首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

网络入侵防护系统(IPS)规则5.6.10升级包列表

名称: eoi.unify.allrulepatch.ips.5.6.10.23834.rule 版本:5.6.10.23834
MD5:aaeb9cafdc1cd56bd048ff732937cd52 大小:26.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23834。该升级包新增/改进的规则有:

更新规则:
1. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23834. This package include changed rules:

update rules:
1. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-31 10:00:16
名称: eoi.unify.allrulepatch.ips.5.6.10.23813.rule 版本:5.6.10.23813
MD5:55425ea1a2aa4b5581c7a8985714b218 大小:26.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23813。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25080]:Gym Management System 1.0 - 身份验证绕过漏洞
2. 攻击[25077]:HooToo TripMate Titan HT-TM05 远程命令执行漏洞(CVE-2018-20841)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23813. This package include changed rules:


new rules:
1. threat[25080]:Gym Management System 1.0 - Authentication Bypass Vulnerability
2. threat[25077]:HooToo TripMate Titan HT-TM05 Remote Code Execution Vulnerability(CVE-2018-20841)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-29 16:34:13
名称: eoi.unify.allrulepatch.ips.5.6.10.23802.rule 版本:5.6.10.23802
MD5:65cb18ce248ce806640e5d72a3210ac4 大小:26.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23802。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25078]:禅道项目管理系统远程文件包含漏洞
2. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23802. This package include changed rules:

new rules:
1. threat[25078]:Zentao PMS Remote File Inclusion Vulnerability
2. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-27 10:37:50
名称: eoi.unify.allrulepatch.ips.5.6.10.23787.rule 版本:5.6.10.23787
MD5:e7659c8bfc73f86671e62791281c757e 大小:26.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23787。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30758]:Way-Board远程文件泄露漏洞(CVE-2001-0214)
2. 攻击[25074]:Cacti Group Cacti color.php SQL注入漏洞
3. 攻击[25075]:访客管理系统(CVMS)1.0-认证绕过漏洞
4. 攻击[25076]:Wireless IP Camera (P2P) WIFICAM远程代码执行漏洞(CVE-2017-8225)

更新规则:
1. 攻击[24300]:GPON Home Gateway 远程命令执行漏洞(CVE-2018-10561/CVE-2018-10562)
2. 攻击[30759]:Zoho ManageEngine Applications Manager UploadAction任意文件上传漏洞 (CVE-2020-14008)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23787. This package include changed rules:

new rules:
1. threat[30758]:Way-Board Remote File Disclosure Vulnerability(CVE-2001-0214)
2. threat[25074]:Cacti Group Cacti color.php SQL Injection Vulnerability
3. threat[25075]:Company Visitor Management System (CVMS) 1.0 - Authentication Bypass Vulnerability
4. threat[25076]:Wireless IP Camera (P2P) WIFICAM Remote Code Execution Vulnerability(CVE-2017-8225)

update rules:
1. threat[24300]:Remote command execution vulnerability of GPON Home Gateway (cve-2018-10561/cve-2018-10562)
2. threat[30759]:Zoho ManageEngine Applications Manager UploadAction Arbitrary File Upload Vulnerability (CVE-2020-14008)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-23 15:33:02
名称: eoi.unify.allrulepatch.ips.5.6.10.23760.rule 版本:5.6.10.23760
MD5:a16327190b4ca9c7573cb6be7a6f8133 大小:26.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23760。该升级包新增/改进的规则有:

更新规则:
1. 攻击[25040]:fastadmin前台目录穿越漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23760. This package include changed rules:

update rules:
1. threat[25040]:Fastadmin front-end directory traversal vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-16 22:34:45
名称: eoi.unify.allrulepatch.ips.5.6.10.23691.rule 版本:5.6.10.23691
MD5:3e84345b6863259cb43f8f6e712e5424 大小:26.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23691。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25064]:BigTree CMS 4.4.10 SQL注入漏洞
2. 攻击[25066]:Bigviktor bot 网络C&C通信
3. 攻击[25067]:Flatpress Add Blog 1.0.3- 存储型跨站脚本漏洞
4. 攻击[25068]:Cisco UCS Director saveStaticConfig目录遍历漏洞(CVE-2020-3248)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23691. This package include changed rules:

new rules:
1. threat[25064]:BigTree CMS 4.4.10 SQL Injection Vulnerability
2. threat[25066]:Bigviktor bot Network C&C Connection
3. threat[25067]:Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting Vulnerability
4. threat[25068]:Cisco UCS Director saveStaticConfig Directory Traversal Vulnerability(CVE-2020-3248)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-09 15:47:27
名称: eoi.unify.allrulepatch.ips.5.6.10.23620.rule 版本:5.6.10.23620
MD5:c735e546cb0deba40275b6c8ab27dfc7 大小:26.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23620。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25044]:WebSphere Application Server XXE漏洞(CVE-2020-4634)
2. 攻击[25045]:研华WebAccess NMS ConfigRestoreAction 任意文件上传漏洞(CVE-2020-10621)

更新规则:
1. 攻击[25040]:fastadmin前台目录穿越漏洞
2. 攻击[25041]:fastadmin前台getshell漏洞-上传shell


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23620. This package include changed rules:

new rules:
1. threat[25044]:WebSphere Application Server XXE Vulnerability(CVE-2020-4634)
2. threat[25045]:Advantech WebAccess NMS ConfigRestoreAction Arbitrary File Upload Vulnerability(CVE-2020-10621)

update rules:
1. threat[25040]:Fastadmin front-end directory traversal vulnerability
2. threat[25041]:Fastadmin front-end getshell vulnerability - upload shell


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-23 19:40:20
名称: eoi.unify.allrulepatch.ips.5.6.10.23606.rule 版本:5.6.10.23606
MD5:d5995a821e2bfd8e611dd481943185b6 大小:26.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23606。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25039]:Nagios XI account main.php存储型跨站脚本漏洞(CVE-2020-10821)
2. 攻击[50593]:Redis认证失败
3. 攻击[25040]:fastadmin前台目录穿越漏洞
4. 攻击[25041]:fastadmin前台getshell漏洞 - 上传shell
5. 攻击[25042]:Fastadmin前台登录成功
6. 攻击[41774]:Fastadmin后台登录成功

更新规则:
1. 攻击[50592]:mysql登录用户读取本地文件
2. 攻击[41543]:木马后门程序ASP一句话木马


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23606. This package include changed rules:

new rules:
1. threat[25039]:Nagios XI account main.php Stored Cross-Site Scripting Vulnerability(CVE-2020-10821)
2. threat[50593]:Redis Authenticated Failed
3. threat[25040]:Fastadmin front-end directory traversal vulnerability
4. threat[25041]:Fastadmin front-end getshell vulnerability - upload shell
5. threat[25042]:Fastadmin foreground login succeeded
6. threat[41774]:Fastadmin background login succeeded

update rules:
1. threat[50592]:Mysql Login User Reads Local Files
2. threat[41543]:Trojan/Backdoor General ASP trojan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-23 10:19:12
名称: eoi.unify.allrulepatch.ips.5.6.10.23586.rule 版本:5.6.10.23586
MD5:f681696ecaab26a83486c1da043c3a54 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23586。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25038]:rConfig 未授权远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23586. This package include changed rules:

new rules:
1. threat[25038]:rConfig Unauthenticated Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-21 21:07:11
名称: eoi.unify.allrulepatch.ips.5.6.10.23576.rule 版本:5.6.10.23576
MD5:ef1e8e417aeee034c76e7d3a80444c80 大小:26.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23576。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25032]:ThinkAdmin 6 - 任意文件读取漏洞(CVE-2020-25540)
2. 攻击[25037]:PHP Yii 框架反序列化漏洞(CVE-2020-15148)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23576. This package include changed rules:

new rules:
1. threat[25032]:ThinkAdmin 6 - Arbitrarily File Read Vulnerability(CVE-2020-25540)
2. threat[25037]:PHP Yii Framework Deserialization Vulnerability(CVE-2020-15148)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-20 17:14:23
名称: eoi.unify.allrulepatch.ips.5.6.10.23569.rule 版本:5.6.10.23569
MD5:1fd225828d2592243cb5fca6cb4fdb3d 大小:26.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23569。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25035]:Coremail XT5 远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23569. This package include changed rules:

new rules:
1. threat[25035]:Coremail XT5 Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-18 18:48:45
名称: eoi.unify.allrulepatch.ips.5.6.10.23542.rule 版本:5.6.10.23542
MD5:169120fb98bece2ee85dc8a282aee207 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23542。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25031]:Netlogon 特权提升漏洞(CVE-2020-1472

更新规则:
1. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23542. This package include changed rules:


new rules:
1. threat[25031]:Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)

update rules:
1. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-15 21:21:29
名称: eoi.unify.allrulepatch.ips.5.6.10.23523.rule 版本:5.6.10.23523
MD5:09b934e5b144cc1a8dda116aef76b78a 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23523。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25029]:通达OA v11.7后台SQL注入漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23523. This package include changed rules:

new rules:
1. threat[25029]:Office Anywhere OA v11.7 SQL injection Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-14 18:27:39
名称: eoi.unify.allrulepatch.ips.5.6.10.23519.rule 版本:5.6.10.23519
MD5:d0b99a3d9bafdf8a35d822fdbccd32e0 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23519。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25024]:联软科技网络准入控制系统任意文件上传漏洞
2. 攻击[25025]:泛微E-cology OA getdata.jsp SQL注入漏洞
3. 攻击[25026]:网瑞达资源访问控制系统命令执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23519. This package include changed rules:

new rules:
1. threat[25024]:Leagsoft UniNAC Arbitrary File Upload Vulnerability
2. threat[25025]:Weaver E-cology OA getdata.jsp SQL Injection Vulnerability
3. threat[25026]:WRDTech WebVPN Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-13 17:34:40
名称: eoi.unify.allrulepatch.ips.5.6.10.23511.rule 版本:5.6.10.23511
MD5:02cde29e644cd4fe6bc0f471de42a0e9 大小:26.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23511。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25023]:泛微云桥任意文件读取漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23511. This package include changed rules:

new rules:
1. threat[25023]:Weaver E-bridge Arbitrary File Reading vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-13 09:02:10
名称: eoi.unify.allrulepatch.ips.5.6.10.23507.rule 版本:5.6.10.23507
MD5:a65bfb7822ad1f03db7747acb24511f8 大小:26.01M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23507。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25018]:Weblogic UniversalExtractor 反序列化漏洞(CVE-2020-14645)
2. 攻击[30752]:Tailor 管理系统-'id'SQL注入漏洞
3. 攻击[25019]:Mara CMS 7.5 - 反射型跨站脚本漏洞(CVE-2020-24223)
4. 攻击[25021]:Apache DolphinScheduler远程代码执行漏洞(CVE-2020-11974)
5. 攻击[25022]:用友GRP-u8系统远程命令执行漏洞
6. 应用:HTTP2



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23507. This package include changed rules:

new rules:
1. threat[25018]:Weblogic UniversalExtractor Deserialization Vulnerability(CVE-2020-14645)
2. threat[30752]:Tailor Management System - 'id' SQL Injection Vulnerability
3. threat[25019]:Mara CMS 7.5 - Reflective Cross-Site Scripting Vulnerability(CVE-2020-24223)
4. threat[25021]:Apache DolphinScheduler Remote Code Execution Vulnerability(CVE-2020-11974)
5. threat[25022]:Yonyou GRP-u8 Remote Command Execution Vulnerability
6. app:HTTP2



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-12 10:32:55
名称: eoi.unify.allrulepatch.ips.5.6.10.23476.rule 版本:5.6.10.23476
MD5:944dcae2f188a1a25f1a05570638ac2e 大小:26.01M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23476。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25015]:grocy 2.7.1- 存储型XSS漏洞
2. 攻击[25014]:BloodX CMS 1.0 - 身份验证绕过漏洞
3. 攻击[25017]:mozilo CMS 2.0-存储型XSS漏洞

更新规则:
1. 攻击[25012]:Daily Tracker System 1.0 身份验证绕过漏洞(CVE-2020-24193)
2. 攻击[25013]:Savsoft Quiz Enterprise Version 5.5 -存储型跨站脚本漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23476. This package include changed rules:

new rules:
1. threat[25015]:grocy 2.7.1 - Persistent Cross-Site Scripting Vulnerability
2. threat[25014]:BloodX CMS 1.0 - Authentication Bypass Vulnerability
3. threat[25017]:moziloCMS 2.0 - Persistent Cross-Site Scripting Vunlerability

update rules:
1. threat[25012]:Daily Tracker System 1.0 Authentication Bypass Vulnerability(CVE-2020-24193)
2. threat[25013]:Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-11 09:25:19
名称: eoi.unify.allrulepatch.ips.5.6.10.23419.rule 版本:5.6.10.23419
MD5:37b6ebbff50a90f73538619559c07b5b 大小:25.99M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23419。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25009]:Microsoft .NET Framework/SharePoint Server/Visual Studio远程代码执行漏洞(CVE-2020-1147)
2. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接
3. 攻击[25011]:哥斯拉Godzilla PHP_XOR_RAW Webshell 连接
4. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞
5. 攻击[25004]:ElkarBackup 1.3.3- 存储型跨站点脚本漏洞
6. 攻击[25006]:Apache Shiro 1.5.1 身份验证绕过漏洞(CVE-2020-1957)

更新规则:
1. 攻击[22933]:网络蠕虫Nimda攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23419. This package include changed rules:

new rules:
1. threat[25009]:Microsoft .NET Framework/SharePoint Server/Visual Studio Remote Code Execution(CVE-2020-1147)
2. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect
3. threat[25011]:Godzilla PHP_XOR_RAW Webshell Connect
4. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability
5. threat[25004]:ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Vulnerability
6. threat[25006]:Apache Shiro Authentication Bypass Vulnerability (CVE-2020-1957)

update rules:
1. threat[22933]:Network Worm Nimda Attack


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-03 16:51:04
名称: eoi.unify.allrulepatch.ips.5.6.10.23384.rule 版本:5.6.10.23384
MD5:3de5793f57d3074e156eb09ab3e44da6 大小:25.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23384。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25003]:Fuel CMS 1.4.7 - 'col' SQL注入漏洞
2. 攻击[30749]:锐捷网络交换机eWeb S29_RGOS 11.4目录遍历漏洞
3. 攻击[25000]:Seowon SlC 130路由器远程执行代码漏洞
4. 攻击[41771]:远程控制木马大灰狼受控端上线
5. 攻击[24999]:Spring Boot Actuator未授权访问
6. 攻击[41770]:恶意代码利用ADB调试接口传播
7. 攻击[25005]:宝塔面板phpMyAdmin未授权访问漏洞

