41852]:Malware Prometei Mining Program DNS Request Connection 7. threat[41853]:Malware TeamTNT Mining Program DNS Request Connection 8. threat[41851]:Malware z0Miner mining program connects to DNS server 9. threat[41854]:Malware Cleanfda mining program connects to DNS server 10. threat[41855]:Freakout mining program connects to DNS server 11. threat[41857]:Malware GuardMiner mining program connects to DNS server 12. threat[41858]:Malware LoggerMiner mining program connects to DNS server 13. threat[41861]:Malware DemonBot Botnet Network Communication 14. threat[25470]:Malware Mining ETHMiner Obtains Mining Tasks 15. threat[41863]:Malware Mining ETHMiner Submits Mining Task update rules: 1. threat[49040]:Driver Talent Downloader Trojan Malicious Domain Name Query Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-12-03 17:40:41

名称： eoi.unify.allrulepatch.ips.5.6.10.26613.rule	版本：5.6.10.26613
MD5：cfd2278f91facdf673b689b706923038	大小：26.75M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26613。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25463]:Hikvision Web Server 命令注入漏洞(CVE-2021-36260) 2. 攻击[25465]:Cisco UCS Director AMF 外部实体注入漏洞 3. 攻击[25464]:天擎终端安全管理系统SQL注入漏洞 4. 攻击[30783]:Schneider Electric C-Bus Toolkit PROJECT RESTORE信息泄露漏洞(CVE-2021-22720) 5. 攻击[25466]:Apache Druid LoadData 任意文件读取漏洞(CVE-2021-36749) 更新规则: 1. 攻击[23853]:Microsoft Edge Remote内存破坏漏洞(CVE-2016-3294) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26613. This package include changed rules: new rules: 1. threat[25463]:Hikvision Web Server Command Injection Vulnerability(CVE-2021-36260) 2. threat[25465]:Cisco UCS Director AMF External Entity Injection Vulnerability 3. threat[25464]:Tianqing Terminal Security Management System SQL Injection Vulnerability 4. threat[30783]:Schneider Electric C-Bus Toolkit PROJECT RESTORE Information Disclosure Vulnerability(CVE-2021-22720) 5. threat[25466]:Apache Druid LoadData Arbitrary File Read Vulnerability (CVE-2021-36749) update rules: 1. threat[23853]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-3294) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-11-26 15:45:37

名称： eoi.unify.allrulepatch.ips.5.6.10.26553.rule	版本：5.6.10.26553
MD5：fde4f9484de0995799113e10f0ee401f	大小：26.74M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26553。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25458]:AndroRAT隧道工具通信 2. 攻击[25459]:Microsoft Edge 内存破坏漏洞(CVE-2016-3386) 3. 攻击[25460]:Edge浏览器Chakra引擎prototype_concat类型混乱漏洞(CVE-2016-7242) 4. 攻击[25461]:Microsoft Edge Browser Chakra Engine Array.join 类型混乱漏洞(CVE-2016-7189) 5. 攻击[25462]:Microsoft Excel安全特征绕过漏洞(CVE-2021-42292) 更新规则: 1. 攻击[25403]:Jenkins Generic Webhook Trigger 插件外部实体注入漏洞(CVE-2021-21669) 2. 攻击[23961]:Microsoft Internet Explorer/Edge远程内存破坏漏洞(CVE-2016-3382)(MS16-118) 3. 攻击[49014]:挖矿程序查询DNS矿池服务器域名 4. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989) 5. 应用:Stratum Mining Protocol 6. 应用:MELSEC-Q 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26553. This package include changed rules: new rules: 1. threat[25458]:AndroRAT Tunnel Communication 2. threat[25459]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3386) 3. threat[25460]:Edge_Chakra__array_prototype_concat_Type_Confusion Vulnerability(CVE-2016-7242) 4. threat[25461]:Microsoft Edge Browser Chakra Engine Array.join Type Confusion(CVE-2016-7189) 5. threat[25462]:Microsoft Excel Security Feature Bypass Vulnerability(CVE-2021-42292) update rules: 1. threat[25403]:Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability(CVE-2021-21669) 2. threat[23961]:Microsoft Internet Explorer/Edge Remote Memory Corruption Vulnerability(CVE-2016-3382)(MS16-118) 3. threat[49014]:Mining program query DNS mine pool server domain name 4. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989) 5. app:Stratum Mining Protocol 6. app:MELSEC-Q Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-11-19 13:40:14

名称： eoi.unify.allrulepatch.ips.5.6.10.26523.rule	版本：5.6.10.26523
MD5：c941f7f359a6dc1111596ced4f7ba7d9	大小：26.72M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26523。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25455]:Dell EMC VMAX目录遍历漏洞(CVE-2018-1215) 2. 攻击[30782]:Microsoft Internet Explorer和Edge信息泄露漏洞(CVE-2016-7195) 3. 攻击[25457]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7283) (MS16-144) 4. 攻击[25446]:Nagios XI Bulk Modification Tool bulkmodifications.inc.php SQL注入漏洞(CVE-2021-37350) 更新规则: 1. 攻击[25105]:Apache SkyWalking GraphQL 协议 SQL注入漏洞(CVE-2020-9483) 2. 攻击[22796]:Apache Struts远程代码执行漏洞 (CVE-2013-2251) 3. 攻击[23991]:Fastjson远程代码执行漏洞 4. 攻击[23904]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7201)(MS16-129) 5. 攻击[23875]:IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385) 6. 攻击[23888]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7190)(MS16-119) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26523. This package include changed rules: new rules: 1. threat[25455]:Dell EMC VMAX Directory Traversal Vulnerability(CVE-2018-1215) 2. threat[30782]:Microsoft Internet Explorer and Edge Information Disclosure Vulnerability(CVE-2016-7195) 3. threat[25457]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-7283) (MS16-144) 4. threat[25446]:Nagios XI Bulk Modification Tool bulkmodifications.inc.php SQL Injection Vulnerability(CVE-2021-37350) update rules: 1. threat[25105]:Apache SkyWalking GraphQL Protocol SQL Injection Vulnerability(CVE-2020-9483) 2. threat[22796]:Apache Struts Remote Code Execution(CVE-2013-2251) 3. threat[23991]:Fastjson Remote Code Execution Vulnerability 4. threat[23904]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7201)(MS16-129) 5. threat[23875]:IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385) 6. threat[23888]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7190)(MS16-119) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-11-12 09:22:18

名称： eoi.unify.allrulepatch.ips.5.6.10.26476.rule	版本：5.6.10.26476
MD5：d5d26d64d0950594350c4d027b2b65b7	大小：26.72M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26476。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25450]:GitLab远程命令执行漏洞(CVE-2021-22205) 2. 攻击[25451]:Adobe Acrobat DC SMask越界写漏洞(CVE-2021-39843) 3. 攻击[25452]:Delta Industrial Automation DIAEnergie Handler_CFG.aspx SQL注入漏洞(CVE-2021-32983) 4. 攻击[25453]:Quest NetVault Backup 认证绕过漏洞(CVE-2018-1163) 5. 攻击[25454]:Google Golang Get命令注入漏洞(CVE-2018-7187) 更新规则: 1. 攻击[41473]:HTTP/2 HEADERS和CONTINUATION帧连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26476. This package include changed rules: new rules: 1. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205) 2. threat[25451]:Adobe Acrobat DC SMask Out of Bounds Write Vulnerability(CVE-2021-39843) 3. threat[25452]:Delta Industrial Automation DIAEnergie Handler_CFG.aspx SQL Injection Vulnerability(CVE-2021-32983) 4. threat[25453]:Quest NetVault Backup Authentication Bypass Vulnerability(CVE-2018-1163) 5. threat[25454]:Google Golang Get Command Injection Vulnerability(CVE-2018-7187) update rules: 1. threat[41473]:HTTP/2 HEADERS and CONTINUATION connection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-11-05 10:14:29

名称： eoi.unify.allrulepatch.ips.5.6.10.26440.rule	版本：5.6.10.26440
MD5：46bcbf64e6df781ac4f7599ed628266d	大小：26.72M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26440。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25443]:Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-40487) 2. 攻击[25444]:Flarum存储型跨站脚本漏洞(CVE-2021-32671) 3. 攻击[25445]:Flarum反射型跨站脚本漏洞(CVE-2021-32671) 4. 攻击[25447]:Nagios XI Manage My Dashboards Page存储型跨站脚本漏洞(CVE-2021-38156) 5. 攻击[25448]:Advantech R-SeeNet 反射型跨站脚本漏洞(CVE-2021-21799) 6. 攻击[25449]:XXL-JOB（REST接口）未授权远程执行漏洞更新规则: 1. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148) 2. 攻击[25442]:Schneider Electric C-Bus Toolkit 文件上传漏洞(CVE-2021-22719) 3. 应用:MODBUS 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26440. This package include changed rules: new rules: 1. threat[25443]:Microsoft SharePoint Server Remote Code Execution Vulnerability(CVE-2021-40487) 2. threat[25444]:Flarum Stored Core Cross-Site Scripting Vulnerability(CVE-2021-32671) 3. threat[25445]:Flarum Reflected Core Cross-Site Scripting Vulnerability(CVE-2021-32671) 4. threat[25447]:Nagios XI Manage My Dashboards Page Stored Cross-Site Scripting Vulnerability(CVE-2021-38156) 5. threat[25448]:Advantech R-SeeNet Reflected Cross-Site Scripting Vulnerability(CVE-2021-21799) 6. threat[25449]:XXL-JOB (REST API) Unauthorized Remote Code Execution Vulnerability update rules: 1. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148) 2. threat[25442]:Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Vulnerability(CVE-2021-22719) 3. app:MODBUS Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-10-29 09:31:15

名称： eoi.unify.allrulepatch.ips.5.6.10.26408.rule	版本：5.6.10.26408
MD5：22aefd96c7d18a80b64915ee4733fd9a	大小：26.70M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26408。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013) 2. 攻击[25436]:Adobe Acrobat Reader DC EScript.api Thermometer Object释放后重用漏洞(CVE-2021-28640) 3. 攻击[25437]:WordPress Automattic WooCommerce Blocks插件SQL注入漏洞(CVE-2021-32789) 4. 攻击[25438]:Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS释放后重用漏洞(CVE-2021-28639) 5. 攻击[25439]:Eaton IPM removeBackground任意文件删除漏洞(CVE-2021-23278) 6. 攻击[25440]:Eaton IPM removeFirmware任意文件删除漏洞(CVE-2021-23278) 7. 攻击[25441]:Schneider Electric C-Bus Toolkit 目录遍历漏洞(CVE-2021-22717) 8. 攻击[25442]:Schneider Electric C-Bus Toolkit 文件上传漏洞(CVE-2021-22719) 更新规则: 1. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704) 2. 攻击[10139]:Linux Kernel SNMP NAT Helper远程拒绝服务攻击注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26408. This package include changed rules: new rules: 1. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013) 2. threat[25436]:Adobe Acrobat Reader DC EScript.api Thermometer Object Use After Free Vulnerability(CVE-2021-28640) 3. threat[25437]:WordPress Automattic WooCommerce Blocks Plugin SQL Injection Vulnerability(CVE-2021-32789) 4. threat[25438]:Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS Use After Free Vulnerability(CVE-2021-28639) 5. threat[25439]:Eaton IPM removeBackground Arbitrary File Deletion Vulnerability(CVE-2021-23278) 6. threat[25440]:Eaton IPM removeFirmware Arbitrary File Deletion Vulnerability(CVE-2021-23278) 7. threat[25441]:Schneider Electric C-Bus Toolkit ACCESS SAVE Command Directory Traversal Vulnerability(CVE-2021-22717) 8. threat[25442]:Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Vulnerability(CVE-2021-22719) update rules: 1. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704) 2. threat[10139]:Linux Kernel SNMP NAT Helper Remote Denial of Service Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-10-22 09:10:55

名称： eoi.unify.allrulepatch.ips.5.6.10.26362.rule	版本：5.6.10.26362
MD5：241d68ee63b31ef36c8bf416db2f2c23	大小：26.67M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26362。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25428]:Microsoft Windows Print Spooler远程代码执行漏洞(CVE-2021-34527) 2. 攻击[25429]:Nagios XI Switch Wizard Switch.inc.php命令注入漏洞(CVE-2021-37344) 3. 攻击[25430]:Netgear ProSAFE NMS300 MibController realName 目录遍历漏洞(CVE-2021-27276) 4. 攻击[25431]:Oracle Business Intelligence AMF反序列化漏洞(CVE-2021-2456) 5. 攻击[30780]:Oracle Business Intelligence XML外部实体注入漏洞(CVE-2021-2401) 6. 攻击[25432]:Atlassian JIRA Data Center不安全反序列化漏洞(CVE-2020-36239) 7. 攻击[25433]:Nagios Log Server Audit Log And Alert History 反射型跨站脚本漏洞(CVE-2021-35478) 更新规则: 1. 攻击[50593]:Redis认证失败 2. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704) 3. 攻击[25427]:Advantech R-SeeNet跨站脚本漏洞(CVE-2021-21800) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26362. This package include changed rules: new rules: 1. threat[25428]:Microsoft Windows Print Spooler Code Execution Vulnerability(CVE-2021-34527) 2. threat[25429]:Nagios XI Switch Wizard Switch.inc.php Command Injection Vulnerability(CVE-2021-37344) 3. threat[25430]:Netgear ProSAFE NMS300 MibController realName Directory Traversal Vulnerability(CVE-2021-27276) 4. threat[25431]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization Vulnerability(CVE-2021-2456) 5. threat[30780]:Oracle Business Intelligence Publisher XDO XML External Entity Injection Vulnerability(CVE-2021-2401) 6. threat[25432]:Atlassian JIRA Data Center Insecure Deserialization Vulnerability(CVE-2020-36239) 7. threat[25433]:Nagios Log Server Audit Log And Alert History Reflected Cross-Site Scripting Vulnerability(CVE-2021-35478) update rules: 1. threat[50593]:Redis Authenticated Failed 2. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704) 3. threat[25427]:Advantech R-SeeNet Cross-Site Scripting Vulnerability(CVE-2021-21800) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-10-14 19:10:38

名称： eoi.unify.allrulepatch.ips.5.6.10.26316.rule	版本：5.6.10.26316
MD5：4c18e4d8f6e54de26dce93a8fa2910a6	大小：26.67M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26316。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25426]:Advantech R-SeeNet 命令注入漏洞(CVE-2021-21805) 2. 攻击[25427]:Advantech R-SeeNet跨站脚本漏洞(CVE-2021-21800) 更新规则: 1. 攻击[25425]:Microsoft MSHTML 远程代码执行漏洞(CVE-2021-40444) 2. 攻击[25424]:Netgear ProSAFE NMS300命令注入漏洞(CVE-2021-27273) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26316. This package include changed rules: new rules: 1. threat[25426]:Advantech R-SeeNet Command Injection Vulnerability(CVE-2021-21805) 2. threat[25427]:Advantech R-SeeNet Cross-Site Scripting Vulnerability(CVE-2021-21800) update rules: 1. threat[25425]:Microsoft MSHTML Remote Code Execution Vulnerability(CVE-2021-40444) 2. threat[25424]:Netgear ProSAFE NMS300 Command Injection Vulnerability(CVE-2021-27273) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-10-08 10:12:50

名称： eoi.unify.allrulepatch.ips.5.6.10.26306.rule	版本：5.6.10.26306
MD5：07e8035dc72fe807ee43edca8e507d2a	大小：26.66M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26306。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25422]:Microsoft Visual Studio Code 扩展命令注入漏洞(CVE-2021-28472) 2. 攻击[25424]:Netgear ProSAFE NMS300命令注入漏洞(CVE-2021-27273) 3. 攻击[25423]:Adobe Acrobat and Acrobat Reader DC AcroForm addField释放后重用漏洞(CVE-2021-28635) 4. 攻击[25425]:Microsoft MSHTML 远程代码执行漏洞(CVE-2021-40444) 更新规则: 1. 攻击[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php系统命令注入漏洞(CVE-2021-25298) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26306. This package include changed rules: new rules: 1. threat[25422]:Microsoft Visual Studio Code Extension Command Injection Vulnerability(CVE-2021-28472) 2. threat[25424]:Netgear ProSAFE NMS300 Command Injection Vulnerability(CVE-2021-27273) 3. threat[25423]:Adobe Acrobat and Acrobat Reader DC AcroForm addField Use After Free Vulnerability(CVE-2021-28635) 4. threat[25425]:Microsoft MSHTML Remote Code Execution Vulnerability(CVE-2021-40444) update rules: 1. threat[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php OS Command Injection Vulnerability(CVE-2021-25298) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-09-30 16:17:44

名称： eoi.unify.allrulepatch.ips.5.6.10.26278.rule	版本：5.6.10.26278
MD5：e82ce9d41fd1a69f40a8e2b6a4d96104	大小：26.63M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26278。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25416]:phpMyAdmin跨站点请求伪造漏洞(CVE-2019-12922) 2. 攻击[25415]:Nginx越界读取缓存漏洞(CVE-2017-7529) 3. 攻击[25417]:Apache Struts OGNL 远程代码执行漏洞 4. 攻击[25418]:Python PIL/Pillow远程命令执行漏洞（Ghostscript）（CVE-2018-16509） 5. 攻击[25420]:phpMyAdmin lint.php本地文件包含漏洞(CVE-2018-12613) 6. 攻击[25419]:Advantech iView getPSInventoryInfo SQL注入漏洞(CVE-2021-32932) 7. 攻击[25421]:Advantech R-SeeNet device_graph_page.php跨站脚本漏洞(CVE-2021-21801) 更新规则: 1. 攻击[24497]:Python PIL 远程命令执行漏洞(CVE-2017-8291) 2. 攻击[24849]:通达OA任意文件上传漏洞 3. 攻击[24794]:通达OA任意文件包含漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26278. This package include changed rules: new rules: 1. threat[25416]:phpMyAdmin Cross Site Request Forgery Vulnerability(CVE-2019-12922) 2. threat[25415]:Nginx Out-of-bounds Read Cache Vulnerability(CVE-2017-7529) 3. threat[25417]:Apache Struts OGNL Remote Code Execution Vulnerability 4. threat[25418]:Python PIL/Pillow Remote Code Execution Vulnerability(Ghostscript)(CVE-2018-16509) 5. threat[25420]:phpMyAdmin lint.php Local File Inclusion Vulnerability(CVE-2018-12613) 6. threat[25419]:Advantech iView getPSInventoryInfo SQL Injection Vulnerability(CVE-2021-32932) 7. threat[25421]:Advantech R-SeeNet device_graph_page.php Cross-Site Scripting Vulnerability(CVE-2021-21801) update rules: 1. threat[24497]:Python PIL Remote Command Execution Vulnerability (CVE-2017-8291) 2. threat[24849]:TongDa OA arbitrary file upload vulnerability 3. threat[24794]:Tongda OA Arbitrary File Contains Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-09-23 18:36:42

名称： eoi.unify.allrulepatch.ips.5.6.10.26245.rule	版本：5.6.10.26245
MD5：686edf11d5d5d25289f9114500f5f568	大小：26.63M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26245。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25410]:Apache ActiveMQ 反序列化漏洞(CVE-2015-5254) 2. 攻击[25411]:Weblogic 二次序列化漏洞(CVE-2021-2135) 3. 攻击[25412]:Jenkins Extra Columns 插件存储型跨站脚本漏洞(CVE-2021-21630) 4. 攻击[25413]:Apache Tomcat Session远程代码执行漏洞（CVE-2020-9484） 5. 攻击[25414]:Jenkins Scriptler 插件存储型跨站点脚本漏洞(CVE-2021-21667) 6. 应用:达梦数据库更新规则: 1. 攻击[25409]:Zoho ManageEngine ServiceDesk Plus远程命令执行漏洞(CVE-2021-20081) 2. 攻击[41843]:Zgrab 扫描攻击探测 3. 攻击[25145]:Weblogic Server远程代码执行漏洞(CVE-2021-2109) 4. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26245. This package include changed rules: new rules: 1. threat[25410]:Apache ActiveMQ Deserialization Vulnerability (CVE-2015-5254) 2. threat[25411]:Weblogic Secondary Serialization Vulnerability(CVE-2021-2135) 3. threat[25412]:Jenkins Extra Columns Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21630) 4. threat[25413]:Apache Tomcat Session Remote Code Execution Vulnerability(CVE-2020-9484) 5. threat[25414]:Jenkins Scriptler Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21667) 6. app:add update rules: 1. threat[25409]:Zoho ManageEngine ServiceDesk Plus Custom Schedules Arbitrary Command Execution Vulnerability(CVE-2021-20081) 2. threat[41843]:Zgrab scan attack detection 3. threat[25145]:Weblogic Server Remote Code Execution Vulnerability(CVE-2021-2109) 4. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-09-16 17:19:42

名称： eoi.unify.allrulepatch.ips.5.6.10.26200.rule	版本：5.6.10.26200
MD5：a2d583e2c6bcac093b792b7e1760cf26	大小：26.62M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26200。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25404]:Zoho ManageEngine Applications Manager跨站脚本漏洞(CVE-2021-31813) 2. 攻击[41843]:Zgrab 扫描攻击探测 3. 攻击[25406]:Spring 框架反射型文件下载漏洞(CVE-2020-5421) 4. 攻击[25407]:Oracle Weblogic WLS组件远程代码执行漏洞（CVE-2018-3191） 5. 攻击[25408]:Oracle Weblogic远程代码执行漏洞（CVE-2018-3245） 6. 攻击[25409]:Zoho ManageEngine ServiceDesk Plus远程命令执行漏洞(CVE-2021-20081) 更新规则: 1. 攻击[24851]:Spring Security OAuth 远程代码执行漏洞(CVE-2016-4977) 2. 攻击[41842]:Mozi 僵尸网络通信 3. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989) 4. 攻击[23783]:nginx文件类型错误解析漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26200. This package include changed rules: new rules: 1. threat[25404]:Zoho ManageEngine Applications Manager UserConfigurationAction Cross-Site Scripting(CVE-2021-31813) 2. threat[41843]:Zgrab scan attack detection 3. threat[25406]:Spring Framework Reflective File Download Vulnerability(CVE-2020-5421) 4. threat[25407]:Oracle Weblogic WLS Core Components Remote Code Execution Vulnerability(CVE-2018-3191) 5. threat[25408]:Oracle Weblogic Remote Code Execution Vulnerability(CVE-2018-3245) 6. threat[25409]:Zoho ManageEngine ServiceDesk Plus Custom Schedules Arbitrary Command Execution Vulnerability(CVE-2021-20081) update rules: 1. threat[24851]:Spring Security OAuth remote code execution vulnerability (CVE-2016-4977) 2. threat[41842]:Mozi Botnet Communication 3. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989) 4. threat[23783]:nginx Incorrect File Type Parse Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-09-10 09:24:27

名称： eoi.unify.allrulepatch.ips.5.6.10.26154.rule	版本：5.6.10.26154
MD5：22d76111cc3e4452b6a08967f63c7deb	大小：26.61M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26154。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25400]:Jenkins Config File Provider 组件外部实体注入漏洞(CVE-2021-21642) 2. 攻击[25401]:SolarWinds Network Performance Monitor反序列化漏洞(CVE-2021-31474) 3. 攻击[25402]:Zoho ManageEngine ADSelfService Plus命令注入漏洞(CVE-2021-28958) 4. 攻击[25403]:Jenkins Generic Webhook Trigger 插件外部实体注入漏洞(CVE-2021-21669) 5. 攻击[25404]:Zoho ManageEngine Applications Manager跨站脚本漏洞(CVE-2021-31813) 6. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084) 7. 应用:OPC DA 8. 应用:OPC AE 更新规则: 1. 攻击[24276]:Apache HTTP Server远程安全限制绕过漏洞（CVE-2017-15715） 2. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26154. This package include changed rules: new rules: 1. threat[25400]:Jenkins Config File Provider Plugin External Entity Injection Vulnerability(CVE-2021-21642) 2. threat[25401]:SolarWinds Network Performance Monitor FromJson Insecure Deserialization(CVE-2021-31474) 3. threat[25402]:Zoho ManageEngine ADSelfService Plus Password Command Injection(CVE-2021-28958) 4. threat[25403]:Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability(CVE-2021-21669) 5. threat[25404]:Zoho ManageEngine Applications Manager UserConfigurationAction Cross-Site Scripting(CVE-2021-31813) 6. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084) 7. app:OPC DA 8. app:OPC AE update rules: 1. threat[24276]:Apache HTTP Server Remote Security Limit Bypass Vulnerability (CVE-2017-15715) 2. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-09-02 20:31:12

名称： eoi.unify.allrulepatch.ips.5.6.10.26127.rule	版本：5.6.10.26127
MD5：41446e62ba65e121bf5686a81221f9f6	大小：26.60M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26127。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25395]:JBoss Application Server EJBInvokerServlet 远程代码执行漏洞(CVE-2013-4810) 2. 攻击[25396]:JBoss Application Server JMXInvokerServlet 反序列化漏洞(CVE-2015-7501) 3. 攻击[25397]:Adobe ColdFusion 反序列化漏洞(CVE-2017-3066) 4. 攻击[41842]:WorkMiner 僵尸网络通信更新规则: 1. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635) 2. 攻击[24109]:Apache Solr/LuceneXML实体扩展漏洞（XXE）(CVE-2017-12629) 3. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193) 4. 攻击[22038]:HTTPDX h_handlepeer() Function缓冲区溢出漏洞 5. 攻击[30779]:Netgear ProSAFE NMS300 ConfigFileController 任意文件读取(CVE-2021-27275) 6. 攻击[25391]:Netgear ProSAFE NMS300M FileUploadController 任意文件上传(CVE-2021-27274) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26127. This package include changed rules: new rules: 1. threat[25395]:Boss Application Server EJBInvokerServlet Remote Code Execution Vulnerability(CVE-2013-4810) 2. threat[25396]:JBoss Application Server JMXInvokerServlet Deserialization Vulnerability(CVE-2015-7501) 3. threat[25397]:Adobe ColdFusion Deserialization Vulnerability(CVE-2017-3066) 4. threat[41842]:WorkMiner Botnet Communication update rules: 1. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635) 2. threat[24109]:Apache Solr/LuceneXML Entity Extension Vulnerability (XXE) (CVE-2017-12629) 3. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193) 4. threat[22038]:HTTPDX h_handlepeer() Function Buffer Overflow Vulnerability 5. threat[30779]:Netgear ProSAFE NMS300 ConfigFileController getFileContext Arbitrary File Read(CVE-2021-27275) 6. threat[25391]:Netgear ProSAFE NMS300M FileUploadController Unrestricted File Upload(CVE-2021-27274) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-08-27 15:31:27

名称： eoi.unify.allrulepatch.ips.5.6.10.26071.rule	版本：5.6.10.26071
MD5：724ca482bdf0c26269ccfd58ca315cb5	大小：26.58M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26071。该升级包新增/改进的规则有: 新增规则: 1. 攻击[10529]:OpenLDAP slapd Search断言失败拒绝服务漏洞(CVE-2021-27212) 2. 攻击[25384]:Schneider Electric C-Bus Toolkit 目录遍历漏洞(CVE-2021-22718) 3. 攻击[25385]:Ruby Net::FTP 命令注入漏洞(CVE-2017-17405) 4. 攻击[25383]:Apache OFBiz任意文件上传漏洞(CVE-2021-37608) 5. 攻击[25388]:VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985) 6. 攻击[25386]:Nagios XI email地址存储型跨站脚本漏洞 7. 攻击[25387]:Nagios XI Custom-includes Manage.php目录遍历(CVE-2021-3277) 8. 攻击[30779]:Netgear ProSAFE NMS300 ConfigFileController 任意文件读取(CVE-2021-27275) 9. 攻击[25390]:Netgear ProSAFE NMS300 FileUploadUtils目录遍历 10. 攻击[25391]:Netgear ProSAFE NMS300M FileUploadController 无限制文件上传(CVE-2021-27274) 11. 攻击[25392]:Apache Spark未授权远程代码执行漏洞(REST方式) 12. 攻击[25393]:Fortinet FortiWeb 远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26071. This package include changed rules: new rules: 1. threat[10529]:OpenLDAP slapd Search Assertion Failure Denial of Service Vulnerability(CVE-2021-27212) 2. threat[25384]:Schneider Electric C-Bus Toolkit Directory Traversal(CVE-2021-22718) 3. threat[25385]:Ruby Net::FTP Command Injection Vulnerability(CVE-2017-17405) 4. threat[25383]:Apache OFBiz Arbitrary File Upload Vulnerability(CVE-2021-37608) 5. threat[25388]:VMware vCenter Server Remote Code Execution Vulnerability(CVE-2021-21985) 6. threat[25386]:Nagios XI Account Email Address Stored Cross-Site Scripting 7. threat[25387]:Nagios XI Custom-includes Manage.php Rename_file Directory Traversal(CVE-2021-3277) 8. threat[30779]:Netgear ProSAFE NMS300 ConfigFileController getFileContext Arbitrary File Read(CVE-2021-27275) 9. threat[25390]:Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal 10. threat[25391]:Netgear ProSAFE NMS300M FileUploadController Unrestricted File Upload(CVE-2021-27274) 11. threat[25392]:Apache Spark Unauthorized Remote Code Execution Vulnerability (REST) 12. threat[25393]:Fortinet FortiWeb OS Command Injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-08-25 16:11:32

名称： eoi.unify.allrulepatch.ips.5.6.10.26038.rule	版本：5.6.10.26038
MD5：61a2325713bf1c73b75436f4da6b5dbb	大小：26.55M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26038。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25379]:Zoho ManageEngine Applications Manager Displayname 存储型跨站脚本漏洞 2. 攻击[25381]:Zoho ManageEngine Applications Manager URL monitor SQL注入漏洞 3. 攻击[25382]:OpenEMR phpGACL edit_group.php SQL注入漏洞(CVE-2020-13568) 更新规则: 1. 攻击[25378]:Jenkins 多个插件外部实体注入漏洞(CVE-2021-21659)(CVE-2021-21658) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26038. This package include changed rules: new rules: 1. threat[25379]:Zoho ManageEngine Applications Manager Displayname Stored Cross-Site Scripting Vulnerability 2. threat[25381]:Zoho ManageEngine Applications Manager URL monitor SQL Injection Vulnerability 3. threat[25382]:OpenEMR phpGACL edit_group.php SQL Injection Vulnerability(CVE-2020-13568) update rules: 1. threat[25378]:Jenkins Multiple Plugins External Entity Injection Vulnerability(CVE-2021-21659)(CVE-2021-21658) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-08-12 18:18:04