更新规则:
1. 攻击[24553]:冰蝎 Webshell 连接
2. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23384. This package include changed rules:


new rules:
1. threat[25003]:Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) Vulnerability
2. threat[30749]:Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal Vulnerability
3. threat[25000]:Seowon SlC 130 Router Remote Code Execution Vulnerability
4. threat[41771]:Remote Control Trojan DaHuiLang Client Startup
5. threat[24999]:Spring Boot Actuator Unauthorized Access
6. threat[41770]:Malicious code spreads using ADB debugging interface
7. threat[25005]:BaoTa Panel phpMyAdmin Unauthorized Access Vulnerability

update rules:
1. threat[24553]:Behinder Webshell Connect
2. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-27 19:32:26
名称: eoi.unify.allrulepatch.ips.5.6.10.23321.rule 版本:5.6.10.23321
MD5:2ac50963d63b7f3b34abeb4377e2be29 大小:25.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23321。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24997]:通达OA 11.6 任意文件删除漏洞
2. 攻击[24998]:通达OA 11.6 任意文件上传漏洞
3. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传
4. 攻击[41767]:哥斯拉Godzilla Webshell ASPX脚本上传
5. 攻击[41768]:哥斯拉Godzilla Webshell PHP脚本上传



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23321. This package include changed rules:

new rules:
1. threat[24997]:Office Anywhere OA 11.6 Arbitrary File Deletion Vulnerability
2. threat[24998]:Office Anywhere OA 11.6 Arbitrary File Upload Vulnerability
3. threat[41766]:Godzilla Webshell JSP Scripts Upload
4. threat[41767]:Godzilla Webshell ASPX Scripts Upload
5. threat[41768]:Godzilla Webshell PHP Scripts Upload



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-19 18:42:39
名称: eoi.unify.allrulepatch.ips.5.6.10.23275.rule 版本:5.6.10.23275
MD5:b22c0ad9e1cc0c11341812cbc31cfa11 大小:25.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23275。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24993]:通达OA前台SQL注入漏洞
2. 攻击[24994]:通达OA 2015-2017版本任意文件上传漏洞
3. 攻击[24995]:通达OA任意文件删除漏洞

更新规则:
1. 攻击[24553]:冰蝎 Webshell 连接
2. 攻击[41699]:冰蝎加密JSP Webshell文件上传
3. 攻击[41697]:冰蝎加密ASP Webshell文件上传
4. 攻击[41696]:冰蝎加密PHP Webshell文件上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23275. This package include changed rules:

new rules:
1. threat[24993]:TongDa OA FrontEnd injection vulnerability
2. threat[24994]:Tongda OA 2015-2017 version arbitrary file upload vulnerability
3. threat[24995]:Tongda OA Arbitrary deletion Vulnerability

update rules:
1. threat[24553]:Behinder Webshell Connect
2. threat[41699]:Behinder Encrypted JSP Webshell File Upload
3. threat[41697]:Behinder Encrypted ASP Webshell File Upload
4. threat[41696]:Behinder Encrypted PHP Webshell File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-17 22:08:44
名称: eoi.unify.allrulepatch.ips.5.6.10.23223.rule 版本:5.6.10.23223
MD5:9a2d5d7446fa678c8fb5b53762f078b2 大小:25.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23223。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24983]:Oracle E-Business Suite Advanced Outbound Telephony Calendar跨站脚本漏洞(CVE-2020-2852)
2. 攻击[24984]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2871)
3. 攻击[24986]:Cisco Unified Contact Center Express RMI 不安全的反序列化漏洞(CVE-2020-3280)
4. 攻击[24987]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2854)
5. 攻击[24988]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2856)
6. 攻击[24989]:Apache Kylin REST API migrateCube命令注入漏洞(CVE-2020-1956)
7. 攻击[24990]:Apache Spark未授权远程代码执行漏洞(CVE-2020-9480)
8. 应用:egd
9. 应用:eyou
10. 应用:postgres field

更新规则:
1. 攻击[66229]:ISC BIND内存泄露漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23223. This package include changed rules:

new rules:
1. threat[24983]:Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting Vulnerability(CVE-2020-2852)
2. threat[24984]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2871)
3. threat[24986]:Cisco Unified Contact Center Express RMI Insecure Deserialization Vulnerability(CVE-2020-3280)
4. threat[24987]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2854)
5. threat[24988]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2856)
6. threat[24989]:Apache Kylin REST API migrateCube Command Injection Vulnerability(CVE-2020-1956)
7. threat[24990]:Apache Spark Unauthorized Remote Code Execution Vulnerability(CVE-2020-9480)
8. app:egd
9. app:eyou
10. app:postgres field

update rules:
1. threat[66229]:ISC BIND Internal Memory Disclosure Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-14 10:54:25
名称: eoi.unify.allrulepatch.ips.5.6.10.23150.rule 版本:5.6.10.23150
MD5:34c9b692ef0035598f43ae88de8ad447 大小:25.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23150。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24979]:禅道Pro远程代码执行漏洞(CVE-2020-7361)
2. 攻击[24980]:WebSphere远程代码执行漏洞(CVE-2020-4450)
3. 攻击[24981]:WebSphere远程代码执行漏洞(CVE-2020-4534)
4. 攻击[24982]:研华WebAccess SCADA IOCTL 10001 BwPSLink.exe任意文件删除漏洞

更新规则:
1. 攻击[24863]:SaltStack目录遍历漏洞(CVE-2020-11652)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23150. This package include changed rules:

new rules:
1. threat[24979]:ZenTao Pro Remote Code Execution Vulnerability(CVE-2020-7361)
2. threat[24980]:WebSphere Remote Code Execution Vulnerability(CVE-2020-4450)
3. threat[24981]:WebSphere Remote Code Execution Vulnerability(CVE-2020-4534)
4. threat[24982]:Advantech WebAccess SCADA IOCTL 10001 BwPSLink.exe Arbitrary File Delete Vulnerability

update rules:
1. threat[24863]:SaltStack Directory Traversal Vulnerability(CVE-2020-11652)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-07 16:11:33
名称: eoi.unify.allrulepatch.ips.5.6.10.23127.rule 版本:5.6.10.23127
MD5:a80f8e76a83cf07a98f9359bf07419ff 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23127。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24974]:泛微网络E-office OA管理系统任意文件读取漏洞
2. 攻击[24975]:Foxit Reader和PhantomPDF释放后重用漏洞(CVE-2020-8845)
3. 攻击[24976]:Microsoft Windows SMBv1 NT_TRANSACT_IOCTL远程执行代码(CVE-2020-1301)
4. 攻击[24977]:Microsoft Windows CAB文件分析目录遍历漏洞(CVE-2020-1300)
5. 攻击[24978]:Microsoft Windows SMBv3压缩信息披露(CVE-2020-1206)

更新规则:
1. 攻击[50519]:远程控制工具NetWire连接
2. 攻击[24101]:Apache Tomcat 远程代码执行漏洞(CVE-2017-12615)(CVE-2017-12617)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23127. This package include changed rules:

new rules:
1. threat[24974]:Weaver Network E-office OA Management System Arbitrary File Download Vulnerability
2. threat[24975]:Foxit Reader and PhantomPDF Use After Free Vulnerability(CVE-2020-8845)
3. threat[24976]:Microsoft Windows SMBv1 NT_TRANSACT_IOCTL Remote Code Execution(CVE-2020-1301)
4. threat[24977]:Microsoft Windows CAB File Parsing Directory Traversal Vulnerability(CVE-2020-1300)
5. threat[24978]:Microsoft Windows SMBv3 Compression Information Disclosure(CVE-2020-1206)

update rules:
1. threat[50519]:Remote Control tool NetWire
2. threat[24101]:Apache Tomcat Remote Code Execution Vulnerability(CVE-2017-12615)(CVE-2017-12617)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-30 17:46:04
名称: eoi.unify.allrulepatch.ips.5.6.10.23076.rule 版本:5.6.10.23076
MD5:1920901701df2f2b2364ef4eb6496394 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23076。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24970]:用友致远A8协同管理软件任意文件读取漏洞
2. 攻击[24971]:禅道项目管理系统11.6任意文件读取漏洞
3. 攻击[24972]:禅道项目管理系统11.6 SQL注入漏洞
4. 攻击[24973]:禅道项目管理系统11.6 文件上传漏洞
5. 攻击[24969]:ThinkPHP 6.0任意文件创建上传漏洞
6. 攻击[24965]:laravel框架序列化远程代码执行漏洞(CVE-2019-9081)
7. 攻击[41764]:nginx服务器后门连接尝试
8. 应用:sinec-h1
9. 应用:hart-ip
10. 应用:gryphon

更新规则:
1. 攻击[41588]:PHP Webshell脚本上传
2. 攻击[24962]:Microsoft Windows DNS服务器整数溢出(CVE-2020-1350)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23076. This package include changed rules:

new rules:
1. threat[24970]:Seeyon A8 collaborative management software Arbitrary file reading vulnerability
2. threat[24971]:Zentao PMS 11.6 Arbitrary File Read Vulnerability
3. threat[24972]:Zentao PMS 11.6 SQL Injection Vulnerability
4. threat[24973]:Zentao PMS 11.6 File Upload Vulnerability
5. threat[24969]:ThinkPHP 6.0 Arbitrary File Creation and Upload Vulnerability
6. threat[24965]:Laravel framework serialization remote code execution vulnerability (CVE-2019-9081)
7. threat[41764]:nginx Server Backdoor Connection Attempt
8. app:sinec-h1
9. app:hart-ip
10. app:gryphon

update rules:
1. threat[41588]:PHP Webshell Script Upload
2. threat[24962]:Microsoft Windows DNS Server Integer Overflow Vulnerability(CVE-2020-1350)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-23 19:04:17
名称: eoi.unify.allrulepatch.ips.5.6.10.23040.rule 版本:5.6.10.23040
MD5:81a20156c4aa4e9cfb057e4ba0592b1e 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23040。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24936]:Microsoft Edge Chakra脚本引擎远程内存破坏漏洞(CVE-2019-0568)
2. 攻击[24958]:EFS Easy File Sharing Web Server 缓冲区错误漏洞(CVE-2018-9059)
3. 攻击[24938]:DNN DNNarticle Module 配置文件泄露漏洞(CVE-2018-9126)
4. 攻击[24939]:Microsoft SharePoint Server远程代码执行漏洞(CVE-2019-0604)
5. 攻击[24941]:Nagios XI Chained 远程代码执行漏洞(CVE-2018-8735)
6. 攻击[24942]:Roland Gruber Softwareentwicklung LDAP Account Manager 跨站脚本漏洞(CVE-2018-8763)
7. 攻击[24943]:Square 9 GlobalForms SQL注入漏洞(CVE-2018-8820)
8. 攻击[24959]:Aviosoft DVD X Player Standar 缓冲区错误漏洞(CVE-2018-9128)
9. 攻击[24945]:Microsoft Edge Chakra InlineArrayPush 类型混淆漏洞(CVE-2018-8617)
10. 攻击[24947]:Drupal avatar_uploader v7.x-1.0-beta8 目录遍历漏洞(CVE-2018-9205)
11. 攻击[24948]:Windows VBScript 引擎远程执行代码漏洞(CVE-2018-8625)
12. 攻击[24950]:LibreOffice 输入验证错误漏洞(CVE-2019-9848)
13. 攻击[24951]:Microsoft Windows和Windows Server 输入验证错误漏洞(CVE-2020-0938)
14. 攻击[30746]:Microsoft Windows Modules Installer Service 信息泄露漏洞(CVE-2020-0859)
15. 攻击[24952]:Microsoft Windows Installer 远程代码执行漏洞(CVE-2020-0814)
16. 攻击[24961]:SQL Server Reporting Services RCE漏洞(CVE-2010-0618)
17. 攻击[24954]:Microsoft Media Foundation 缓冲区错误漏洞(CVE-2020-0738)
18. 攻击[24505]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)
19. 攻击[24955]:Windows LNK快捷方式文件远程代码执行漏洞(CVE-2020-0729)
20. 攻击[30747]:Microsoft Windows Modules Installer Service信息泄露漏洞(CVE-2020-0728)
21. 攻击[24956]:Windows Installer权限提升漏洞(CVE-2020-0683)
22. 攻击[24957]:Windows Kernel Service Tracing权限提升漏洞(CVE-2020-0668)
23. 攻击[24962]:Microsoft Windows DNS服务器整数溢出(CVE-2020-1350)
24. 攻击[24964]:Zoho ManageEngine OpManager cachestart目录遍历(CVE-2020-13818)
25. 应用:人人直播


更新规则:
1. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361)
2. 攻击[50591]:RDP远程桌面服务登录成功
3. 攻击[24119]:FasterXML Jackson-databind反序列化代码执行漏洞(CVE-2017-15095)
4. 应用:百度云管家
5. 应用:华西证券


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23040. This package include changed rules:

new rules:
1. threat[24936]:Microsoft Edge Chakra Scripting Engine Remote Memory corruption vulnerability (CVE-2019-0568
2. threat[24958]:EFS Easy File Sharing Web Server Buffer Error Vulnerability (CVE-2018-9059)
3. threat[24938]:DNN DNNarticle Module Config File Leak Vulnerability(CVE-2018-9126)
4. threat[24939]:Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2019-0604)
5. threat[24941]:Nagios XI Chained Remote Code Execution Vulnerability(CVE-2018-8735)
6. threat[24942]:Roland Gruber Softwareentwicklung LDAP Account Manager CROSS-site Scripting Vulnerability(CVE-2018-8763)
7. threat[24943]:Square 9 GlobalForms SQL Injection Vulnerability(CVE-2018-8820)
8. threat[24959]:Aviosoft DVD X Player Standar Buffer Error Vulnerability (CVE-2018-9128)
9. threat[24945]:Microsoft Edge Chakra InlineArrayPush Type Confusion Vulnerability(CVE-2018-8617)
10. threat[24947]:Drupal avatar_uploader v7.x-1.0-beta8 Directory Traversal Vulnerability(CVE-2018-9205)
11. threat[24948]:Windows VBScript Engine Remote Execution Code Vulnerability(CVE-2018-8625)
12. threat[24950]:LibreOffice input validation error vulnerability(CVE-2019-9848)
13. threat[24951]:Microsoft Windows和Windows Server Input Validation Vulnerability(CVE-2020-0938)
14. threat[30746]:Microsoft Windows Modules Installer Service Information Disclosure Vulnerability(CVE-2020-0859)
15. threat[24952]:Microsoft Windows Installer Remote Code Execution Vulnerability(CVE-2020-0814)
16. threat[24961]:SQL Server Reporting Services RCE Vulnerability (CVE-2010-0618)
17. threat[24954]:Microsoft Media Foundation Buffer Error Vulnerability(CVE-2020-0738)
18. threat[24505]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)
19. threat[24955]:Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
20. threat[30747]:Microsoft Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728)
21. threat[24956]:Windows Installer Privilege Elevation Vulnerability (CVE-2020-0683)
22. threat[24957]:Windows Kernel Service Tracing Privilege Elevation Vulnerability (CVE-2020-0668)
23. threat[24962]:Microsoft Windows DNS Server Integer Overflow Vulnerability(CVE-2020-1350)
24. threat[24964]:Zoho ManageEngine OpManager cachestart Directory Traversal(CVE-2020-13818)
25. app:renrenzhibo

update rules:
1. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361)
2. threat[50591]:RDP Remote Desktop Protocol Service Login
3. threat[24119]:FasterXML Jackson-databind Deserialization Remote Code Execution Vulnerability(CVE-2017-15095)
4. app:baiduyunguanjia
5. app:Market Quotes Stie - Huaxi Securities


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-15 22:44:15
名称: eoi.unify.allrulepatch.ips.5.6.10.22935.rule 版本:5.6.10.22935
MD5:b0fa950156140f64fdb40deefb1031ae 大小:25.27M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22935。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24935]:Microsoft Edge Chakra脚本引擎远程内存破坏漏洞(CVE-2019-0567)
2. 攻击[24930]:思科数据中心网络管理器installSwitchLicense目录遍历漏洞(CVE-2019-15980)
3. 攻击[24931]:Foxit PhantomPDF文本字段对象释放后重用漏洞(CVE-2020-8846)
4. 攻击[24932]:Cisco UCS Director isEnableRestKeyAccessCheckForUser身份验证绕过漏洞(CVE-2020-3243)
5. 攻击[41763]:Cobalt Strike渗透攻击工具Beacon DNS通信
6. 攻击[24933]:Cisco Data Center Network Manager storeFileContentInFS 目录遍历漏洞(CVE-2019-15981)
7. 攻击[24934]:Microsoft .NET Framework XPS文件解析远程代码执行漏洞(CVE-2020-0605)


更新规则:
1. 攻击[49003]:Mirai僵尸连接服务器
2. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984)
3. 攻击[50181]:HTTP协议CONNECT遂道功能(http proxy)连接访问


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22935. This package include changed rules:

new rules:
1. threat[24935]:Microsoft Edge Chakra Scripting Engine Remote Memory corruption vulnerability (CVE-2019-0567)
2. threat[24930]:Cisco Data Center Network Manager installSwitchLicense Directory Traversal Vulnerability(CVE-2019-15980)
3. threat[24931]:Foxit PhantomPDF text Field Object Use After Free Vulnerability(CVE-2020-8846)
4. threat[24932]:Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability(CVE-2020-3243)
5. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication
6. threat[24933]:Cisco Data Center Network Manager storeFileContentInFS Directory Traversal Vulnerability(CVE-2019-15981)
7. threat[24934]:Microsoft .NET Framework XPS File Parsing Remote Code Execution Vulnerability(CVE-2020-0605)

update rules:
1. threat[49003]:Mirai Botnet Connecting to the Server
2. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984)
3. threat[50181]:HTTP Protocol CONNECT Tunnel Feature (http proxy) Connection Access


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-09 18:49:50
名称: eoi.unify.allrulepatch.ips.5.6.10.22885.rule 版本:5.6.10.22885
MD5:8265b4063fca25617864851fd62559a6 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22885。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10506]:Microsoft Windows TLS Key Exchange拒绝服务漏洞(CVE-2020-1118)
2. 攻击[24928]:Zoho ManageEngine DataSecurity Plus认证绕过漏洞(CVE-2020-11532)
3. 攻击[10507]:ISC BIND TSIG 验证拒绝服务漏洞(CVE-2020-8617)
4. 攻击[41762]:Tomato路由器默认口令扫描

更新规则:
1. 攻击[24893]:Microsoft Internet Explorer Jscript JSONStringifyObject 释放后重利用漏洞(CVE-2017-11793)
2. 攻击[50453]:协议隧道工具dns2tcp连接
3. 攻击[24919]:Zoho ManageEngine DataSecurity Plus目录遍历漏洞(CVE-2020-11531)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22885. This package include changed rules:

new rules:
1. threat[10506]:Microsoft Windows TLS Key Exchange Denial of Service Vulnerability(CVE-2020-1118)
2. threat[24928]:Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability(CVE-2020-11532)
3. threat[10507]:ISC BIND TSIG Validation Denial of Service Vulnerability(CVE-2020-8617)
4. threat[41762]:Tomato router Default Credentials Scan

update rules:
1. threat[24893]:Microsoft Internet Explorer Jscript JSONStringifyObject Use After Free (CVE-2017-11793)
2. threat[50453]:Protocol Tunnel Tool dns2tcp Connect
3. threat[24919]:Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability(CVE-2020-11531)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-02 18:19:08
名称: eoi.unify.allrulepatch.ips.5.6.10.22865.rule 版本:5.6.10.22865
MD5:acefbf8be9887dad13361174a30a18a0 大小:25.25M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22865。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30744]:帆软报表v8.0认证账号密码信息泄露漏洞
2. 攻击[24925]:Winmail邮箱管理系统viewsharenetdisk.php任意文件下载漏洞
3. 攻击[41761]:WMIC命令执行
4. 攻击[24926]:泛微ecology8 任意文件上传漏洞
5. 攻击[24927]:Apache Dubbo Provider 反序列化漏洞(CVE-2020-1948)
6. 应用:腾讯会议
7. 应用:Zoho
8. 应用:企业微信
9. 应用:WPS
10. 应用:WeLink
11. 应用:Webex Meetings
12. 应用:泛微
13. 应用:腾讯文档
14. 应用:好视通视频会议
15. 应用:飞书

更新规则:
1. 攻击[24879]:winmail邮箱管理系统任意文件下载漏洞
2. 攻击[24878]:Winmail邮件管理系统任意文件上传漏洞
3. 攻击[24255]:Web服务远程命令执行攻击
4. 攻击[24918]:Zoho ManageEngine OpManager fluidicv2 UI目录遍历漏洞(CVE-2020-12116)
5. 攻击[41718]:内网隧道工具reGeorg连接
6. 应用:Zoom


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22865. This package include changed rules:

new rules:
1. threat[30744]:FineReport v8.0 Authentication Account Password Information Disclosure Vulnerability
2. threat[24925]:Winmail Mailbox Management System viewsharenetdisk.php Abitrary Download Vulnerability
3. threat[41761]:WMIC Command Execation
4. threat[24926]:Weaver Ecology8 Arbitrary File Upload Vulnerability
5. threat[24927]:Apache Dubbo Provider Deserialization Vulnerability(CVE-2020-1948)
6. app:Tencent Meeting
7. app:Zoho
8. app:WeWork
9. app:WPS
10. app:WeLink
11. app:Webex Meetings
12. app:eteams
13. app:腾讯文档
14. app:好视通视频会议
15. app:飞书

update rules:
1. threat[24879]:winmail mailbox management system abitrary download vulnerability
2. threat[24878]:winmail mail management system arbitrary upload vulnerability
3. threat[24255]:Web Service Remote Command Execution Attack
4. threat[24918]:Zoho ManageEngine OpManager fluidicv2 UI Directory Traversal Vulnerability(CVE-2020-12116)
5. threat[41718]:Intranet tunneling tool reGeorg connection
6. app:Zoom


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-28 15:19:41
名称: eoi.unify.allrulepatch.ips.5.6.10.22840.rule 版本:5.6.10.22840
MD5:770a367ee4eda3d790205dab5e3a639b 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22840。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24921]:Advantech WebAccess SCADA BwFLApp.exe任意文件删除漏洞
2. 攻击[24922]:Advantech WebAccess SCADA BwPFile.exe任意文件删除漏洞
3. 攻击[24923]:Apache Shiro RememberMe反序列化漏洞(CVE-2016-4437)
4. 攻击[50591]:RDP远程桌面服务登录成功
5. 攻击[30743]:泛微ecology OA数据库配置信息泄露
6. 攻击[24924]:Apache Commons Configuration加载YAML文件反序列化漏洞(CVE-2020-1953)

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24858]:通达OA 任意用户远程代码执行漏洞
3. 攻击[23533]:TRS WCM任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22840. This package include changed rules:

new rules:
1. threat[24921]:Advantech WebAccess SCADA BwFLApp.exe Arbitrary File Deletion Vulnerability
2. threat[24922]:Advantech WebAccess SCADA BwPFile.exe Arbitrary File Deletion Vulnerability
3. threat[24923]:Apache Shiro RememberMe Deserialization Vulnerability(CVE-2016-4437)
4. threat[50591]:RDP Remote Desktop Protocol Service Login
5. threat[30743]:Weaver ecology OA Database Configuration Information Leakage Vulnerability
6. threat[24924]:Apache Commons Configuration Loading YAML Files Deserialization Vulnerability(CVE-2020-1953)

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24858]:TongDa OA Remote Code Execution Vulnerability
3. threat[23533]:TRS WCM Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-18 17:58:35
名称: eoi.unify.allrulepatch.ips.5.6.10.22809.rule 版本:5.6.10.22809
MD5:30463eac9481315269eb69ab9196de22 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22809。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41760]:Victor CMS 1.0 远程Shell 上传漏洞
2. 攻击[24912]:i-doit Open Source CMDB 1.14.1任意文件删除漏洞
3. 攻击[24914]:OpenMRSReference应用程序sessionLocation参数反射型跨站点脚本漏洞
4. 攻击[24915]:Oracle商业智能BIRemotingServlet AMF不安全反序列化(CVE-2020-2950)
5. 攻击[24916]:Rockwell Automation FactoryTalk RNADiagnosticsSrv反序列化漏洞(CVE-2020-6967)
6. 攻击[30742]:Adobe Acrobat及Reader 越界读取信息泄露漏洞(CVE-2020-3804)
7. 应用:KNXIP

更新规则:
1. 攻击[24895]:dotCMS CMSFilter assets 访问控制漏洞(CVE-2020-6754)
2. 攻击[24861]:Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8470)
3. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22809. This package include changed rules:


new rules:
1. threat[41760]:Victor CMS 1.0 Shell Upload
2. threat[24912]:i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion
3. threat[24914]:OpenMRS Reference Application sessionLocation Reflected Cross-Site Scripting
4. threat[24915]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization(CVE-2020-2950)
5. threat[24916]:Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization Vulnerability(CVE-2020-6967)
6. threat[30742]:Adobe Acrobat and Reader Out of Bounds Read Information Disclosure Vulnerability(CVE-2020-3804)
7. app:KNXIP

update rules:
1. threat[24895]:dotCMS CMSFilter assets Access Control Weakness Vulnerability (CVE-2020-6754)
2. threat[24861]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8470)
3. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-11 18:19:35
名称: eoi.unify.allrulepatch.ips.5.6.10.22767.rule 版本:5.6.10.22767
MD5:b2451730d704f15d6964e9809fe6fe2b 大小:25.23M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22767。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24905]:Webtateas 2.0 任意文件读取漏洞
2. 攻击[41758]:i-doit开源CMDB 1.14.1任意文件删除
3. 攻击[24904]:HP LinuxKI 6.01-远程命令注入漏洞(CVE-2020-7209)
4. 攻击[24906]:Cisco SD-WAN Solution vManage SQL注入漏洞(CVE-2019-16012)
5. 攻击[24907]:施耐德电气 IGSS IGSSupdateservice 目录遍历漏洞(CVE-2020-7478)
6. 攻击[24908]:Mikrotik路由器监控系统1.2.3 SQL注入(CVE-2020-13118)
7. 攻击[24909]:JDWP远程命令执行

更新规则:
1. 攻击[49003]:Mirai僵尸连接服务器
2. 攻击[41381]:恶意勒索软件传输
3. 攻击[24883]:Zabbix jsrpc.php SQL注入漏洞(CVE-2016-10134)
4. 攻击[23991]:Fastjson远程代码执行漏洞
5. 攻击[24106]:Apache Tomcat远程代码执行漏洞(CVE-2017-12617)
6. 攻击[24771]:PHPStudy Backdoor 远程代码执行漏洞
7. 应用:微信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22767. This package include changed rules:

new rules:
1. threat[24905]:Webtateas version 2.0 suffers from an arbitrary file read vulnerability.
2. threat[41758]:i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion
3. threat[24904]:HP LinuxKI 6.01Remote Command Injection Vulnerability(CVE-2020-7209)
4. threat[24906]:Cisco SD-WAN Solution vManage SQL Injection Vulnerability(CVE-2019-16012)
5. threat[24907]:Schneider Electric IGSS IGSSupdateservice Directory Traversal Vulnerability(CVE-2020-7478)
6. threat[24908]:Mikrotik Router Monitoring System 1.2.3 SQL Injection(CVE-2020-13118)
7. threat[24909]:JDWP Remote Command Execution

update rules:
1. threat[49003]:Mirai Botnet Connecting to the Server
2. threat[41381]:Malicious Ransomware Transmission
3. threat[24883]:Zabbix jsrpc.php SQL injection vulnerability (CVE-2016-10134)
4. threat[23991]:Fastjson Remote Code Execution Vulnerability
5. threat[24106]:Apache Tomcat remote Code Execution Vulnerability(CVE-2017-12617)
6. threat[24771]:PHPStudy Backdoor Remote Code Execution Vulnerability
7. app:wechat


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-04 17:22:54
名称: eoi.unify.allrulepatch.ips.5.6.10.22729.rule 版本:5.6.10.22729
MD5:597a7d9424e3b20456c4071129ec5954 大小:25.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22729。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24901]:D-Link DSL-2780B DLink_1.01.14-远程DNS更改漏洞
2. 攻击[24902]:Nagios XI未经身份验证的存储的跨站点脚本漏洞(CVE-2018-15712)
3. 攻击[10505]:NTP ntpd monlist Query Reflection 拒绝服务漏洞(CVE-2013-5211)
4. 攻击[24899]:Oracle 电子商务套件人力资源SQL注入(CVE-2020-2956)(CVE-2020-2882)
5. 应用:IEC-61850-GOOSE
6. 应用:IEC-61850-SV