名称： eoi.unify.allrulepatch.ips.5.6.10.26005.rule	版本：5.6.10.26005
MD5：e4a8d5b25198363bcbaa99a511e73309	大小：26.55M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.26005。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25374]:ThinkPHP 2.x/3.0 远程代码执行漏洞 2. 攻击[25375]:SEO Panel反射型跨站脚本漏洞(CVE-2021-3002) 3. 攻击[25376]:TamronOS IPTV系统任意命令执行漏洞 4. 攻击[25377]:Gitlab服务器端请求伪造(SSRF)漏洞(CVE-2021-22214) 5. 攻击[25371]:Jenkins Active Choices 组件存储型跨站脚本漏洞(CVE-2021-21616) 6. 攻击[25372]:Jenkins Claim组件存储型跨站脚本漏洞(CVE-2021-21619) 更新规则: 1. 攻击[41702]:Nmap扫描攻击探测 2. 攻击[41060]:木马后门程序PHP一句话木马注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26005. This package include changed rules: new rules: 1. threat[25374]:ThinkPHP 2.x/3.0 Remote Code Execution Vulnerability 2. threat[25375]:SEO Panel Reflected Cross-Site Scripting Vulnerability(CVE-2021-3002) 3. threat[25376]:TamronOS IPTV System Arbitrary Command Execution Vulnerability 4. threat[25377]:Gitlab Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-22214) 5. threat[25371]:Jenkins Active Choices Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21616) 6. threat[25372]:Jenkins Claim Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21619) update rules: 1. threat[41702]:Nmap scan attack detection 2. threat[41060]:Trojan/Backdoor General PHP trojan Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-08-05 19:55:16

名称： eoi.unify.allrulepatch.ips.5.6.10.25946.rule	版本：5.6.10.25946
MD5：923eca2519f6b7b5a44a90816b9e0fe9	大小：26.55M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25946。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25363]:Netgate pfSense services_wol_edit.php 存储型跨站脚本漏洞(CVE-2021-27933) 2. 攻击[25364]:Cisco HyperFlex HX Auth远程代码执行漏洞(CVE-2021-1497) 3. 攻击[25366]:GitLab Graphql信息泄露漏洞(CVE-2020-26413) 4. 攻击[25367]:Citrix XenMobile 任意文件读取漏洞(CVE-2020-8209) 5. 攻击[25370]:Apache Pulsar JSON Web Token 认证绕过漏洞(CVE-2021-22160) 6. 攻击[25368]:IceWarp WebClient 跨站脚本漏洞(CVE-2020-25925) 7. 攻击[25369]:IceWarp WebClient basic 远程命令执行漏洞 8. 攻击[25365]:Cisco HyperFlex HX storfs-asup远程代码执行漏洞(CVE-2021-1498) 更新规则: 1. 攻击[63144]:Microsoft Windows注册表写入尝试 2. 攻击[63143]:Microsoft Windows注册表读取尝试注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25946. This package include changed rules: new rules: 1. threat[25363]:Netgate pfSense services_wol_edit.php Stored Cross-Site Scripting Vulnerability(CVE-2021-27933) 2. threat[25364]:Cisco HyperFlex HX Auth Remote Command Execution Vulnerability(CVE-2021-1497) 3. threat[25366]:GitLab Graphql Information Disclosure Vulnerability(CVE-2020-26413) 4. threat[25367]:Citrix XenMobile Arbitrary File Read Vulnerability(CVE-2020-8209) 5. threat[25370]:Apache Pulsar JSON Web Token Authentication Bypass Vulnerability(CVE-2021-22160) 6. threat[25368]:IceWarp WebClient Cross Site Scripting Vulnerability(CVE-2020-25925) 7. threat[25369]:IceWarp WebClient basic Remote Command Execution Vulnerability 8. threat[25365]:Cisco HyperFlex HX storfs-asup Remote Command Execution Vulnerability(CVE-2021-1498) update rules: 1. threat[63144]:Microsoft Windows Registry Write Attempt 2. threat[63143]:Microsoft Windows Registry Read Attempt Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-07-29 17:44:21

名称： eoi.unify.allrulepatch.ips.5.6.10.25909.rule	版本：5.6.10.25909
MD5：2b21ddb476221f42436d39147e76f8cf	大小：26.51M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25909。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25354]:phpMyadmin Scripts/setup.php反序列化漏洞 2. 攻击[25355]:Siemens SINEC NMS目录遍历漏洞(CVE-2020-25237) 3. 攻击[25356]:Adobe ColdFusion管理控制台目录遍历漏洞(CVE-2010-2861 ) 4. 攻击[25357]:VMware vRealize Operations任意文件写入漏洞(CVE-2021-21983) 5. 攻击[25358]:WordPress 外部实体注入漏洞(CVE-2021-29447) 6. 攻击[25353]:Zoho ManageEngine应用管理器存储型跨站点脚本漏洞 7. 攻击[25359]:Jenkins Credentials Plugin 反射型跨站脚本漏洞(CVE-2021-21648) 8. 攻击[25361]:Apache Dubbo YAML不安全反序列化漏洞(CVE-2021-30180) 9. 攻击[25362]:Apache Dubbo Script Routing 远程代码执行漏洞(CVE-2021-30181) 10. 攻击[25360]:Jenkins Dashboard View Plugin 存储型跨站脚本漏洞(CVE-2021-21649) 更新规则: 1. 攻击[25122]:XStream任意文件删除漏洞（CVE-2020-26259） 2. 攻击[25336]:Microsoft Internet Explorer 内存破坏漏洞(CVE-2021-26411) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25909. This package include changed rules: new rules: 1. threat[25354]:phpMyadmin Scripts/setup.php Deserialization Vulnerability 2. threat[25355]:Siemens SINEC NMS Directory Traversal Vulnerability(CVE-2020-25237) 3. threat[25356]:Adobe ColdFusion Administrator Console Directory Traversal Vulnerability(CVE-2010-2861 ) 4. threat[25357]:VMware vRealize Operations Arbitrary File Write Vulnerability(CVE-2021-21983) 5. threat[25358]:WordPress External Entity Injection Vulnerability(CVE-2021-29447) 6. threat[25353]:Zoho ManageEngine Applications Manager Program Stored Cross-Site Scripting Vulnerability 7. threat[25359]:Jenkins Credentials Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2021-21648) 8. threat[25361]:Apache Dubbo Unsafe YAML Unmarshalling Vulnerability(CVE-2021-30180) 9. threat[25362]:Apache Dubbo Script Routing Remote Code Execution Vulnerability(CVE-2021-30181) 10. threat[25360]:Jenkins Dashboard View Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21649) update rules: 1. threat[25122]:XStream Arbitrary File Deletion Vulnerability (CVE-2020-26259) 2. threat[25336]:Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2021-26411) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-07-22 17:53:38

名称： eoi.unify.allrulepatch.ips.5.6.10.25836.rule	版本：5.6.10.25836
MD5：83325c77d948eb4a148cb2c7b463a666	大小：26.50M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25836。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25347]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2020-10204) 2. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25836. This package include changed rules: new rules: 1. threat[25347]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2020-10204) 2. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-07-15 17:43:27

名称： eoi.unify.allrulepatch.ips.5.6.10.25814.rule	版本：5.6.10.25814
MD5：0357629b4e31e9f19694838793f019ef	大小：26.50M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25814。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30778]:Oracle E-Business电子商务套件iStore跨站脚本注入漏洞(CVE-2021-2182) 2. 攻击[25341]:Saltstack SaltStack Salt 目录遍历漏洞(CVE-2021-25282) 3. 攻击[25342]:Gitea 1.4.0 目录穿越漏洞 4. 攻击[25343]:YAPI Mock功能远程代码执行漏洞 5. 攻击[25340]:Apache Dubbo反序列化漏洞(CVE-2021-25641) 6. 攻击[25339]:Websvn 2.6.0 - 远程代码执行漏洞(CVE-2021-32305) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25814. This package include changed rules: new rules: 1. threat[30778]:Oracle E-Business Suite iStore Cross-Site Scripting Vulnerability(CVE-2021-2182) 2. threat[25341]:Saltstack SaltStack Salt Directory Traversal Vulnerability(CVE-2021-25282) 3. threat[25342]:Gitea 1.4.0 Directory Traversal Vulnerability 4. threat[25343]:YAPI Mock Script Remote Code Execution Vulnerability 5. threat[25340]:Apache Dubbo Unsafe Deserialization Vulnerability(CVE-2021-25641) 6. threat[25339]:Websvn 2.6.0 - Remote Code Execution Vulnerability(CVE-2021-32305) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-07-13 10:19:32

名称： eoi.unify.allrulepatch.ips.5.6.10.25788.rule	版本：5.6.10.25788
MD5：f6b218299dea52e8920ecca5eee54ff4	大小：26.47M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25788。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25335]:Apache Airflow 1.10.10 远程代码执行漏洞(CVE-2020-11978) 2. 攻击[25337]:VMware vCenter Server Tar 目录遍历漏洞(CVE-2021-21972) 3. 攻击[25338]:Umbraco CMS 存储型跨站脚本漏洞(CVE-2020-5810) 更新规则: 1. 攻击[25326]:Microsoft Windows Print Spooler权限提升漏洞(CVE-2021-1675,CVE-2021-34527) 2. 攻击[21374]:Apache Struts远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25788. This package include changed rules: new rules: 1. threat[25335]:Apache Airflow 1.10.10 Remote Code Execution Vulnerability(CVE-2020-11978) 2. threat[25337]:VMware vCenter Server Tar Directory Traversal Vulnerabilty(CVE-2021-21972) 3. threat[25338]:Umbraco CMS Stored Cross-Site Scripting(CVE-2020-5810) update rules: 1. threat[25326]:Microsoft Windows Print Spooler Privilege Escalation Vulnerability(CVE-2021-1675,CVE-2021-34527) 2. threat[21374]:Apache Struts Remote Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-07-06 15:38:18

名称： eoi.unify.allrulepatch.ips.5.6.10.25756.rule	版本：5.6.10.25756
MD5：91c3107978775fb6f35a7702f0b35442	大小：26.48M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25753。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25326]:Microsoft Windows Print Spooler权限提升漏洞(CVE-2021-1675) 2. 攻击[25327]:OpenEMR Usergroup_admin.php存储型跨站脚本漏洞 3. 攻击[25328]:Oracle商务组件Common Applications Calendar跨站脚本漏洞(CVE-2021-2114) 4. 攻击[25330]:OpenEMR patient_report.php 存储型跨站脚本漏洞(CVE-2021-25921) 5. 攻击[25331]:phpGACL acl_admin.php反射型跨站脚本漏洞(CVE-2020-13562) 6. 攻击[25332]:AMD Gaming Evolved产品plays.tv远程命令执行漏洞(CVE-2018-6546) 7. 攻击[25333]:Microsoft Scripting Engine内存破坏漏洞(CVE-2021-31959) 8. 攻击[25329]:Netgear ProSAFE NMS300 SettingConfigController 命令注入漏洞(CVE-2021-27273) 9. 攻击[25325]:Netgear ProSAFE NMS300 ReportTemplateController 任意文件删除漏洞(CVE-2021-27272) 更新规则: 1. 攻击[24840]:jboss反序列化漏洞(CVE-2017-7504) 2. 攻击[25283]:Tenda USAC15 addWifiMacFilter缓冲区溢出(CVE-2018-18731) 3. 攻击[41768]:哥斯拉Godzilla Webshell PHP脚本上传 4. 攻击[25236]:致远OA远程命令执行漏洞 - post请求 5. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25753. This package include changed rules: new rules: 1. threat[25326]:Microsoft Windows Print Spooler Privilege Escalation Vulnerability(CVE-2021-1675) 2. threat[25327]:OpenEMR Usergroup_admin.php Stored Cross-Site Scripting 3. threat[25328]:Oracle E-Business Suite Common Applications Calendar Cross-Site Scripting Vulnerability(CVE-2021-2114) 4. threat[25330]:OpenEMR patient_report.php Stored Cross-Site Scripting Vulnerability(CVE-2021-25921) 5. threat[25331]:phpGACL acl_admin.php Reflected Cross-Site Scripting Vulnerability(CVE-2020-13562) 6. threat[25332]:AMD Gaming Evolved plays.tv Remote Command Execution Vulnerability(CVE-2018-6546) 7. threat[25333]:Microsoft Scripting Engine Memory Corruption Vulnerability(CVE-2021-31959) 8. threat[25329]:Netgear ProSAFE NMS300 SettingConfigController Command Injection Vulnerability(CVE-2021-27273) 9. threat[25325]:Netgear ProSAFE NMS300 ReportTemplateController Arbitrary File Deletion Vulnerability(CVE-2021-27272) update rules: 1. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504) 2. threat[25283]:Tenda USAC15 addWifiMacFilter Buffer Overflow Vulnerability(CVE-2018-18731) 3. threat[41768]:Godzilla Webshell PHP Scripts Upload 4. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request 5. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-07-02 15:22:32

名称： eoi.unify.allrulepatch.ips.5.6.10.25687.rule	版本：5.6.10.25687
MD5：ff7646e0736e4ce4a762c027eb0be3b1	大小：26.52M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25687。该升级包新增/改进的规则有: 更新规则: 1. 攻击[29001]:Web服务远程SQL注入攻击可疑行为(startracker) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25687. This package include changed rules: update rules: 1. threat[29001]:Web Service Remote SQL Injection Suspicious Behavior(startracker) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-06-22 15:47:26

名称： eoi.unify.allrulepatch.ips.5.6.10.25623.rule	版本：5.6.10.25623
MD5：0ec270485d4750f8c37a9a22c2a01703	大小：26.47M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25623。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25311]:伊顿智能电源管理器任意文件删除漏洞(CVE-2021-23279) 2. 攻击[25312]:用友NC6.5 bsh.servlet.BshServlet 远程命令执行漏洞 3. 攻击[25313]:Microsoft Exchange 服务器端请求伪造(SSRF)漏洞(CVE-2021-26855) 4. 攻击[25314]:Jenkins参数插件存储型跨站点脚本漏洞(CVE-2021-21622) 5. 攻击[25317]:Foxit Reader and PhantomPDF Field Format Event 释放后重用漏洞(CVE-2020-13560) 6. 攻击[25319]:OpenEMR Backup.php命令注入漏洞(CVE-2020-36243) 7. 攻击[25320]:PHP 8.1.0-dev 后门远程命令执行漏洞 8. 攻击[25315]:F5 BIG-IP 认证绕过漏洞(CVE-2021-22986) 更新规则: 1. 攻击[24567]:泛微e-cology/用友NC OA系统BeanShell远程代码执行漏洞 2. 攻击[25314]:Jenkins Artifact Repository参数插件存储型跨站点脚本漏洞(CVE-2021-21622) 3. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞（CVE-2020-17144） 4. 攻击[24539]:Drupal Core远程代码执行漏洞(CVE-2019-6339) 5. 应用:向日葵远控注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25623. This package include changed rules: new rules: 1. threat[25311]:Eaton Intelligent Power Management Arbitrary File Deletion Vulnerability(CVE-2021-23279) 2. threat[25312]:Yonyou NC6.5 bsh.servlet.BshServlet Remote Command Execution Vulnerability 3. threat[25313]:Microsoft Exchange Server Side Request Forgery(SSRF) Vulnerability(CVE-2021-26855) 4. threat[25314]:Jenkins Parameter Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21622) 5. threat[25317]:Foxit Reader and PhantomPDF Field Format Event Use After Free(CVE-2020-13560) 6. threat[25319]:OpenEMR Backup.php Command Injection Vulnerability(CVE-2020-36243) 7. threat[25320]:PHP 8.1.0-dev Backdoor Remote Command Execution Vulnerability 8. threat[25315]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2021-22986) update rules: 1. threat[24567]:Weaver e-cology/Yonyou NC OA System BeanShell Remote Code Execution Vulnerability 2. threat[25314]:Jenkins Artifact Repository Parameter Plugin Stored Cross Site Scripting Vulnerability(CVE-2021-21622) 3. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144) 4. threat[24539]:Drupal Core Remote Code Execution Vulnerability(CVE-2019-6339) 5. app:sunlogin Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-06-10 17:37:16

名称： eoi.unify.allrulepatch.ips.5.6.10.25571.rule	版本：5.6.10.25571
MD5：7611a93a9a3ad48db4686a98112e685b	大小：26.45M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25571。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25310]:Apache Druid JDBC连接属性远程代码执行漏洞(CVE-2021-26919) 2. 攻击[30776]:Apache Tapestry 信息泄漏漏洞(CVE-2021-27850) 3. 攻击[41821]:ABPTTS隧道工具通信更新规则: 1. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播 2. 攻击[25206]:Advantech iView 目录遍历漏洞(CVE-2020-16245) 3. 攻击[25308]:H3C IMC智能管理中心远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25571. This package include changed rules: new rules: 1. threat[25310]:Apache Druid JDBC connection properties Remote Code Execution Vulnerability(CVE-2021-26919) 2. threat[30776]:Apache Tapestry Information Disclosure Vulnerablity(CVE-2021-27850) 3. threat[41821]:ABPTTS Tunnel Communication update rules: 1. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread 2. threat[25206]:Advantech iView Directory Traversal Vulnerability(CVE-2020-16245) 3. threat[25308]:H3C IMC Intelligent Management Center Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-06-03 16:45:54

名称： eoi.unify.allrulepatch.ips.5.6.10.25537.rule	版本：5.6.10.25537
MD5：1e846a995d3dbf22d595b1348e28ba86	大小：26.44M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25537。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25301]:WordPress Plugin Stop Spammers 'log' 反射型跨站脚本漏洞(CVE-2021-24245) 2. 攻击[25303]:Apache Cocoon XML外部实体注入漏洞(CVE-2020-11991) 3. 攻击[25300]:CMS Made Simple Smarty 服务端模板注入漏洞(CVE-2021-26120) 4. 攻击[25304]:Tenda USAC15 WriteFacMac远程代码执行漏洞(CVE-2018-16334) 5. 攻击[25306]:Microsoft Visual Studio Code Maven For Java Extension远程代码执行漏洞(CVE-2021-27084) 6. 攻击[41820]:HTTP CRLF注入攻击 7. 攻击[25307]:FreePBX 1314文件名命令注入漏洞更新规则: 1. 攻击[23817]:wget下载重定向任意文件写入漏洞(CVE-2016-4971) 2. 攻击[24173]:Magento 2.0.6反序列化远程代码执行漏洞(CVE-2016-4010) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25537. This package include changed rules: new rules: 1. threat[25301]:WordPress Plugin Stop Spammers 'log' Reflected Cross-site Scripting Vulnerability(CVE-2021-24245) 2. threat[25303]:Apache Cocoon XML External Entity Injection Vulnerability (CVE-2020-11991) 3. threat[25300]:CMS Made Simple Smarty Serverside Template Injection Vulnerability(CVE-2021-26120) 4. threat[25304]:Tenda USAC15 WriteFacMac Remote Code Execution Vulnerability(CVE-2018-16334) 5. threat[25306]:Microsoft Visual Studio Code Maven For Java Extension Remote Code Execution Vulnerability(CVE-2021-27084) 6. threat[41820]:HTTP CRLF Injection Attack 7. threat[25307]:Freepbx 1314 Filename Command Injection Vulnerability update rules: 1. threat[23817]:wget Download Redirection Arbitrary Files Written Vulnerability(CVE-2016-4971) 2. threat[24173]:Magento 2.0.6 Unserialize Remote Code Execution Vulnerability(CVE-2016-4010) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-05-27 18:44:31

名称： eoi.unify.allrulepatch.ips.5.6.10.25506.rule	版本：5.6.10.25506
MD5：bcac790a6a3e4bc439cae034c261d9e0	大小：26.42M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25506。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25294]:Advantech iView ZTPConfigTable SQL注入漏洞(CVE-2021-22654) 2. 攻击[25295]:Jenkins Repository Connector Plugin 存储型跨站脚本漏洞(CVE-2021-21618) 3. 攻击[25296]:Apache Superset Markdown Component存储型XSS漏洞(CVE-2021-27907) 4. 攻击[25297]:Microsoft SharePoint远程代码执行漏洞(CVE-2021-31181) 5. 攻击[25298]:金山V8 终端安全系统任意文件读取漏洞 6. 攻击[25299]:XStream反序列化远程代码执行漏洞(CVE-2021-29505) 更新规则: 1. 攻击[25292]:Adobe Magento DownloadCss跨站脚本漏洞(CVE-2021-21029) 2. 攻击[25294]:Advantech iView ZTPConfigTable SQL注入漏洞(CVE-2021-22654) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25506. This package include changed rules: new rules: 1. threat[25294]:Advantech iView ZTPConfigTable SQL Injection(CVE-2021-22654) 2. threat[25295]:Jenkins Repository Connector Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21618) 3. threat[25296]:Apache Superset Markdown Component Stored Cross Site Scripting Vulnerability(CVE-2021-27907) 4. threat[25297]:Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2021-31181) 5. threat[25298]:Kingsoft V8 Terminal Security System Arbitrary File Read Vulnerability 6. threat[25299]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-29505) update rules: 1. threat[25292]:Adobe Magento DownloadCss Cross Site Scripting Vulnerability(CVE-2021-21029) 2. threat[25294]:Advantech iView ZTPConfigTable SQL Injection Vulnerability(CVE-2021-22654) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-05-21 09:27:05

名称： eoi.unify.allrulepatch.ips.5.6.10.25483.rule	版本：5.6.10.25483
MD5：12df24f96e2b57a7399a6d666b446bf2	大小：26.40M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25483。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25293]:ExifTool远程代码执行漏洞(CVE-2021-22204) 2. 攻击[25291]:Microsoft IIS HTTP协议栈远程代码执行漏洞(CVE-2021-31166) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25483. This package include changed rules: new rules: 1. threat[25293]:ExifTool Remote Code Execution Vulnerability(CVE-2021-22204) 2. threat[25291]:Microsoft IIS HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2021-31166) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-05-17 22:39:08

名称： eoi.unify.allrulepatch.ips.5.6.10.25433.rule	版本：5.6.10.25433
MD5：7b983d80c786bc96db925768e9e6c9c5	大小：26.39M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25433。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25277]:Linksys远程代码执行漏洞(CNVD-2014-01260) 2. 攻击[25275]:HUAWEI HG532e 命令注入漏洞(CVE-2017-17215) 3. 攻击[25282]:Tenda USAC15 SetSambaCfg命令注入漏洞(CVE-2018-18728) 4. 攻击[25280]:Tenda AC15 Cookie远程代码执行漏洞(CVE-2018-5767) 5. 攻击[10521]:Tenda USAC15 setMacFilterCfg远程代码执行(CVE-2018-18708) 6. 攻击[25283]:Tenda USAC15 addWifiMacFilter缓冲区溢出(CVE-2018-18731) 7. 攻击[25278]: Linksys wap54gv3远程代码执行漏洞 8. 攻击[25279]:Tenda USAC9 setUsbUnload远程命令注入漏洞(CVE-2018-14558、CVE-2020-10987) 9. 攻击[25286]:VMware View Planner logupload 目录遍历漏洞(CVE-2021-21978) 更新规则: 1. 攻击[10520]:OpenSSL服务重协商处理空指针引用漏洞(CVE-2021-3449) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25433. This package include changed rules: new rules: 1. threat[25277]:Linksys Remote Code Execution Vulnerability(CNVD-2014-01260) 2. threat[25275]:HUAWEI HG532e Command Injection Vulnerability 3. threat[25282]:Tenda USAC15 SetSambaCfg Command Injection Vulnerability 4. threat[25280]:Tenda AC15 Cookie Remote Code Execution Vulnerability 5. threat[10521]:Tenda USAC15 setMacFilterCfg Remote Code Execution Vulnerability 6. threat[25283]:Tenda USAC15 addWifiMacFilter Buffer Overflow Vulnerability 7. threat[25278]:Linksys wap54gv3 Remote Code Execution Vulnerability 8. threat[25279]:Tenda USAC9 setUsbUnload Remote Command Injection Vulnerability 9. threat[25286]:VMware View Planner logupload Directory Traversal Vulnerability(CVE-2021-21978) update rules: 1. threat[10520]:OpenSSL Server Renegotiation Handling NULL Pointer Dereference Vulnerability(CVE-2021-3449) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-05-13 17:01:07

名称： eoi.unify.allrulepatch.ips.5.6.10.25418.rule	版本：5.6.10.25418
MD5：48bdc63c84e66a6748fee4511269c6ce	大小：26.38M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25418。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41818]:DarkSide勒索软件与C2服务器通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25418. This package include changed rules: new rules: 1. threat[41818]:Ransomware DarkSide Communication with C2 Server Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-05-11 16:35:58

名称： eoi.unify.allrulepatch.ips.5.6.10.25365.rule	版本：5.6.10.25365
MD5：beb0a731a94224c6f1b4d6d3c8b9ee0b	大小：26.37M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25365。该升级包新增/改进的规则有: 新增规则: 1. 攻击[50605]:Weblogic T3协议连接 2. 攻击[10520]:OpenSSL服务重协商处理空指针引用漏洞(CVE-2021-3449) 3. 攻击[50606]:Weblogic GIOP/IIOP协议连接更新规则: 1. 攻击[25272]:D-Link DIR645敏感信息泄露漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25365. This package include changed rules: new rules: 1. threat[50605]:Weblogic T3 Protocol Connection 2. threat[10520]:OpenSSL Server Renegotiation Handling NULL Pointer Dereference Vulnerability(CVE-2021-3449) 3. threat[50606]:Weblogic GIOP/IIOP Protocol Connection update rules: 1. threat[25272]:D-Link DIR645 Sensitive Information Disclosure Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-05-07 16:51:45

名称： eoi.unify.allrulepatch.ips.5.6.10.25343.rule	版本：5.6.10.25343
MD5：04274d322f426c6a275dec302b914073	大小：26.37M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25343。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25268]:电信网关配置管理系统默认弱口令登录 2. 攻击[41816]:Reverse DNS Shell隧道通信 3. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播 4. 攻击[25270]:NETGEAR WND930远程代码执行漏洞 5. 攻击[25271]:NETGEAR WND930 mfgwrite.php远程代码执行漏洞 6. 攻击[25272]:D-Link DIR645敏感信息泄露漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25343. This package include changed rules: new rules: 1. threat[25268]:Telecom Gateway Configuration Management System default weak password login 2. threat[41816]:Reverse DNS Shell Tunnel Communication 3. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread 4. threat[25270]:NETGEAR WND930 Remote Code Execution Vulnerability 5. threat[25271]:NETGEAR WND930 mfgwrite.php Remote Code Execution Vulnerability 6. threat[25272]:D-Link DIR645 Sensitive Information Disclosure Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-30 13:14:48

名称： eoi.unify.allrulepatch.ips.5.6.10.25307.rule	版本：5.6.10.25307
MD5：91364415d5798ba2bffcf3a4a06288c1	大小：26.35M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25307。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25263]:亿邮电子邮件系统远程命令执行漏洞 2. 攻击[25264]:Google Chrome远程代码执行漏洞(CVE-2021-21220) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25307. This package include changed rules: new rules: 1. threat[25263]:eyou Email System Remote Command Execution Vulnerability 2. threat[25264]:Google Chrome Remote Code Execution Vulnerability(CVE-2021-21220) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-20 19:43:55

名称： eoi.unify.allrulepatch.ips.5.6.10.25296.rule	版本：5.6.10.25296
MD5：51a069d2b5cda834d30d9864bbf14a2b	大小：26.35M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25296。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25262]:泛微OA9任意文件上传漏洞 2. 攻击[25260]:哥斯拉Godzilla ASP_AES_BASE64 Webshell 连接 3. 攻击[25261]:哥斯拉Godzilla ASP_AES_RAW Webshell 连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25296. This package include changed rules: new rules: 1. threat[25262]:Weaver OA9 Arbitrary File Upload Vulnerability 2. threat[25260]:Godzilla ASP_AES_BASE64 Webshell Connect 3. threat[25261]:Godzilla ASP_AES_RAW Webshell Connect Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-18 22:30:09

名称： eoi.unify.allrulepatch.ips.5.6.10.25280.rule	版本：5.6.10.25280
MD5：30419566e5224baf951100b7634233b9	大小：26.35M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25280。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25253]:锐捷NBR路由器EWEB网管系统远程命令执行漏洞(CNVD-2021-09650) 2. 攻击[25255]:联软IT运维安全管理系统任意文件上传漏洞 3. 攻击[25256]:哥斯拉Godzilla JAVA_AES_RAW Webshell 连接 4. 攻击[25257]:冰蝎 3.0 beta 3 Webshell 连接(PHP) 5. 攻击[25258]:TongWeb隐藏控制接口注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25280. This package include changed rules: new rules: 1. threat[25253]:Ruijie NBR Routers EWEB Remote Command Execution Vulnerability(CNVD-2021-09650) 2. threat[25255]:Leagsoft IT Security Management System Arbitrary File Upload Vulnerability 3. threat[25256]:Godzilla JAVA_AES_RAW Webshell Connect 4. threat[25257]:Behinder 3.0 beta 3 Webshell Connect(PHP) 5. threat[25258]:TongWeb Hidden Control Interface Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-15 22:05:34

名称： eoi.unify.allrulepatch.ips.5.6.10.25263.rule	版本：5.6.10.25263
MD5：28f2527d54df66ed18dacd54b978bcb6	大小：26.34M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25263。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25251]:Jira SSRF 跳转漏洞(CVE-2017-9506) 2. 攻击[25252]:哥斯拉Godzilla JAVA_AES_BASE64 Webshell 连接 3. 攻击[41814]:敏感脚本文件上传更新规则: 1. 攻击[25236]:致远OA远程命令执行漏洞 - post请求 2. 攻击[41700]:Sqlmap扫描攻击探测注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25263. This package include changed rules: new rules: 1. threat[25251]:Jira SSRF Vulnerability(CVE-2017-9506) 2. threat[25252]:Godzilla JAVA_AES_BASE64 Webshell Connect 3. threat[41814]:Upload of sensitive script files update rules: 1. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request 2. threat[41700]:Sqlmap scan attack detection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-14 23:21:51