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞
2. 攻击[68655]:可疑Webshell后门访问控制
3. 攻击[24897]:WordPress ChopSlider 3 SQL注入漏洞(CVE-2020-11530)
4. 应用:IEC-61850-MMS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22729. This package include changed rules:

new rules:
1. threat[24901]:D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change vulnerability
2. threat[24902]:Nagios XI Unauthenticated Stored Cross-site Scripting Vulnerability(CVE-2018-15712)
3. threat[10505]:NTP ntpd monlist Query Reflection Denial of Service Vulnerability(CVE-2013-5211)
4. threat[24899]:Oracle E-Business Suite Human Resources SQL Injection (CVE-2020-2956)(CVE-2020-2882)
5. app:IEC-61850-GOOSE
6. app:IEC-61850-SV

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability
2. threat[68655]:Suspicious Webshell Backdoor Access and Control
3. threat[24897]:WordPress ChopSlider 3 SQL injection vulnerability (CVE-2020-11530)
4. app:IEC-61850-MMS


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-28 17:33:02
名称: eoi.unify.allrulepatch.ips.5.6.10.22680.rule 版本:5.6.10.22680
MD5:f341fffe06881faa846795643f129147 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22680。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229)
2. 攻击[24894]:Microsoft Edge ChakraCore类型混淆信息披露(CVE-2017-0134)
3. 攻击[24892]:Oracle WebLogic Server FileDistributionServlet信息泄露漏(CVE-2019-2625)
4. 攻击[24896]:Nagios日志服务器用户配置文件存储型跨站脚本攻击(CVE-2020-6586)
5. 攻击[41757]:网络中发现可疑DNS行为(动态随机域名)
6. 攻击[24897]:WordPress ChopSlider 3 SQL注入漏洞(CVE-2020-11530)



更新规则:
1. 应用:iec-60870-5-104


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22680. This package include changed rules:


new rules:
1. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229)
2. threat[24894]:Microsoft Edge ChakraCore Type Confusion Information Disclosure (CVE-2017-0134)
3. threat[24892]:Oracle WebLogic Server FileDistributionServlet Information Disclosure Vulnerability (CVE-2019-2625)
4. threat[24896]:Nagios Log Server User Profile Stored Cross-Site Scripting(CVE-2020-6586)
5. threat[41757]:Suspicious DNS behavior found in the network (Dynamic Random Domain Name)
6. threat[24897]:WordPress ChopSlider 3 SQL injection vulnerability (CVE-2020-11530)


update rules:
1. app:iec-60870-5-104

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-21 18:57:49
名称: eoi.unify.allrulepatch.ips.5.6.10.22638.rule 版本:5.6.10.22638
MD5:4e26224644b639a065dae79231aebfb1 大小:25.17M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22638。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24890]:Grandstream UCM6200 远程代码执行漏洞(CVE-2020-5722)
2. 攻击[24889]:Draytek Vigor远程代码执行漏洞(CVE-2020-8515)
3. 攻击[24888]:Netlink GPON路由器远程代码执行漏洞
4. 攻击[24865]:Nagios XI Two Reflected 跨站脚本攻击漏洞(CVE-2020-10819)
5. 攻击[24864]:AVTECH 视频监控设备未授权命令执行漏洞
6. 攻击[24883]:Zabbix jsrpc.php SQL注入漏洞(CVE-2016-10134)
7. 攻击[24881]:Zabbix latest.php SQL注入漏洞(CVE-2016-10134)
8. 攻击[24866]:Edimax EW-7438RPn 1.13 远程代码执行漏洞
9. 攻击[24879]:winmail邮箱管理系统任意文件下载漏洞
10. 攻击[24878]:Winmail邮件管理系统任意文件上传漏洞
11. 攻击[24877]:eYou list_userinfo.php SQL注入漏洞
12. 攻击[24876]:eYou action_help.class.php SQL注入漏洞
13. 攻击[24868]:TP-LINK Cloud Cameras NCXXX Bonjour 命令注入漏洞(CVE-2020-12109)
14. 攻击[24873]:eYou v4 邮件系统 domain_logo.php 命令执行漏洞
15. 攻击[24871]:Microsoft Windows SMB Server远程代码执行漏洞(CVE-2017-0143)(ms17-010)
16. 攻击[24872]:ELTEX NTP-RG-1402G命令注入漏洞(CVE-2020-9026)
17. 攻击[24869]:School ERP Pro 1.0任意文件读取漏洞
18. 攻击[24880]:FasterXML jackson-databind 远程代码执行漏洞(CVE-2020-11113)
19. 攻击[24870]:School ERP Pro 1.0 任意文件上传漏洞
20. 攻击[24887]:GhostScript 沙箱绕过(命令执行)漏洞(CVE-2019-6116)


更新规则:
1. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22638. This package include changed rules:

new rules:
1. threat[24890]:Grandstream UCM6200 Remote Code Execution Vulnerability (CVE-2020-5722)
2. threat[24889]:Draytek Vigor Remote Code Execution Vulnerability (CVE-2020-8515)
3. threat[24888]:Netlink GPON router remote code execution vulnerability
4. threat[24865]:Nagios XI Two Reflected Cross-Site Scripting Vulnerability(CVE-2020-10819)
5. threat[24864]:Unauthorized command execution vulnerability in AVTECH video surveillance equipment
6. threat[24883]:Zabbix jsrpc.php SQL injection vulnerability (CVE-2016-10134)
7. threat[24881]:Zabbix latest.php SQL injection vulnerability (CVE-2016-10134)
8. threat[24866]:Edimax EW-7438RPn 1.13 Remote Code Execution
9. threat[24879]:winmail mailbox management system abitrary download vulnerability
10. threat[24878]:winmail mail management system arbitrary upload vulnerability
11. threat[24877]:eYou list_userinfo.php SQL injection vulnerability
12. threat[24876]:eYou action_help.class.php SQL injection vulnerability
13. threat[24868]:TP-LINK Cloud Cameras NCXXX Bonjour Command Injection(CVE-2020-12109)
14. threat[24873]:eYou v4 mail system domain_logo.php command execution vulnerability
15. threat[24871]:Microsoft Windows SMB Server Remote Code Execution Vulnerability(CVE-2017-0143)(ms17-010)
16. threat[24872]:ELTEX NTP-RG-1402G command injection vulnerability (CVE-2020-9026)
17. threat[24869]:School ERP Pro 1.0 Arbitrary File Read
18. threat[24880]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-11113)
19. threat[24870]:School ERP Pro 1.0 arbitrary file upload vulnerability
20. threat[24887]:GhostScript Sandbox Bypass (Command Execution) Vulnerability(CVE-2019-6116)


update rules:
1. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-15 09:52:01
名称: eoi.unify.allrulepatch.ips.5.6.10.22624.rule 版本:5.6.10.22624
MD5:ef9694fde23251985603285fc2171228 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22624。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24885]:Adobe LiveCycle Data Services XML外部实体注入(XXE)漏洞(CVE-2015-3269)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22624. This package include changed rules:

new rules:
1. threat[24885]:Adobe LiveCycle Data Services XML External Entity Injection(XXE) Vulnerability(CVE-2015-3269)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-10 08:46:12
名称: eoi.unify.allrulepatch.ips.5.6.10.22577.rule 版本:5.6.10.22577
MD5:9046bcc35cc9536e5b73a359c34405ef 大小:25.15M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22577。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24849]:通达OA任意文件上传漏洞
2. 攻击[24851]:Spring Security OAuth 远程代码执行漏洞(CVE-2016-4977)
3. 攻击[24850]:Jenkins CLI-RMI 反序列化远程代码执行漏洞(CVE-2015-8103)
4. 攻击[24852]:Jenkins-CI 远程代码执行漏洞(CVE-2016-9299,CVE-2017-1000353)
5. 攻击[24854]:Jenkins远程命令执行漏洞(CVE-2018-1000861)
6. 攻击[24855]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2018-16621)
7. 攻击[24856]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2020-10199)
8. 攻击[24821]:WSO2 3.1.0 任意文件删除
9. 攻击[24826]:Edimax Technology EW-7438RPn-v3 Mini 1.27 远程代码执行漏洞
10. 攻击[24859]:Jenkins Script Security Plugin沙箱绕过/远程代码执行(CVE-2019-1003005)(CVE-2019-1003029)
11. 攻击[30741]:通达OA无登录获取敏感信息
12. 攻击[24857]: ElasticSearch 动态脚本任意java执行(CVE-2014-3120)
13. 攻击[24860]: Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8599)
14. 攻击[24861]: Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8470)
15. 攻击[24862]:SaltStack远程命令执行漏洞(CVE-2020-11651)
16. 攻击[24863]:SaltStack目录遍历漏洞(CVE-2020-11652)
17. 应用:eyou-mail



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22577. This package include changed rules:

new rules:
1. threat[24849]:TongDa OA arbitrary file upload vulnerability
2. threat[24851]:Spring Security OAuth remote code execution vulnerability (CVE-2016-4977)
3. threat[24850]:Jenkins CLI-RMI Java Deserialization(CVE-2015-8103)
4. threat[24852]:Jenkins-CI Remote Code Execution Vulnerability(CVE-2016-9299,CVE-2017-1000353)
5. threat[24854]:Jenkins Remote Command Execution Vulnerability(CVE-2018-1000861)
6. threat[24855]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2018-16621)
7. threat[24856]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2020-10199)
8. threat[24821]:WSO2 3.1.0 Arbitrary File Delete
9. threat[24826]:Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution Vulnerability
10. threat[24859]:Jenkins ACL Bypass and Metaprogramming RCE(CVE-2019-1003005)(CVE-2019-1003029)
11. threat[30741]:Access OA Without Login To Obtain Sensitive Information
12. threat[24857]:ElasticSearch Dynamic Script Arbitrary Java Execution(CVE-2014-3120)
13. threat[24860]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8599)
14. threat[24861]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8470)
15. threat[24862]:SaltStack Remote Command Execution Vulnerability(CVE-2020-11651)
16. threat[24863]:SaltStack Directory Traversal Vulnerability(CVE-2020-11652)
17. app:eyou-mail


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-07 18:34:59
名称: eoi.unify.allrulepatch.ips.5.6.10.22558.rule 版本:5.6.10.22558
MD5:c6edb090aea16322baeed7fbb688402b 大小:25.14M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22558。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24831]:Subex ROC Partner Settlement 不安全的直接对象引用漏洞(CVE-2020-9384)
2. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
3. 攻击[24833]:CentOS web面板认证系统命令注入漏洞(CVE-2018-18322)
4. 攻击[30740]:CentOS Web Panel 0.9.8.480 本地文件包含(CVE-2018-18223)
5. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞
6. 攻击[24835]:Discuz! ML远程代码执行漏洞(CVE-2019-13956)
7. 攻击[24836]:Drupal RESTWS Module 7.x PHP 远程代码执行漏洞
8. 攻击[24837]:Drupal CODER Module 远程代码执行漏洞
9. 攻击[24839]:php上传文件绕过
10. 攻击[24840]:jboss反序列化漏洞(CVE-2017-7504)
11. 攻击[24838]:Discuz!X /utility/convert/index.php远程代码执行漏洞
12. 攻击[24841]:Jboss未授权访问漏洞(CVE-2010-0738)
13. 攻击[24843]:phpcms 2008远程代码执行漏洞
14. 攻击[24844]:Dell SonicWALL Scrutinizer q参数SQL注入漏洞
15. 攻击[24845]:Oxwall1.7.0代码执行漏洞
16. 攻击[24846]:phpcms2008 代码注入漏洞


更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[24627]:dedecms sys_verifies.php远程代码执行漏洞(CVE-2018-9174)
3. 攻击[24375]:ThinkPHP5 5.0.23 远程代码执行漏洞
4. 攻击[41704]:Windows CMD命令行反向连接
5. 应用:ftp



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22558. This package include changed rules:

new rules:
1. threat[24831]:Subex ROC Partner Settlement Insecure Direct Object Reference (IDOR) Vulnerability(CVE-2020-9384)
2. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781)
3. threat[24833]:CentOS Web Panel Authenticated OS Command Injection
4. threat[30740]:CentOS Web Panel 0.9.8.480 Local File Inclusion(CVE-2018-18223)
5. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability
6. threat[24835]:Discuz! ML RCE Vulnerability (CVE-2019-13956)
7. threat[24836]:Drupal RESTWS Module 7.x PHP Remote Code Execution Vulnerability
8. threat[24837]:Drupal CODER Module Remote Command Execution Vulnerability
9. threat[24839]:php upload file bypass
10. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504)
11. threat[24838]:Discuz!X /utility/convert/index.php Remote Code Execution Vulnerability
12. threat[24841]:Jboss Unauthorized Access Vulnerability (CVE-2010-0738)
13. threat[24843]:phpcms 2008 remote code execution vulnerability
14. threat[24844]:Dell SonicWALL Scrutinizer q parameter SQL injection vulnerability
15. threat[24845]:Oxwall 1.7.0 code execution vulnerability
16. threat[24846]:phpcms2008 code injection vulnerability


update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[24627]:dedecms sys_verifies.php Remote Code Execution Vulnerability (CVE-2018-9174)
3. threat[24375]:ThinkPHP5 5.0.23 Remote Code Execution Vulnerability
4. threat[41704]:Windows CMD Command Line Reverse Connect
5. app:ftp



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-30 14:52:01
名称: eoi.unify.allrulepatch.ips.5.6.10.22459.rule 版本:5.6.10.22459
MD5:e167ea878cc313ba7791dd26cb4a525e 大小:25.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22459。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24824]:Oracle WebLogic Server 服务器端请求伪造(SSRF)漏洞(CVE-2014-4210)
2. 攻击[41753]:恶意程序linux/nemesis_a网络通信
3. 攻击[41755]:恶意程序Windows/Mozart网络通信
4. 攻击[24825]:Exim base64d()函数缓冲区溢出漏洞(CVE-2018-6789)
5. 攻击[24822]:Wordpress Plugin Media Library Assistant 2.81 本地文件包含

更新规则:
1. 攻击[62960]:phpLDAPadmin "functions.php"远程PHP代码注入漏洞
2. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22459. This package include changed rules:

new rules:
1. threat[24824]:Oracle WebLogic Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2014-4210)
2. threat[41753]:Malicious program linux / nemesis_a network communication
3. threat[41755]:Malicious program Windows / Mozart network communication
4. threat[24825]:Exim base64d() Function Buffer Overflow(CVE-2018-6789)
5. threat[24822]:Wordpress Plugin Media Library Assistant 2.81 Local File Inclusion

update rules:
1. threat[62960]:phpLDAPadmin PHP Code Injection Vulnerability
2. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-23 19:46:58
名称: eoi.unify.allrulepatch.ips.5.6.10.22420.rule 版本:5.6.10.22420
MD5:bd4d5af3dfd4cde4a60715fb2212832c 大小:25.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22420。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41739]:WannaRen勒索病毒传输通信
2. 攻击[41740]:恶意木马劫持深信服SSL VPN升级程序SangforUD.exe
3. 攻击[41741]:Cobalt Strike渗透攻击工具Beacon HTTPS通信
4. 攻击[30738]:Jinfornet Jreport 15.6 无需认证的目录遍历漏洞
5. 攻击[24812]:NVMS-9000 camera 远程代码执行漏洞
6. 攻击[24813]:Eir D1000路由器远程代码执行漏洞
7. 攻击[24814]:HPE智能管理中心ViewBatchTaskResultDetailBean语言注入漏洞(CVE-2019-5386)
8. 攻击[41742]:恶意程序Windows/VIDAR_a窃密木马网络通信
9. 攻击[24816]:rConfig Network Device Configuration Tool ajaxAddTemplate.php命令注入(CVE-2020-10221)
10. 攻击[41743]:恶意程序Windows/RevengeRAT远控木马网络通信
11. 攻击[41744]:恶意程序Windows/ParasiteStealer窃密木马网络通信
12. 攻击[41745]:恶意程序Windows/VTFLOODER远控木马网络通信
13. 攻击[41747]:恶意程序Raudotek僵尸木马上线通信
14. 攻击[41748]:恶意程序Windows/NanoCore远控木马网络通信
15. 攻击[41746]:恶意程序Dark_Nexus僵尸网络上线通信
16. 攻击[41750]:恶意程序GoBrut僵尸网络上线通信
17. 攻击[41751]:恶意程序AutoitPredator僵尸网络上线通信
18. 攻击[24817]:NagiosXI 5.6.11 address 远程代码执行漏洞
19. 攻击[24818]:Symantec Web Gateway 5.0.2.8 远程代码执行漏洞
20. 攻击[30739]:Cisco Small Business RV320和RV325信息泄露漏洞(CVE-2019-1653)
21. 攻击[24819]:Zen Load Balancer 3.10.1 目录遍历漏洞
22. 攻击[41752]:恶意程序FYHHOS僵尸网络上线通信
23. 攻击[24820]:Webtateas 2.0 任意文件读取
24. 攻击[24822]:Wordpress Plugin Media Library Assistant 2.81 本地文件包含
25. 攻击[24823]:MVPower DVR Shell未授权远程命令执行漏洞

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[24745]:Linear eMerge E3访问控制器命令注入(CVE-2019-7256)
3. 攻击[24203]:ESF pfSense system_groupmanager.php命令注入漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22420. This package include changed rules:

new rules:
1. threat[41739]:WannaRen ransomware transmission communication
2. threat[41740]:Malicious Trojan Hijacking Sangfor SSL VPN Update Program SangforUD.exe
3. threat[41741]:Penetration Test Tool Cobalt Strike Beacon HTTPS Communication
4. threat[30738]:Jinfornet Jreport 15.6 Unauthenticated Directory Traversal Vulnerability
5. threat[24812]:NVMS-9000 camera remote code execution vulnerability
6. threat[24813]:Eir D1000 router remote code execution vulnerability
7. threat[24814]:HPE Intelligent Management Center ViewBatchTaskResultDetailBean Language Injection Vulnerability(CVE-2019-5386)
8. threat[41742]:Malware Windows/VIDAR_a Stealth Trojan Network Communication
9. threat[24816]:rConfig Network Device Configuration Tool ajaxAddTemplate.php Command Injection(CVE-2020-10221)
10. threat[41743]:Malware Windows/RevengeRAT Remote Control Trojan Network Communication
11. threat[41744]:Malware Windows/ParasiteStealer Trojan Network Communication
12. threat[41745]:MalwareWindows / VTFLOODER remote control Trojan network communication
13. threat[41747]:Malware Raudotek Zombie Trojan communication
14. threat[41748]:Malware Windows / NanoCore remote control Trojan network communication
15. threat[41746]:Malware Dark_Nexus Botnet Network Communication
16. threat[41750]:Malware GoBrut Botnet Network Communication
17. threat[41751]:Malware AutoitPredator Botnet Network Communication
18. threat[24817]:NagiosXI 5.6.11 address remote code execution vulnerability
19. threat[24818]:Symantec Web Gateway 5.0.2.8 Remote Code Execution
20. threat[30739]:Cisco Small Business RV320 and RV325 Information Disclosure Vulnerability(CVE-2019-1653)
21. threat[24819]:Zen Load Balancer 3.10.1 directory traversal vulnerability
22. threat[41752]:Malware FYHHOS Botnet Network Communication
23. threat[24820]:Webtateas 2.0 Arbitrary File Read
24. threat[24822]:Wordpress Plugin Media Library Assistant 2.81 Local File Inclusion
25. threat[24823]:MVPower DVR Shell Unauthenticated Command Execution

update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[24745]:Linear eMerge E3 Access Controller Command Injection(CVE-2019-7256)
3. threat[24203]:ESF pfSense system_groupmanager.php Command Injection Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-16 17:52:57
名称: eoi.unify.allrulepatch.ips.5.6.10.22340.rule 版本:5.6.10.22340
MD5:8337c64b631c0e1de64b26a38e458ec6 大小:25.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22340。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24802]:WiKID 2FA企业服务器 groups.js 跨站脚本攻击(CVE-2019-17116)
2. 攻击[24768]:Centreon formMibs.php 代码注入漏洞
3. 攻击[24803]:Cisco Data Center Network Manager importTS 命令注入漏洞(CVE-2019-15979)
4. 攻击[24804]:Cisco Data Center Network Manager createLanFabric 命令注入漏洞(CVE-2019-15978)
5. 攻击[24805]:HPE IMC ForwardRedirect表达式语言注入漏洞
6. 攻击[24806]:Microsoft SharePoint Server存储型跨站脚本攻击漏洞(CVE-2020-0693)
7. 攻击[24807]:WordPress 10Web Photo Gallery Plugin存储型跨站脚本攻击漏洞(CVE-2020-9335)
8. 攻击[50586]:网络爬虫头条抓取网页信息
9. 攻击[50587]:网络爬虫Bing抓取网页信息
10. 攻击[50588]:网络爬虫Moz抓取网页信息
11. 攻击[50589]:网络爬虫神马搜索抓取网页信息
12. 攻击[24808]:OpenDreamBox 2.0.0 Plugin WebAdmin 命令注入漏洞
13. 攻击[24809]:Joomla! com_fabrik 3.9.11目录遍历漏洞
14. 攻击[24810]:Zen Load Balancer 3.10.1 命令注入漏洞(CVE-2019-7301)
15. 攻击[24811]:Apache Solr Velocity远程代码执行漏洞(CVE-2019-17558)
16. 攻击[41738]:Cobalt Strike渗透攻击工具Beacon HTTP通信

更新规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[23725]:应用服务器glassfish任意文件读取漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22340. This package include changed rules:

new rules:
1. threat[24802]:WiKID 2FA Enterprise Server groups.jsp Cross-Site Scripting(CVE-2019-17116)
2. threat[24768]:Centreon formMibs.php Command Injection Vulnerability
3. threat[24803]:Cisco Data Center Network Manager importTS Command Injection(CVE-2019-15979)
4. threat[24804]:Cisco Data Center Network Manager createLanFabric Command Injection Vulnerability (CVE-2019-15978)
5. threat[24805]:HPE IMC ForwardRedirect Expression Language Injection Vulnerability
6. threat[24806]:Microsoft SharePoint Server Stored Cross-Site Scripting Vulnerability(CVE-2020-0693)
7. threat[24807]:WordPress 10Web Photo Gallery Plugin Stored Cross-Site Scripting Vulnerability(CVE-2020-9335)
8. threat[50586]:Web Crawlers Toutiao Capture Page Information
9. threat[50587]:Web Crawlers Bing Capture Page Information
10. threat[50588]:Web Crawlers Moz Capture Page Information
11. threat[50589]:Web Crawlers Shenma Capture Page Information
12. threat[24808]:OpenDreamBox 2.0.0 Plugin WebAdmin command injection vulnerability
13. threat[24809]:Joomla! Com_fabrik 3.9.11 directory traversal vulnerability
14. threat[24810]:Zen Load Balancer 3.10.1 Command Injection Vulnerability (CVE-2019-7301)
15. threat[24811]:Apache Solr Velocity Remote Code Execution Vulnerability (CVE-2019-17558)
16. threat[41738]:Penetration Test Tool Cobalt Strike Beacon HTTP Communication

update rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[23725]:Application server Glassfish Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-09 18:01:09
名称: eoi.unify.allrulepatch.ips.5.6.10.22284.rule 版本:5.6.10.22284
MD5:da6d5801e3cd918941ad4153521f439b 大小:25.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22284。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24797]:PHPUnit 远程代码执行漏洞(CVE-2017-9841)
2. 攻击[24798]:uftpd FTP服务器PORT命令处理栈缓冲区溢出漏洞(CVE-2020-5204)
3. 攻击[24799]:WiKID Systems 2FA Enterprise Server 跨站脚本漏洞(CVE-2019-17120)
4. 攻击[24800]:FIBARO System Home Center 5.021 远程文件包含漏洞
5. 攻击[24801]:Cisco Data Center Network Manager reportTemplateUploadPolicy 路径遍历漏洞(CVE-2019-15980)

更新规则:
1. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞(CVE-2020-2555)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22284. This package include changed rules:

new rules:
1. threat[24797]:PHPUnit Remote Code Execution Vulnerability(CVE-2017-9841)
2. threat[24798]:uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability(CVE-2020-5204)
3. threat[24799]:WiKID 2FA Enterprise Server Cross-Site Scripting Vulnerability(CVE-2019-17120)
4. threat[24800]:FIBARO System Home Center 5.021 Remote File Include Vulnerability
5. threat[24801]:Cisco Data Center Network Manager reportTemplateUploadPolicy Directory Traversal Vulnerability(CVE-2019-15980)

update rules:
1. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-03 10:59:38
名称: eoi.unify.allrulepatch.ips.5.6.10.22245.rule 版本:5.6.10.22245
MD5:58d5ca1e255e2526eaebe7af4724e270 大小:25.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22245。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24769]:Sangoma Asterisk manager.c 命令执行漏洞(CVE-2019-18610)
2. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984)
3. 攻击[30736]:Cisco Data Center Network Manager getRestoreLog 目录遍历漏洞(CVE-2019-15980)
4. 攻击[30737]:Cisco Data Center Network Manager saveLicenseFileToServer 目录遍历漏洞(CVE-2019-15980)
5. 攻击[24767]:Oracle E-Business Suite Human Resources SQL注入漏洞(CVE-2020-2586)
6. 攻击[24771]:PHPStudy Backdoor 远程代码执行漏洞
7. 攻击[24772]:ASUS RT-N10+ 2.0.3.4代码执行漏洞
8. 攻击[24773]:Gila CMS deleteAction本地文件包含漏洞(CVE-2020-5513)
9. 攻击[24774]:Advantech WISE-PaaS RMM WechatSignin wechattokenlogin 外部实体注入漏洞(CVE-2019-18227)
10. 攻击[24775]:HPE IMC TvxlanLegendBean表达式语言注入漏洞
11. 攻击[24777]:Squid Proxy HTTP Host缓冲区溢出漏洞(CVE-2020-8450)
12. 攻击[24778]:Netlink GPON Router 1.0.11 R远程代码执行漏洞
13. 攻击[24779]:Exploit Horde Groupware Webmail Edition 5.2.22 远程代码执行漏洞(CVE-2020-8518)
14. 攻击[24780]:Exploit Phoenix Contact TC Router / TC Cloud Client 命令注入漏洞 (CVE-2020-9436)
15. 攻击[24785]:PHPMoAdmin 1.1.2 远程代码执行漏洞(CVE-2015-2208)
16. 攻击[24786]:Joomla! SQL注入漏洞(CVE-2015-7297)
17. 攻击[24784]:Western Digital MyCloud PR4100 Web管理组件安全漏洞(CVE-2017-17560
18. 攻击[24787]:Axis网络摄像头 .srv 远程代码执行漏洞 (CVE-2018-10660)
19. 攻击[24788]:Drupal OpenID外部实体注入(CVE-2012-4554)
20. 攻击[24789]:Joomla未授权创建用户漏洞(CVE-2016-8870)
21. 攻击[41736]:隐藏眼镜蛇– Joanap后门木马通信
22. 攻击[50584]:网络爬虫抓取网页信息
23. 攻击[24790]:PHPKB Multi-Language 9 授权目录遍历漏洞(CVE-2020-10387)
24. 攻击[24791]:rConfig 3.9 SQL注入漏洞(CVE-2020-10220)
25. 攻击[24792]:PHPKB Standard Multi-Language 9 远程代码执行漏洞(CVE-2020-10386)
26. 攻击[24793]:Centreon Poller 授权远程代码执行漏洞
27. 攻击[24794]:通达OA任意文件包含漏洞

更新规则:
1. 攻击[24740]:OpenSMTPD 6.6.2远程执行代码(CVE-2020-7247)
2. 攻击[23695]:Apache Struts2 多个安全漏洞
3. 攻击[24250]:Drupal核心远程代码执行漏洞
4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551
5. 攻击[22703]:phpMyAdmin preg_replace() 远程PHP代码执行