名称： eoi.unify.allrulepatch.ips.5.6.10.25241.rule	版本：5.6.10.25241
MD5：53e1ca164205dbaf619fb18bc8cc86f4	大小：26.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25241。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25242]:三星路由器远程命令执行漏洞 2. 攻击[25243]:ShopXO任意文件读取漏洞 3. 攻击[25245]:金山终端安全系统V8/V9任意文件上传漏洞 4. 攻击[25246]:银澎云计算好视通视频会议系统任意文件下载漏洞 5. 攻击[25247]:银澎云计算好视通视频会议系统任意文件下载漏洞 6. 攻击[25248]:爱快路由任意文件读取漏洞 7. 攻击[30771]:海康威视流媒体管理服务器任意文件读取(CNVD-2021-14544) 8. 攻击[25249]:禅道 8.2.6 SQL注入漏洞 9. 攻击[25250]:锐捷Smartweb管理系统信息泄露漏洞更新规则: 1. 攻击[68654]:可疑Webshell脚本文件上传行为 2. 攻击[41700]:Sqlmap扫描攻击探测注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25241. This package include changed rules: new rules: 1. threat[25242]:Samsung WLAN AP Remote Command Execution Vulnerability 2. threat[25243]:ShopXO Arbitrarily File Read Vulnerability 3. threat[25245]:Kingsoft Terminal Security System V8/V9 File Upload Vulnerability 4. threat[25246]:Yinpeng cloud computing FastMeeting Arbitary file download vulnerability 5. threat[25247]:Yonyou ERP-NC directory traversal vulnerability 6. threat[25248]:iKuai Router Arbitrarily File Read Vulnerability 7. threat[30771]:Hikvision Streaming Media Management Server Arbitrary File Reading (CNVD-2021-14544) 8. threat[25249]:Zentao 8.2.6 SQL Injection Vulnerability 9. threat[25250]:Ruijie SmartWeb Management System Information Leak Vulnerability update rules: 1. threat[68654]:Suspicious Webshell Script Files Upload Behavior 2. threat[41700]:Sqlmap scan attack detection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-14 17:23:31

名称： eoi.unify.allrulepatch.ips.5.6.10.25209.rule	版本：5.6.10.25209
MD5：6b4fc77770e6bd21e4b65eb34eba1697	大小：26.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25209。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25239]:用友NC6.5 未授权反序列化漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25209. This package include changed rules: new rules: 1. threat[25239]:Yonyou NC6.5 Unauthorized Deserialization Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-11 00:11:16

名称： eoi.unify.allrulepatch.ips.5.6.10.25201.rule	版本：5.6.10.25201
MD5：d40d26d1ad0cb1bcdc068cdd8979cbc6	大小：26.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25201。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25235]:Apache OFBiz RMI 反序列化漏洞(CVE-2021-26295) 2. 攻击[25236]:致远OA远程命令执行漏洞 - post请求更新规则: 1. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25201. This package include changed rules: new rules: 1. threat[25235]:Apache OFBiz RMI Deserialization Vulnerability(CVE-2021-26295) 2. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request update rules: 1. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-09 23:05:32

名称： eoi.unify.allrulepatch.ips.5.6.10.25193.rule	版本：5.6.10.25193
MD5：e9ef27f2cc838e8faa7c637617718584	大小：26.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25193。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25220]:Nagios XI 5.7.5 HTTP Request Windowswmi.inc.ph系统命令注入漏洞(CVE-2021-25296) 2. 攻击[25221]:Nagios XI 5.7.5 HTTP Request switch.inc.php 系统命令注入漏洞(CVE-2021-25297) 3. 攻击[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php系统命令注入漏洞(CVE-2021-25298) 4. 攻击[25223]:Nagios XI 5.7.5 sshterm.php跨站脚本漏洞(CVE-2021-25299) 5. 攻击[25224]:QuarkMail远程命令执行漏洞 6. 攻击[25225]:Nagios XI 5.5.10 跨站脚本漏洞 7. 攻击[25226]:帆软报表Remote Command Execution漏洞 8. 攻击[25228]:Vanderbilt IP Camera 远程凭据泄露漏洞 9. 攻击[25229]:帆软 V9getshell FineReport - 任意文件上传 10. 攻击[25231]:和信创天云桌面文件上传漏洞 11. 攻击[25232]:Zabbix 2.2 - 3.0.3 远程代码执行漏洞 12. 攻击[25233]:泛微OA任意文件上传漏洞更新规则: 1. 攻击[25078]:禅道项目管理系统远程文件包含漏洞 2. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25193. This package include changed rules: new rules: 1. threat[25220]:Nagios XI 5.7.5 HTTP Request Windowswmi.inc.php OS Command Injection Vulnerability(CVE-2021-25296) 2. threat[25221]:Nagios XI 5.7.5 HTTP Request switch.inc.php OS Command Injection Vulnerability(CVE-2021-25297) 3. threat[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php OS Command Injection Vulnerability(CVE-2021-25298) 4. threat[25223]:Nagios XI 5.7.5 sshterm.php Cross Site Scripting Vulnerability(CVE-2021-25299) 5. threat[25224]:QuarkMail Remote Command Execution Vulnerability 6. threat[25225]:Nagios XI 5.5.10 XSS vulnerability 7. threat[25226]:Fine Report Remote Command Execution Vulnerability 8. threat[25228]:Vanderbilt IP Camera Remote Credential Vulnerability 9. threat[25229]:FineReport V9 getshell - Arbitrary File Upload 10. threat[25231]:Hexinchuang Tianyun Desktop File Upload Vulnerability 11. threat[25232]:Zabbix 2.2-3.0.3 Remote Code Execution Vulnerability 12. threat[25233]:Weaver OA Arbitrary File Upload update rules: 1. threat[25078]:Zentao PMS Remote File Inclusion Vulnerability 2. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-09 02:21:13

名称： eoi.unify.allrulepatch.ips.5.6.10.25157.rule	版本：5.6.10.25157
MD5：d2046707321568f004ab3abdf363401e	大小：26.30M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25157。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25214]:泛微OA系统keywordid SQL注入漏洞 2. 攻击[25215]:Zabbix远程代码执行漏洞(CVE-2020-11800) 3. 攻击[25217]:泛微OA sysinterface/codeEdit.jsp任意文件上传漏洞 4. 攻击[25218]:JBoss 5.x和6.x 反序列化漏洞(CVE-2017-12149) 5. 攻击[25219]:GitLab 12.9.0 任意文件读取漏洞(CVE-2020-10977) 更新规则: 1. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25157. This package include changed rules: new rules: 1. threat[25214]:Weaver OA system keywordid SQL injection vulnerability 2. threat[25215]:Zabbix Remote Code Execution Vulnerability(CVE-2020-11800) 3. threat[25217]:Weaver OA sysinterface/codeEdit.jsp Arbitrary File Upload Vulnerability 4. threat[25218]:JBoss 5.x and 6.x Deserialization Vulnerabilities (CVE-2017-12149) 5. threat[25219]:GitLab 12.9.0 Read Arbitrary Files Vulnerability(CVE-2020-10977) update rules: 1. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-07 19:09:51

名称： eoi.unify.allrulepatch.ips.5.6.10.25113.rule	版本：5.6.10.25113
MD5：7bddc28dbadf89bc8fa032e1fe9a803d	大小：26.29M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.25113。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25205]:趋势科技InterScan Web安全网关DecryptPasswd缓冲区溢出漏洞(CVE-2020-28578) 2. 攻击[25203]:DLink 远程代码执行漏洞 - 任意文件上传(CVE-2021-27249) 3. 攻击[25206]:Advantech iView 目录遍历漏洞(CVE-2020-16245) 4. 攻击[25208]:Apache ActiveMQ任意代码执行漏洞(CVE-2020-11998) 5. 攻击[25211]:Adobe Acrobat Reader DC堆缓冲区溢出漏洞(CVE-2021-21017) 6. 攻击[25212]:Apache ActiveMQ message.jsp跨站脚本XSS漏洞(CVE-2020-13947) 7. 攻击[25210]:趋势科技 InterScan Web Security Virtual Appliance ManageVLANSettings 命令注入漏洞 (CWE-2020-28581) 8. 攻击[25209]:趋势科技 InterScan Web Security Virtual Appliance Password 字段命令注入漏洞 (CVE-2020-8466) 9. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989) 更新规则: 1. 攻击[25207]:Advantech WebAccess/NMS 任意文件上传漏洞(CVE-2020-10621) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25113. This package include changed rules: new rules: 1. threat[25205]:Trend Micro InterScan Web Security Virtual Appliance DecryptPasswd Buffer Overflow Vulnerability (CVE-2020-28578) 2. threat[25203]:DLink Remote Code Execution - Arbitrary File Upload(CVE-2021-27249) 3. threat[25206]:Advantech iView Directory Traversal Vulnerability(CVE-2020-16245) 4. threat[25208]:Apache ActiveMQ Remote Code Execution Vulnerability(CVE-2020-11998) 5. threat[25211]:Adobe Acrobat Reader DC Heap Buffer Overflow Vulnerability(CVE-2021-21017) 6. threat[25212]:Apache ActiveMQ message.jsp Cross-Site Scripting Vulnerability(CVE-2020-13947) 7. threat[25210]:Trend Micro InterScan Web Security Virtual Appliance ManageVLANSettings Command Injections Vulnerability (CWE-2020-28581) 8. threat[25209]:Trend Micro InterScan Web Security Virtual Appliance Password Command Injection Vulnerability (CVE-2020-8466) 9. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989) update rules: 1. threat[25207]:Advantech WebAccess/NMS Arbitrary File Upload Vulnerability(CVE-2020-10621) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-04-01 17:42:59

名称： eoi.unify.allrulepatch.ips.5.6.10.24993.rule	版本：5.6.10.24993
MD5：7118e4108507f27ef13377363de50238	大小：26.36M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24993。该升级包新增/改进的规则有: 更新规则: 1. 攻击[41781]:FRP内网穿透工具通信 2. 攻击[21906]:VSFTPD v2.3.4后门命令执行 3. 攻击[68654]:可疑Webshell脚本文件上传行为 4. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞 5. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24993. This package include changed rules: update rules: 1. threat[41781]:Communication of FRP Intranet Penetration Tool 2. threat[21906]:VSFTPD v2.3.4 Backdoor Command Execution 3. threat[68654]:Suspicious Webshell Script Files Upload Behavior 4. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability 5. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-03-25 23:09:31

名称： eoi.unify.allrulepatch.ips.5.6.10.24933.rule	版本：5.6.10.24933
MD5：261464cde2c40a3b1dc7a6df73a505b1	大小：26.25M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24933。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25183]:Cisco Security Manager AuthTokenServlet 反序列化漏洞(CVE-2020-27131) 2. 攻击[25184]:Foxit Reader and PhantomPDF Choice Field 释放后重用漏洞(CVE-2020-13557) 3. 攻击[10515]:libVNC LibVNCServer 拒绝服务漏洞(CVE-2020-25708) 4. 攻击[25187]:Joomla! CMS mod_breadcrumbs Title 存储型跨站脚本漏洞(CVE-2021-23124) 5. 攻击[25188]:Joomla CMS mod_random_image link 存储型跨站脚本漏洞(CVE-2020-15696) 6. 攻击[25186]:Joomla JCK Editor 6.4.4 - parent SQL注入漏洞(CVE-2018-17254) 7. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148) 8. 攻击[25190]:Nagios XI autodiscovery_component_update_cron命令注入漏洞(CVE-2020-28648) 9. 攻击[25191]:XStream反序列化远程代码执行漏洞(CVE-2021-21344) 10. 攻击[25192]:Microsoft Exchange New-TransportRule远程代码执行漏洞(CVE-2020-17132) 11. 攻击[25193]:XStream反序列化远程代码执行漏洞(CVE-2021-21345) 12. 攻击[25194]:XStream反序列化远程代码执行漏洞(CVE-2021-21346) 13. 攻击[25195]:Nagios XI Deploy Dashboards 存储型跨站脚本漏洞(CVE-2020-27989) 14. 攻击[25198]:XStream反序列化远程代码执行漏洞(CVE-2021-21351) 15. 攻击[41806]:Agent Tesla窃密软件通信 16. 攻击[25199]:Apache Solr任意文件读取漏洞 17. 攻击[25200]:趋势科技InterScan Web安全网关MailNotification缓冲区溢出漏洞更新规则: 1. 攻击[25083]:Online Examination System 1.0 - 存储型跨站脚本漏洞 2. 攻击[25177]:NEC ExpressCluster ApplyConfig XML外部实体注入漏洞(CVE-2020-17408) 3. 攻击[50603]:Web服务登录请求注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24933. This package include changed rules: new rules: 1. threat[25183]:Cisco Security Manager AuthTokenServlet Insecure Deserialization Vulnerability(CVE-2020-27131) 2. threat[25184]:Foxit Reader and PhantomPDF Choice Field Use After Free Vulnerability(CVE-2020-13557) 3. threat[10515]:libVNC LibVNCServer Divide by Zero Denial of Service Vulnerability(CVE-2020-25708) 4. threat[25187]:Joomla! CMS mod_breadcrumbs Title Stored Cross-Site Scripting Vulnerability(CVE-2021-23124) 5. threat[25188]:Joomla CMS mod_random_image link Stored Cross-Site Scripting Vulnerability(CVE-2020-15696) 6. threat[25186]:Joomla JCK Editor 6.4.4 - parent SQL Injection Vulnerability(CVE-2018-17254) 7. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148) 8. threat[25190]:Nagios XI autodiscovery_component_update_cron Command Injection Vulnerability(CVE-2020-28648) 9. threat[25191]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21344) 10. threat[25192]:Microsoft Exchange New-TransportRule Remote Code Execution Vulnerability(CVE-2020-17132) 11. threat[25193]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21345) 12. threat[25194]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21346) 13. threat[25195]:Nagios XI Deploy Dashboards Stored Cross-Site Scripting Vulnerability(CVE-2020-27989) 14. threat[25198]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21351) 15. threat[41806]:Agent Tesla Stealing Software Communication 16. threat[25199]:Apache Solr Arbitrarily File Read Vulnerability 17. threat[25200]:Trend Micro InterScan Web Security Virtual Appliance MailNotification Buffer Overflow Vulnerability update rules: 1. threat[25083]:Online Examination System 1.0 - Stored Cross Site Scripting Vulnerability 2. threat[25177]:NEC ExpressCluster ApplyConfig XML External Entity Injection Vulnerability(CVE-2020-17408) 3. threat[50603]:Web Service Login Request Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-03-19 10:06:20

名称： eoi.unify.allrulepatch.ips.5.6.10.24806.rule	版本：5.6.10.24806
MD5：876c7fd9bd5bb196d32c948e4132220c	大小：26.12M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24806。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25181]:Tunna http隧道内网代理连接 2. 攻击[25182]:nps http内网代理连接更新规则: 1. 攻击[41805]:Chisel 内网通信工具特征注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24806. This package include changed rules: new rules: 1. threat[25181]:Tunna http tunnel proxy connection 2. threat[25182]:nps http proxy connection update rules: 1. threat[41805]:Chisel Intranet Communication Tool Features Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-03-11 17:51:41

名称： eoi.unify.allrulepatch.ips.5.6.10.24768.rule	版本：5.6.10.24768
MD5：2f1459f5658d86fa04dd70c9cdaa9179	大小：26.12M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24768。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25177]:NEC ExpressCluster ApplyConfig XML外部实体注入漏洞(CVE-2020-17408) 2. 攻击[25179]:Twitter TwitterServer HistogramQueryHandler XSS 漏洞 (CVE-2020-35774) 3. 攻击[25180]:Webmin Package Updates update.cgi 命令注入漏洞 (CVE-2020-35606) 更新规则: 1. 攻击[41802]:Nemty勒索病毒URI特征注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24768. This package include changed rules: new rules: 1. threat[25177]:NEC ExpressCluster ApplyConfig XML External Entity Injection Vulnerability(CVE-2020-17408) 2. threat[25179]:Twitter TwitterServer HistogramQueryHandler Cross-Site Scripting Vulnerability (CVE-2020-35774) 3. threat[25180]:Webmin Package Updates update.cgi Command Injection Vulnerability (CVE-2020-35606) update rules: 1. threat[41802]:Nemty ransomware URI characteristics Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-03-04 17:33:14

名称： eoi.unify.allrulepatch.ips.5.6.10.24719.rule	版本：5.6.10.24719
MD5：bed33cfccd9ffc2414c5dec6a58ed3be	大小：26.21M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24719。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41802]:Nemty勒索病毒URI特征 2. 攻击[41803]:Nemty勒索病毒DNS特征更新规则: 1. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24719. This package include changed rules: new rules: 1. threat[41802]:Nemty ransomware URI characteristics 2. threat[41803]:Nemty Ransomware DNS Features update rules: 1. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-02-25 17:58:56

名称： eoi.unify.allrulepatch.ips.5.6.10.24659.rule	版本：5.6.10.24659
MD5：51b22a33d6e7f89ca2b963f505773138	大小：26.20M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24659。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41801]:磊科NR286-GE路由器telnet服务暴露 2. 攻击[25173]:NUUO NVRmini 2 远程代码执行漏洞(CVE-2016-5674) 3. 攻击[25174]:NUUO NVRsolo 远程代码执行漏洞(CVE-2016-5675) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24659. This package include changed rules: new rules: 1. threat[41801]:Netcore NR286-GE Router telnet Service Exposure 2. threat[25173]:NUUO NVRmini 2 Remote Code Execution Vulnerability(CVE-2016-5674) 3. threat[25174]:NUUO NVRsolo Remote Code Execution Vulnerability(CVE-2016-5675) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-02-19 20:49:18

名称： eoi.unify.allrulepatch.ips.5.6.10.24649.rule	版本：5.6.10.24649
MD5：1b76fd60fe80b808e0ec7bddd3c579ab	大小：26.20M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24649。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25171]:WordPress 5.0.0 - Image远程代码执行漏洞(CVE-2019-89242) 2. 攻击[25172]:Zeroshell cgi-bin/kerbynet远程代码执行漏洞(CVE-2009-0545/CVE-2019-12725/CVE-2020-29390) 3. 攻击[41800]:艾泰进取1200W无线路由器默认telnet服务暴露 4. 攻击[25175]:Mi Casa Verde VeraLite 目录遍历漏洞 (CVE-2013-4861) 5. 攻击[25176]:艾泰进取1200W无线路由器/goform/formTraceRoute远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24649. This package include changed rules: new rules: 1. threat[25171]:WordPress 5.0.0 - Image Remote Code Execution Vulnerability(CVE-2019-89242) 2. threat[25172]:Zeroshell cgi-bin/kerbynet Remote Code Execution Vulnerability(CVE-2009-0545/CVE-2019-12725/CVE-2020-29390) 3. threat[41800]:UTT 1200W Wireless Router telnet Service Exposure 4. threat[25175]:Mi Casa Verde VeraLite Directory Traversal Vulnerability (CVE-2013-4861) 5. threat[25176]:UTT 1200W Wireless Router /goform/formTraceRoute Remote Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-02-11 22:53:35

名称： eoi.unify.allrulepatch.ips.5.6.10.24629.rule	版本：5.6.10.24629
MD5：f0e4b4657dd389c086c436af502d1240	大小：26.19M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24629。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25158]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36183) 2. 攻击[25159]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36184/CVE-2020-36186) 3. 攻击[25160]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36185/CVE-2020-36187) 4. 攻击[25161]:Nagios Log Server Create_Snapshot 存储性跨站脚本漏洞 5. 攻击[25162]:Nagios Log Server Mail Settings 存储性跨站脚本漏洞 6. 攻击[41799]:恶意程序windows/njRAT_a网络通信 7. 攻击[25164]:Ctek SkyRouter cfg_ethping.cgi任意命令执行漏洞(CVE-2011-5010) 8. 攻击[25165]:Linksys WRT110 远程命令执行漏洞(CVE-2013-3568) 9. 攻击[25166]:AirLink101 SkyIPCam1620W远程命令执行漏洞(CVE-2015-2280) 10. 攻击[25163]:Jumpserver v2.6.1 远程命令执行漏洞 11. 攻击[25167]:Quick.CMS 6.7 - 远程代码执行漏洞(CVE-2020-35754) 12. 攻击[25168]:Linksys WAG54G2 远程命令执行漏洞(CVE-2009-5157) 13. 攻击[25169]:LINK-NET LW-N605R远程代码执行漏洞(CVE-2018-16752) 更新规则: 1. 攻击[25128]:Ruijie 路由器Shell注入 - 获取文件 2. 攻击[25153]:Ruijie 路由器Shell注入 - 文件写入 3. 攻击[25154]:Ruijie 路由器Shell注入 - 命令注入 4. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞(CVE-2020-17144) 5. 攻击[25151]:IBM QRadar SIEM RemoteJavaScript 不安全的反序列化漏洞 (CVE-2020-4280) 6. 攻击[25156]:Microsoft Exchange Server ExportExhangeCertificate任意文件写入漏洞(CVE-2020-17083) 7. 攻击[41775]:冰蝎 Webshell 连接(PHP) 8. 攻击[24553]:冰蝎 Webshell 连接(JSP) 9. 攻击[41776]:.冰蝎 Webshell 连接(ASP) 10. 攻击[25090]:Nagios XI CCM admin_views.inc.php任意文件覆盖漏洞 11. 攻击[24535]:Jackson-databind远程代码执行漏洞(CVE-2019-12384/CVE-2020-36189) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24629. This package include changed rules: new rules: 1. threat[25158]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36183) 2. threat[25159]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36184/CVE-2020-36186) 3. threat[25160]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36185/CVE-2020-36187) 4. threat[25161]:Nagios Log Server Create_Snapshot Stored Cross-Site Scripting Vulnerability 5. threat[25162]:Nagios Log Server Mail Settings Stored Cross-Site Scripting Vulnerability 6. threat[41799]:Malicious program windows/njRAT_a network communication 7. threat[25164]:Ctek SkyRouter cfg_ethping.cgi Remote Command Execution Vulnerability(CVE-2011-5010) 8. threat[25165]:Linksys WRT110 Remote Command Execution Vulnerability(CVE-2013-3568) 9. threat[25166]:AirLink101 SkyIPCam1620W Remote Command Execution Vulnerability(CVE-2015-2280) 10. threat[25163]:Jumpserver v2.6.1 Remote Command Execution Vulnerability 11. threat[25167]:Quick.CMS 6.7 - Remote Code Execution Vulnerability(CVE-2020-35754) 12. threat[25168]:Linksys WAG54G2 Remote Command Execution Vulnerability(CVE-2009-5157) 13. threat[25169]:LINK-NET LW-N605R Remote Code Execution Vulnerability(CVE-2018-16752) update rules: 1. threat[25128]:Ruijie Router shell injection - Getfile 2. threat[25153]:Ruijie Router shell injection - WriteIn 3. threat[25154]:Ruijie Router shell injection - Command Injection 4. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144) 5. threat[25151]:IBM QRadar SIEM RemoteJavaScript Insecure Deserialization Vulnerability (CVE-2020-4280) 6. threat[25156]:Microsoft Exchange Server ExportExhangeCertificate Arbitrary File Write Vulnerability (CVE-2020-17083) 7. threat[41775]:Behinder Webshell Connect(PHP) 8. threat[24553]:Behinder Webshell Connect(JSP) 9. threat[41776]:.Behinder Webshell Connect(ASP) 10. threat[25090]:Nagios XI CCM admin_views.inc.php Arbitrary File Overwrite Vulnerability 11. threat[24535]:Jackson-databind Remote Code Execution Vulnerability(CVE-2019-12384/CVE-2020-36189) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-02-04 19:53:41

名称： eoi.unify.allrulepatch.ips.5.6.10.24551.rule	版本：5.6.10.24551
MD5：db13975f4c0435f5fc83d690746a1509	大小：26.17M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24551。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25148]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36179/CVE-2020-36180/CVE-2020-36181/CVE-2020-36182) 2. 攻击[25146]:Nagios XI 5.7.5 - 存储型跨站脚本漏洞 3. 攻击[25147]:Trend Micro InterScan Messaging PolicyWSAction 外部实体注入漏洞(CVE-2020-27017) 4. 攻击[25155]:Zoho ManageEngine应用程序管理器showMonitorGroupView SQL注入漏洞 5. 攻击[25128]:Ruijie 路由器Shell注入 - 获取文件 6. 攻击[25153]:Ruijie 路由器Shell注入 - 文件写入 7. 攻击[25154]:Ruijie 路由器Shell注入 - 命令注入 8. 攻击[25149]:ImageMagick身份验证命令注入漏洞 9. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞(CVE-2020-17144) 10. 攻击[25151]:IBM QRadar SIEM RemoteJavaScript 不安全的反序列化漏洞 (CVE-2020-4280) 11. 攻击[25156]:Microsoft Exchange Server ExportExhangeCertificate任意文件写入漏洞(CVE-2020-17083) 12. 攻击[25157]:PEAR Archive Tar PHAR协议处理反序列化代码执行漏洞 13. 攻击[25145]:Weblogic Server远程代码执行漏洞(CVE-2021-2109) 更新规则: 1. 攻击[24736]:NETGEAR DGN2200 10.0.0.50 授权命令执行漏洞（CVE-2017-6334） 2. 攻击[24772]:ASUS RT-N10+/RT56U 无线路由器代码执行漏洞(CVE-2013-5948) 3. 攻击[24445]:WordPress插件DZS-VideoGallery - 跨站点脚本攻击漏洞(CVE-2014-9094) 4. 攻击[23320]:Fritz!Box Webcm 未认证命令注入漏洞(CVE-2014-9727) 5. 攻击[24735]:NETGEAR DGN2200v1/v2/v3/v4 授权命令注入漏洞（CVE-2017-6077） 6. 攻击[24634]:Zyxel EMG2926家庭路由器命令注入漏洞(CVE-2017-6884) 7. 攻击[22702]:DLink DIR-645 / DIR-815 diagnostic.php 命令注入漏洞 8. 攻击[24745]:Linear eMerge E3访问控制器命令注入（CVE-2019-7256） 9. 攻击[22799]:D-Link Devices UPnP SOAP命令注入 10. 攻击[23733]:D-Link DCS-930L Authenticated 远程命令执行漏洞 11. 攻击[24743]:Netis WF2419 V1.2.31805/V2.2.36123授权命令注入漏洞（CVE-2019-19356） 12. 攻击[24701]:Xfinity Gateway 命令注入漏洞 13. 攻击[50603]:Web服务登录请求注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24551. This package include changed rules: new rules: 1. threat[25148]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36179/CVE-2020-36180/CVE-2020-36181/CVE-2020-36182) 2. threat[25146]:Nagios XI 5.7.5 - Persistent Cross-Site Scripting Vulnerability 3. threat[25147]:Trend Micro InterScan Messaging PolicyWSAction External Entity Injection Vulnerability(CVE-2020-27017) 4. threat[25155]:Zoho ManageEngine Applications Manager showMonitorGroupView SQL Injection Vulnerability 5. threat[25128]:Ruijie Router shell injection - Getfile 6. threat[25153]:Ruijie Router shell injection - WriteIn 7. threat[25154]:Ruijie Router shell injection - Command Injection 8. threat[25149]:ImageMagick Authenticate Command Injection Vulnerability 9. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144) 10. threat[25151]:IBM QRadar SIEM RemoteJavaScript Insecure Deserialization Vulnerability (CVE-2020-4280) 11. threat[25156]:Microsoft Exchange Server ExportExhangeCertificate Arbitrary File Write Vulnerability (CVE-2020-17083) 12. threat[25157]:PEAR Archive Tar PHAR Protocol Handling Deserialization Code Execution Vulnerability 13. threat[25145]:Weblogic Server Remote Code Execution Vulnerability(CVE-2021-2109) update rules: 1. threat[24736]:NETGEAR DGN2200 10.0.0.50 Authorized Command Execution Vulnerability (CVE-2017-6334) 2. threat[24772]:ASUS RT-N10+/RT56U Command Execution Vulnerability(CVE-2013-5948) 3. threat[24445]:WordPress Plugin DZS-VideoGallery - Cross-Site Scripting Vulnerability(CVE-2014-9094) 4. threat[23320]:Fritz!Box Webcm Unauthenticated Command Injection(CVE-2014-9727) 5. threat[24735]:NETGEAR DGN2200v1 / v2 / v3 / v4 Authorized Command Injection Vulnerability (CVE-2017-6077) 6. threat[24634]:Zyxel EMG2926 Router Command Injection Vulnerability(CVE-2017-6884) 7. threat[22702]:DLink DIR-645 / DIR-815 diagnostic.php Command Execution 8. threat[24745]:Linear eMerge E3 Access Controller Command Injection(CVE-2019-7256) 9. threat[22799]:D-Link Devices UPnP SOAP Command Execution 10. threat[23733]:D-Link DCS-930L Authenticated Remote Command Execution Vulnerability 11. threat[24743]:Netis WF2419 V1.2.31805/V2.2.36123 Authorized Command Injection Vulnerability (CVE-2019-19356) 12. threat[24701]:Xfinity Gateway command injection vulnerability 13. threat[50603]:Web Service Login Request Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-01-29 19:45:32