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22245. This package include changed rules:

new rules:
1. threat[24769]:Sangoma Asterisk manager.c Command Execution Vulnerability(CVE-2019-18610)
2. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984)
3. threat[30736]:Cisco Data Center Network Manager getRestoreLog Directory Traversal Vulnerability(CVE-2019-15980)
4. threat[30737]:Cisco Data Center Network Manager saveLicenseFileToServer Directory Traversal(CVE-2019-15980)
5. threat[24767]:Oracle E-Business Suite Human Resources SQL Injection(CVE-2020-2586)
6. threat[24771]:PHPStudy Backdoor Remote Code Execution Vulnerability
7. threat[24772]:ASUS RT-N10+ 2.0.3.4 Command Execution Vulnerability
8. threat[24773]:Gila CMS deleteAction Local File InclusionVulnerability(CVE-2020-5513)
9. threat[24774]:Advantech WISE-PaaS RMM WechatSignin wechattokenlogin External Entity Injection(CVE-2019-18227)
10. threat[24775]:HPE IMC TvxlanLegendBean Expression Language Injection Vulnerability
11. threat[24777]:Squid Proxy HTTP Host Buffer Overflow Vulnerability(CVE-2020-8450)
12. threat[24778]:Netlink GPON Router 1.0.11 R Remote Code Execution Vulnerability
13. threat[24779]:Exploit Horde Groupware Webmail Edition 5.2.22 Remote Code Execution Vulnerability (CVE-2020-8518)
14. threat[24780]:Exploit Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability (CVE-2020-9436)
15. threat[24785]:PHPMoAdmin 1.1.2 Remote Code Execution Vulnerability (CVE-2015-2208))
16. threat[24786]:Joomla! SQL Injection Vulnerability(CVE-2015-7297)
17. threat[24784]:Western Digital MyCloud PR4100 Web Management Component Security Vulnerability (CVE-2017-17560)
18. threat[24787]:Axis Network Camera - .srv to parhand Remote Code Execution(CVE-2018-10660)
19. threat[24788]:Drupal OpenID External Entity Injection(CVE-2012-4554)
20. threat[24789]:Joomla no authorized to create a user vulnerability (CVE-2016-8870)
21. threat[41736]:HIDDEN COBRA – Joanap Backdoor Trojan Connection
22. threat[50584]:Web crawler crawls web page information
23. threat[24790]:PHPKB Multi-Language 9 Authorized Directory Traversal Vulnerability (CVE-2020-10387)
24. threat[24791]:rConfig 3.9 SQL Injection Vulnerability (CVE-2020-10220)
25. threat[24792]:PHPKB Standard Multi-Language 9 Remote Code Execution Vulnerability(CVE-2020-10386)
26. threat[24793]:Centreon Poller Authorizes Remote Code Execution Vulnerability
27. threat[24794]:Tongda OA Arbitrary File Contains Vulnerability

update rules:
1. threat[24740]:OpenSMTPD 6.6.2 Remote Code Execution(CVE-2020-7247)
2. threat[23695]:Apache Struts2 Multiple Security Vulnerability
3. threat[24250]:Drupal Core Remote Code Execution Vulnerability
4. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551)
5. threat[22703]:phpMyAdmin 3.5.8 and 4.0.0-RC2 -Remote Code Execution via preg_replace()


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-26 18:12:48
名称: eoi.unify.allrulepatch.ips.5.6.10.22166.rule 版本:5.6.10.22166
MD5:6ec172412c5a6f7311e314ee3161c493 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22166。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24759]:Virtual Freer 1.58 远程代码执行漏洞
2. 攻击[24761]:HomeAutomation 3.3.2 远程代码执行漏洞
3. 攻击[24762]:Voyager 1.3.0 目录遍历漏洞
4. 攻击[24760]:Apache ShardingSphere UI YAML解析远程代码执行漏洞(CVE-2020-1947)
5. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796)
6. 攻击[41735]:恶意程序恶性木马下载器“幽虫”网络通信
7. 攻击[24764]:Nagios XI 经过授权的任意文件上传漏洞
8. 攻击[24765]:Wordpress Plugin Search Meter 2.13.2 CSV 注入漏洞
9. 攻击[24766]:Sysaid 20.1.11 b26 未授权任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22166. This package include changed rules:

new rules:
1. threat[24759]:Virtual Freer 1.58 Remote Code Execution Vulnerability
2. threat[24761]:HomeAutomation 3.3.2 Remote Code Execution Vulnerability
3. threat[24762]:Voyager 1.3.0 directory traversal vulnerability
4. threat[24760]:Apache ShardingSphere UI YAML Parse Remote Code Execution Vulnerability(CVE-2020-1947)
5. threat[24763]:Microsoft SMBv3 Remote Code Execution Vulnerability(CVE-2020-0796)
6. threat[41735]:Malicious program Trojan downloader "Phantom" network communication
7. threat[24764]:Nagios XI authorized arbitrary file upload vulnerability
8. threat[24765]:Wordpress Plugin Search Meter 2.13.2 CSV injection vulnerability
9. threat[24766]:Sysaid 20.1.11 b26 Unauthorized arbitrary file upload vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-20 17:53:17
名称: eoi.unify.allrulepatch.ips.5.6.10.22154.rule 版本:5.6.10.22154
MD5:36ba9a80ff309eb6bde5598607f2963d 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22154。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22154. This package include changed rules:


new rules:
1. threat[24763]:Microsoft SMBv3 Remote Code Execution Vulnerability(CVE-2020-0796)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-13 20:22:18
名称: eoi.unify.allrulepatch.ips.5.6.10.22137.rule 版本:5.6.10.22137
MD5:5d8c72a82f52d82686a15744b24160a7 大小:25.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22137。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10503]:Siemens Desigo PX 6.00 拒绝服务漏洞(CVE-2019-13927)
2. 攻击[30734]:东阳媒体DM-AP240T / W无线接入点远程配置泄漏
3. 攻击[24746]:eWON Flexy 13.0路由器身份验证绕过漏洞
4. 攻击[49039]:恶意程序LiquorBot网络通信
5. 攻击[41733]:恶意程序Oski Stealer网络通信
6. 攻击[30735]:iSee Hybrid QDVR WH-H4 1.03R / 2.0.0.P(get_jpeg)流泄漏漏洞
7. 攻击[24747]:LibreNMS Collected 命令注入漏洞(CVE-2019-10669)
8. 攻击[24748]:OctoberCMS上传保护绕过代码执行漏洞(CVE-2017-1000119)
9. 攻击[24750]:FreeSWITCH 1.10.1 命令执行漏洞
10. 攻击[41734]:Qakbot僵尸网络恶意行为通信
11. 攻击[24751]:TP-Link TL-WR849N 认证绕过漏洞(CVE-2019-19143)
12. 攻击[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB 任意代码执行漏洞
13. 攻击[24753]:Linear eMerge E3 1.00-06 目录遍历漏洞(CVE-2019-7254)
14. 攻击[24754]:UniSharp Laravel File Manager 2.0.0 任意文件读取漏洞
15. 攻击[24755]:RICOH Aficio SP 5200S HTML注入漏洞
16. 攻击[24756]:Google Chrome 80 JSCreate类型混淆漏洞(CVE-2020-6418)
17. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞(CVE-2020-2555)
18. 攻击[24758]:ThinkCMF框架任意文件包含漏洞

更新规则:
1. 攻击[23833]:phpMyAdmin远程代码执行漏洞(CVE-2016-5734)
2. 攻击[24749]:医院管理系统4.0持久性跨站点脚本攻击漏洞(CVE-2020-5191)
3. 攻击[24741]:D-Link DIR-859未经身份验证的远程命令执行(CVE-2019-17621)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22137. This package include changed rules:

new rules:
1. threat[10503]:Siemens Desigo PX 6.00 Denial Of Service(CVE-2019-13927)
2. threat[30734]:Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure
3. threat[24746]:eWON Flexy 13.0 Router Authentication Bypass
4. threat[49039]:Malware LiquorBot Network Communication
5. threat[41733]:Malware Oski Stealer Network Communication
6. threat[30735]:iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure
7. threat[24747]:LibreNMS Collected Command Injection Vulnerability(CVE-2019-10669)
8. threat[24748]:OctoberCMS Upload Protection Bypass Code Execution Vulnerability(CVE-2017-1000119)
9. threat[24750]:FreeSWITCH 1.10.1Command Execution Vulnerability
10. threat[41734]:Qakbot Botnet Malicious Communicate Behavior
11. threat[24751]:TP-Link TL-WR849N Authentication Bypass Vulnerability(CVE-2019-19143)
12. threat[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution Vulnerability
13. threat[24753]:Linear eMerge E3 1.00-06 Directory Traversal Vulnerability(CVE-2019-7254)
14. threat[24754]:UniSharp Laravel File Manager 2.0.0 Arbitrary File Read Vulnerability
15. threat[24755]:RICOH Aficio SP 5200S HTML Injection Vulnerability
16. threat[24756]:Google Chrome 80 JSCreate Side-effect Type Confusion Vulnerability(CVE-2020-6418)
17. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555)
18. threat[24758]:ThinkCMF Framework Arbitrary File Inclusion Vulnerability

update rules:
1. threat[23833]:phpMyAdmin Remote Code Execution Vulnerability(CVE-2016-5734)
2. threat[24749]:Hospital Management System 4.0 Persistent Cross-Site Scripting Vulnerability(CVE-2020-5191)
3. threat[24741]:D-Link DIR-859 Unauthenticated Remote Command Execution(CVE-2019-17621)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-12 17:19:18
名称: eoi.unify.allrulepatch.ips.5.6.10.22068.rule 版本:5.6.10.22068
MD5:0e1ff93ad45510014b3da1d0251b5b63 大小:25.41M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22068。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24730]:The ZyXEL P660HN-T1A v1未授权命令注入漏洞(CVE-2017-18368)
2. 攻击[24731]:The ZyXEL P660HN-T1A v2授权命令注入漏洞(CVE-2017-18370)
3. 攻击[24732]:TrueOnline Billion 5200W-T 1.02b未授权命令注入漏洞(CVE-2017-18369)
4. 攻击[24733]:The Billion 5200W-T TCLinux授权命令注入漏洞(CVE-2017-18372)
5. 攻击[24734]:Netgear Devices 3.5.5.0 之前版本未授权命令注入漏洞(CVE-2016-1555)
6. 攻击[24735]:NETGEAR DGN2200v1/v2/v3/v4 授权命令注入漏洞(CVE-2017-6077)
7. 攻击[24736]:NETGEAR DGN2200 10.0.0.50 授权命令执行漏洞(CVE-2017-6334)
8. 攻击[24737]:NUUO NVRMini2 3.9.1授权命令注入漏洞(CVE-2018-15716)
9. 攻击[24738]:Freelance Management App v1.0.0任意文件下载漏洞(CVE-2020-5505)
10. 攻击[24739]:Apache James Server 2.3.2不安全的用户创建/任意文件写入(CVE-2015-7611)
11. 攻击[24740]:OpenSMTPD 6.6.2远程执行代码(CVE-2020-7247)
12. 攻击[24742]:Liferay CE Portal 6.0.2 远程代码执行漏洞
13. 攻击[24743]:Netis WF2419 V1.2.31805,V2.2.36123授权命令注入漏洞(CVE-2019-19356)
14. 攻击[24744]:Comtrend VR-3033 授权命令执行漏洞

更新规则:
1. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22068. This package include changed rules:

new rules:
1. threat[24730]:The ZyXEL P660HN-T1A v1 Unauthorized Command Injection Vulnerability (CVE-2017-18368)
2. threat[24731]:The ZyXEL P660HN-T1A v2 Authorized Command Injection Vulnerability (CVE-2017-18370)
3. threat[24732]:TrueOnline Billion 5200W-T 1.02b Unauthorized Command Injection Vulnerability (CVE-2017-18369)
4. threat[24733]:The Billion 5200W-T TCLinux Authorized Command Injection Vulnerability (CVE-2017-18372)
5. threat[24734]:Netgear Devices Prior to 3.5.5.0 Unauthorized Command Injection Vulnerability (CVE-2016-1555)
6. threat[24735]:NETGEAR DGN2200v1 / v2 / v3 / v4 Authorized Command Injection Vulnerability (CVE-2017-6077)
7. threat[24736]:NETGEAR DGN2200 10.0.0.50 Authorized Command Execution Vulnerability (CVE-2017-6334)
8. threat[24737]:NUUO NVRMini2 3.9.1 Authorized Command Injection Vulnerability (CVE-2018-15716)
9. threat[24738]:Freelance Management App v1.0.0 Arbitrary File Download Vulnerablity(CVE-2020-5505)
10. threat[24739]:Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write(CVE-2015-7611)
11. threat[24740]:OpenSMTPD 6.6.2 Remote Code Execution(CVE-2020-7247)
12. threat[24742]:Liferay CE Portal 6.0.2 Remote Code Execution Vulnerability
13. threat[24743]:Netis WF2419 V1.2.31805, V2.2.36123 Authorized Command Injection Vulnerability (CVE-2019-19356)
14. threat[24744]:Comtrend VR-3033 Authorized Command Execution Vulnerability

update rules:
1. threat[24729]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2020-0688)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-05 17:33:55
名称: eoi.unify.allrulepatch.ips.5.6.10.22014.rule 版本:5.6.10.22014
MD5:cf076fc0a3981e24afe3fe6ab267530d 大小:25.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22014。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24721]:Axis SSI 远程代码执行漏洞
2. 攻击[24720]:Microsoft Office SharePoint存储型跨站脚本攻击(CVE-2019-1070)
3. 攻击[24722]:FLIR Thermal Camera FC-S/PT 命令注入漏洞
4. 攻击[24724]:D-Link DGS-1250 头部注入漏洞
5. 攻击[30733]:LabVantage 8.3 信息泄露漏洞
6. 攻击[24725]:jackson-databind JNDI注入远程代码执行漏洞(CVE-2020-8840)
7. 攻击[24708]:Prima Access Control 2.3.35经python脚本上传漏洞(CVE-2019-9189)
8. 攻击[24709]:IBM RICOH 6400 打印机代码注入漏洞
9. 攻击[24710]:OpenEMR New.php 命令注入漏洞(CVE-2019-3968)
10. 攻击[24713]:GilaCMS 认证用户本地文件包含漏洞(CVE-2019-16679)
11. 攻击[24712]:Netcore NW710 登录权限绕过
12. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞
13. 攻击[24715]:FusionPBX exec.php 文件命令执行漏洞
14. 攻击[24716]:Online Course Registration 2.0 远程代码执行漏洞
15. 攻击[24717]:EyesOfNetwork 5.3 SQL注入漏洞(CVE-2020-8656)
16. 攻击[24718]:EyesOfNetwork 5.3 远程代码执行漏洞(CVE-2020-8654)
17. 攻击[24726]:Cacti 1.2.8 任意os命令执行漏洞(CVE-2020-8813)
18. 攻击[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota 任意文件上传漏洞
19. 攻击[24728]:Avaya Aura Communication Manager 5.2 远程代码执行漏洞
20. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688)

更新规则:
1. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
2. 攻击[24702]:LG SuperSign CMS 2.5 远程代码执行漏洞(CVE-2018-17173)
3. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
4. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞(RCE)(CVE-2017-12629)
5. 攻击[24599]:RConfig v3.9.2未授权RCE漏洞
6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663)
7. 攻击[41604]:恶意程序windows/Ramnit_a网络通信
8. 攻击[30732]:HPE智能管理中心dbman命令信息泄露(CVE-2019-5392)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22014. This package include changed rules:


new rules:
1. threat[24721]:Axis SSI Remote Code Execution Vulnerability
2. threat[24720]:Microsoft Office SharePoint Stored Cross-site Scripting(CVE-2019-1070)
3. threat[24722]:FLIR Thermal Camera FC-S / PT command injection vulnerability
4. threat[24724]:D-Link DGS-1250 Header Injection Vulnerability
5. threat[30733]:LabVantage 8.3 Information Disclosure
6. threat[24725]:jackson-databind JNDI Injection Remote Code Execution Vulnerability(CVE-2020-8840)
7. threat[24708]:Prima Access Control 2.3.35 Authenticated Python Script Upload Root RCE(CVE-2019-9189)
8. threat[24709]:IBM RICOH 6400 Printer Code Injection Vulnerability
9. threat[24710]:OpenEMR New.php Command Injection Vulnerability(CVE-2019-3968)
10. threat[24713]:GilaCMS Authenticated Local File Inclusion(LFI) (CVE-2019-16679)
11. threat[24712]:Netcore NW710 login permission bypass
12. threat[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 remote code execution vulnerability
13. threat[24715]:FusionPBX Command exec.php Command Execution Vulnerability
14. threat[24716]:Online Course Registration 2.0 Remote Code Execution Vulnerability
15. threat[24717]:EyesOfNetwork 5.3 SQL Injection Vulnerability (CVE-2020-8656)
16. threat[24718]:EyesOfNetwork 5.3 Remote Code Execution Vulnerability (CVE-2020-8654)
17. threat[24726]:Cacti 1.2.8 Arbitrary OS Command Execution Vulnerability (CVE-2020-8813)
18. threat[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota Arbitrary File Upload Vulnerability
19. threat[24728]:Avaya Aura Communication Manager 5.2 Remote Code Execution vulnerability
20. threat[24729]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2020-0688)

update rules:
1. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781)
2. threat[24702]:LG SuperSign CMS 2.5 Remote Code Execution Vulnerability (CVE-2018-17173)
3. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution
4. threat[24308]:Apache Solr/LuceneXML Remote Command Execution Vulnerability (RCE) (CVE-2017-12629)
5. threat[24599]:RConfig v3.9.2 unauthorized RCE vulnerability
6. threat[24654]:rConfig search.crud.php Command Injection(CVE-2019-16663)
7. threat[41604]:Malicious program windows/Ramnit_a network communication
8. threat[30732]:HPE Intelligent Management Center dbman Command Information Disclosure(CVE-2019-5392)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-27 14:04:55
名称: eoi.unify.allrulepatch.ips.5.6.10.21979.rule 版本:5.6.10.21979
MD5:dd3a7cfecd968786dc3cf4f33cb6be1b 大小:25.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21979。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24719]:Apache Tomcat AJP协议文件包含漏洞(CVE-2020-1938)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21979. This package include changed rules:

new rules:
1. threat[24719]:Apache Tomcat AJP Protocol File Inclusion Vulnerability(CVE-2020-1938)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-21 16:03:09
名称: eoi.unify.allrulepatch.ips.5.6.10.21943.rule 版本:5.6.10.21943
MD5:48a8544225615b2c5e260fce6027b45c 大小:25.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21943。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24707]:LearnDash WordPress LMS Plugin 3.1.2 - Reflective 跨站脚本攻击漏洞(CVE-2020-7108)
2. 攻击[30728]:ELOG retrieve_url信息泄露漏洞(CVE-2019-3993)
3. 攻击[24706]:HIYU BF430 TCP IP Converter - Stored 跨站脚本攻击漏洞(CVE-2020-8839)
4. 攻击[30727]:Microsoft SharePoint 信息泄漏漏洞(CVE-2019-1443)
5. 攻击[41732]:勒索软件Maktub Locker恶意加密程序下载
6. 攻击[24701]:Xfinity Gateway 命令注入漏洞
7. 攻击[24703]:戴尔KACE K1000远程执行代码漏洞
8. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564)
9. 攻击[24705]:Pandora FMS 7.0 Authenticated 远程代码执行漏洞(CVE-2020-8947)
10. 攻击[24692]:D-Link设备远程命令执行漏洞(CVE-2019-20215)
11. 攻击[30730]:Digitus DN-16048 摄像头远程配置泄露
12. 攻击[24693]:thinkcmf-5.0.190111后台任意文件写入漏洞(CVE-2019-7580)
13. 攻击[24694]:FlameCMS 3.3.5 SQL注入漏洞(CVE-2019-16309)
14. 攻击[24695]:OKLite v1.2.25 任意文件删除漏洞(CVE-2019-16132)
15. 攻击[30731]:Lexmark Services Monitor 2.27.4.0.39 目录遍历漏洞
16. 攻击[24687]:Citrix Application Delivery Controller和网关目录遍历(CVE-2020-19781)
17. 攻击[24696]:HomeAutomation v3.3.2 CSRF 远程命令执行漏洞
18. 攻击[24698]:HomeAutomation 3.3.2 打开重定向漏洞
19. 攻击[24699]:YouPHPTube 7.7 SQL 注入漏洞(CVE-2019-18662)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21943. This package include changed rules:

new rules:
1. threat[24707]:LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vulnerability(CVE-2020-7108)
2. threat[30728]:ELOG retrieve_url Information Disclosure Vulnerability(CVE-2019-3993)
3. threat[24706]:HIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vulnerability(CVE-2020-8839)
4. threat[30727]:Microsoft SharePoint Information Disclosure Vulnerability(CVE-2019-1443)
5. threat[41732]:Ransomware Maktub Locker Downloading Malicious Encryption Program
6. threat[24701]:Xfinity Gateway command injection vulnerability
7. threat[24703]:Dell KACE K1000 Remote Code Execution Vulnerability
8. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564)
9. threat[24705]:APandora FMS 7.0 Authenticated Remote Code Execution Vulnerability(CVE-2020-8947)
10. threat[24692]:D-Link Devices Remote Command Execution Vulnerability(CVE-2019-20215)
11. threat[30730]:Digitus DN-16048 Camera Remote Configuration Disclosure
12. threat[24693]:thinkcmf-5.0.190111 background arbitrary file writing vulnerability (CVE-2019-7580)
13. threat[24694]:FlameCMS 3.3.5 SQL Injection Vulnerability (CVE-2019-16309)
14. threat[24695]:OKLite v1.2.25 Arbitrary File Deletion Vulnerability (CVE-2019-16132)
15. threat[30731]:Lexmark Services Monitor 2.27.4.0.39 Directory Traversal
16. threat[24687]:Citrix Application Delivery Controller and Gateway Directory Traversal(CVE-2020-19781)
17. threat[24696]:HomeAutomation v3.3.2 CSRF Remote Command Execution
18. threat[24698]:HomeAutomation 3.3.2 Open Redirect vulnerability
19. threat[24699]:YouPHPTube 7.7 SQL Injection Vulnerability(CVE-2019-18662)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-21 13:49:12
名称: eoi.unify.allrulepatch.ips.5.6.10.21917.rule 版本:5.6.10.21917
MD5:f68dc2fb7b55ce89fd50155ce7494e72 大小:25.34M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21917。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30729]:OwnCloud 8.1.8-用户名泄露漏洞
2. 攻击[41731]:雄迈摄像头固件后门漏洞通信
3. 攻击[24690]:Apache SSI注入远程代码执行漏洞
4. 攻击[24691]:Car Rental Project 1.0 文件上传漏洞(CVE-2020-5509)
5. 攻击[24689]:phpMyAdmin 4.x sql注入漏洞(CVE-2020-5504)
6. 攻击[24682]:IceWarp WebMail 11.4.4.1 XSS漏洞(CVE-2020-8512)
7. 攻击[24683]:基于REALTEK SDK的路由器(TOTOLINK和许多其他)代码执行漏洞(CVE-2019-19824)
8. 攻击[24684]:3Com OfficeConnect远程代码执行漏洞
9. 攻击[30726]:ASTPP 4.0.1 VoIP Billing - 数据库泄露漏洞
10. 攻击[24685]:Jira 8.3.4 信息披露漏洞(CVE-2019-8449)
11. 攻击[24688]:Heatmiser Netmonitor 3.03 -HTML注入漏洞

更新规则:
1. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)
2. 攻击[24678]:rConfig 3.9.3远程执行代码漏洞(CVE-2019-19509)
3. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21917. This package include changed rules:

new rules:
1. threat[30729]:OwnCloud 8.1.8 - Username Disclosure Vulnerability
2. threat[41731]:Xiongmai Camera Firmware Backdoor Communication
3. threat[24690]:Apache SSI Injection Remote Code Execution Vulnerability
4. threat[24691]:Car Rental Project 1.0 File Upload Vulnerability (CVE-2020-5509)
5. threat[24689]:phpMyAdmin 4.x SQL Injection Vulnerability (CVE-2020-5504)
6. threat[24682]:IceWarp WebMail 11.4.4.1 XSS Vulnerability (CVE-2020-8512)
7. threat[24683]:REALTEK SDK based Routers (TOTOLINK and many Other) Code Execution Vulnerability(CVE-2019-19824)
8. threat[24684]:3Com OfficeConnect Remote Code Execution
9. threat[30726]:ASTPP 4.0.1 VoIP Billing - Database Disclosure Vulnerability
10. threat[24685]:Jira 8.3.4 Information Disclosure Vulnerability (CVE-2019-8449)
11. threat[24688]:Heatmiser Netmonitor 3.03 - HTML Injection

update rules:
1. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894)
2. threat[24678]:rConfig 3.9.3 Remote Code Execution Vulnerability (CVE-2019-19509)
3. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-14 14:36:43
名称: eoi.unify.allrulepatch.ips.5.6.10.21833.rule 版本:5.6.10.21833
MD5:54d68f9cb72244af3cbbf9655462ba38 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21833。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24672]:Thomson Reuters Velocity Analytics 远程代码注入漏洞(CVE-2013-5912)
2. 攻击[24673]:Apache FreeMarker模板FusionAuth远程代码执行漏洞(CVE-2020-7799)
3. 攻击[24674]:ZOHO ManageEngine ServiceDeskPlus XSS漏洞(CVE-2020-6843)
4. 攻击[24676]:Satellian 1.1.2远程代码执行漏洞(CVE-2020-7980)
5. 攻击[24675]:Adive Framework跨站脚本攻击XSS/跨站请求伪造CSRF漏洞(CVE-2020-7991)
6. 攻击[24677]:Microsoft .NET Framework 远程代码执行漏洞(CVE-2020-0646)
7. 攻击[24678]:rConfig 3.9.3远程执行代码漏洞(CVE-2019-19509)
8. 攻击[24680]:Homematic CCU2 TCL脚本解释器远程代码执行漏洞(CVE-2018-7297)

更新规则:
1. 攻击[22656]:D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21833. This package include changed rules:

new rules:
1. threat[24672]:Thomson Reuters Velocity Analytics Remote Code Injection Vulnerability(CVE-2013-5912)
2. threat[24673]:Apache FreeMarker Template FusionAuth Remote Code Execution Vulnerability(CVE-2020-7799)
3. threat[24674]:ZOHO ManageEngine ServiceDeskPlus XSS Vulnerability (CVE-2020-6843)
4. threat[24676]:Satellian 1.1.2 remote code execution vulnerability(CVE-2020-7980)
5. threat[24675]:Adive Framework Cross-site Scripting/Cross-Site Request Forgery Vulnerability(CVE-2020-7991)
6. threat[24677]:Microsoft .NET Framework Remote Code Execution Vulnerability(CVE-2020-0646)
7. threat[24678]:rConfig 3.9.3 Remote Code Execution Vulnerability (CVE-2019-19509)
8. threat[24680]:Homematic CCU2 TCL Script Interpreter Remote Code Execution Vulnerability(CVE-2018-7297)

update rules:
1. threat[22656]:D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-06 18:16:04
名称: eoi.unify.allrulepatch.ips.5.6.10.21799.rule 版本:5.6.10.21799
MD5:f6a6082704a93e1ace30bb091c62e106 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21799。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24667]:Citrix NetScaler SD-WAN 远程命令执行漏洞(CVE-2017-6316)
2. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
3. 攻击[24669]:Job Portal 1.0 任意文件上传
4. 攻击[24670]:PandoraFMS v7.0NG 远程代码执行漏洞(CVE-2019-20224)

更新规则:
1. 攻击[24201]:NetGain Systems Enterprise Manager exec jsp 命令执行漏洞(CVE-2017-16602)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21799. This package include changed rules:


new rules:
1. threat[24667]:Citrix NetScaler SD-WAN Remote Command Execution Vulnerability(CVE-2017-6316)
2. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781)
3. threat[24669]:Job Portal 1.0 arbitrary file upload
4. threat[24670]:PandoraFMS v7.0NG Remote Code Execution Vulnerability (CVE-2019-20224)

update rules:
1. threat[24201]:NetGain Systems Enterprise Manager exec jsp Command Execution(CVE-2017-16602)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-30 21:49:38
名称: eoi.unify.allrulepatch.ips.5.6.10.21798.rule 版本:5.6.10.21798
MD5:432ba732b385618be1f44b28ba121d8c 大小:25.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21798。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24663]:Enigma NMS系统命令注入漏洞(CVE-2019-16072)
2. 攻击[24664]:三菱电子smartRTU和Inea ME-RTU 操作系统命令注入漏洞(CVE-2019-14931)
3. 攻击[24665]:PixelStor 5000 K:4.0.1580-20150629-远程执行代码漏洞(CVE-2020-6756)
4. 攻击[24666]:Sar2HTML 3.2.1 远程命令执行漏洞