名称： eoi.unify.allrulepatch.ips.5.6.10.24451.rule	版本：5.6.10.24451
MD5：c3ce288d3d812c5ea8a03d9883ddea0c	大小：26.16M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24451。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25137]:Anchor CMS 0.12.7 - 'markdown' 存储型跨站脚本漏洞 2. 攻击[25138]:Arcserve D2D getNews外部实体注入漏洞(CVE-2020-27858) 3. 攻击[30767]:Adobe Acrobat/Reader 信息泄露漏洞(CVE-2020-29075) 4. 攻击[25139]:Microsoft SharePoint Server远程代码执行漏洞(CVE-2021-1707) 5. 攻击[25140]:Apache CXF跨站脚本执行漏洞(CVE-2020-13954) 6. 攻击[25141]:Apache Solr远程代码执行漏洞(CVE-2020-13957) 7. 攻击[25142]:飞鱼星VM2100网关远程命令执行漏洞 8. 攻击[25143]:Fatek Automation PLC WinProladder SPF堆栈缓冲区溢出(CVE-2020-16234) 9. 攻击[25144]:FasterXML jackson-databind远程代码执行漏洞(CVE-2019-14361/CVE-2019-14439) 更新规则: 1. 攻击[10405]:ISC BIND named拒绝服务漏洞(CVE-2015-5477) 2. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530) 3. 攻击[23881]:Apache Jetspeed跨站脚本漏洞(CVE-2016-0712) 4. 攻击[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet任意文件上传(CVE-2018-1306) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24451. This package include changed rules: new rules: 1. threat[25137]:Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting Vulnerability 2. threat[25138]:Arcserve D2D getNews External Entity Injection Vulnerability(CVE-2020-27858) 3. threat[30767]:Adobe Acrobat and Acrobat Reader Information Disclosure Vulnerability(CVE-2020-29075) 4. threat[25139]:Microsoft SharePoint Server Remote Code Execution Vulnerability(CVE-2021-1707) 5. threat[25140]:Apache CXF Cross-Site Scripting Vulnerability(CVE-2020-13954) 6. threat[25141]:Apache Solr Remote Code Execution Vulnerability(CVE-2020-13957) 7. threat[25142]:Adslr Gateway VM2100 Remote Command Execution Vulnerability 8. threat[25143]:Fatek Automation PLC WinProladder SPF Stack Buffer Overflow(CVE-2020-16234) 9. threat[25144]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2019-14361/CVE-2019-14439) update rules: 1. threat[10405]:ISC BIND named Denial of Service Vulnerability(CVE-2015-5477) 2. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530) 3. threat[23881]:Apache Jetspeed Portal URI Path XSS(CVE-2016-0712) 4. threat[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet Arbitrary File Upload(CVE-2018-1306) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-01-21 17:53:05

名称： eoi.unify.allrulepatch.ips.5.6.10.24359.rule	版本：5.6.10.24359
MD5：d21c9f28ebfb91251c8fe2a873bd3ba2	大小：26.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24359。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25134]:JavaMelody XXE漏洞 (CVE-2018-15531) 2. 攻击[25135]:艾泰upnp命令注入漏洞 3. 攻击[25136]:艾泰 http formDiagnose命令注入漏洞 4. 攻击[30766]:飞鱼星网关tftp敏感信息泄露漏洞 5. 攻击[50603]:Web服务登录请求更新规则: 1. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞 2. 攻击[50591]:RDP远程桌面服务登录成功 3. 攻击[41785]:SolarWinds Orion后门SUNBURST上线注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24359. This package include changed rules: new rules: 1. threat[25134]:JavaMelody XXE Vulnerability (CVE-2018-15531) 2. threat[25135]:UTT upnp Command Injection Vulnerability 3. threat[25136]:Aitai http formDiagnose Command Injection Vulnerability 4. threat[30766]:Adslr Gateway tftp Information Disclosure Vulnerability 5. threat[50603]:Web Service Login Request update rules: 1. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability 2. threat[50591]:RDP Remote Desktop Protocol Service Login 3. threat[41785]:SolarWinds Orion Backdoor SUNBURST Online Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-01-15 19:34:47

名称： eoi.unify.allrulepatch.ips.5.6.10.24311.rule	版本：5.6.10.24311
MD5：3d941bbf77f60c335bb995fb66816db9	大小：26.16M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24311。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25130]:WordPress Plugin Adning Advertising 1.5.5 - 任意文件上传漏洞 2. 攻击[25131]:Advanced Comment System 1.0 - 'ACS_path'路径遍历漏洞(CVE-2020-35598) 3. 攻击[25132]:Apache Flink目录遍历漏洞 (CVE-2020-17518) 4. 攻击[25133]:Apache Flink jobmanager/logs目录遍历漏洞(CVE-2020-17519) 更新规则: 1. 攻击[23695]:Apache Struts2 多个安全漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24311. This package include changed rules: new rules: 1. threat[25130]:WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Vulnerability 2. threat[25131]:Advanced Comment System 1.0 - 'ACS_path' Path Traversal Vulnerability(CVE-2020-35598) 3. threat[25132]:Apache Flink Upload Path Traversal Vulnerability(CVE-2020-17518) 4. threat[25133]:Apache Flink jobmanager/logs Path Traversal Vulnerability(CVE-2020-17519) update rules: 1. threat[23695]:Apache Struts2 Multiple Security Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2021-01-07 17:02:42

名称： eoi.unify.allrulepatch.ips.5.6.10.24277.rule	版本：5.6.10.24277
MD5：6c1cfef217745b9788ec9902be8a120f	大小：26.17M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24277。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41785]:SolarWinds Orion后门SUNBURST上线 2. 攻击[41786]:SolarWinds Orion后门SUNBURST通信 3. 攻击[41787]:SolarWinds Orion后门SUNBURST_CS.BEACON通信 4. 攻击[41788]:SolarWinds Orion后门SUNBURST POST通信 5. 攻击[30765]:Atlassian Jira Server and Data Center ViewUserHover.jspa 信息泄露漏洞(CVE-2020-14181) 6. 攻击[25129]:Apache Unomi 远程代码执行漏洞(CVE-2020-13942) 7. 攻击[41797]:ikuai路由器固件 - 任意文件删除漏洞 8. 攻击[41798]:ikuai路由器固件 - 任意文件命名漏洞更新规则: 1. 攻击[25128]:Ruijie 路由器newcli.php远程代码执行漏洞 2. 攻击[41781]:FRP内网穿透工具SSH通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24277. This package include changed rules: new rules: 1. threat[41785]:SolarWinds Orion Backdoor SUNBURST Online 2. threat[41786]:SolarWinds Orion Backdoor SUNBURST Communication 3. threat[41787]:SolarWinds Orion Backdoor SUNBURST_CS.BEACON Communication 4. threat[41788]:SolarWinds Orion Backdoor SUNBURST POST Communication 5. threat[30765]:Atlassian Jira Server and Data Center ViewUserHover.jspa Information Disclosure Vulnerability(CVE-2020-14181) 6. threat[25129]:Apache Unomi Remote Code Execution Vulnerability(CVE-2020-13942) 7. threat[41797]:Arbitrary file deletion vulnerability in Ikuai router 8. threat[41798]:Arbitrary file renaming vulnerability in Ikuai router update rules: 1. threat[25128]:Ruijie Router newcli.php RCE Vulnerability 2. threat[41781]:SSH Communication of FRP Intranet Penetration Tool Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-12-31 20:29:40

名称： eoi.unify.allrulepatch.ips.5.6.10.24232.rule	版本：5.6.10.24232
MD5：c9dd7032454e7d293f021284a3d4389e	大小：26.14M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24232。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25122]:XStream任意文件删除漏洞(CVE-2020-26259) 2. 攻击[25123]:XStream服务器端请求伪造(SSRF)漏洞(CVE-2020-26258) 3. 攻击[25124]:PHPJabbers Appointment Scheduler 2.3 - 反射型跨站脚本漏洞(CVE-2020-35416) 4. 攻击[25125]:WECON LeviStudioU HFT文件解析堆栈缓冲区溢出漏洞(CVE-2020-16243) 5. 攻击[25126]:Nagios XI ajaxhelper.php cmdsubsys命令注入漏洞(CVE-2020-15901) 6. 攻击[10512]:Windows网络文件系统RPCSEC_GSS拒绝服务漏洞(CVE-2020-17047) 7. 攻击[41784]:艾泰路由器web服务弱口令密码登录漏洞 8. 攻击[25128]:Ruijie 路由器newcli.php远程代码执行漏洞 9. 攻击[25127]:Jenkins 2.251 跨站脚本漏洞(CVE-2020-2231) 更新规则: 1. 攻击[23283]:vtiger CRM validateSession() 身份验证绕过漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24232. This package include changed rules: new rules: 1. threat[25122]:XStream Arbitrary File Deletion Vulnerability (CVE-2020-26259) 2. threat[25123]:XStream Server-Side Request Forgery(SSRF) Vulnerability(CVE-2020-26258) 3. threat[25124]:PHPJabbers Appointment Scheduler 2.3 - Reflected XSS Vulnerability(CVE-2020-35416) 4. threat[25125]:WECON LeviStudioU HFT File Parsing Stack Buffer Overflow Vulnerability(CVE-2020-16243) 5. threat[25126]:Nagios XI ajaxhelper.php Cmdsubsys command injection vulnerability(CVE-2020-15901) 6. threat[10512]:Windows Network file system RPCSEC_GSS denial of service vulnerability(CVE-2020-17047) 7. threat[41784]:Aitai router web service weak password password login vulnerability 8. threat[25128]:Ruijie Router newcli.php RCE Vulnerability 9. threat[25127]:Jenkins 2.251 Cross Site Scripting Vulnerability(CVE-2020-2231) update rules: 1. threat[23283]:vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-12-24 20:53:08

名称： eoi.unify.allrulepatch.ips.5.6.10.24189.rule	版本：5.6.10.24189
MD5：ded6d809808a413355f63a3805beb684	大小：26.13M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24189。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25121]:SaltStack Salt API SSH客户端命令注入漏洞 (CVE-2020-16846) 2. 攻击[25110]:Advantech R-SeeNet device_position device_id SQL注入漏洞(CVE-2020-25157) 更新规则: 1. 攻击[41781]:FRP内网穿透工具SSH通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24189. This package include changed rules: new rules: 1. threat[25121]:SaltStack Salt API SSH Client Command Injection Vunlerability (CVE-2020-16846) 2. threat[25110]:Advantech R-SeeNet device_position device_id SQL Injection Vulnerability(CVE-2020-25157) update rules: 1. threat[41781]:SSH Communication of FRP Intranet Penetration Tool Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-12-17 17:12:21

名称： eoi.unify.allrulepatch.ips.5.6.10.24166.rule	版本：5.6.10.24166
MD5：ca92f4942b66eec6e04ecd1beebdeae9	大小：26.13M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24166。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41782]:FRP内网穿透工具 - 通过域名访问 2. 攻击[41783]:FRP内网穿透工具 - 转发DNS查询请求 3. 攻击[25104]:Adobe Acrobat Reader DC内存释放后重用漏洞(CVE-2020-24437) 4. 攻击[25105]:Apache SkyWalking GraphQL 协议 SQL注入漏洞(CVE-2020-9483) 5. 攻击[25107]:Adobe Acrobat Reader DC FDF对象释放后重用漏洞(CVE-2020-24430) 6. 攻击[25106]:Zoho ManageEngine Applications Manager RulesConstructor.jsp SQL注入漏洞(CVE-2020-16267) 7. 攻击[25109]:Adobe Acrobat Pro DC Javascript越界读取漏洞(CVE-2020-24435) 8. 攻击[25108]:Zoho ManageEngine Applications Manager MyPage.do SQL注入漏洞(CVE-2020-27995) 9. 攻击[25113]:Apache Tapestry ContextAssetRequestHandler信息泄露漏洞(CVE-2020-13953) 10. 攻击[25114]:Artica Proxy fw.login.php apikey SQL注入漏洞(CVE-2020-17506) 11. 攻击[25117]:Adobe ColdFusion CKEditor upload.cfm 文件上传漏洞(CVE-2018-15961) 12. 攻击[25112]:Zoho ManageEngine Applications Manager Buffer.jsp resourceid SQL注入漏洞(CVE-2020-15927) 13. 攻击[25118]:Atlassian Crowd远程代码执行漏洞(CVE-2019-11580) 14. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530) 15. 攻击[25116]:Confluence路径穿越漏洞(CVE-2019-3398) 更新规则: 1. 攻击[25102]:Apache SkyWalking SQL注入漏洞(CVE-2020-13921) 2. 攻击[41781]:FRP内网穿透工具SSH通信 3. 攻击[25063]:Artica Proxy cyrus.php 命令注入(CVE-2020-17505) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24166. This package include changed rules: new rules: 1. threat[41782]:FRP intranet penetration tool - Access via domain name 2. threat[41783]:FRP intranet penetration tool - forward DNS query request 3. threat[25104]:Adobe Acrobat and Reader form Field Format Use After Free Vulnerability(CVE-2020-24437) 4. threat[25105]:Apache SkyWalking GraphQL Protocol SQL Injection Vulnerability(CVE-2020-9483) 5. threat[25107]:Adobe Acrobat Pro DC FDF Object Use After Free Vulnerability(CVE-2020-24430) 6. threat[25106]:Zoho ManageEngine Applications Manager RulesConstructor.jsp SQL Injection Vulnerability(CVE-2020-16267) 7. threat[25109]:Adobe Acrobat Pro DC Javascript Out of Bounds Read Vulnerability(CVE-2020-24435) 8. threat[25108]:Zoho ManageEngine Applications Manager MyPage.do SQL Injection Vulnerability(CVE-2020-27995) 9. threat[25113]:Apache Tapestry ContextAssetRequestHandler Information Disclosure Vulnerability(CVE-2020-13953) 10. threat[25114]:Artica Proxy fw.login.php apikey SQL Injection Vulnerability(CVE-2020-17506) 11. threat[25117]:Adobe ColdFusion CKEditor upload.cfm Unrestricted File Upload Vulnerability(CVE-2018-15961) 12. threat[25112]:Zoho ManageEngine Applications Manager Buffer.jsp resourceid SQL Injection Vulnerability(CVE-2020-15927) 13. threat[25118]:Atlassian Crowd Remote Code Execution Vulnerability(CVE-2019-11580) 14. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530) 15. threat[25116]:Confluence Path Traversal Vulnerability(CVE-2019-3398) update rules: 1. threat[25102]:Apache SkyWalking SQL Injection Vulnerability(CVE-2020-13921) 2. threat[41781]:SSH Communication of FRP Intranet Penetration Tool 3. threat[25063]:Artica Proxy cyrus.php Command Injection(CVE-2020-17505) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-12-11 14:11:34

名称： eoi.unify.allrulepatch.ips.5.6.10.24042.rule	版本：5.6.10.24042
MD5：aa8040abd785ca3a1876a6b801c76eda	大小：26.10M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.24042。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25102]:Apache SkyWalking SQL注入漏洞(CVE-2020-13921) 2. 攻击[25103]:医疗中心管理系统 1.0-SQL注入漏洞 3. 攻击[41781]:FRP内网穿透工具SSH通信 4. 攻击[50602]:Burp Suite Web攻击工具启动 5. 攻击[41780]:DNSLog查询请求 6. 攻击[25101]:Microsoft SharePoint远程代码执行漏洞(CVE-2020-16952) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24042. This package include changed rules: new rules: 1. threat[25102]:Apache SkyWalking SQL Injection Vulnerability(CVE-2020-13921) 2. threat[25103]:Medical Center Portal Management System 1.0 - SQL Injection Vulnerability 3. threat[41781]:SSH Communication of FRP Intranet Penetration Tool 4. threat[50602]:Burp Suite Web Attack Tool Startup 5. threat[41780]:DNSLog Query Request 6. threat[25101]:Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2020-16952) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-12-04 18:02:21

名称： eoi.unify.allrulepatch.ips.5.6.10.23995.rule	版本：5.6.10.23995
MD5：f943eaa85cb4fa656b35887b082727a7	大小：26.08M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23995。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25096]:TestBox CFML Test Framework 4.1.0 - 目录穿越漏洞 2. 攻击[25097]:Apache Airflow 跨站脚本漏洞(CVE-2020-13944) 3. 攻击[25098]:AppWeb认证绕过漏洞(CVE-2018-8715) 4. 攻击[25099]:用友ERP-NC系统/NCFindWeb文件包含漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23995. This package include changed rules: new rules: 1. threat[25096]:TestBox CFML Test Framework 4.1.0 - Directory Traversal Vulnerability 2. threat[25097]:Apache Airflow Cross Site Scripting Vulnerability(CVE-2020-13944) 3. threat[25098]:AppWeb Authentication Bypass vulnerability (CVE-2018-8715) 4. threat[25099]:Yonyou ERP-NC System/NCFindWeb File Inclusion Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-11-26 16:40:59

名称： eoi.unify.allrulepatch.ips.5.6.10.23968.rule	版本：5.6.10.23968
MD5：08d81183870cef449fa6643c50b6fd59	大小：26.09M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23968。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25088]:Nagios XI mibs.php 命令注入漏洞(CVE-2020-5791) 2. 攻击[25092]:ShoreTel Conferencing 19.46.1802.0 - 反射型跨站脚本攻击(CVE-2020-28351) 3. 攻击[25093]:WordPress文件管理器 connector.minimal.php 访问控制漏洞（CVE-2020-25213) 4. 攻击[25094]:Windows NFS网络文件系统远程代码执行漏洞(CVE-2020-17051) 5. 攻击[25095]:Windows NFS网络文件系统信息泄露漏洞(CVE-2020-17056) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23968. This package include changed rules: new rules: 1. threat[25088]:Nagios XI mibs.php Command Injection Vulnerability(CVE-2020-5791) 2. threat[25092]:ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting Vulnerability(CVE-2020-28351) 3. threat[25093]:WordPress File Manager connector.minimal.php Improper Access Control Vulnerability (CVE-2020-25213) 4. threat[25094]:Windows Network File System Remote Code Execution Vulnerability(CVE-2020-17051) 5. threat[25095]:Windows Network File System Information Disclosure Vulnerability(CVE-2020-17056) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-11-20 01:59:33

名称： eoi.unify.allrulepatch.ips.5.6.10.23938.rule	版本：5.6.10.23938
MD5：d8e66787efc66b25f7c9df638c70615c	大小：26.09M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23938。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25086]:Processwire CMS 2.4.0本地文件包含漏洞 2. 攻击[25087]:Microsoft Malware Protection Engine远程代码执行漏洞(CVE-2017-8558) 3. 攻击[30760]:Microsoft图形设备接口(GDI)信息泄露漏洞(CVE-2019-1010) 4. 攻击[25089]:Ruckus IoT Controller Web UI 身份验证绕过漏洞 5. 攻击[25091]:Adobe Acrobat Reader ESObject释放后重用漏洞(CVE-2020-9715) 6. 攻击[25090]:Nagios XI CCM admin_views.inc.php任意文件覆盖漏洞更新规则: 1. 攻击[24854]:Jenkins远程命令执行漏洞(CVE-2018-1000861) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23938. This package include changed rules: new rules: 1. threat[25086]:Processwire CMS 2.4.0 - 'download' Local File Inclusion Vulnerability 2. threat[25087]:Microsoft Malware Protection Engine Remote Code Execution Vulnerability(CVE-2017-8558) 3. threat[30760]:Microsoft Graphics Device Interface Information Disclosure Vulnerability(CVE-2019-1010) 4. threat[25089]:Ruckus IoT Controller Web UI Authentication Bypass Vulnerability 5. threat[25091]:Adobe Acrobat Reader ESObject Use After Free Vulnerability(CVE-2020-9715) 6. threat[25090]:Nagios XI CCM admin_views.inc.php Arbitrary File Overwrite Vulnerability update rules: 1. threat[24854]:Jenkins Remote Command Execution Vulnerability(CVE-2018-1000861) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-11-12 17:45:05

名称： eoi.unify.allrulepatch.ips.5.6.10.23901.rule	版本：5.6.10.23901
MD5：91e99fc457e36ec2769139d913c491df	大小：26.08M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23901。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25083]:Online Examination System 1.0 - 存储型跨站脚本漏洞 2. 攻击[25084]:Elasticsearch未授权访问漏洞 3. 攻击[25085]:Monitor 1.7.6m - 权限绕过漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23901. This package include changed rules: new rules: 1. threat[25083]:Online Examination System 1.0 - Stored Cross Site Scripting Vulnerability 2. threat[25084]:Elasticsearch Unauthorized Access Vulnerability 3. threat[25085]:Monitorr 1.7.6m - Authorization Bypass Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-11-06 17:21:23

名称： eoi.unify.allrulepatch.ips.5.6.10.23834.rule	版本：5.6.10.23834
MD5：aaeb9cafdc1cd56bd048ff732937cd52	大小：26.07M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23834。该升级包新增/改进的规则有: 更新规则: 1. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23834. This package include changed rules: update rules: 1. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-10-31 10:00:16

名称： eoi.unify.allrulepatch.ips.5.6.10.23813.rule	版本：5.6.10.23813
MD5：55425ea1a2aa4b5581c7a8985714b218	大小：26.06M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23813。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25080]:Gym Management System 1.0 - 身份验证绕过漏洞 2. 攻击[25077]:HooToo TripMate Titan HT-TM05 远程命令执行漏洞(CVE-2018-20841) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23813. This package include changed rules: new rules: 1. threat[25080]:Gym Management System 1.0 - Authentication Bypass Vulnerability 2. threat[25077]:HooToo TripMate Titan HT-TM05 Remote Code Execution Vulnerability(CVE-2018-20841) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-10-29 16:34:13

名称： eoi.unify.allrulepatch.ips.5.6.10.23802.rule	版本：5.6.10.23802
MD5：65cb18ce248ce806640e5d72a3210ac4	大小：26.12M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23802。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25078]:禅道项目管理系统远程文件包含漏洞 2. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23802. This package include changed rules: new rules: 1. threat[25078]:Zentao PMS Remote File Inclusion Vulnerability 2. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-10-27 10:37:50

名称： eoi.unify.allrulepatch.ips.5.6.10.23787.rule	版本：5.6.10.23787
MD5：e7659c8bfc73f86671e62791281c757e	大小：26.12M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23787。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30758]:Way-Board远程文件泄露漏洞(CVE-2001-0214) 2. 攻击[25074]:Cacti Group Cacti color.php SQL注入漏洞 3. 攻击[25075]:访客管理系统（CVMS）1.0-认证绕过漏洞 4. 攻击[25076]:Wireless IP Camera (P2P) WIFICAM远程代码执行漏洞(CVE-2017-8225) 更新规则: 1. 攻击[24300]:GPON Home Gateway 远程命令执行漏洞(CVE-2018-10561/CVE-2018-10562) 2. 攻击[30759]:Zoho ManageEngine Applications Manager UploadAction任意文件上传漏洞 (CVE-2020-14008) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23787. This package include changed rules: new rules: 1. threat[30758]:Way-Board Remote File Disclosure Vulnerability(CVE-2001-0214) 2. threat[25074]:Cacti Group Cacti color.php SQL Injection Vulnerability 3. threat[25075]:Company Visitor Management System (CVMS) 1.0 - Authentication Bypass Vulnerability 4. threat[25076]:Wireless IP Camera (P2P) WIFICAM Remote Code Execution Vulnerability(CVE-2017-8225) update rules: 1. threat[24300]:Remote command execution vulnerability of GPON Home Gateway (cve-2018-10561/cve-2018-10562) 2. threat[30759]:Zoho ManageEngine Applications Manager UploadAction Arbitrary File Upload Vulnerability (CVE-2020-14008) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-10-23 15:33:02

名称： eoi.unify.allrulepatch.ips.5.6.10.23760.rule	版本：5.6.10.23760
MD5：a16327190b4ca9c7573cb6be7a6f8133	大小：26.06M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23760。该升级包新增/改进的规则有: 更新规则: 1. 攻击[25040]:fastadmin前台目录穿越漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23760. This package include changed rules: update rules: 1. threat[25040]:Fastadmin front-end directory traversal vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-10-16 22:34:45

名称： eoi.unify.allrulepatch.ips.5.6.10.23691.rule	版本：5.6.10.23691
MD5：3e84345b6863259cb43f8f6e712e5424	大小：26.07M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23691。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25064]:BigTree CMS 4.4.10 SQL注入漏洞 2. 攻击[25066]:Bigviktor bot 网络C&C通信 3. 攻击[25067]:Flatpress Add Blog 1.0.3- 存储型跨站脚本漏洞 4. 攻击[25068]:Cisco UCS Director saveStaticConfig目录遍历漏洞(CVE-2020-3248) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23691. This package include changed rules: new rules: 1. threat[25064]:BigTree CMS 4.4.10 SQL Injection Vulnerability 2. threat[25066]:Bigviktor bot Network C&C Connection 3. threat[25067]:Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting Vulnerability 4. threat[25068]:Cisco UCS Director saveStaticConfig Directory Traversal Vulnerability(CVE-2020-3248) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-10-09 15:47:27

名称： eoi.unify.allrulepatch.ips.5.6.10.23620.rule	版本：5.6.10.23620
MD5：c735e546cb0deba40275b6c8ab27dfc7	大小：26.03M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23620。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25044]:WebSphere Application Server XXE漏洞(CVE-2020-4634) 2. 攻击[25045]:研华WebAccess NMS ConfigRestoreAction 任意文件上传漏洞(CVE-2020-10621) 更新规则: 1. 攻击[25040]:fastadmin前台目录穿越漏洞 2. 攻击[25041]:fastadmin前台getshell漏洞-上传shell 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23620. This package include changed rules: new rules: 1. threat[25044]:WebSphere Application Server XXE Vulnerability(CVE-2020-4634) 2. threat[25045]:Advantech WebAccess NMS ConfigRestoreAction Arbitrary File Upload Vulnerability(CVE-2020-10621) update rules: 1. threat[25040]:Fastadmin front-end directory traversal vulnerability 2. threat[25041]:Fastadmin front-end getshell vulnerability - upload shell Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-23 19:40:20

名称： eoi.unify.allrulepatch.ips.5.6.10.23606.rule	版本：5.6.10.23606
MD5：d5995a821e2bfd8e611dd481943185b6	大小：26.03M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23606。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25039]:Nagios XI account main.php存储型跨站脚本漏洞(CVE-2020-10821) 2. 攻击[50593]:Redis认证失败 3. 攻击[25040]:fastadmin前台目录穿越漏洞 4. 攻击[25041]:fastadmin前台getshell漏洞 - 上传shell 5. 攻击[25042]:Fastadmin前台登录成功 6. 攻击[41774]:Fastadmin后台登录成功更新规则: 1. 攻击[50592]:mysql登录用户读取本地文件 2. 攻击[41543]:木马后门程序ASP一句话木马注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23606. This package include changed rules: new rules: 1. threat[25039]:Nagios XI account main.php Stored Cross-Site Scripting Vulnerability(CVE-2020-10821) 2. threat[50593]:Redis Authenticated Failed 3. threat[25040]:Fastadmin front-end directory traversal vulnerability 4. threat[25041]:Fastadmin front-end getshell vulnerability - upload shell 5. threat[25042]:Fastadmin foreground login succeeded 6. threat[41774]:Fastadmin background login succeeded update rules: 1. threat[50592]:Mysql Login User Reads Local Files 2. threat[41543]:Trojan/Backdoor General ASP trojan Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-23 10:19:12

名称： eoi.unify.allrulepatch.ips.5.6.10.23586.rule	版本：5.6.10.23586
MD5：f681696ecaab26a83486c1da043c3a54	大小：26.02M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23586。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25038]:rConfig 未授权远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23586. This package include changed rules: new rules: 1. threat[25038]:rConfig Unauthenticated Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-21 21:07:11

名称： eoi.unify.allrulepatch.ips.5.6.10.23576.rule	版本：5.6.10.23576
MD5：ef1e8e417aeee034c76e7d3a80444c80	大小：26.00M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23576。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25032]:ThinkAdmin 6 - 任意文件读取漏洞(CVE-2020-25540) 2. 攻击[25037]:PHP Yii 框架反序列化漏洞(CVE-2020-15148) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23576. This package include changed rules: new rules: 1. threat[25032]:ThinkAdmin 6 - Arbitrarily File Read Vulnerability(CVE-2020-25540) 2. threat[25037]:PHP Yii Framework Deserialization Vulnerability(CVE-2020-15148) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-20 17:14:23

名称： eoi.unify.allrulepatch.ips.5.6.10.23569.rule	版本：5.6.10.23569
MD5：1fd225828d2592243cb5fca6cb4fdb3d	大小：26.00M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23569。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25035]:Coremail XT5 远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23569. This package include changed rules: new rules: 1. threat[25035]:Coremail XT5 Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-18 18:48:45

名称： eoi.unify.allrulepatch.ips.5.6.10.23542.rule	版本：5.6.10.23542
MD5：169120fb98bece2ee85dc8a282aee207	大小：26.02M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23542。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25031]:Netlogon 特权提升漏洞（CVE-2020-1472 更新规则: 1. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23542. This package include changed rules: new rules: 1. threat[25031]:Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) update rules: 1. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-15 21:21:29

名称： eoi.unify.allrulepatch.ips.5.6.10.23523.rule	版本：5.6.10.23523
MD5：09b934e5b144cc1a8dda116aef76b78a	大小：26.02M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23523。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25029]:通达OA v11.7后台SQL注入漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23523. This package include changed rules: new rules: 1. threat[25029]:Office Anywhere OA v11.7 SQL injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-14 18:27:39

名称： eoi.unify.allrulepatch.ips.5.6.10.23519.rule	版本：5.6.10.23519
MD5：d0b99a3d9bafdf8a35d822fdbccd32e0	大小：26.02M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23519。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25024]:联软科技网络准入控制系统任意文件上传漏洞 2. 攻击[25025]:泛微E-cology OA getdata.jsp SQL注入漏洞 3. 攻击[25026]:网瑞达资源访问控制系统命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23519. This package include changed rules: new rules: 1. threat[25024]:Leagsoft UniNAC Arbitrary File Upload Vulnerability 2. threat[25025]:Weaver E-cology OA getdata.jsp SQL Injection Vulnerability 3. threat[25026]:WRDTech WebVPN Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-13 17:34:40

名称： eoi.unify.allrulepatch.ips.5.6.10.23511.rule	版本：5.6.10.23511
MD5：02cde29e644cd4fe6bc0f471de42a0e9	大小：26.00M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23511。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25023]:泛微云桥任意文件读取漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23511. This package include changed rules: new rules: 1. threat[25023]:Weaver E-bridge Arbitrary File Reading vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-13 09:02:10

名称： eoi.unify.allrulepatch.ips.5.6.10.23507.rule	版本：5.6.10.23507
MD5：a65bfb7822ad1f03db7747acb24511f8	大小：26.01M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23507。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25018]:Weblogic UniversalExtractor 反序列化漏洞(CVE-2020-14645) 2. 攻击[30752]:Tailor 管理系统-'id'SQL注入漏洞 3. 攻击[25019]:Mara CMS 7.5 - 反射型跨站脚本漏洞(CVE-2020-24223) 4. 攻击[25021]:Apache DolphinScheduler远程代码执行漏洞(CVE-2020-11974) 5. 攻击[25022]:用友GRP-u8系统远程命令执行漏洞 6. 应用:HTTP2 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23507. This package include changed rules: new rules: 1. threat[25018]:Weblogic UniversalExtractor Deserialization Vulnerability(CVE-2020-14645) 2. threat[30752]:Tailor Management System - 'id' SQL Injection Vulnerability 3. threat[25019]:Mara CMS 7.5 - Reflective Cross-Site Scripting Vulnerability(CVE-2020-24223) 4. threat[25021]:Apache DolphinScheduler Remote Code Execution Vulnerability(CVE-2020-11974) 5. threat[25022]:Yonyou GRP-u8 Remote Command Execution Vulnerability 6. app:HTTP2 Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-12 10:32:55

名称： eoi.unify.allrulepatch.ips.5.6.10.23476.rule	版本：5.6.10.23476
MD5：944dcae2f188a1a25f1a05570638ac2e	大小：26.01M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23476。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25015]:grocy 2.7.1- 存储型XSS漏洞 2. 攻击[25014]:BloodX CMS 1.0 - 身份验证绕过漏洞 3. 攻击[25017]:mozilo CMS 2.0-存储型XSS漏洞更新规则: 1. 攻击[25012]:Daily Tracker System 1.0 身份验证绕过漏洞(CVE-2020-24193) 2. 攻击[25013]:Savsoft Quiz Enterprise Version 5.5 -存储型跨站脚本漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23476. This package include changed rules: new rules: 1. threat[25015]:grocy 2.7.1 - Persistent Cross-Site Scripting Vulnerability 2. threat[25014]:BloodX CMS 1.0 - Authentication Bypass Vulnerability 3. threat[25017]:moziloCMS 2.0 - Persistent Cross-Site Scripting Vunlerability update rules: 1. threat[25012]:Daily Tracker System 1.0 Authentication Bypass Vulnerability(CVE-2020-24193) 2. threat[25013]:Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-11 09:25:19

名称： eoi.unify.allrulepatch.ips.5.6.10.23419.rule	版本：5.6.10.23419
MD5：37b6ebbff50a90f73538619559c07b5b	大小：25.99M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23419。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25009]:Microsoft .NET Framework/SharePoint Server/Visual Studio远程代码执行漏洞(CVE-2020-1147) 2. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接 3. 攻击[25011]:哥斯拉Godzilla PHP_XOR_RAW Webshell 连接 4. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞 5. 攻击[25004]:ElkarBackup 1.3.3- 存储型跨站点脚本漏洞 6. 攻击[25006]:Apache Shiro 1.5.1 身份验证绕过漏洞(CVE-2020-1957) 更新规则: 1. 攻击[22933]:网络蠕虫Nimda攻击注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23419. This package include changed rules: new rules: 1. threat[25009]:Microsoft .NET Framework/SharePoint Server/Visual Studio Remote Code Execution(CVE-2020-1147) 2. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect 3. threat[25011]:Godzilla PHP_XOR_RAW Webshell Connect 4. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability 5. threat[25004]:ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Vulnerability 6. threat[25006]:Apache Shiro Authentication Bypass Vulnerability (CVE-2020-1957) update rules: 1. threat[22933]:Network Worm Nimda Attack Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-09-03 16:51:04

名称： eoi.unify.allrulepatch.ips.5.6.10.23384.rule	版本：5.6.10.23384
MD5：3de5793f57d3074e156eb09ab3e44da6	大小：25.97M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23384。该升级包新增/改进的规则有: 新增规则: 1. 攻击[25003]:Fuel CMS 1.4.7 - 'col' SQL注入漏洞 2. 攻击[30749]:锐捷网络交换机eWeb S29_RGOS 11.4目录遍历漏洞 3. 攻击[25000]:Seowon SlC 130路由器远程执行代码漏洞 4. 攻击[41771]:远程控制木马大灰狼受控端上线 5. 攻击[24999]:Spring Boot Actuator未授权访问 6. 攻击[41770]:恶意代码利用ADB调试接口传播 7. 攻击[25005]:宝塔面板phpMyAdmin未授权访问漏洞更新规则: 1. 攻击[24553]:冰蝎 Webshell 连接 2. 攻击[23991]:Fastjson远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23384. This package include changed rules: new rules: 1. threat[25003]:Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) Vulnerability 2. threat[30749]:Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal Vulnerability 3. threat[25000]:Seowon SlC 130 Router Remote Code Execution Vulnerability 4. threat[41771]:Remote Control Trojan DaHuiLang Client Startup 5. threat[24999]:Spring Boot Actuator Unauthorized Access 6. threat[41770]:Malicious code spreads using ADB debugging interface 7. threat[25005]:BaoTa Panel phpMyAdmin Unauthorized Access Vulnerability update rules: 1. threat[24553]:Behinder Webshell Connect 2. threat[23991]:Fastjson Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-08-27 19:32:26

名称： eoi.unify.allrulepatch.ips.5.6.10.23321.rule	版本：5.6.10.23321
MD5：2ac50963d63b7f3b34abeb4377e2be29	大小：25.95M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23321。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24997]:通达OA 11.6 任意文件删除漏洞 2. 攻击[24998]:通达OA 11.6 任意文件上传漏洞 3. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传 4. 攻击[41767]:哥斯拉Godzilla Webshell ASPX脚本上传 5. 攻击[41768]:哥斯拉Godzilla Webshell PHP脚本上传注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23321. This package include changed rules: new rules: 1. threat[24997]:Office Anywhere OA 11.6 Arbitrary File Deletion Vulnerability 2. threat[24998]:Office Anywhere OA 11.6 Arbitrary File Upload Vulnerability 3. threat[41766]:Godzilla Webshell JSP Scripts Upload 4. threat[41767]:Godzilla Webshell ASPX Scripts Upload 5. threat[41768]:Godzilla Webshell PHP Scripts Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-08-19 18:42:39

名称： eoi.unify.allrulepatch.ips.5.6.10.23275.rule	版本：5.6.10.23275
MD5：b22c0ad9e1cc0c11341812cbc31cfa11	大小：25.94M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23275。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24993]:通达OA前台SQL注入漏洞 2. 攻击[24994]:通达OA 2015-2017版本任意文件上传漏洞 3. 攻击[24995]:通达OA任意文件删除漏洞更新规则: 1. 攻击[24553]:冰蝎 Webshell 连接 2. 攻击[41699]:冰蝎加密JSP Webshell文件上传 3. 攻击[41697]:冰蝎加密ASP Webshell文件上传 4. 攻击[41696]:冰蝎加密PHP Webshell文件上传注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23275. This package include changed rules: new rules: 1. threat[24993]:TongDa OA FrontEnd injection vulnerability 2. threat[24994]:Tongda OA 2015-2017 version arbitrary file upload vulnerability 3. threat[24995]:Tongda OA Arbitrary deletion Vulnerability update rules: 1. threat[24553]:Behinder Webshell Connect 2. threat[41699]:Behinder Encrypted JSP Webshell File Upload 3. threat[41697]:Behinder Encrypted ASP Webshell File Upload 4. threat[41696]:Behinder Encrypted PHP Webshell File Upload Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-08-17 22:08:44

名称： eoi.unify.allrulepatch.ips.5.6.10.23223.rule	版本：5.6.10.23223
MD5：9a2d5d7446fa678c8fb5b53762f078b2	大小：25.94M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23223。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24983]:Oracle E-Business Suite Advanced Outbound Telephony Calendar跨站脚本漏洞(CVE-2020-2852) 2. 攻击[24984]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2871) 3. 攻击[24986]:Cisco Unified Contact Center Express RMI 不安全的反序列化漏洞(CVE-2020-3280) 4. 攻击[24987]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2854) 5. 攻击[24988]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2856) 6. 攻击[24989]:Apache Kylin REST API migrateCube命令注入漏洞(CVE-2020-1956) 7. 攻击[24990]:Apache Spark未授权远程代码执行漏洞(CVE-2020-9480) 8. 应用:egd 9. 应用:eyou 10. 应用:postgres field 更新规则: 1. 攻击[66229]:ISC BIND内存泄露漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23223. This package include changed rules: new rules: 1. threat[24983]:Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting Vulnerability(CVE-2020-2852) 2. threat[24984]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2871) 3. threat[24986]:Cisco Unified Contact Center Express RMI Insecure Deserialization Vulnerability(CVE-2020-3280) 4. threat[24987]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2854) 5. threat[24988]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2856) 6. threat[24989]:Apache Kylin REST API migrateCube Command Injection Vulnerability(CVE-2020-1956) 7. threat[24990]:Apache Spark Unauthorized Remote Code Execution Vulnerability(CVE-2020-9480) 8. app:egd 9. app:eyou 10. app:postgres field update rules: 1. threat[66229]:ISC BIND Internal Memory Disclosure Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-08-14 10:54:25

名称： eoi.unify.allrulepatch.ips.5.6.10.23150.rule	版本：5.6.10.23150
MD5：34c9b692ef0035598f43ae88de8ad447	大小：25.33M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23150。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24979]:禅道Pro远程代码执行漏洞(CVE-2020-7361) 2. 攻击[24980]:WebSphere远程代码执行漏洞(CVE-2020-4450) 3. 攻击[24981]:WebSphere远程代码执行漏洞(CVE-2020-4534) 4. 攻击[24982]:研华WebAccess SCADA IOCTL 10001 BwPSLink.exe任意文件删除漏洞更新规则: 1. 攻击[24863]:SaltStack目录遍历漏洞(CVE-2020-11652) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23150. This package include changed rules: new rules: 1. threat[24979]:ZenTao Pro Remote Code Execution Vulnerability(CVE-2020-7361) 2. threat[24980]:WebSphere Remote Code Execution Vulnerability(CVE-2020-4450) 3. threat[24981]:WebSphere Remote Code Execution Vulnerability(CVE-2020-4534) 4. threat[24982]:Advantech WebAccess SCADA IOCTL 10001 BwPSLink.exe Arbitrary File Delete Vulnerability update rules: 1. threat[24863]:SaltStack Directory Traversal Vulnerability(CVE-2020-11652) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-08-07 16:11:33

名称： eoi.unify.allrulepatch.ips.5.6.10.23127.rule	版本：5.6.10.23127
MD5：a80f8e76a83cf07a98f9359bf07419ff	大小：25.32M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23127。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24974]:泛微网络E-office OA管理系统任意文件读取漏洞 2. 攻击[24975]:Foxit Reader和PhantomPDF释放后重用漏洞(CVE-2020-8845) 3. 攻击[24976]:Microsoft Windows SMBv1 NT_TRANSACT_IOCTL远程执行代码(CVE-2020-1301) 4. 攻击[24977]:Microsoft Windows CAB文件分析目录遍历漏洞(CVE-2020-1300) 5. 攻击[24978]:Microsoft Windows SMBv3压缩信息披露（CVE-2020-1206）更新规则: 1. 攻击[50519]:远程控制工具NetWire连接 2. 攻击[24101]:Apache Tomcat 远程代码执行漏洞(CVE-2017-12615)(CVE-2017-12617) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23127. This package include changed rules: new rules: 1. threat[24974]:Weaver Network E-office OA Management System Arbitrary File Download Vulnerability 2. threat[24975]:Foxit Reader and PhantomPDF Use After Free Vulnerability(CVE-2020-8845) 3. threat[24976]:Microsoft Windows SMBv1 NT_TRANSACT_IOCTL Remote Code Execution(CVE-2020-1301) 4. threat[24977]:Microsoft Windows CAB File Parsing Directory Traversal Vulnerability(CVE-2020-1300) 5. threat[24978]:Microsoft Windows SMBv3 Compression Information Disclosure(CVE-2020-1206) update rules: 1. threat[50519]:Remote Control tool NetWire 2. threat[24101]:Apache Tomcat Remote Code Execution Vulnerability(CVE-2017-12615)(CVE-2017-12617) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-07-30 17:46:04

名称： eoi.unify.allrulepatch.ips.5.6.10.23076.rule	版本：5.6.10.23076
MD5：1920901701df2f2b2364ef4eb6496394	大小：25.32M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23076。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24970]:用友致远A8协同管理软件任意文件读取漏洞 2. 攻击[24971]:禅道项目管理系统11.6任意文件读取漏洞 3. 攻击[24972]:禅道项目管理系统11.6 SQL注入漏洞 4. 攻击[24973]:禅道项目管理系统11.6 文件上传漏洞 5. 攻击[24969]:ThinkPHP 6.0任意文件创建上传漏洞 6. 攻击[24965]:laravel框架序列化远程代码执行漏洞(CVE-2019-9081) 7. 攻击[41764]:nginx服务器后门连接尝试 8. 应用:sinec-h1 9. 应用:hart-ip 10. 应用:gryphon 更新规则: 1. 攻击[41588]:PHP Webshell脚本上传 2. 攻击[24962]:Microsoft Windows DNS服务器整数溢出(CVE-2020-1350) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23076. This package include changed rules: new rules: 1. threat[24970]:Seeyon A8 collaborative management software Arbitrary file reading vulnerability 2. threat[24971]:Zentao PMS 11.6 Arbitrary File Read Vulnerability 3. threat[24972]:Zentao PMS 11.6 SQL Injection Vulnerability 4. threat[24973]:Zentao PMS 11.6 File Upload Vulnerability 5. threat[24969]:ThinkPHP 6.0 Arbitrary File Creation and Upload Vulnerability 6. threat[24965]:Laravel framework serialization remote code execution vulnerability (CVE-2019-9081) 7. threat[41764]:nginx Server Backdoor Connection Attempt 8. app:sinec-h1 9. app:hart-ip 10. app:gryphon update rules: 1. threat[41588]:PHP Webshell Script Upload 2. threat[24962]:Microsoft Windows DNS Server Integer Overflow Vulnerability(CVE-2020-1350) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-07-23 19:04:17

名称： eoi.unify.allrulepatch.ips.5.6.10.23040.rule	版本：5.6.10.23040
MD5：81a20156c4aa4e9cfb057e4ba0592b1e	大小：25.31M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.23040。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24936]:Microsoft Edge Chakra脚本引擎远程内存破坏漏洞（CVE-2019-0568） 2. 攻击[24958]:EFS Easy File Sharing Web Server 缓冲区错误漏洞(CVE-2018-9059) 3. 攻击[24938]:DNN DNNarticle Module 配置文件泄露漏洞(CVE-2018-9126) 4. 攻击[24939]:Microsoft SharePoint Server远程代码执行漏洞（CVE-2019-0604) 5. 攻击[24941]:Nagios XI Chained 远程代码执行漏洞(CVE-2018-8735) 6. 攻击[24942]:Roland Gruber Softwareentwicklung LDAP Account Manager 跨站脚本漏洞(CVE-2018-8763) 7. 攻击[24943]:Square 9 GlobalForms SQL注入漏洞(CVE-2018-8820) 8. 攻击[24959]:Aviosoft DVD X Player Standar 缓冲区错误漏洞(CVE-2018-9128) 9. 攻击[24945]:Microsoft Edge Chakra InlineArrayPush 类型混淆漏洞(CVE-2018-8617) 10. 攻击[24947]:Drupal avatar_uploader v7.x-1.0-beta8 目录遍历漏洞(CVE-2018-9205) 11. 攻击[24948]:Windows VBScript 引擎远程执行代码漏洞(CVE-2018-8625) 12. 攻击[24950]:LibreOffice 输入验证错误漏洞(CVE-2019-9848) 13. 攻击[24951]:Microsoft Windows和Windows Server 输入验证错误漏洞(CVE-2020-0938) 14. 攻击[30746]:Microsoft Windows Modules Installer Service 信息泄露漏洞(CVE-2020-0859) 15. 攻击[24952]:Microsoft Windows Installer 远程代码执行漏洞(CVE-2020-0814) 16. 攻击[24961]:SQL Server Reporting Services RCE漏洞(CVE-2010-0618) 17. 攻击[24954]:Microsoft Media Foundation 缓冲区错误漏洞(CVE-2020-0738) 18. 攻击[24505]:Apache Axis 1.4 远程代码执行(CVE-2019-0227) 19. 攻击[24955]:Windows LNK快捷方式文件远程代码执行漏洞(CVE-2020-0729) 20. 攻击[30747]:Microsoft Windows Modules Installer Service信息泄露漏洞(CVE-2020-0728) 21. 攻击[24956]:Windows Installer权限提升漏洞(CVE-2020-0683) 22. 攻击[24957]:Windows Kernel Service Tracing权限提升漏洞(CVE-2020-0668) 23. 攻击[24962]:Microsoft Windows DNS服务器整数溢出(CVE-2020-1350) 24. 攻击[24964]:Zoho ManageEngine OpManager cachestart目录遍历（CVE-2020-13818） 25. 应用:人人直播更新规则: 1. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361) 2. 攻击[50591]:RDP远程桌面服务登录成功 3. 攻击[24119]:FasterXML Jackson-databind反序列化代码执行漏洞(CVE-2017-15095) 4. 应用:百度云管家 5. 应用:华西证券注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23040. This package include changed rules: new rules: 1. threat[24936]:Microsoft Edge Chakra Scripting Engine Remote Memory corruption vulnerability (CVE-2019-0568 2. threat[24958]:EFS Easy File Sharing Web Server Buffer Error Vulnerability (CVE-2018-9059) 3. threat[24938]:DNN DNNarticle Module Config File Leak Vulnerability(CVE-2018-9126) 4. threat[24939]:Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2019-0604) 5. threat[24941]:Nagios XI Chained Remote Code Execution Vulnerability(CVE-2018-8735) 6. threat[24942]:Roland Gruber Softwareentwicklung LDAP Account Manager CROSS-site Scripting Vulnerability(CVE-2018-8763) 7. threat[24943]:Square 9 GlobalForms SQL Injection Vulnerability(CVE-2018-8820) 8. threat[24959]:Aviosoft DVD X Player Standar Buffer Error Vulnerability (CVE-2018-9128) 9. threat[24945]:Microsoft Edge Chakra InlineArrayPush Type Confusion Vulnerability(CVE-2018-8617) 10. threat[24947]:Drupal avatar_uploader v7.x-1.0-beta8 Directory Traversal Vulnerability(CVE-2018-9205) 11. threat[24948]:Windows VBScript Engine Remote Execution Code Vulnerability(CVE-2018-8625) 12. threat[24950]:LibreOffice input validation error vulnerability(CVE-2019-9848) 13. threat[24951]:Microsoft Windows和Windows Server Input Validation Vulnerability(CVE-2020-0938) 14. threat[30746]:Microsoft Windows Modules Installer Service Information Disclosure Vulnerability(CVE-2020-0859) 15. threat[24952]:Microsoft Windows Installer Remote Code Execution Vulnerability(CVE-2020-0814) 16. threat[24961]:SQL Server Reporting Services RCE Vulnerability (CVE-2010-0618) 17. threat[24954]:Microsoft Media Foundation Buffer Error Vulnerability(CVE-2020-0738) 18. threat[24505]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227) 19. threat[24955]:Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729) 20. threat[30747]:Microsoft Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728) 21. threat[24956]:Windows Installer Privilege Elevation Vulnerability (CVE-2020-0683) 22. threat[24957]:Windows Kernel Service Tracing Privilege Elevation Vulnerability (CVE-2020-0668) 23. threat[24962]:Microsoft Windows DNS Server Integer Overflow Vulnerability(CVE-2020-1350) 24. threat[24964]:Zoho ManageEngine OpManager cachestart Directory Traversal(CVE-2020-13818) 25. app:renrenzhibo update rules: 1. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361) 2. threat[50591]:RDP Remote Desktop Protocol Service Login 3. threat[24119]:FasterXML Jackson-databind Deserialization Remote Code Execution Vulnerability(CVE-2017-15095) 4. app:baiduyunguanjia 5. app:Market Quotes Stie - Huaxi Securities Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-07-15 22:44:15

名称： eoi.unify.allrulepatch.ips.5.6.10.22935.rule	版本：5.6.10.22935
MD5：b0fa950156140f64fdb40deefb1031ae	大小：25.27M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22935。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24935]:Microsoft Edge Chakra脚本引擎远程内存破坏漏洞（CVE-2019-0567） 2. 攻击[24930]:思科数据中心网络管理器installSwitchLicense目录遍历漏洞(CVE-2019-15980) 3. 攻击[24931]:Foxit PhantomPDF文本字段对象释放后重用漏洞(CVE-2020-8846) 4. 攻击[24932]:Cisco UCS Director isEnableRestKeyAccessCheckForUser身份验证绕过漏洞(CVE-2020-3243) 5. 攻击[41763]:Cobalt Strike渗透攻击工具Beacon DNS通信 6. 攻击[24933]:Cisco Data Center Network Manager storeFileContentInFS 目录遍历漏洞(CVE-2019-15981) 7. 攻击[24934]:Microsoft .NET Framework XPS文件解析远程代码执行漏洞(CVE-2020-0605) 更新规则: 1. 攻击[49003]:Mirai僵尸连接服务器 2. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984) 3. 攻击[50181]:HTTP协议CONNECT遂道功能(http proxy)连接访问注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22935. This package include changed rules: new rules: 1. threat[24935]:Microsoft Edge Chakra Scripting Engine Remote Memory corruption vulnerability (CVE-2019-0567) 2. threat[24930]:Cisco Data Center Network Manager installSwitchLicense Directory Traversal Vulnerability(CVE-2019-15980) 3. threat[24931]:Foxit PhantomPDF text Field Object Use After Free Vulnerability(CVE-2020-8846) 4. threat[24932]:Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability(CVE-2020-3243) 5. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication 6. threat[24933]:Cisco Data Center Network Manager storeFileContentInFS Directory Traversal Vulnerability(CVE-2019-15981) 7. threat[24934]:Microsoft .NET Framework XPS File Parsing Remote Code Execution Vulnerability(CVE-2020-0605) update rules: 1. threat[49003]:Mirai Botnet Connecting to the Server 2. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984) 3. threat[50181]:HTTP Protocol CONNECT Tunnel Feature (http proxy) Connection Access Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-07-09 18:49:50

名称： eoi.unify.allrulepatch.ips.5.6.10.22885.rule	版本：5.6.10.22885
MD5：8265b4063fca25617864851fd62559a6	大小：25.26M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22885。该升级包新增/改进的规则有: 新增规则: 1. 攻击[10506]:Microsoft Windows TLS Key Exchange拒绝服务漏洞(CVE-2020-1118) 2. 攻击[24928]:Zoho ManageEngine DataSecurity Plus认证绕过漏洞(CVE-2020-11532) 3. 攻击[10507]:ISC BIND TSIG 验证拒绝服务漏洞(CVE-2020-8617) 4. 攻击[41762]:Tomato路由器默认口令扫描更新规则: 1. 攻击[24893]:Microsoft Internet Explorer Jscript JSONStringifyObject 释放后重利用漏洞(CVE-2017-11793) 2. 攻击[50453]:协议隧道工具dns2tcp连接 3. 攻击[24919]:Zoho ManageEngine DataSecurity Plus目录遍历漏洞(CVE-2020-11531) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22885. This package include changed rules: new rules: 1. threat[10506]:Microsoft Windows TLS Key Exchange Denial of Service Vulnerability(CVE-2020-1118) 2. threat[24928]:Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability(CVE-2020-11532) 3. threat[10507]:ISC BIND TSIG Validation Denial of Service Vulnerability(CVE-2020-8617) 4. threat[41762]:Tomato router Default Credentials Scan update rules: 1. threat[24893]:Microsoft Internet Explorer Jscript JSONStringifyObject Use After Free (CVE-2017-11793) 2. threat[50453]:Protocol Tunnel Tool dns2tcp Connect 3. threat[24919]:Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability(CVE-2020-11531) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-07-02 18:19:08

名称： eoi.unify.allrulepatch.ips.5.6.10.22865.rule	版本：5.6.10.22865
MD5：acefbf8be9887dad13361174a30a18a0	大小：25.25M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22865。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30744]:帆软报表v8.0认证账号密码信息泄露漏洞 2. 攻击[24925]:Winmail邮箱管理系统viewsharenetdisk.php任意文件下载漏洞 3. 攻击[41761]:WMIC命令执行 4. 攻击[24926]:泛微ecology8 任意文件上传漏洞 5. 攻击[24927]:Apache Dubbo Provider 反序列化漏洞(CVE-2020-1948) 6. 应用:腾讯会议 7. 应用:Zoho 8. 应用:企业微信 9. 应用:WPS 10. 应用:WeLink 11. 应用:Webex Meetings 12. 应用:泛微 13. 应用:腾讯文档 14. 应用:好视通视频会议 15. 应用:飞书更新规则: 1. 攻击[24879]:winmail邮箱管理系统任意文件下载漏洞 2. 攻击[24878]:Winmail邮件管理系统任意文件上传漏洞 3. 攻击[24255]:Web服务远程命令执行攻击 4. 攻击[24918]:Zoho ManageEngine OpManager fluidicv2 UI目录遍历漏洞(CVE-2020-12116) 5. 攻击[41718]:内网隧道工具reGeorg连接 6. 应用:Zoom 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22865. This package include changed rules: new rules: 1. threat[30744]:FineReport v8.0 Authentication Account Password Information Disclosure Vulnerability 2. threat[24925]:Winmail Mailbox Management System viewsharenetdisk.php Abitrary Download Vulnerability 3. threat[41761]:WMIC Command Execation 4. threat[24926]:Weaver Ecology8 Arbitrary File Upload Vulnerability 5. threat[24927]:Apache Dubbo Provider Deserialization Vulnerability(CVE-2020-1948) 6. app:Tencent Meeting 7. app:Zoho 8. app:WeWork 9. app:WPS 10. app:WeLink 11. app:Webex Meetings 12. app:eteams 13. app:腾讯文档 14. app:好视通视频会议 15. app:飞书 update rules: 1. threat[24879]:winmail mailbox management system abitrary download vulnerability 2. threat[24878]:winmail mail management system arbitrary upload vulnerability 3. threat[24255]:Web Service Remote Command Execution Attack 4. threat[24918]:Zoho ManageEngine OpManager fluidicv2 UI Directory Traversal Vulnerability(CVE-2020-12116) 5. threat[41718]:Intranet tunneling tool reGeorg connection 6. app:Zoom Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-06-28 15:19:41

名称： eoi.unify.allrulepatch.ips.5.6.10.22840.rule	版本：5.6.10.22840
MD5：770a367ee4eda3d790205dab5e3a639b	大小：25.26M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22840。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24921]:Advantech WebAccess SCADA BwFLApp.exe任意文件删除漏洞 2. 攻击[24922]:Advantech WebAccess SCADA BwPFile.exe任意文件删除漏洞 3. 攻击[24923]:Apache Shiro RememberMe反序列化漏洞(CVE-2016-4437) 4. 攻击[50591]:RDP远程桌面服务登录成功 5. 攻击[30743]:泛微ecology OA数据库配置信息泄露 6. 攻击[24924]:Apache Commons Configuration加载YAML文件反序列化漏洞(CVE-2020-1953) 更新规则: 1. 攻击[68655]:可疑Webshell后门访问控制 2. 攻击[24858]:通达OA 任意用户远程代码执行漏洞 3. 攻击[23533]:TRS WCM任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22840. This package include changed rules: new rules: 1. threat[24921]:Advantech WebAccess SCADA BwFLApp.exe Arbitrary File Deletion Vulnerability 2. threat[24922]:Advantech WebAccess SCADA BwPFile.exe Arbitrary File Deletion Vulnerability 3. threat[24923]:Apache Shiro RememberMe Deserialization Vulnerability(CVE-2016-4437) 4. threat[50591]:RDP Remote Desktop Protocol Service Login 5. threat[30743]:Weaver ecology OA Database Configuration Information Leakage Vulnerability 6. threat[24924]:Apache Commons Configuration Loading YAML Files Deserialization Vulnerability(CVE-2020-1953) update rules: 1. threat[68655]:Suspicious Webshell Backdoor Access and Control 2. threat[24858]:TongDa OA Remote Code Execution Vulnerability 3. threat[23533]:TRS WCM Arbitrary File Upload Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-06-18 17:58:35

名称： eoi.unify.allrulepatch.ips.5.6.10.22809.rule	版本：5.6.10.22809
MD5：30463eac9481315269eb69ab9196de22	大小：25.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22809。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41760]:Victor CMS 1.0 远程Shell 上传漏洞 2. 攻击[24912]:i-doit Open Source CMDB 1.14.1任意文件删除漏洞 3. 攻击[24914]:OpenMRSReference应用程序sessionLocation参数反射型跨站点脚本漏洞 4. 攻击[24915]:Oracle商业智能BIRemotingServlet AMF不安全反序列化(CVE-2020-2950) 5. 攻击[24916]:Rockwell Automation FactoryTalk RNADiagnosticsSrv反序列化漏洞(CVE-2020-6967) 6. 攻击[30742]:Adobe Acrobat及Reader 越界读取信息泄露漏洞(CVE-2020-3804) 7. 应用:KNXIP 更新规则: 1. 攻击[24895]:dotCMS CMSFilter assets 访问控制漏洞(CVE-2020-6754) 2. 攻击[24861]:Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8470) 3. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22809. This package include changed rules: new rules: 1. threat[41760]:Victor CMS 1.0 Shell Upload 2. threat[24912]:i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion 3. threat[24914]:OpenMRS Reference Application sessionLocation Reflected Cross-Site Scripting 4. threat[24915]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization(CVE-2020-2950) 5. threat[24916]:Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization Vulnerability(CVE-2020-6967) 6. threat[30742]:Adobe Acrobat and Reader Out of Bounds Read Information Disclosure Vulnerability(CVE-2020-3804) 7. app:KNXIP update rules: 1. threat[24895]:dotCMS CMSFilter assets Access Control Weakness Vulnerability (CVE-2020-6754) 2. threat[24861]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8470) 3. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-06-11 18:19:35

名称： eoi.unify.allrulepatch.ips.5.6.10.22767.rule	版本：5.6.10.22767
MD5：b2451730d704f15d6964e9809fe6fe2b	大小：25.23M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22767。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24905]:Webtateas 2.0 任意文件读取漏洞 2. 攻击[41758]:i-doit开源CMDB 1.14.1任意文件删除 3. 攻击[24904]:HP LinuxKI 6.01-远程命令注入漏洞(CVE-2020-7209) 4. 攻击[24906]:Cisco SD-WAN Solution vManage SQL注入漏洞(CVE-2019-16012) 5. 攻击[24907]:施耐德电气 IGSS IGSSupdateservice 目录遍历漏洞(CVE-2020-7478) 6. 攻击[24908]:Mikrotik路由器监控系统1.2.3 SQL注入（CVE-2020-13118） 7. 攻击[24909]:JDWP远程命令执行更新规则: 1. 攻击[49003]:Mirai僵尸连接服务器 2. 攻击[41381]:恶意勒索软件传输 3. 攻击[24883]:Zabbix jsrpc.php SQL注入漏洞(CVE-2016-10134) 4. 攻击[23991]:Fastjson远程代码执行漏洞 5. 攻击[24106]:Apache Tomcat远程代码执行漏洞（CVE-2017-12617） 6. 攻击[24771]:PHPStudy Backdoor 远程代码执行漏洞 7. 应用:微信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22767. This package include changed rules: new rules: 1. threat[24905]:Webtateas version 2.0 suffers from an arbitrary file read vulnerability. 2. threat[41758]:i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion 3. threat[24904]:HP LinuxKI 6.01Remote Command Injection Vulnerability(CVE-2020-7209) 4. threat[24906]:Cisco SD-WAN Solution vManage SQL Injection Vulnerability(CVE-2019-16012) 5. threat[24907]:Schneider Electric IGSS IGSSupdateservice Directory Traversal Vulnerability(CVE-2020-7478) 6. threat[24908]:Mikrotik Router Monitoring System 1.2.3 SQL Injection(CVE-2020-13118) 7. threat[24909]:JDWP Remote Command Execution update rules: 1. threat[49003]:Mirai Botnet Connecting to the Server 2. threat[41381]:Malicious Ransomware Transmission 3. threat[24883]:Zabbix jsrpc.php SQL injection vulnerability (CVE-2016-10134) 4. threat[23991]:Fastjson Remote Code Execution Vulnerability 5. threat[24106]:Apache Tomcat remote Code Execution Vulnerability（CVE-2017-12617） 6. threat[24771]:PHPStudy Backdoor Remote Code Execution Vulnerability 7. app:wechat Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-06-04 17:22:54

名称： eoi.unify.allrulepatch.ips.5.6.10.22729.rule	版本：5.6.10.22729
MD5：597a7d9424e3b20456c4071129ec5954	大小：25.19M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22729。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24901]:D-Link DSL-2780B DLink_1.01.14-远程DNS更改漏洞 2. 攻击[24902]:Nagios XI未经身份验证的存储的跨站点脚本漏洞(CVE-2018-15712) 3. 攻击[10505]:NTP ntpd monlist Query Reflection 拒绝服务漏洞(CVE-2013-5211) 4. 攻击[24899]:Oracle 电子商务套件人力资源SQL注入（CVE-2020-2956）(CVE-2020-2882) 5. 应用:IEC-61850-GOOSE 6. 应用:IEC-61850-SV 更新规则: 1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞 2. 攻击[68655]:可疑Webshell后门访问控制 3. 攻击[24897]:WordPress ChopSlider 3 SQL注入漏洞(CVE-2020-11530) 4. 应用:IEC-61850-MMS 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22729. This package include changed rules: new rules: 1. threat[24901]:D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change vulnerability 2. threat[24902]:Nagios XI Unauthenticated Stored Cross-site Scripting Vulnerability(CVE-2018-15712) 3. threat[10505]:NTP ntpd monlist Query Reflection Denial of Service Vulnerability(CVE-2013-5211) 4. threat[24899]:Oracle E-Business Suite Human Resources SQL Injection (CVE-2020-2956)(CVE-2020-2882) 5. app:IEC-61850-GOOSE 6. app:IEC-61850-SV update rules: 1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability 2. threat[68655]:Suspicious Webshell Backdoor Access and Control 3. threat[24897]:WordPress ChopSlider 3 SQL injection vulnerability (CVE-2020-11530) 4. app:IEC-61850-MMS Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-05-28 17:33:02

名称： eoi.unify.allrulepatch.ips.5.6.10.22680.rule	版本：5.6.10.22680
MD5：f341fffe06881faa846795643f129147	大小：25.18M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22680。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229) 2. 攻击[24894]:Microsoft Edge ChakraCore类型混淆信息披露（CVE-2017-0134） 3. 攻击[24892]:Oracle WebLogic Server FileDistributionServlet信息泄露漏(CVE-2019-2625) 4. 攻击[24896]:Nagios日志服务器用户配置文件存储型跨站脚本攻击(CVE-2020-6586) 5. 攻击[41757]:网络中发现可疑DNS行为(动态随机域名) 6. 攻击[24897]:WordPress ChopSlider 3 SQL注入漏洞(CVE-2020-11530) 更新规则: 1. 应用:iec-60870-5-104 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22680. This package include changed rules: new rules: 1. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229) 2. threat[24894]:Microsoft Edge ChakraCore Type Confusion Information Disclosure (CVE-2017-0134) 3. threat[24892]:Oracle WebLogic Server FileDistributionServlet Information Disclosure Vulnerability (CVE-2019-2625) 4. threat[24896]:Nagios Log Server User Profile Stored Cross-Site Scripting(CVE-2020-6586) 5. threat[41757]:Suspicious DNS behavior found in the network (Dynamic Random Domain Name) 6. threat[24897]:WordPress ChopSlider 3 SQL injection vulnerability (CVE-2020-11530) update rules: 1. app:iec-60870-5-104 Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-05-21 18:57:49

名称： eoi.unify.allrulepatch.ips.5.6.10.22638.rule	版本：5.6.10.22638
MD5：4e26224644b639a065dae79231aebfb1	大小：25.17M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22638。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24890]:Grandstream UCM6200 远程代码执行漏洞(CVE-2020-5722) 2. 攻击[24889]:Draytek Vigor远程代码执行漏洞(CVE-2020-8515) 3. 攻击[24888]:Netlink GPON路由器远程代码执行漏洞 4. 攻击[24865]:Nagios XI Two Reflected 跨站脚本攻击漏洞(CVE-2020-10819) 5. 攻击[24864]:AVTECH 视频监控设备未授权命令执行漏洞 6. 攻击[24883]:Zabbix jsrpc.php SQL注入漏洞(CVE-2016-10134) 7. 攻击[24881]:Zabbix latest.php SQL注入漏洞(CVE-2016-10134) 8. 攻击[24866]:Edimax EW-7438RPn 1.13 远程代码执行漏洞 9. 攻击[24879]:winmail邮箱管理系统任意文件下载漏洞 10. 攻击[24878]:Winmail邮件管理系统任意文件上传漏洞 11. 攻击[24877]:eYou list_userinfo.php SQL注入漏洞 12. 攻击[24876]:eYou action_help.class.php SQL注入漏洞 13. 攻击[24868]:TP-LINK Cloud Cameras NCXXX Bonjour 命令注入漏洞(CVE-2020-12109) 14. 攻击[24873]:eYou v4 邮件系统 domain_logo.php 命令执行漏洞 15. 攻击[24871]:Microsoft Windows SMB Server远程代码执行漏洞(CVE-2017-0143)(ms17-010) 16. 攻击[24872]:ELTEX NTP-RG-1402G命令注入漏洞(CVE-2020-9026) 17. 攻击[24869]:School ERP Pro 1.0任意文件读取漏洞 18. 攻击[24880]:FasterXML jackson-databind 远程代码执行漏洞(CVE-2020-11113) 19. 攻击[24870]:School ERP Pro 1.0 任意文件上传漏洞 20. 攻击[24887]:GhostScript 沙箱绕过(命令执行)漏洞(CVE-2019-6116) 更新规则: 1. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22638. This package include changed rules: new rules: 1. threat[24890]:Grandstream UCM6200 Remote Code Execution Vulnerability (CVE-2020-5722) 2. threat[24889]:Draytek Vigor Remote Code Execution Vulnerability (CVE-2020-8515) 3. threat[24888]:Netlink GPON router remote code execution vulnerability 4. threat[24865]:Nagios XI Two Reflected Cross-Site Scripting Vulnerability(CVE-2020-10819) 5. threat[24864]:Unauthorized command execution vulnerability in AVTECH video surveillance equipment 6. threat[24883]:Zabbix jsrpc.php SQL injection vulnerability (CVE-2016-10134) 7. threat[24881]:Zabbix latest.php SQL injection vulnerability (CVE-2016-10134) 8. threat[24866]:Edimax EW-7438RPn 1.13 Remote Code Execution 9. threat[24879]:winmail mailbox management system abitrary download vulnerability 10. threat[24878]:winmail mail management system arbitrary upload vulnerability 11. threat[24877]:eYou list_userinfo.php SQL injection vulnerability 12. threat[24876]:eYou action_help.class.php SQL injection vulnerability 13. threat[24868]:TP-LINK Cloud Cameras NCXXX Bonjour Command Injection(CVE-2020-12109) 14. threat[24873]:eYou v4 mail system domain_logo.php command execution vulnerability 15. threat[24871]:Microsoft Windows SMB Server Remote Code Execution Vulnerability(CVE-2017-0143)(ms17-010) 16. threat[24872]:ELTEX NTP-RG-1402G command injection vulnerability (CVE-2020-9026) 17. threat[24869]:School ERP Pro 1.0 Arbitrary File Read 18. threat[24880]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-11113) 19. threat[24870]:School ERP Pro 1.0 arbitrary file upload vulnerability 20. threat[24887]:GhostScript Sandbox Bypass (Command Execution) Vulnerability(CVE-2019-6116) update rules: 1. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-05-15 09:52:01

名称： eoi.unify.allrulepatch.ips.5.6.10.22624.rule	版本：5.6.10.22624
MD5：ef9694fde23251985603285fc2171228	大小：25.18M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22624。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24885]:Adobe LiveCycle Data Services XML外部实体注入(XXE)漏洞(CVE-2015-3269) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22624. This package include changed rules: new rules: 1. threat[24885]:Adobe LiveCycle Data Services XML External Entity Injection(XXE) Vulnerability(CVE-2015-3269) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-05-10 08:46:12

名称： eoi.unify.allrulepatch.ips.5.6.10.22577.rule	版本：5.6.10.22577
MD5：9046bcc35cc9536e5b73a359c34405ef	大小：25.15M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22577。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24849]:通达OA任意文件上传漏洞 2. 攻击[24851]:Spring Security OAuth 远程代码执行漏洞(CVE-2016-4977) 3. 攻击[24850]:Jenkins CLI-RMI 反序列化远程代码执行漏洞(CVE-2015-8103) 4. 攻击[24852]:Jenkins-CI 远程代码执行漏洞(CVE-2016-9299,CVE-2017-1000353) 5. 攻击[24854]:Jenkins远程命令执行漏洞(CVE-2018-1000861) 6. 攻击[24855]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2018-16621) 7. 攻击[24856]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2020-10199) 8. 攻击[24821]:WSO2 3.1.0 任意文件删除 9. 攻击[24826]:Edimax Technology EW-7438RPn-v3 Mini 1.27 远程代码执行漏洞 10. 攻击[24859]:Jenkins Script Security Plugin沙箱绕过/远程代码执行(CVE-2019-1003005)(CVE-2019-1003029) 11. 攻击[30741]：通达OA无登录获取敏感信息 12. 攻击[24857]: ElasticSearch 动态脚本任意java执行(CVE-2014-3120) 13. 攻击[24860]: Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8599) 14. 攻击[24861]: Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8470) 15. 攻击[24862]:SaltStack远程命令执行漏洞(CVE-2020-11651) 16. 攻击[24863]:SaltStack目录遍历漏洞(CVE-2020-11652) 17. 应用:eyou-mail 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22577. This package include changed rules: new rules: 1. threat[24849]:TongDa OA arbitrary file upload vulnerability 2. threat[24851]:Spring Security OAuth remote code execution vulnerability (CVE-2016-4977) 3. threat[24850]:Jenkins CLI-RMI Java Deserialization(CVE-2015-8103) 4. threat[24852]:Jenkins-CI Remote Code Execution Vulnerability(CVE-2016-9299,CVE-2017-1000353) 5. threat[24854]:Jenkins Remote Command Execution Vulnerability(CVE-2018-1000861) 6. threat[24855]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2018-16621) 7. threat[24856]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2020-10199) 8. threat[24821]:WSO2 3.1.0 Arbitrary File Delete 9. threat[24826]:Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution Vulnerability 10. threat[24859]:Jenkins ACL Bypass and Metaprogramming RCE(CVE-2019-1003005)(CVE-2019-1003029) 11. threat[30741]:Access OA Without Login To Obtain Sensitive Information 12. threat[24857]:ElasticSearch Dynamic Script Arbitrary Java Execution(CVE-2014-3120) 13. threat[24860]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8599) 14. threat[24861]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8470) 15. threat[24862]:SaltStack Remote Command Execution Vulnerability(CVE-2020-11651) 16. threat[24863]:SaltStack Directory Traversal Vulnerability(CVE-2020-11652) 17. app:eyou-mail Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-05-07 18:34:59

名称： eoi.unify.allrulepatch.ips.5.6.10.22558.rule	版本：5.6.10.22558
MD5：c6edb090aea16322baeed7fbb688402b	大小：25.14M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22558。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24831]:Subex ROC Partner Settlement 不安全的直接对象引用漏洞(CVE-2020-9384) 2. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781) 3. 攻击[24833]:CentOS web面板认证系统命令注入漏洞（CVE-2018-18322） 4. 攻击[30740]:CentOS Web Panel 0.9.8.480 本地文件包含(CVE-2018-18223) 5. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞 6. 攻击[24835]:Discuz! ML远程代码执行漏洞(CVE-2019-13956) 7. 攻击[24836]:Drupal RESTWS Module 7.x PHP 远程代码执行漏洞 8. 攻击[24837]:Drupal CODER Module 远程代码执行漏洞 9. 攻击[24839]:php上传文件绕过 10. 攻击[24840]:jboss反序列化漏洞(CVE-2017-7504) 11. 攻击[24838]:Discuz!X /utility/convert/index.php远程代码执行漏洞 12. 攻击[24841]:Jboss未授权访问漏洞(CVE-2010-0738) 13. 攻击[24843]:phpcms 2008远程代码执行漏洞 14. 攻击[24844]:Dell SonicWALL Scrutinizer q参数SQL注入漏洞 15. 攻击[24845]:Oxwall1.7.0代码执行漏洞 16. 攻击[24846]:phpcms2008 代码注入漏洞更新规则: 1. 攻击[24255]:Web服务远程命令执行攻击 2. 攻击[24627]:dedecms sys_verifies.php远程代码执行漏洞(CVE-2018-9174) 3. 攻击[24375]:ThinkPHP5 5.0.23 远程代码执行漏洞 4. 攻击[41704]:Windows CMD命令行反向连接 5. 应用:ftp 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22558. This package include changed rules: new rules: 1. threat[24831]:Subex ROC Partner Settlement Insecure Direct Object Reference (IDOR) Vulnerability(CVE-2020-9384) 2. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781) 3. threat[24833]:CentOS Web Panel Authenticated OS Command Injection 4. threat[30740]:CentOS Web Panel 0.9.8.480 Local File Inclusion(CVE-2018-18223) 5. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability 6. threat[24835]:Discuz! ML RCE Vulnerability (CVE-2019-13956) 7. threat[24836]:Drupal RESTWS Module 7.x PHP Remote Code Execution Vulnerability 8. threat[24837]:Drupal CODER Module Remote Command Execution Vulnerability 9. threat[24839]:php upload file bypass 10. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504) 11. threat[24838]:Discuz!X /utility/convert/index.php Remote Code Execution Vulnerability 12. threat[24841]:Jboss Unauthorized Access Vulnerability (CVE-2010-0738) 13. threat[24843]:phpcms 2008 remote code execution vulnerability 14. threat[24844]:Dell SonicWALL Scrutinizer q parameter SQL injection vulnerability 15. threat[24845]:Oxwall 1.7.0 code execution vulnerability 16. threat[24846]:phpcms2008 code injection vulnerability update rules: 1. threat[24255]:Web Service Remote Command Execution Attack 2. threat[24627]:dedecms sys_verifies.php Remote Code Execution Vulnerability (CVE-2018-9174) 3. threat[24375]:ThinkPHP5 5.0.23 Remote Code Execution Vulnerability 4. threat[41704]:Windows CMD Command Line Reverse Connect 5. app:ftp Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-04-30 14:52:01

名称： eoi.unify.allrulepatch.ips.5.6.10.22459.rule	版本：5.6.10.22459
MD5：e167ea878cc313ba7791dd26cb4a525e	大小：25.08M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22459。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24824]:Oracle WebLogic Server 服务器端请求伪造(SSRF)漏洞(CVE-2014-4210) 2. 攻击[41753]:恶意程序linux/nemesis_a网络通信 3. 攻击[41755]:恶意程序Windows/Mozart网络通信 4. 攻击[24825]:Exim base64d()函数缓冲区溢出漏洞(CVE-2018-6789) 5. 攻击[24822]:Wordpress Plugin Media Library Assistant 2.81 本地文件包含更新规则: 1. 攻击[62960]:phpLDAPadmin "functions.php"远程PHP代码注入漏洞 2. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22459. This package include changed rules: new rules: 1. threat[24824]:Oracle WebLogic Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2014-4210) 2. threat[41753]:Malicious program linux / nemesis_a network communication 3. threat[41755]:Malicious program Windows / Mozart network communication 4. threat[24825]:Exim base64d() Function Buffer Overflow(CVE-2018-6789) 5. threat[24822]:Wordpress Plugin Media Library Assistant 2.81 Local File Inclusion update rules: 1. threat[62960]:phpLDAPadmin PHP Code Injection Vulnerability 2. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-04-23 19:46:58

名称： eoi.unify.allrulepatch.ips.5.6.10.22420.rule	版本：5.6.10.22420
MD5：bd4d5af3dfd4cde4a60715fb2212832c	大小：25.07M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22420。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41739]:WannaRen勒索病毒传输通信 2. 攻击[41740]:恶意木马劫持深信服SSL VPN升级程序SangforUD.exe 3. 攻击[41741]:Cobalt Strike渗透攻击工具Beacon HTTPS通信 4. 攻击[30738]:Jinfornet Jreport 15.6 无需认证的目录遍历漏洞 5. 攻击[24812]:NVMS-9000 camera 远程代码执行漏洞 6. 攻击[24813]:Eir D1000路由器远程代码执行漏洞 7. 攻击[24814]:HPE智能管理中心ViewBatchTaskResultDetailBean语言注入漏洞(CVE-2019-5386) 8. 攻击[41742]:恶意程序Windows/VIDAR_a窃密木马网络通信 9. 攻击[24816]:rConfig Network Device Configuration Tool ajaxAddTemplate.php命令注入(CVE-2020-10221) 10. 攻击[41743]:恶意程序Windows/RevengeRAT远控木马网络通信 11. 攻击[41744]:恶意程序Windows/ParasiteStealer窃密木马网络通信 12. 攻击[41745]:恶意程序Windows/VTFLOODER远控木马网络通信 13. 攻击[41747]:恶意程序Raudotek僵尸木马上线通信 14. 攻击[41748]:恶意程序Windows/NanoCore远控木马网络通信 15. 攻击[41746]:恶意程序Dark_Nexus僵尸网络上线通信 16. 攻击[41750]:恶意程序GoBrut僵尸网络上线通信 17. 攻击[41751]:恶意程序AutoitPredator僵尸网络上线通信 18. 攻击[24817]:NagiosXI 5.6.11 address 远程代码执行漏洞 19. 攻击[24818]:Symantec Web Gateway 5.0.2.8 远程代码执行漏洞 20. 攻击[30739]:Cisco Small Business RV320和RV325信息泄露漏洞(CVE-2019-1653) 21. 攻击[24819]:Zen Load Balancer 3.10.1 目录遍历漏洞 22. 攻击[41752]:恶意程序FYHHOS僵尸网络上线通信 23. 攻击[24820]:Webtateas 2.0 任意文件读取 24. 攻击[24822]:Wordpress Plugin Media Library Assistant 2.81 本地文件包含 25. 攻击[24823]:MVPower DVR Shell未授权远程命令执行漏洞更新规则: 1. 攻击[21374]:Apache Struts远程命令执行漏洞 2. 攻击[24745]:Linear eMerge E3访问控制器命令注入（CVE-2019-7256） 3. 攻击[24203]:ESF pfSense system_groupmanager.php命令注入漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22420. This package include changed rules: new rules: 1. threat[41739]:WannaRen ransomware transmission communication 2. threat[41740]:Malicious Trojan Hijacking Sangfor SSL VPN Update Program SangforUD.exe 3. threat[41741]:Penetration Test Tool Cobalt Strike Beacon HTTPS Communication 4. threat[30738]:Jinfornet Jreport 15.6 Unauthenticated Directory Traversal Vulnerability 5. threat[24812]:NVMS-9000 camera remote code execution vulnerability 6. threat[24813]:Eir D1000 router remote code execution vulnerability 7. threat[24814]:HPE Intelligent Management Center ViewBatchTaskResultDetailBean Language Injection Vulnerability(CVE-2019-5386) 8. threat[41742]:Malware Windows/VIDAR_a Stealth Trojan Network Communication 9. threat[24816]:rConfig Network Device Configuration Tool ajaxAddTemplate.php Command Injection(CVE-2020-10221) 10. threat[41743]:Malware Windows/RevengeRAT Remote Control Trojan Network Communication 11. threat[41744]:Malware Windows/ParasiteStealer Trojan Network Communication 12. threat[41745]:MalwareWindows / VTFLOODER remote control Trojan network communication 13. threat[41747]:Malware Raudotek Zombie Trojan communication 14. threat[41748]:Malware Windows / NanoCore remote control Trojan network communication 15. threat[41746]:Malware Dark_Nexus Botnet Network Communication 16. threat[41750]:Malware GoBrut Botnet Network Communication 17. threat[41751]:Malware AutoitPredator Botnet Network Communication 18. threat[24817]:NagiosXI 5.6.11 address remote code execution vulnerability 19. threat[24818]:Symantec Web Gateway 5.0.2.8 Remote Code Execution 20. threat[30739]:Cisco Small Business RV320 and RV325 Information Disclosure Vulnerability(CVE-2019-1653) 21. threat[24819]:Zen Load Balancer 3.10.1 directory traversal vulnerability 22. threat[41752]:Malware FYHHOS Botnet Network Communication 23. threat[24820]:Webtateas 2.0 Arbitrary File Read 24. threat[24822]:Wordpress Plugin Media Library Assistant 2.81 Local File Inclusion 25. threat[24823]:MVPower DVR Shell Unauthenticated Command Execution update rules: 1. threat[21374]:Apache Struts Remote Command Execution Vulnerability 2. threat[24745]:Linear eMerge E3 Access Controller Command Injection(CVE-2019-7256) 3. threat[24203]:ESF pfSense system_groupmanager.php Command Injection Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-04-16 17:52:57

名称： eoi.unify.allrulepatch.ips.5.6.10.22340.rule	版本：5.6.10.22340
MD5：8337c64b631c0e1de64b26a38e458ec6	大小：25.03M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22340。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24802]:WiKID 2FA企业服务器 groups.js 跨站脚本攻击(CVE-2019-17116) 2. 攻击[24768]:Centreon formMibs.php 代码注入漏洞 3. 攻击[24803]:Cisco Data Center Network Manager importTS 命令注入漏洞(CVE-2019-15979) 4. 攻击[24804]:Cisco Data Center Network Manager createLanFabric 命令注入漏洞（CVE-2019-15978） 5. 攻击[24805]:HPE IMC ForwardRedirect表达式语言注入漏洞 6. 攻击[24806]:Microsoft SharePoint Server存储型跨站脚本攻击漏洞（CVE-2020-0693） 7. 攻击[24807]:WordPress 10Web Photo Gallery Plugin存储型跨站脚本攻击漏洞（CVE-2020-9335） 8. 攻击[50586]:网络爬虫头条抓取网页信息 9. 攻击[50587]:网络爬虫Bing抓取网页信息 10. 攻击[50588]:网络爬虫Moz抓取网页信息 11. 攻击[50589]:网络爬虫神马搜索抓取网页信息 12. 攻击[24808]:OpenDreamBox 2.0.0 Plugin WebAdmin 命令注入漏洞 13. 攻击[24809]:Joomla! com_fabrik 3.9.11目录遍历漏洞 14. 攻击[24810]:Zen Load Balancer 3.10.1 命令注入漏洞（CVE-2019-7301） 15. 攻击[24811]:Apache Solr Velocity远程代码执行漏洞（CVE-2019-17558） 16. 攻击[41738]:Cobalt Strike渗透攻击工具Beacon HTTP通信更新规则: 1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088) 2. 攻击[23725]:应用服务器glassfish任意文件读取漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22340. This package include changed rules: new rules: 1. threat[24802]:WiKID 2FA Enterprise Server groups.jsp Cross-Site Scripting(CVE-2019-17116) 2. threat[24768]:Centreon formMibs.php Command Injection Vulnerability 3. threat[24803]:Cisco Data Center Network Manager importTS Command Injection(CVE-2019-15979) 4. threat[24804]:Cisco Data Center Network Manager createLanFabric Command Injection Vulnerability (CVE-2019-15978) 5. threat[24805]:HPE IMC ForwardRedirect Expression Language Injection Vulnerability 6. threat[24806]:Microsoft SharePoint Server Stored Cross-Site Scripting Vulnerability(CVE-2020-0693) 7. threat[24807]:WordPress 10Web Photo Gallery Plugin Stored Cross-Site Scripting Vulnerability(CVE-2020-9335) 8. threat[50586]:Web Crawlers Toutiao Capture Page Information 9. threat[50587]:Web Crawlers Bing Capture Page Information 10. threat[50588]:Web Crawlers Moz Capture Page Information 11. threat[50589]:Web Crawlers Shenma Capture Page Information 12. threat[24808]:OpenDreamBox 2.0.0 Plugin WebAdmin command injection vulnerability 13. threat[24809]:Joomla! Com_fabrik 3.9.11 directory traversal vulnerability 14. threat[24810]:Zen Load Balancer 3.10.1 Command Injection Vulnerability (CVE-2019-7301) 15. threat[24811]:Apache Solr Velocity Remote Code Execution Vulnerability (CVE-2019-17558) 16. threat[41738]:Penetration Test Tool Cobalt Strike Beacon HTTP Communication update rules: 1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088) 2. threat[23725]:Application server Glassfish Directory Traversal Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-04-09 18:01:09

名称： eoi.unify.allrulepatch.ips.5.6.10.22284.rule	版本：5.6.10.22284
MD5：da6d5801e3cd918941ad4153521f439b	大小：25.00M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22284。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24797]:PHPUnit 远程代码执行漏洞(CVE-2017-9841) 2. 攻击[24798]:uftpd FTP服务器PORT命令处理栈缓冲区溢出漏洞(CVE-2020-5204) 3. 攻击[24799]:WiKID Systems 2FA Enterprise Server 跨站脚本漏洞(CVE-2019-17120) 4. 攻击[24800]:FIBARO System Home Center 5.021 远程文件包含漏洞 5. 攻击[24801]:Cisco Data Center Network Manager reportTemplateUploadPolicy 路径遍历漏洞(CVE-2019-15980) 更新规则: 1. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞（CVE-2020-2555）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22284. This package include changed rules: new rules: 1. threat[24797]:PHPUnit Remote Code Execution Vulnerability(CVE-2017-9841) 2. threat[24798]:uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability(CVE-2020-5204) 3. threat[24799]:WiKID 2FA Enterprise Server Cross-Site Scripting Vulnerability(CVE-2019-17120) 4. threat[24800]:FIBARO System Home Center 5.021 Remote File Include Vulnerability 5. threat[24801]:Cisco Data Center Network Manager reportTemplateUploadPolicy Directory Traversal Vulnerability(CVE-2019-15980) update rules: 1. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-04-03 10:59:38

名称： eoi.unify.allrulepatch.ips.5.6.10.22245.rule	版本：5.6.10.22245
MD5：58d5ca1e255e2526eaebe7af4724e270	大小：25.49M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22245。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24769]:Sangoma Asterisk manager.c 命令执行漏洞(CVE-2019-18610) 2. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984) 3. 攻击[30736]:Cisco Data Center Network Manager getRestoreLog 目录遍历漏洞(CVE-2019-15980) 4. 攻击[30737]:Cisco Data Center Network Manager saveLicenseFileToServer 目录遍历漏洞(CVE-2019-15980) 5. 攻击[24767]:Oracle E-Business Suite Human Resources SQL注入漏洞(CVE-2020-2586) 6. 攻击[24771]:PHPStudy Backdoor 远程代码执行漏洞 7. 攻击[24772]:ASUS RT-N10+ 2.0.3.4代码执行漏洞 8. 攻击[24773]:Gila CMS deleteAction本地文件包含漏洞（CVE-2020-5513） 9. 攻击[24774]:Advantech WISE-PaaS RMM WechatSignin wechattokenlogin 外部实体注入漏洞(CVE-2019-18227) 10. 攻击[24775]:HPE IMC TvxlanLegendBean表达式语言注入漏洞 11. 攻击[24777]:Squid Proxy HTTP Host缓冲区溢出漏洞(CVE-2020-8450) 12. 攻击[24778]:Netlink GPON Router 1.0.11 R远程代码执行漏洞 13. 攻击[24779]:Exploit Horde Groupware Webmail Edition 5.2.22 远程代码执行漏洞（CVE-2020-8518） 14. 攻击[24780]:Exploit Phoenix Contact TC Router / TC Cloud Client 命令注入漏洞（CVE-2020-9436） 15. 攻击[24785]:PHPMoAdmin 1.1.2 远程代码执行漏洞（CVE-2015-2208） 16. 攻击[24786]:Joomla! SQL注入漏洞(CVE-2015-7297) 17. 攻击[24784]:Western Digital MyCloud PR4100 Web管理组件安全漏洞(CVE-2017-17560 18. 攻击[24787]:Axis网络摄像头 .srv 远程代码执行漏洞 (CVE-2018-10660) 19. 攻击[24788]:Drupal OpenID外部实体注入(CVE-2012-4554) 20. 攻击[24789]:Joomla未授权创建用户漏洞（CVE-2016-8870） 21. 攻击[41736]:隐藏眼镜蛇– Joanap后门木马通信 22. 攻击[50584]:网络爬虫抓取网页信息 23. 攻击[24790]:PHPKB Multi-Language 9 授权目录遍历漏洞（CVE-2020-10387） 24. 攻击[24791]:rConfig 3.9 SQL注入漏洞（CVE-2020-10220） 25. 攻击[24792]:PHPKB Standard Multi-Language 9 远程代码执行漏洞(CVE-2020-10386) 26. 攻击[24793]:Centreon Poller 授权远程代码执行漏洞 27. 攻击[24794]:通达OA任意文件包含漏洞更新规则: 1. 攻击[24740]:OpenSMTPD 6.6.2远程执行代码（CVE-2020-7247） 2. 攻击[23695]:Apache Struts2 多个安全漏洞 3. 攻击[24250]:Drupal核心远程代码执行漏洞 4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551 5. 攻击[22703]:phpMyAdmin preg_replace() 远程PHP代码执行注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22245. This package include changed rules: new rules: 1. threat[24769]:Sangoma Asterisk manager.c Command Execution Vulnerability(CVE-2019-18610) 2. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984) 3. threat[30736]:Cisco Data Center Network Manager getRestoreLog Directory Traversal Vulnerability(CVE-2019-15980) 4. threat[30737]:Cisco Data Center Network Manager saveLicenseFileToServer Directory Traversal(CVE-2019-15980) 5. threat[24767]:Oracle E-Business Suite Human Resources SQL Injection(CVE-2020-2586) 6. threat[24771]:PHPStudy Backdoor Remote Code Execution Vulnerability 7. threat[24772]:ASUS RT-N10+ 2.0.3.4 Command Execution Vulnerability 8. threat[24773]:Gila CMS deleteAction Local File InclusionVulnerability(CVE-2020-5513) 9. threat[24774]:Advantech WISE-PaaS RMM WechatSignin wechattokenlogin External Entity Injection(CVE-2019-18227) 10. threat[24775]:HPE IMC TvxlanLegendBean Expression Language Injection Vulnerability 11. threat[24777]:Squid Proxy HTTP Host Buffer Overflow Vulnerability(CVE-2020-8450) 12. threat[24778]:Netlink GPON Router 1.0.11 R Remote Code Execution Vulnerability 13. threat[24779]:Exploit Horde Groupware Webmail Edition 5.2.22 Remote Code Execution Vulnerability (CVE-2020-8518) 14. threat[24780]:Exploit Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability (CVE-2020-9436) 15. threat[24785]:PHPMoAdmin 1.1.2 Remote Code Execution Vulnerability (CVE-2015-2208)) 16. threat[24786]:Joomla! SQL Injection Vulnerability(CVE-2015-7297) 17. threat[24784]:Western Digital MyCloud PR4100 Web Management Component Security Vulnerability (CVE-2017-17560) 18. threat[24787]:Axis Network Camera - .srv to parhand Remote Code Execution(CVE-2018-10660) 19. threat[24788]:Drupal OpenID External Entity Injection(CVE-2012-4554) 20. threat[24789]:Joomla no authorized to create a user vulnerability (CVE-2016-8870) 21. threat[41736]:HIDDEN COBRA – Joanap Backdoor Trojan Connection 22. threat[50584]:Web crawler crawls web page information 23. threat[24790]:PHPKB Multi-Language 9 Authorized Directory Traversal Vulnerability (CVE-2020-10387) 24. threat[24791]:rConfig 3.9 SQL Injection Vulnerability (CVE-2020-10220) 25. threat[24792]:PHPKB Standard Multi-Language 9 Remote Code Execution Vulnerability(CVE-2020-10386) 26. threat[24793]:Centreon Poller Authorizes Remote Code Execution Vulnerability 27. threat[24794]:Tongda OA Arbitrary File Contains Vulnerability update rules: 1. threat[24740]:OpenSMTPD 6.6.2 Remote Code Execution(CVE-2020-7247) 2. threat[23695]:Apache Struts2 Multiple Security Vulnerability 3. threat[24250]:Drupal Core Remote Code Execution Vulnerability 4. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551) 5. threat[22703]:phpMyAdmin 3.5.8 and 4.0.0-RC2 -Remote Code Execution via preg_replace() Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-03-26 18:12:48

名称： eoi.unify.allrulepatch.ips.5.6.10.22166.rule	版本：5.6.10.22166
MD5：6ec172412c5a6f7311e314ee3161c493	大小：25.45M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22166。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24759]:Virtual Freer 1.58 远程代码执行漏洞 2. 攻击[24761]:HomeAutomation 3.3.2 远程代码执行漏洞 3. 攻击[24762]:Voyager 1.3.0 目录遍历漏洞 4. 攻击[24760]:Apache ShardingSphere UI YAML解析远程代码执行漏洞(CVE-2020-1947) 5. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796) 6. 攻击[41735]:恶意程序恶性木马下载器“幽虫”网络通信 7. 攻击[24764]:Nagios XI 经过授权的任意文件上传漏洞 8. 攻击[24765]:Wordpress Plugin Search Meter 2.13.2 CSV 注入漏洞 9. 攻击[24766]:Sysaid 20.1.11 b26 未授权任意文件上传漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22166. This package include changed rules: new rules: 1. threat[24759]:Virtual Freer 1.58 Remote Code Execution Vulnerability 2. threat[24761]:HomeAutomation 3.3.2 Remote Code Execution Vulnerability 3. threat[24762]:Voyager 1.3.0 directory traversal vulnerability 4. threat[24760]:Apache ShardingSphere UI YAML Parse Remote Code Execution Vulnerability(CVE-2020-1947) 5. threat[24763]:Microsoft SMBv3 Remote Code Execution Vulnerability(CVE-2020-0796) 6. threat[41735]:Malicious program Trojan downloader "Phantom" network communication 7. threat[24764]:Nagios XI authorized arbitrary file upload vulnerability 8. threat[24765]:Wordpress Plugin Search Meter 2.13.2 CSV injection vulnerability 9. threat[24766]:Sysaid 20.1.11 b26 Unauthorized arbitrary file upload vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-03-20 17:53:17

名称： eoi.unify.allrulepatch.ips.5.6.10.22154.rule	版本：5.6.10.22154
MD5：36ba9a80ff309eb6bde5598607f2963d	大小：25.45M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22154。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22154. This package include changed rules: new rules: 1. threat[24763]:Microsoft SMBv3 Remote Code Execution Vulnerability(CVE-2020-0796) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-03-13 20:22:18

名称： eoi.unify.allrulepatch.ips.5.6.10.22137.rule	版本：5.6.10.22137
MD5：5d8c72a82f52d82686a15744b24160a7	大小：25.44M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22137。该升级包新增/改进的规则有: 新增规则: 1. 攻击[10503]:Siemens Desigo PX 6.00 拒绝服务漏洞(CVE-2019-13927) 2. 攻击[30734]:东阳媒体DM-AP240T / W无线接入点远程配置泄漏 3. 攻击[24746]:eWON Flexy 13.0路由器身份验证绕过漏洞 4. 攻击[49039]:恶意程序LiquorBot网络通信 5. 攻击[41733]:恶意程序Oski Stealer网络通信 6. 攻击[30735]:iSee Hybrid QDVR WH-H4 1.03R / 2.0.0.P（get_jpeg）流泄漏漏洞 7. 攻击[24747]:LibreNMS Collected 命令注入漏洞(CVE-2019-10669) 8. 攻击[24748]:OctoberCMS上传保护绕过代码执行漏洞(CVE-2017-1000119) 9. 攻击[24750]:FreeSWITCH 1.10.1 命令执行漏洞 10. 攻击[41734]:Qakbot僵尸网络恶意行为通信 11. 攻击[24751]:TP-Link TL-WR849N 认证绕过漏洞(CVE-2019-19143) 12. 攻击[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB 任意代码执行漏洞 13. 攻击[24753]:Linear eMerge E3 1.00-06 目录遍历漏洞(CVE-2019-7254) 14. 攻击[24754]:UniSharp Laravel File Manager 2.0.0 任意文件读取漏洞 15. 攻击[24755]:RICOH Aficio SP 5200S HTML注入漏洞 16. 攻击[24756]:Google Chrome 80 JSCreate类型混淆漏洞（CVE-2020-6418） 17. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞（CVE-2020-2555） 18. 攻击[24758]:ThinkCMF框架任意文件包含漏洞更新规则: 1. 攻击[23833]:phpMyAdmin远程代码执行漏洞(CVE-2016-5734) 2. 攻击[24749]:医院管理系统4.0持久性跨站点脚本攻击漏洞(CVE-2020-5191) 3. 攻击[24741]:D-Link DIR-859未经身份验证的远程命令执行(CVE-2019-17621) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22137. This package include changed rules: new rules: 1. threat[10503]:Siemens Desigo PX 6.00 Denial Of Service(CVE-2019-13927) 2. threat[30734]:Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure 3. threat[24746]:eWON Flexy 13.0 Router Authentication Bypass 4. threat[49039]:Malware LiquorBot Network Communication 5. threat[41733]:Malware Oski Stealer Network Communication 6. threat[30735]:iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure 7. threat[24747]:LibreNMS Collected Command Injection Vulnerability(CVE-2019-10669) 8. threat[24748]:OctoberCMS Upload Protection Bypass Code Execution Vulnerability(CVE-2017-1000119) 9. threat[24750]:FreeSWITCH 1.10.1Command Execution Vulnerability 10. threat[41734]:Qakbot Botnet Malicious Communicate Behavior 11. threat[24751]:TP-Link TL-WR849N Authentication Bypass Vulnerability(CVE-2019-19143) 12. threat[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution Vulnerability 13. threat[24753]:Linear eMerge E3 1.00-06 Directory Traversal Vulnerability(CVE-2019-7254) 14. threat[24754]:UniSharp Laravel File Manager 2.0.0 Arbitrary File Read Vulnerability 15. threat[24755]:RICOH Aficio SP 5200S HTML Injection Vulnerability 16. threat[24756]:Google Chrome 80 JSCreate Side-effect Type Confusion Vulnerability(CVE-2020-6418) 17. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555) 18. threat[24758]:ThinkCMF Framework Arbitrary File Inclusion Vulnerability update rules: 1. threat[23833]:phpMyAdmin Remote Code Execution Vulnerability(CVE-2016-5734) 2. threat[24749]:Hospital Management System 4.0 Persistent Cross-Site Scripting Vulnerability(CVE-2020-5191) 3. threat[24741]:D-Link DIR-859 Unauthenticated Remote Command Execution(CVE-2019-17621) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-03-12 17:19:18

名称： eoi.unify.allrulepatch.ips.5.6.10.22068.rule	版本：5.6.10.22068
MD5：0e1ff93ad45510014b3da1d0251b5b63	大小：25.41M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22068。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24730]:The ZyXEL P660HN-T1A v1未授权命令注入漏洞（CVE-2017-18368） 2. 攻击[24731]:The ZyXEL P660HN-T1A v2授权命令注入漏洞（CVE-2017-18370） 3. 攻击[24732]:TrueOnline Billion 5200W-T 1.02b未授权命令注入漏洞（CVE-2017-18369） 4. 攻击[24733]:The Billion 5200W-T TCLinux授权命令注入漏洞（CVE-2017-18372） 5. 攻击[24734]:Netgear Devices 3.5.5.0 之前版本未授权命令注入漏洞（CVE-2016-1555） 6. 攻击[24735]:NETGEAR DGN2200v1/v2/v3/v4 授权命令注入漏洞（CVE-2017-6077） 7. 攻击[24736]:NETGEAR DGN2200 10.0.0.50 授权命令执行漏洞（CVE-2017-6334） 8. 攻击[24737]:NUUO NVRMini2 3.9.1授权命令注入漏洞（CVE-2018-15716） 9. 攻击[24738]:Freelance Management App v1.0.0任意文件下载漏洞（CVE-2020-5505） 10. 攻击[24739]:Apache James Server 2.3.2不安全的用户创建/任意文件写入（CVE-2015-7611） 11. 攻击[24740]:OpenSMTPD 6.6.2远程执行代码（CVE-2020-7247） 12. 攻击[24742]:Liferay CE Portal 6.0.2 远程代码执行漏洞 13. 攻击[24743]:Netis WF2419 V1.2.31805，V2.2.36123授权命令注入漏洞（CVE-2019-19356） 14. 攻击[24744]:Comtrend VR-3033 授权命令执行漏洞更新规则: 1. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22068. This package include changed rules: new rules: 1. threat[24730]:The ZyXEL P660HN-T1A v1 Unauthorized Command Injection Vulnerability (CVE-2017-18368) 2. threat[24731]:The ZyXEL P660HN-T1A v2 Authorized Command Injection Vulnerability (CVE-2017-18370) 3. threat[24732]:TrueOnline Billion 5200W-T 1.02b Unauthorized Command Injection Vulnerability (CVE-2017-18369) 4. threat[24733]:The Billion 5200W-T TCLinux Authorized Command Injection Vulnerability (CVE-2017-18372) 5. threat[24734]:Netgear Devices Prior to 3.5.5.0 Unauthorized Command Injection Vulnerability (CVE-2016-1555) 6. threat[24735]:NETGEAR DGN2200v1 / v2 / v3 / v4 Authorized Command Injection Vulnerability (CVE-2017-6077) 7. threat[24736]:NETGEAR DGN2200 10.0.0.50 Authorized Command Execution Vulnerability (CVE-2017-6334) 8. threat[24737]:NUUO NVRMini2 3.9.1 Authorized Command Injection Vulnerability (CVE-2018-15716) 9. threat[24738]:Freelance Management App v1.0.0 Arbitrary File Download Vulnerablity(CVE-2020-5505) 10. threat[24739]:Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write(CVE-2015-7611) 11. threat[24740]:OpenSMTPD 6.6.2 Remote Code Execution(CVE-2020-7247) 12. threat[24742]:Liferay CE Portal 6.0.2 Remote Code Execution Vulnerability 13. threat[24743]:Netis WF2419 V1.2.31805, V2.2.36123 Authorized Command Injection Vulnerability (CVE-2019-19356) 14. threat[24744]:Comtrend VR-3033 Authorized Command Execution Vulnerability update rules: 1. threat[24729]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2020-0688) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-03-05 17:33:55

名称： eoi.unify.allrulepatch.ips.5.6.10.22014.rule	版本：5.6.10.22014
MD5：cf076fc0a3981e24afe3fe6ab267530d	大小：25.39M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.22014。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24721]:Axis SSI 远程代码执行漏洞 2. 攻击[24720]:Microsoft Office SharePoint存储型跨站脚本攻击(CVE-2019-1070) 3. 攻击[24722]:FLIR Thermal Camera FC-S/PT 命令注入漏洞 4. 攻击[24724]:D-Link DGS-1250 头部注入漏洞 5. 攻击[30733]:LabVantage 8.3 信息泄露漏洞 6. 攻击[24725]:jackson-databind JNDI注入远程代码执行漏洞(CVE-2020-8840) 7. 攻击[24708]:Prima Access Control 2.3.35经python脚本上传漏洞(CVE-2019-9189) 8. 攻击[24709]:IBM RICOH 6400 打印机代码注入漏洞 9. 攻击[24710]:OpenEMR New.php 命令注入漏洞(CVE-2019-3968) 10. 攻击[24713]:GilaCMS 认证用户本地文件包含漏洞(CVE-2019-16679) 11. 攻击[24712]:Netcore NW710 登录权限绕过 12. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞 13. 攻击[24715]:FusionPBX exec.php 文件命令执行漏洞 14. 攻击[24716]:Online Course Registration 2.0 远程代码执行漏洞 15. 攻击[24717]:EyesOfNetwork 5.3 SQL注入漏洞（CVE-2020-8656） 16. 攻击[24718]:EyesOfNetwork 5.3 远程代码执行漏洞（CVE-2020-8654） 17. 攻击[24726]:Cacti 1.2.8 任意os命令执行漏洞（CVE-2020-8813） 18. 攻击[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota 任意文件上传漏洞 19. 攻击[24728]:Avaya Aura Communication Manager 5.2 远程代码执行漏洞 20. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688) 更新规则: 1. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781) 2. 攻击[24702]:LG SuperSign CMS 2.5 远程代码执行漏洞（CVE-2018-17173） 3. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行 4. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞（RCE）(CVE-2017-12629) 5. 攻击[24599]:RConfig v3.9.2未授权RCE漏洞 6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663) 7. 攻击[41604]:恶意程序windows/Ramnit_a网络通信 8. 攻击[30732]:HPE智能管理中心dbman命令信息泄露(CVE-2019-5392) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22014. This package include changed rules: new rules: 1. threat[24721]:Axis SSI Remote Code Execution Vulnerability 2. threat[24720]:Microsoft Office SharePoint Stored Cross-site Scripting(CVE-2019-1070) 3. threat[24722]:FLIR Thermal Camera FC-S / PT command injection vulnerability 4. threat[24724]:D-Link DGS-1250 Header Injection Vulnerability 5. threat[30733]:LabVantage 8.3 Information Disclosure 6. threat[24725]:jackson-databind JNDI Injection Remote Code Execution Vulnerability(CVE-2020-8840) 7. threat[24708]:Prima Access Control 2.3.35 Authenticated Python Script Upload Root RCE(CVE-2019-9189) 8. threat[24709]:IBM RICOH 6400 Printer Code Injection Vulnerability 9. threat[24710]:OpenEMR New.php Command Injection Vulnerability(CVE-2019-3968) 10. threat[24713]:GilaCMS Authenticated Local File Inclusion(LFI) (CVE-2019-16679) 11. threat[24712]:Netcore NW710 login permission bypass 12. threat[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 remote code execution vulnerability 13. threat[24715]:FusionPBX Command exec.php Command Execution Vulnerability 14. threat[24716]:Online Course Registration 2.0 Remote Code Execution Vulnerability 15. threat[24717]:EyesOfNetwork 5.3 SQL Injection Vulnerability (CVE-2020-8656) 16. threat[24718]:EyesOfNetwork 5.3 Remote Code Execution Vulnerability (CVE-2020-8654) 17. threat[24726]:Cacti 1.2.8 Arbitrary OS Command Execution Vulnerability (CVE-2020-8813) 18. threat[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota Arbitrary File Upload Vulnerability 19. threat[24728]:Avaya Aura Communication Manager 5.2 Remote Code Execution vulnerability 20. threat[24729]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2020-0688) update rules: 1. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781) 2. threat[24702]:LG SuperSign CMS 2.5 Remote Code Execution Vulnerability (CVE-2018-17173) 3. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution 4. threat[24308]:Apache Solr/LuceneXML Remote Command Execution Vulnerability (RCE) (CVE-2017-12629) 5. threat[24599]:RConfig v3.9.2 unauthorized RCE vulnerability 6. threat[24654]:rConfig search.crud.php Command Injection(CVE-2019-16663) 7. threat[41604]:Malicious program windows/Ramnit_a network communication 8. threat[30732]:HPE Intelligent Management Center dbman Command Information Disclosure(CVE-2019-5392) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-02-27 14:04:55

名称： eoi.unify.allrulepatch.ips.5.6.10.21979.rule	版本：5.6.10.21979
MD5：dd3a7cfecd968786dc3cf4f33cb6be1b	大小：25.38M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21979。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24719]:Apache Tomcat AJP协议文件包含漏洞(CVE-2020-1938) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21979. This package include changed rules: new rules: 1. threat[24719]:Apache Tomcat AJP Protocol File Inclusion Vulnerability(CVE-2020-1938) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-02-21 16:03:09

名称： eoi.unify.allrulepatch.ips.5.6.10.21943.rule	版本：5.6.10.21943
MD5：48a8544225615b2c5e260fce6027b45c	大小：25.36M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21943。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24707]:LearnDash WordPress LMS Plugin 3.1.2 - Reflective 跨站脚本攻击漏洞（CVE-2020-7108） 2. 攻击[30728]:ELOG retrieve_url信息泄露漏洞(CVE-2019-3993) 3. 攻击[24706]:HIYU BF430 TCP IP Converter - Stored 跨站脚本攻击漏洞（CVE-2020-8839） 4. 攻击[30727]:Microsoft SharePoint 信息泄漏漏洞(CVE-2019-1443) 5. 攻击[41732]:勒索软件Maktub Locker恶意加密程序下载 6. 攻击[24701]:Xfinity Gateway 命令注入漏洞 7. 攻击[24703]:戴尔KACE K1000远程执行代码漏洞 8. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564) 9. 攻击[24705]:Pandora FMS 7.0 Authenticated 远程代码执行漏洞（CVE-2020-8947） 10. 攻击[24692]:D-Link设备远程命令执行漏洞(CVE-2019-20215) 11. 攻击[30730]:Digitus DN-16048 摄像头远程配置泄露 12. 攻击[24693]:thinkcmf-5.0.190111后台任意文件写入漏洞（CVE-2019-7580） 13. 攻击[24694]:FlameCMS 3.3.5 SQL注入漏洞（CVE-2019-16309） 14. 攻击[24695]:OKLite v1.2.25 任意文件删除漏洞（CVE-2019-16132） 15. 攻击[30731]:Lexmark Services Monitor 2.27.4.0.39 目录遍历漏洞 16. 攻击[24687]:Citrix Application Delivery Controller和网关目录遍历（CVE-2020-19781） 17. 攻击[24696]:HomeAutomation v3.3.2 CSRF 远程命令执行漏洞 18. 攻击[24698]:HomeAutomation 3.3.2 打开重定向漏洞 19. 攻击[24699]:YouPHPTube 7.7 SQL 注入漏洞(CVE-2019-18662) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21943. This package include changed rules: new rules: 1. threat[24707]:LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vulnerability(CVE-2020-7108) 2. threat[30728]:ELOG retrieve_url Information Disclosure Vulnerability(CVE-2019-3993) 3. threat[24706]:HIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vulnerability(CVE-2020-8839) 4. threat[30727]:Microsoft SharePoint Information Disclosure Vulnerability(CVE-2019-1443) 5. threat[41732]:Ransomware Maktub Locker Downloading Malicious Encryption Program 6. threat[24701]:Xfinity Gateway command injection vulnerability 7. threat[24703]:Dell KACE K1000 Remote Code Execution Vulnerability 8. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564) 9. threat[24705]:APandora FMS 7.0 Authenticated Remote Code Execution Vulnerability(CVE-2020-8947) 10. threat[24692]:D-Link Devices Remote Command Execution Vulnerability(CVE-2019-20215) 11. threat[30730]:Digitus DN-16048 Camera Remote Configuration Disclosure 12. threat[24693]:thinkcmf-5.0.190111 background arbitrary file writing vulnerability (CVE-2019-7580) 13. threat[24694]:FlameCMS 3.3.5 SQL Injection Vulnerability (CVE-2019-16309) 14. threat[24695]:OKLite v1.2.25 Arbitrary File Deletion Vulnerability (CVE-2019-16132) 15. threat[30731]:Lexmark Services Monitor 2.27.4.0.39 Directory Traversal 16. threat[24687]:Citrix Application Delivery Controller and Gateway Directory Traversal(CVE-2020-19781) 17. threat[24696]:HomeAutomation v3.3.2 CSRF Remote Command Execution 18. threat[24698]:HomeAutomation 3.3.2 Open Redirect vulnerability 19. threat[24699]:YouPHPTube 7.7 SQL Injection Vulnerability(CVE-2019-18662) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-02-21 13:49:12

名称： eoi.unify.allrulepatch.ips.5.6.10.21917.rule	版本：5.6.10.21917
MD5：f68dc2fb7b55ce89fd50155ce7494e72	大小：25.34M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21917。该升级包新增/改进的规则有: 新增规则: 1. 攻击[30729]:OwnCloud 8.1.8-用户名泄露漏洞 2. 攻击[41731]:雄迈摄像头固件后门漏洞通信 3. 攻击[24690]:Apache SSI注入远程代码执行漏洞 4. 攻击[24691]:Car Rental Project 1.0 文件上传漏洞（CVE-2020-5509） 5. 攻击[24689]:phpMyAdmin 4.x sql注入漏洞（CVE-2020-5504） 6. 攻击[24682]:IceWarp WebMail 11.4.4.1 XSS漏洞（CVE-2020-8512） 7. 攻击[24683]:基于REALTEK SDK的路由器（TOTOLINK和许多其他）代码执行漏洞(CVE-2019-19824) 8. 攻击[24684]:3Com OfficeConnect远程代码执行漏洞 9. 攻击[30726]:ASTPP 4.0.1 VoIP Billing - 数据库泄露漏洞 10. 攻击[24685]:Jira 8.3.4 信息披露漏洞（CVE-2019-8449） 11. 攻击[24688]:Heatmiser Netmonitor 3.03 -HTML注入漏洞更新规则: 1. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894) 2. 攻击[24678]:rConfig 3.9.3远程执行代码漏洞（CVE-2019-19509） 3. 攻击[68655]:可疑Webshell后门访问控制注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21917. This package include changed rules: new rules: 1. threat[30729]:OwnCloud 8.1.8 - Username Disclosure Vulnerability 2. threat[41731]:Xiongmai Camera Firmware Backdoor Communication 3. threat[24690]:Apache SSI Injection Remote Code Execution Vulnerability 4. threat[24691]:Car Rental Project 1.0 File Upload Vulnerability (CVE-2020-5509) 5. threat[24689]:phpMyAdmin 4.x SQL Injection Vulnerability (CVE-2020-5504) 6. threat[24682]:IceWarp WebMail 11.4.4.1 XSS Vulnerability (CVE-2020-8512) 7. threat[24683]:REALTEK SDK based Routers (TOTOLINK and many Other) Code Execution Vulnerability(CVE-2019-19824) 8. threat[24684]:3Com OfficeConnect Remote Code Execution 9. threat[30726]:ASTPP 4.0.1 VoIP Billing - Database Disclosure Vulnerability 10. threat[24685]:Jira 8.3.4 Information Disclosure Vulnerability (CVE-2019-8449) 11. threat[24688]:Heatmiser Netmonitor 3.03 - HTML Injection update rules: 1. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894) 2. threat[24678]:rConfig 3.9.3 Remote Code Execution Vulnerability (CVE-2019-19509) 3. threat[68655]:Suspicious Webshell Backdoor Access and Control Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-02-14 14:36:43

名称： eoi.unify.allrulepatch.ips.5.6.10.21833.rule	版本：5.6.10.21833
MD5：54d68f9cb72244af3cbbf9655462ba38	大小：25.32M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21833。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24672]:Thomson Reuters Velocity Analytics 远程代码注入漏洞(CVE-2013-5912) 2. 攻击[24673]:Apache FreeMarker模板FusionAuth远程代码执行漏洞(CVE-2020-7799) 3. 攻击[24674]:ZOHO ManageEngine ServiceDeskPlus XSS漏洞（CVE-2020-6843） 4. 攻击[24676]:Satellian 1.1.2远程代码执行漏洞（CVE-2020-7980） 5. 攻击[24675]:Adive Framework跨站脚本攻击XSS/跨站请求伪造CSRF漏洞(CVE-2020-7991) 6. 攻击[24677]:Microsoft .NET Framework 远程代码执行漏洞(CVE-2020-0646) 7. 攻击[24678]:rConfig 3.9.3远程执行代码漏洞（CVE-2019-19509） 8. 攻击[24680]:Homematic CCU2 TCL脚本解释器远程代码执行漏洞(CVE-2018-7297) 更新规则: 1. 攻击[22656]:D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21833. This package include changed rules: new rules: 1. threat[24672]:Thomson Reuters Velocity Analytics Remote Code Injection Vulnerability(CVE-2013-5912) 2. threat[24673]:Apache FreeMarker Template FusionAuth Remote Code Execution Vulnerability(CVE-2020-7799) 3. threat[24674]:ZOHO ManageEngine ServiceDeskPlus XSS Vulnerability (CVE-2020-6843) 4. threat[24676]:Satellian 1.1.2 remote code execution vulnerability(CVE-2020-7980) 5. threat[24675]:Adive Framework Cross-site Scripting/Cross-Site Request Forgery Vulnerability(CVE-2020-7991) 6. threat[24677]:Microsoft .NET Framework Remote Code Execution Vulnerability(CVE-2020-0646) 7. threat[24678]:rConfig 3.9.3 Remote Code Execution Vulnerability (CVE-2019-19509) 8. threat[24680]:Homematic CCU2 TCL Script Interpreter Remote Code Execution Vulnerability(CVE-2018-7297) update rules: 1. threat[22656]:D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-02-06 18:16:04

名称： eoi.unify.allrulepatch.ips.5.6.10.21799.rule	版本：5.6.10.21799
MD5：f6a6082704a93e1ace30bb091c62e106	大小：25.31M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21799。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24667]:Citrix NetScaler SD-WAN 远程命令执行漏洞(CVE-2017-6316) 2. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781) 3. 攻击[24669]:Job Portal 1.0 任意文件上传 4. 攻击[24670]:PandoraFMS v7.0NG 远程代码执行漏洞（CVE-2019-20224）更新规则: 1. 攻击[24201]:NetGain Systems Enterprise Manager exec jsp 命令执行漏洞(CVE-2017-16602) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21799. This package include changed rules: new rules: 1. threat[24667]:Citrix NetScaler SD-WAN Remote Command Execution Vulnerability(CVE-2017-6316) 2. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781) 3. threat[24669]:Job Portal 1.0 arbitrary file upload 4. threat[24670]:PandoraFMS v7.0NG Remote Code Execution Vulnerability (CVE-2019-20224) update rules: 1. threat[24201]:NetGain Systems Enterprise Manager exec jsp Command Execution(CVE-2017-16602) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-01-30 21:49:38

名称： eoi.unify.allrulepatch.ips.5.6.10.21798.rule	版本：5.6.10.21798
MD5：432ba732b385618be1f44b28ba121d8c	大小：25.30M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21798。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24663]:Enigma NMS系统命令注入漏洞(CVE-2019-16072) 2. 攻击[24664]:三菱电子smartRTU和Inea ME-RTU 操作系统命令注入漏洞(CVE-2019-14931) 3. 攻击[24665]:PixelStor 5000 K：4.0.1580-20150629-远程执行代码漏洞（CVE-2020-6756） 4. 攻击[24666]:Sar2HTML 3.2.1 远程命令执行漏洞更新规则: 1. 攻击[23766]:Dell KACE K1000文件上传漏洞 2. 攻击[66891]:PHP CGI查询字符串参数处理信息泄露及拒绝服务漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21798. This package include changed rules: new rules: 1. threat[24663]:Enigma NMS OS Command Injection Vulnerability(CVE-2019-16072) 2. threat[24664]:Mitsubishi Electric smartRTU and Inea ME-RTU OS Command Injection Vulnerability(CVE-2019-14931) 3. threat[24665]:PixelStor 5000 K: 4.0.1580-20150629-Remote Code Execution Vulnerability (CVE-2020-6756) 4. threat[24666]:Sar2HTML 3.2.1 Remote Command Execution Vulnerability update rules: 1. threat[23766]:Dell KACE K1000 File Upload Vulnerability 2. threat[66891]:PHP CGI Query String Parameter Handling Information Disclosure and DoS Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-01-23 20:40:10

名称： eoi.unify.allrulepatch.ips.5.6.10.21797.rule	版本：5.6.10.21797
MD5：c72d7fd39d01c2b64fcc801c666faba8	大小：25.30M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21797。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24660]:Netgear R6400远程代码执行漏洞(CVE-2016-6277) 2. 攻击[24661]:SonicWall Global Management System 任意代码执行漏洞(CVE-2018-9866) 3. 攻击[24662]:Technicolor调制解调器命令注入漏洞(CVE-2017-14127)(CVE-2019-18396) 4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551) 更新规则: 1. 攻击[21374]:Apache Struts远程命令执行漏洞 2. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21797. This package include changed rules: new rules: 1. threat[24660]:Netgear R6400 Remote Code Execution Vulnerability(CVE-2016-6277) 2. threat[24661]:SonicWall Global Management System Remote Code Execution Vulnerability(CVE-2018-9866) 3. threat[24662]:Technicolor Modem Command Injection Vulnerability(CVE-2017-14127)(CVE-2019-18396) 4. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551) update rules: 1. threat[21374]:Apache Struts Remote Command Execution Vulnerability 2. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-01-16 14:47:47

名称： eoi.unify.allrulepatch.ips.5.6.10.21731.rule	版本：5.6.10.21731
MD5：c9626fba509802b4d8d305ab4407057c	大小：25.31M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21731。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24649]:joomla 3.7 SQL注入漏洞（CVE-2017-8917） 2. 攻击[24650]:Jetty web server 远程共享缓冲区泄漏（CVE-2015-2080） 3. 攻击[24651]:LiteSpeed Technologies LiteSpeed Web Server MIME种类文件代码注入漏洞(CVE-2007-5654) 4. 攻击[24652]:mongo-express远程代码执行漏洞(CVE-2019-10758) 5. 攻击[24653]:Jenkins CI Server build-metrics XSS漏洞 6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663) 7. 攻击[24655]:Enigma NMS 65.0.0-跨站点请求伪造漏洞（CVE-2019-16068） 8. 攻击[24656]:Spring Web Flow远程代码执行漏洞(CVE-2017-4971) 9. 攻击[24657]:Squid Proxy URN响应处理堆缓冲区溢出 10. 攻击[24658]:Karakuzu ERP Management Web 5.7.0 SQL 注入 11. 攻击[24659]:IceWarp 12.2.0 / 12.1.x 跨站脚本攻击（CVE-2019-19266）更新规则: 1. 攻击[24526]:PHP7 zip组件整型溢出漏洞(CVE-2016-3078) 2. 攻击[20266]:Oracle 9i应用服务器无需授权访问管理目录漏洞攻击 3. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238) 4. 攻击[21374]:Apache Struts远程命令执行漏洞 5. 攻击[24146]:JbossAS反序列化远程命令执行漏洞(CVE-2017-12149) 6. 攻击[10412]:Apache HTTP Server畸形Range和Range-Request选项处理远程拒绝服务漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21731. This package include changed rules: new rules: 1. threat[24649]:joomla 3.7 SQL Injection Vulnerability (CVE-2017-8917) 2. threat[24650]:Jetty web server remote shared buffer leak (CVE-2015-2080) 3. threat[24651]:jLiteSpeed Technologies LiteSpeed Web Server MIME Kind File Code Injection Vulnerability (CVE-2007-5654) 4. threat[24652]:mongo-express Remote Code Execution Vulnerability(CVE-2019-10758) 5. threat[24653]:Jenkins CI Server build-metrics Cross-Site Scripting 6. threat[24654]:rConfig search.crud.php Command Injection(CVE-2019-16663) 7. threat[24655]:Enigma NMS 65.0.0-Cross-Site Request Forgery Vulnerability (CVE-2019-16068) 8. threat[24656]:Spring Web Flow Remote Code Execution Vulnerability(CVE-2017-4971) 9. threat[24657]:Squid Proxy URN Response Processing Heap Buffer Overflow 10. threat[24658]:Karakuzu ERP Management Web 5.7.0 SQL Injection 11. threat[24659]:IceWarp 12.2.0 / 12.1.x Cross-Site Scripting Attack (CVE-2019-19266) update rules: 1. threat[24526]:PHP7 zip Component Integer Overflow Vulnerability(CVE-2016-3078) 2. threat[20266]:Oracle 9i Application Server Admin Directory Unauthorized Access 3. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238) 4. threat[21374]:Apache Struts Remote Command Execution Vulnerability 5. threat[24146]:JbossAS Serialized Object Remote Code Execution Vulnerability(CVE-2017-12149) 6. threat[10412]:Apache HTTP Server Denial Of Service Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-01-11 11:39:57

名称： eoi.unify.allrulepatch.ips.5.6.10.21681.rule	版本：5.6.10.21681
MD5：31c9b9e24ad843a0b355a48c95d3fd97	大小：25.29M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21681。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24642]:phpMyChat-Plus 1.98 - 'pmc_username' 参数跨站脚本攻击漏洞 2. 攻击[24641]:Netgain Enterprise Manager PING操作命令注入漏洞 3. 攻击[24643]:Roxy Fileman 1.4.5 NET目录遍历漏洞 4. 攻击[24644]:NUOO NVRmini/NVRmini2/NVRTitan/Crystal/NVRSolo 远程命令执行漏洞 5. 攻击[24645]:AVTECH 视频监控设备 adcommand.cgi远程命令执行漏洞 6. 攻击[24646]:Cisco Security Manager RMI不安全反序列化漏洞(CVE-2019-12630) 7. 攻击[24647]:Apache Log4j 反序列化代码执行(CVE-2019-17571) 漏洞 8. 攻击[24648]:D-Link Routers操作系统命令注入漏洞(CVE-2015-2051) 更新规则: 1. 攻击[24613]:WiKID Systems 2FA EnterpriseSQL注入漏洞(CVE-2019-17117) 2. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞（CVE-2015-1427） 3. 攻击[24299]:D-Link DSL-2750B任意命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21681. This package include changed rules: new rules: 1. threat[24642]:phpMyChat-Plus 1.98-'pmc_username' parameter cross-site scripting vulnerability 2. threat[24641]:NetGain Enterprise Manager Ping Command Injection Vulnerability 3. threat[24643]:Roxy Fileman 1.4.5 .NET directory traversal vulnerability 4. threat[24644]:NUOO NVRmini/NVRmini2/NVRTitan/Crystal/NVRSolo Remote Code Execution Vulnerability 5. threat[24645]:AVTECH video surveillance device adcommand.cgi remote command execution vulnerability 6. threat[24646]:Cisco Security Manager RMI Insecure Deserialization Vulnerability(CVE-2019-12630) 7. threat[24647]:Apache Log4j Deserialization Code Execution (CVE-2019-17571) Vulnerability 8. threat[24648]:D-Link Routers Operation System Command Injection Vulnerability(CVE-2015-2051) update rules: 1. threat[24613]:WiKID Systems 2FA EnterpriseSQL Injection Vulnerability (CVE-2019-17117) 2. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427) 3. threat[24299]:D-Link DSL-2750B Arbitrary Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2020-01-03 17:59:38

名称： eoi.unify.allrulepatch.ips.5.6.10.21636.rule	版本：5.6.10.21636
MD5：fa9ee61f106ed906a6fb3c0ea81912a8	大小：25.27M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21636。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24629]:Xerox AltaLink 跨站请求伪造漏洞（CVE-2019-19832） 2. 攻击[24630]:Linksys多款路由器ttcp_ip参数远程命令执行漏洞 3. 攻击[24631]:Vacron网络视频录像设备远程命令执行漏洞 4. 攻击[41727]:Buran勒索病毒请求连接 5. 攻击[24632]:EnGenius EnShare IoT Gigabit Cloud Service远程命令执行漏洞 6. 攻击[41728]:Buran勒索病毒传输通信 7. 攻击[24633]:AVTECH 录像监控设备远程命令执行漏洞 8. 攻击[24634]:Zyxel EMG2926家庭路由器命令注入漏洞(CVE-2017-6884) 9. 攻击[24635]:AVTECH 视频监控设备未经身份验证的信息泄露漏洞 10. 攻击[41729]:木马后门程序Emotet网络 11. 攻击[24636]:AVTECH DVR设备未经身份验证的ssrf漏洞 12. 攻击[24637]:AVTECH 视频监控设备认证绕过漏洞 13. 攻击[41730]:APT组织Sednit攻击活动 14. 攻击[24638]:AVTECH 视频监控设备登录验证码绕过漏洞 15. 攻击[24639]:OPF OpenProject sortBy 跨站脚本攻击漏洞（CVE-2019-17092） 16. 攻击[24640]:YouPHPTube Encoder getImage.php命令注入漏洞（CVE-2019-5127）更新规则: 1. 攻击[24255]:Web服务远程命令执行攻击 2. 攻击[22656]:D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞 3. 攻击[23756]:多种安防监控系统存在远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21636. This package include changed rules: new rules: 1. threat[24629]:Xerox AltaLink Cross-Site Request Forgery Vulnerability (CVE-2019-19832) 2. threat[24630]:Linksys Routers ttcp_ip Parameter Remote Command Execution Vulnerability 3. threat[24631]:Vacron NVR Remote Command Execution Vulnerability 4. threat[41727]:Buran ransomware requests connection 5. threat[24632]:EnGenius EnShare IoT Gigabit Cloud Service Remote Command Execution Vulnerability 6. threat[41728]:Buran ransomware transmission communication 7. threat[24633]:AVTECH IP Camera/NVR/DVR Remote Command Execution Vulnerability 8. threat[24634]:Zyxel EMG2926 Router Command Injection Vulnerability(CVE-2017-6884) 9. threat[24635]:AVTECH Video Surveillance Device Unauthenticated Information Disclosure Vulnerability 10. threat[41729]:Trojan Backdoor Emotet Network 11. threat[24636]:AVTECH DVR device unauthenticated ssrf vulnerability 12. threat[24637]:AVTECH Video Surveillance Device Certification Bypass Vulnerability 13. threat[41730]:APT organizes Sednit attack 14. threat[24638]:AVTECH Video Surveillance Device Login Verification Code Bypass Vulnerability 15. threat[24639]:OPF OpenProject sortBy Cross-Site Scripting Vulnerability(CVE-2019-17092) 16. threat[24640]:YouPHPTube Encoder getImage.php Command Injection Vulnerability(CVE-2019-5127) update rules: 1. threat[24255]:Web Service Remote Command Execution Attack 2. threat[22656]:D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution 3. threat[23756]:Multiple CCTV-DVR Systems Remote Command Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-12-26 19:14:26

名称： eoi.unify.allrulepatch.ips.5.6.10.21583.rule	版本：5.6.10.21583
MD5：f7a74101b59093ca5036db7f64a6deec	大小：25.25M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21583。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24618]:Centova Cast 3.2.11任意文件下载漏洞 2. 攻击[24619]:Mersive Technologies Solstice Pods 操作系统命令注入漏洞(CVE-2017-12945) 3. 攻击[24620]:Verot 2.0.3 - 文件上传漏洞(CVE-2019-19576) 4. 攻击[24621]:OkayCMS 2.3.4远程执行代码漏洞（CVE-2019-16885） 5. 攻击[24622]:VBScript远程执行代码漏洞(CVE-2019-1485) 6. 攻击[24624]:WordPress CSS Hero 4.0.3跨站脚本攻击（CVE-2019-19133） 7. 攻击[30725]:数据库文件.mdb文件尝试访问下载 8. 攻击[24625]:Apache php文件后缀解析漏洞 9. 攻击[24627]:dedecms sys_verifies.php远程代码执行漏洞(CVE-2018-9174) 10. 攻击[24626]:TemaTres 3.0跨站脚本攻击(CVE-2019-14343) 11. 攻击[24628]:Advantech WISE-PaaS RMM任意文件上传漏洞(CVE-2019-13551) 更新规则: 1. 攻击[24614]:Sahi Pro 7.x / 8.x目录遍历（CVE-2018-20470） 2. 攻击[24616]:Joomla JS Support Ticket 1.1.5任意文件下载 3. 攻击[41499]:HTTP请求敏感路径访问尝试 4. 攻击[41534]:网页包含挖矿脚本代码 5. 攻击[23309]:TWiki search功能任意SHELL命令执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21583. This package include changed rules: new rules: 1. threat[24618]:Centova Cast 3.2.11 Arbitrary File Download 2. threat[24619]:Mersive Technologies Solstice Pods Operating System Command Injection Vulnerability(CVE-2017-12945) 3. Verot 2.0.3-File Upload Vulnerability (CVE-2019-19576) 4. threat[24621]:OkayCMS 2.3.4 Remote Code Execution Vulnerability (CVE-2019-16885) 5. threat[24622]:VBScript Remote Code Execution Vulnerability(CVE-2019-1485) 6. threat[24624]:WordPress CSS Hero 4.0.3 Cross Site Scripting （CVE-2019-19133） 7. threat[30725]:try to access and download .mdb database file 8. threat[24625]:Apache php file suffix parsing vulnerability 9. threat[24627]:dedecms sys_verifies.php Remote Code Execution Vulnerability (CVE-2018-9174) 10. threat[24626]:TemaTres 3.0 Cross Site Scripting(CVE-2019-14343) 11. threat[24628]:Advantech WISE-PaaS RMM Arbitrary File Upload Vulnerability(CVE-2019-13551) update rules: 1. threat[24614]:Sahi Pro 7.x / 8.x Directory Traversal(CVE-2018-20470) 2. threat[24616]:Joomla JS Support Ticket 1.1.5 Arbitrary File Download 3. threat[41499]:HTTP Request Sensitive Path Access Attempt 4. threat[41534]:Web Page Contains Mining Script Code 5. threat[23309]:TWiki Search Function Arbitrary Command Execution Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-12-19 17:57:50

名称： eoi.unify.allrulepatch.ips.5.6.10.21512.rule	版本：5.6.10.21512
MD5：e3fdb4b2d757ba3b87d6ff7d537ddd12	大小：25.26M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21512。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41726]:Lemon_Duck PowerShell 恶意软件C2服务器通信 2. 攻击[24613]:WiKID Systems 2FA EnterpriseSQL注入漏洞(CVE-2019-17117) 3. 攻击[24614]:Sahi Pro 7.x / 8.x目录遍历（CVE-2018-20470） 4. 攻击[24615]:FaceSentry访问控制系统6.4.8远程命令注入更新规则: 1. 攻击[23811]:Apache APR_PSPrintf 内存破坏漏洞 2. 攻击[24457]:ElasticSearch远程任意代码执行漏洞(CVE-2014-3120) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21512. This package include changed rules: new rules: 1. threat[41726]:Lemon_Duck PowerShell malware C2 server communication 2. threat[24613]:WiKID Systems 2FA EnterpriseSQL Injection Vulnerability (CVE-2019-17117) 3. threat[24614]:Sahi Pro 7.x / 8.x Directory Traversal(CVE-2018-20470) 4. threat[24615]:FaceSentry Access Control System 6.4.8 Remote Command Injection update rules: 1. threat[23811]:Apache APR_PSPrintf Memory Corruption Vulnerability 2. threat[24457]:ElasticSearch Remote Arbitrary Code Execution Vulnerability (CVE-2014-3120) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-12-12 17:32:42

名称： eoi.unify.allrulepatch.ips.5.6.10.21465.rule	版本：5.6.10.21465
MD5：f800f1a9222cdb354e49d7b55d7da8b8	大小：25.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21465。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41725]:MyKings僵尸网络通信更新规则: 1. 攻击[23997]:Jackson-Databind框架json反序列化代码执行漏洞(CVE-2017-7525) 2. 攻击[60192]:SMTP服务器命令格式串漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21465. This package include changed rules: new rules: 1. threat[41725]:MyKings Botnet Communication update rules: 1. threat[23997]:Jackson-Databind framework json deserialization code execution vulnerability(CVE-2017-7525) 2. threat[60192]:SMTP Server Command Format String Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-12-05 18:36:25

名称： eoi.unify.allrulepatch.ips.5.6.10.21443.rule	版本：5.6.10.21443
MD5：308249bca22a641b42d623ae7046c3d6	大小：25.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21443。该升级包新增/改进的规则有: 更新规则: 1. 攻击[66892]:PHP CGI查询字符串参数处理代码注入漏洞（CVE-2012-1823）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21443. This package include changed rules: update rules: 1. threat[66892]:PHP CGI Query String Parameter Handling Code Injection Vulnerability（CVE-2012-1823） Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-11-29 11:07:21

名称： eoi.unify.allrulepatch.ips.5.6.10.21434.rule	版本：5.6.10.21434
MD5：3f819796f14c370eb3f769390e5fe3a0	大小：25.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21434。该升级包新增/改进的规则有: 新增规则: 1. 攻击[41724]:APT组织TransparentTribe攻击活动更新规则: 1. 攻击[24605]:HPE智能管理中心AMF3反序列化漏洞（CVE-2019-11944） 2. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行 3. 攻击[23783]:nginx文件类型错误解析漏洞 4. 攻击[66892]:PHP CGI查询字符串参数处理代码注入漏洞（CVE-2012-1823）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21434. This package include changed rules: new rules: 1. threat[41724]:APT organizes the TransparentTribe attack update rules: 1. threat[24605]:HPE Intelligent Management Center AMF3 Externalizable Deserialization Vulnerability(CVE-2019-11944) 2. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution 3. threat[23783]:nginx Incorrect File Type Parse Vulnerability 4. threat[66892]:PHP CGI Query String Parameter Handling Code Injection Vulnerability（CVE-2012-1823） Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-11-22 15:02:09

名称： eoi.unify.allrulepatch.ips.5.6.10.21411.rule	版本：5.6.10.21411
MD5：dfd2ea5ae7cd529b377fee17306bc6de	大小：25.24M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21411。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24602]:OpenEMR facility_admin.php跨站脚本漏洞(CVE-2019-8368) 2. 攻击[24603]:YouPHPTube远程代码执行漏洞(CVE-2019-16124) 3. 攻击[24604]:Windows NTLM认证篡改漏洞(CVE-2019-1166) 4. 攻击[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL注入漏洞 5. 攻击[24607]:OpenEMR C_Document.class.php view_action doc_id 跨站脚本攻击(CVE-2019-3964) 6. 攻击[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet SQL注入 7. 攻击[24609]:Citrix StoreFront Server 7.15-XML外部实体注入 8. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704) 9. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行 10. 攻击[41723]:APT组织"黑格莎"攻击活动更新规则: 1. 攻击[49013]:挖矿程序连接矿池服务器通信注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21411. This package include changed rules: new rules: 1. threat[24602]:OpenEMR facility_admin.php Cross-Site Scripting Vulnerability(CVE-2019-8368) 2. threat[24603]:YouPHPTube Remote Code Execution Vulnerability(CVE-2019-16124) 3. threat[24604]:Windows NTLM Message Integrity Check Tampering Vulnerability(CVE-2019-1166) 4. threat[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL Injection Vulnerability 5. threat[24607]:OpenEMR C_Document.class.php view_action doc_id Cross-Site Scripting(CVE-2019-3964) 6. threat[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet category SQL Injection 7. threat[24609]:Citrix StoreFront Server 7.15 - XML External Entity Injection 8. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704) 9. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution 10. threat[41723]:APT Ognization Higaisa Attack Behavior update rules: 1. threat[49013]:Mining program connects mine pool server communication Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-11-14 22:09:59

名称： eoi.unify.allrulepatch.ips.5.6.10.21357.rule	版本：5.6.10.21357
MD5：4ed1bf4de75d23b97b65138c30ca0f7c	大小：25.22M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21357。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24599]:RConfig未授权RCE漏洞 2. 攻击[24598]:Apache Solr远程代码执行漏洞 3. 攻击[24600]:rConfig v3.9.2 远程代码执行漏洞 4. 攻击[24597]:Joomla 远程代码执行漏洞 5. 攻击[24601]:ThinkcmfX php代码注入漏洞更新规则: 1. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞（RCE）(CVE-2017-12629) 2. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193) 3. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894) 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21357. This package include changed rules: new rules: 1. threat[24599]:RConfig unauthorized RCE vulnerability 2. threat[24598]:Apache Solr Remote Code Execution Vulnerability 3. threat[24600]:rConfig v3.9.2 Remote Code Excution Vulnerability 4. threat[24597]:Joomla Remote Code Execution Vulnerability 5. threat[24601]:ThinkcmfX php Code Injection Vulnerability update rules: 1. threat[24308]:Apache Solr/LuceneXML Remote Command Execution Vulnerability (RCE) (CVE-2017-12629) 2. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193) 3. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-11-07 18:53:34

名称： eoi.unify.allrulepatch.ips.5.6.10.21325.rule	版本：5.6.10.21325
MD5：578cae607f794639e445693ce1a31c37	大小：25.21M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21325。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24594]:研华WebAccess BwRPswd.exe基于堆栈的缓冲区溢出(CVE-2019-6550) 2. 攻击[24596]:php-fpm远程代码执行漏洞(CVE-2019-11043) 更新规则: 1. 攻击[62708]:IBM Rational Quality Manager后门账号漏洞 2. 应用:TeamViewer 3. 应用:TeamView 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21325. This package include changed rules: new rules: 1. threat[24594]:Advantech WebAccess BwRPswd.exe Stack-based Buffer Overflow(CVE-2019-6550) 2. threat[24596]:php-fpm Remote Code Execution Vulnerability(CVE-2019-11043) update rules: 1. threat[62708]:IBM Rational Quality Manager and Test Lab Manager Remote Code Execution Vulnerability 2. app:TeamViewer 3. app:teamviewer Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-11-01 11:31:59

名称： eoi.unify.allrulepatch.ips.5.6.10.21297.rule	版本：5.6.10.21297
MD5：dca33c40da10444ee04cbd382c7f26b9	大小：25.21M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21297。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24586]:Adobe Acrobat JOBOPTIONS 文件解析越界写漏洞 2. 攻击[24587]:HPE IMC CustomReportTemplateSelectBean 表达式语言注入漏洞(CVE-2019-5373) 3. 攻击[50575]:向日葵远程控制软件连接服务器 4. 攻击[24588]:HPE IMC OperatorGroupTreeSelectBean 表达式语言注入漏洞(CVE-2019-5374) 5. 攻击[24589]:Cisco IOS XE WebUI命令注入漏洞(CVE-2019-12650) 6. 攻击[24590]:Tibco JasperSoft 路径目录遍历漏洞(CVE-2018-18809) 7. 攻击[24591]:Exim string_vformat函数堆缓冲区溢出漏洞(CVE-2019-16928) 8. 攻击[24592]:Elasticsearch Kibana 远程代码执行漏洞(CVE-2019-7609) 9. 攻击[24593]:Adobe Acrobat JOBOPTIONS 文件解析越界读(CVE-2019-7110) 更新规则: 1. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞（CVE-2015-1427）注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21297. This package include changed rules: new rules: 1. threat[24586]:Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Write Vulnerability 2. threat[24587]:HPE IMC CustomReportTemplateSelectBean Expression Language Injection Vulnerability(CVE-2019-5373) 3. threat[50575]:Remote Control Tool Sunlogin Connecting Server 4. threat[24588]:HPE IMC OperatorGroupTreeSelectBean Expression Language Injection Vulnerability(CVE-2019-5374) 5. threat[24589]:Cisco IOS XE WebUI Command Injection Vulnerability(CVE-2019-12650) 6. threat[24590]:Tibco JasperSoft Path Traversal Vulnerability(CVE-2018-18809) 7. threat[24591]:Exim string_vformat Heap-based Buffer Overflow Vulnerability(CVE-2019-16928) 8. threat[24592]:Elasticsearch Kibana Remote Code Execution Vulnerability(CVE-2019-7609) 9. threat[24593]:Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Read(CVE-2019-7110) update rules: 1. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-10-24 22:21:10

名称： eoi.unify.allrulepatch.ips.5.6.10.21238.rule	版本：5.6.10.21238
MD5：eda28aa8e4c74a3fc8d514bb61cad6e6	大小：24.68M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21238。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24577]:Atlassian Confluence服务器 PackageResourceManager信息泄露漏洞（CVE-2019-3394） 2. 攻击[24579]:OpenEMR ajax_download.php目录遍历漏洞（CVE-2019-14530） 3. 攻击[24578]:Zabbix认证绕过漏洞 4. 攻击[24580]:OpenEMR ajax_download.php目录遍历漏洞（CVE-2019-3967） 5. 攻击[24581]:uftpd FTP服务器compose_path目录遍历漏洞 6. 攻击[24582]:Jenkins FileParameterValue目录遍历漏洞(CVE-2019-10352) 7. 攻击[24583]:Pulse Secure diag.cgi命令注入(CVE-2019-11539) 8. 攻击[24584]:Pulse Secure Guacamol URI信息泄漏(CVE-2019-11510) 9. 攻击[10500]:Squid Proxy Digest认证拒绝服务漏洞(CVE-2019-12525) 10. 攻击[24585]:D-Link路由器未授权远程命令执行漏洞(CVE-2019-16920) 11. 应用:第一财经 12. 应用:虎扑体育 13. 应用:驱动人生 14. 应用:人人影视 15. 应用:和讯网更新规则: 1. 攻击[24553]:冰蝎 Webshell 连接 2. 应用:I2P 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21238. This package include changed rules: new rules: 1. threat[24577]:Atlassian Confluence Server PackageResourceManager Information Disclosure Vulnerability(CVE-2019-3394) 2. threat[24579]:OpenEMR ajax_download.php Directory Traversal Vulnerability(CVE-2019-14530) 3. threat[24578]:Zabbix Authentication Bypass Vulnerability 4. threat[24580]:OpenEMR ajax_download.php Directory Traversal Vulnerability(CVE-2019-3967) 5. threat[24581]:uftpd FTP Server compose_path Directory Traversal Vulnerability 6. threat[24582]:Jenkins FileParameterValue Directory Traversal Vulnerability(CVE-2019-10352) 7. threat[24583]:Pulse Secure diag.cgi Command Injection(CVE-2019-11539) 8. threat[24584]:Pulse Secure Guacamole URI Information Disclosure(CVE-2019-11510) 9. threat[10500]:Squid Proxy Digest Authentication Denial of Service(CVE-2019-12525) 10. threat[24585]:D-Link Routers Unauthorized Remote Command Execution Vulnerability(CVE-2019-16920) 11. app:First Finance and Economics 12. app:Tiger Sports 13. app:Driving life 14. app:RRTV 15. app: update rules: 1. threat[24553]:Behinder Webshell Connect 2. app:I2P Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-10-17 21:03:57

名称： eoi.unify.allrulepatch.ips.5.6.10.21169.rule	版本：5.6.10.21169
MD5：91b3e75d19619e1750f94889f7567bc2	大小：24.60M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21169。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24573]:Microsoft IIS 4.0/5.0 Unicode扩展编码目录遍历漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21169. This package include changed rules: new rules: 1. threat[24573]:Microsoft IIS 4.0/5.0 Unicode Encoding Directory Traversal Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-10-10 19:23:29

名称： eoi.unify.allrulepatch.ips.5.6.10.21152.rule	版本：5.6.10.21152
MD5：15269c2042d9eef8d77b04a6663a501b	大小：24.59M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21152。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24571]:FusionPBX 4.4.8 远程代码执行漏洞 2. 攻击[24572]:vbulletin 5.x 远程代码执行漏洞 3. 攻击[41720]:蚁剑Webshell管理工具连接控制注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21152. This package include changed rules: new rules: 1. threat[24571]:FusionPBX 4.4.8 Remote Code Execution Vulnerability 2. threat[24572]:Vbulletin 5.x Remote Code Execution Vulnerability 3. threat[41720]:AntSword Webshell Management Tool Connection and Control Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-10-04 10:15:30

名称： eoi.unify.allrulepatch.ips.5.6.10.21135.rule	版本：5.6.10.21135
MD5：ace336a64eec6f952269753ea4ce0a8a	大小：24.56M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21135。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24568]:Windows NTLM认证篡改漏洞(CVE-2019-1040) 2. 攻击[24569]:Jenkins Git client插件远程命令执行漏洞(CVE-2019-10392) 3. 攻击[41718]:内网隧道工具reGeorg连接注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21135. This package include changed rules: new rules: 1. threat[24568]:Windows NTLM Message Integrity Check Tampering Vulnerability(CVE-2019-1040) 2. threat[24569]:Jenkins Git client Plugin Remote Code Execution Vulnerability(CVE-2019-10392) 3. threat[41718]:Intranet tunneling tool reGeorg connection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
发布时间：2019-09-26 15:17:50

名称： eoi.unify.allrulepatch.ips.5.6.10.21114.rule	版本：5.6.10.21114
MD5：2fe4426263aac37a15d859f748ac0b45	大小：24.58M
描述：本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.21114。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24567]:泛微e-cology OA系统远程代码执行漏洞更新规则: 1. 攻击[23991]:Fastjson远程代码执行漏洞注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级. NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21114. This package include changed rules: new rules: 1. threat[24567]:Weaver e-cology OA System Remote Code Execution Vulnerability update rules: 1. threat[23991]:Fastjson Remote Code Execution Vulnerability Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.