更新规则:
1. 攻击[23766]:Dell KACE K1000文件上传漏洞
2. 攻击[66891]:PHP CGI查询字符串参数处理信息泄露及拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21798. This package include changed rules:


new rules:
1. threat[24663]:Enigma NMS OS Command Injection Vulnerability(CVE-2019-16072)
2. threat[24664]:Mitsubishi Electric smartRTU and Inea ME-RTU OS Command Injection Vulnerability(CVE-2019-14931)
3. threat[24665]:PixelStor 5000 K: 4.0.1580-20150629-Remote Code Execution Vulnerability (CVE-2020-6756)
4. threat[24666]:Sar2HTML 3.2.1 Remote Command Execution Vulnerability

update rules:
1. threat[23766]:Dell KACE K1000 File Upload Vulnerability
2. threat[66891]:PHP CGI Query String Parameter Handling Information Disclosure and DoS Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-23 20:40:10
名称: eoi.unify.allrulepatch.ips.5.6.10.21797.rule 版本:5.6.10.21797
MD5:c72d7fd39d01c2b64fcc801c666faba8 大小:25.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21797。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24660]:Netgear R6400远程代码执行漏洞(CVE-2016-6277)
2. 攻击[24661]:SonicWall Global Management System 任意代码执行漏洞(CVE-2018-9866)
3. 攻击[24662]:Technicolor调制解调器命令注入漏洞(CVE-2017-14127)(CVE-2019-18396)
4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551)

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21797. This package include changed rules:


new rules:
1. threat[24660]:Netgear R6400 Remote Code Execution Vulnerability(CVE-2016-6277)
2. threat[24661]:SonicWall Global Management System Remote Code Execution Vulnerability(CVE-2018-9866)
3. threat[24662]:Technicolor Modem Command Injection Vulnerability(CVE-2017-14127)(CVE-2019-18396)
4. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551)

update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-16 14:47:47
名称: eoi.unify.allrulepatch.ips.5.6.10.21731.rule 版本:5.6.10.21731
MD5:c9626fba509802b4d8d305ab4407057c 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21731。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24649]:joomla 3.7 SQL注入漏洞(CVE-2017-8917)
2. 攻击[24650]:Jetty web server 远程共享缓冲区泄漏(CVE-2015-2080)
3. 攻击[24651]:LiteSpeed Technologies LiteSpeed Web Server MIME种类文件代码注入漏洞(CVE-2007-5654)
4. 攻击[24652]:mongo-express远程代码执行漏洞(CVE-2019-10758)
5. 攻击[24653]:Jenkins CI Server build-metrics XSS漏洞
6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663)
7. 攻击[24655]:Enigma NMS 65.0.0-跨站点请求伪造漏洞(CVE-2019-16068)
8. 攻击[24656]:Spring Web Flow远程代码执行漏洞(CVE-2017-4971)
9. 攻击[24657]:Squid Proxy URN响应处理堆缓冲区溢出
10. 攻击[24658]:Karakuzu ERP Management Web 5.7.0 SQL 注入
11. 攻击[24659]:IceWarp 12.2.0 / 12.1.x 跨站脚本攻击(CVE-2019-19266)

更新规则:
1. 攻击[24526]:PHP7 zip组件整型溢出漏洞(CVE-2016-3078)
2. 攻击[20266]:Oracle 9i应用服务器无需授权访问管理目录漏洞攻击
3. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
4. 攻击[21374]:Apache Struts远程命令执行漏洞
5. 攻击[24146]:JbossAS反序列化远程命令执行漏洞(CVE-2017-12149)
6. 攻击[10412]:Apache HTTP Server畸形Range和Range-Request选项处理远程拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21731. This package include changed rules:

new rules:
1. threat[24649]:joomla 3.7 SQL Injection Vulnerability (CVE-2017-8917)
2. threat[24650]:Jetty web server remote shared buffer leak (CVE-2015-2080)
3. threat[24651]:jLiteSpeed Technologies LiteSpeed Web Server MIME Kind File Code Injection Vulnerability (CVE-2007-5654)
4. threat[24652]:mongo-express Remote Code Execution Vulnerability(CVE-2019-10758)
5. threat[24653]:Jenkins CI Server build-metrics Cross-Site Scripting
6. threat[24654]:rConfig search.crud.php Command Injection(CVE-2019-16663)
7. threat[24655]:Enigma NMS 65.0.0-Cross-Site Request Forgery Vulnerability (CVE-2019-16068)
8. threat[24656]:Spring Web Flow Remote Code Execution Vulnerability(CVE-2017-4971)
9. threat[24657]:Squid Proxy URN Response Processing Heap Buffer Overflow
10. threat[24658]:Karakuzu ERP Management Web 5.7.0 SQL Injection
11. threat[24659]:IceWarp 12.2.0 / 12.1.x Cross-Site Scripting Attack (CVE-2019-19266)

update rules:
1. threat[24526]:PHP7 zip Component Integer Overflow Vulnerability(CVE-2016-3078)
2. threat[20266]:Oracle 9i Application Server Admin Directory Unauthorized Access
3. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238)
4. threat[21374]:Apache Struts Remote Command Execution Vulnerability
5. threat[24146]:JbossAS Serialized Object Remote Code Execution Vulnerability(CVE-2017-12149)
6. threat[10412]:Apache HTTP Server Denial Of Service Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-11 11:39:57
名称: eoi.unify.allrulepatch.ips.5.6.10.21681.rule 版本:5.6.10.21681
MD5:31c9b9e24ad843a0b355a48c95d3fd97 大小:25.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21681。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24642]:phpMyChat-Plus 1.98 - 'pmc_username' 参数跨站脚本攻击漏洞
2. 攻击[24641]:Netgain Enterprise Manager PING操作命令注入漏洞
3. 攻击[24643]:Roxy Fileman 1.4.5 NET目录遍历漏洞
4. 攻击[24644]:NUOO NVRmini/NVRmini2/NVRTitan/Crystal/NVRSolo 远程命令执行漏洞
5. 攻击[24645]:AVTECH 视频监控设备 adcommand.cgi远程命令执行漏洞
6. 攻击[24646]:Cisco Security Manager RMI不安全反序列化漏洞(CVE-2019-12630)
7. 攻击[24647]:Apache Log4j 反序列化代码执行(CVE-2019-17571) 漏洞
8. 攻击[24648]:D-Link Routers操作系统命令注入漏洞(CVE-2015-2051)

更新规则:
1. 攻击[24613]:WiKID Systems 2FA EnterpriseSQL注入漏洞(CVE-2019-17117)
2. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞(CVE-2015-1427)
3. 攻击[24299]:D-Link DSL-2750B任意命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21681. This package include changed rules:

new rules:
1. threat[24642]:phpMyChat-Plus 1.98-'pmc_username' parameter cross-site scripting vulnerability
2. threat[24641]:NetGain Enterprise Manager Ping Command Injection Vulnerability
3. threat[24643]:Roxy Fileman 1.4.5 .NET directory traversal vulnerability
4. threat[24644]:NUOO NVRmini/NVRmini2/NVRTitan/Crystal/NVRSolo Remote Code Execution Vulnerability
5. threat[24645]:AVTECH video surveillance device adcommand.cgi remote command execution vulnerability
6. threat[24646]:Cisco Security Manager RMI Insecure Deserialization Vulnerability(CVE-2019-12630)
7. threat[24647]:Apache Log4j Deserialization Code Execution (CVE-2019-17571) Vulnerability
8. threat[24648]:D-Link Routers Operation System Command Injection Vulnerability(CVE-2015-2051)

update rules:
1. threat[24613]:WiKID Systems 2FA EnterpriseSQL Injection Vulnerability (CVE-2019-17117)
2. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427)
3. threat[24299]:D-Link DSL-2750B Arbitrary Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-03 17:59:38
名称: eoi.unify.allrulepatch.ips.5.6.10.21636.rule 版本:5.6.10.21636
MD5:fa9ee61f106ed906a6fb3c0ea81912a8 大小:25.27M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21636。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24629]:Xerox AltaLink 跨站请求伪造漏洞(CVE-2019-19832)
2. 攻击[24630]:Linksys多款路由器ttcp_ip参数远程命令执行漏洞
3. 攻击[24631]:Vacron网络视频录像设备远程命令执行漏洞
4. 攻击[41727]:Buran勒索病毒请求连接
5. 攻击[24632]:EnGenius EnShare IoT Gigabit Cloud Service远程命令执行漏洞
6. 攻击[41728]:Buran勒索病毒传输通信
7. 攻击[24633]:AVTECH 录像监控设备远程命令执行漏洞
8. 攻击[24634]:Zyxel EMG2926家庭路由器命令注入漏洞(CVE-2017-6884)
9. 攻击[24635]:AVTECH 视频监控设备未经身份验证的信息泄露漏洞
10. 攻击[41729]:木马后门程序Emotet网络
11. 攻击[24636]:AVTECH DVR设备未经身份验证的ssrf漏洞
12. 攻击[24637]:AVTECH 视频监控设备认证绕过漏洞
13. 攻击[41730]:APT组织Sednit攻击活动
14. 攻击[24638]:AVTECH 视频监控设备登录验证码绕过漏洞
15. 攻击[24639]:OPF OpenProject sortBy 跨站脚本攻击漏洞(CVE-2019-17092)
16. 攻击[24640]:YouPHPTube Encoder getImage.php命令注入漏洞(CVE-2019-5127)

更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[22656]:D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞
3. 攻击[23756]:多种安防监控系统存在远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21636. This package include changed rules:

new rules:
1. threat[24629]:Xerox AltaLink Cross-Site Request Forgery Vulnerability (CVE-2019-19832)
2. threat[24630]:Linksys Routers ttcp_ip Parameter Remote Command Execution Vulnerability
3. threat[24631]:Vacron NVR Remote Command Execution Vulnerability
4. threat[41727]:Buran ransomware requests connection
5. threat[24632]:EnGenius EnShare IoT Gigabit Cloud Service Remote Command Execution Vulnerability
6. threat[41728]:Buran ransomware transmission communication
7. threat[24633]:AVTECH IP Camera/NVR/DVR Remote Command Execution Vulnerability
8. threat[24634]:Zyxel EMG2926 Router Command Injection Vulnerability(CVE-2017-6884)
9. threat[24635]:AVTECH Video Surveillance Device Unauthenticated Information Disclosure Vulnerability
10. threat[41729]:Trojan Backdoor Emotet Network
11. threat[24636]:AVTECH DVR device unauthenticated ssrf vulnerability
12. threat[24637]:AVTECH Video Surveillance Device Certification Bypass Vulnerability
13. threat[41730]:APT organizes Sednit attack
14. threat[24638]:AVTECH Video Surveillance Device Login Verification Code Bypass Vulnerability
15. threat[24639]:OPF OpenProject sortBy Cross-Site Scripting Vulnerability(CVE-2019-17092)
16. threat[24640]:YouPHPTube Encoder getImage.php Command Injection Vulnerability(CVE-2019-5127)

update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[22656]:D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
3. threat[23756]:Multiple CCTV-DVR Systems Remote Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-26 19:14:26
名称: eoi.unify.allrulepatch.ips.5.6.10.21583.rule 版本:5.6.10.21583
MD5:f7a74101b59093ca5036db7f64a6deec 大小:25.25M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21583。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24618]:Centova Cast 3.2.11任意文件下载漏洞
2. 攻击[24619]:Mersive Technologies Solstice Pods 操作系统命令注入漏洞(CVE-2017-12945)
3. 攻击[24620]:Verot 2.0.3 - 文件上传漏洞(CVE-2019-19576)
4. 攻击[24621]:OkayCMS 2.3.4远程执行代码漏洞(CVE-2019-16885)
5. 攻击[24622]:VBScript远程执行代码漏洞(CVE-2019-1485)
6. 攻击[24624]:WordPress CSS Hero 4.0.3跨站脚本攻击(CVE-2019-19133)
7. 攻击[30725]:数据库文件.mdb文件尝试访问下载
8. 攻击[24625]:Apache php文件后缀解析漏洞
9. 攻击[24627]:dedecms sys_verifies.php远程代码执行漏洞(CVE-2018-9174)
10. 攻击[24626]:TemaTres 3.0跨站脚本攻击(CVE-2019-14343)
11. 攻击[24628]:Advantech WISE-PaaS RMM任意文件上传漏洞(CVE-2019-13551)

更新规则:
1. 攻击[24614]:Sahi Pro 7.x / 8.x目录遍历(CVE-2018-20470)
2. 攻击[24616]:Joomla JS Support Ticket 1.1.5任意文件下载
3. 攻击[41499]:HTTP请求敏感路径访问尝试
4. 攻击[41534]:网页包含挖矿脚本代码
5. 攻击[23309]:TWiki search功能任意SHELL命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21583. This package include changed rules:

new rules:
1. threat[24618]:Centova Cast 3.2.11 Arbitrary File Download
2. threat[24619]:Mersive Technologies Solstice Pods Operating System Command Injection Vulnerability(CVE-2017-12945)
3. Verot 2.0.3-File Upload Vulnerability (CVE-2019-19576)
4. threat[24621]:OkayCMS 2.3.4 Remote Code Execution Vulnerability (CVE-2019-16885)
5. threat[24622]:VBScript Remote Code Execution Vulnerability(CVE-2019-1485)
6. threat[24624]:WordPress CSS Hero 4.0.3 Cross Site Scripting (CVE-2019-19133)
7. threat[30725]:try to access and download .mdb database file
8. threat[24625]:Apache php file suffix parsing vulnerability
9. threat[24627]:dedecms sys_verifies.php Remote Code Execution Vulnerability (CVE-2018-9174)
10. threat[24626]:TemaTres 3.0 Cross Site Scripting(CVE-2019-14343)
11. threat[24628]:Advantech WISE-PaaS RMM Arbitrary File Upload Vulnerability(CVE-2019-13551)

update rules:
1. threat[24614]:Sahi Pro 7.x / 8.x Directory Traversal(CVE-2018-20470)
2. threat[24616]:Joomla JS Support Ticket 1.1.5 Arbitrary File Download
3. threat[41499]:HTTP Request Sensitive Path Access Attempt
4. threat[41534]:Web Page Contains Mining Script Code
5. threat[23309]:TWiki Search Function Arbitrary Command Execution


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-19 17:57:50
名称: eoi.unify.allrulepatch.ips.5.6.10.21512.rule 版本:5.6.10.21512
MD5:e3fdb4b2d757ba3b87d6ff7d537ddd12 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21512。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41726]:Lemon_Duck PowerShell 恶意软件C2服务器通信
2. 攻击[24613]:WiKID Systems 2FA EnterpriseSQL注入漏洞(CVE-2019-17117)
3. 攻击[24614]:Sahi Pro 7.x / 8.x目录遍历(CVE-2018-20470)
4. 攻击[24615]:FaceSentry访问控制系统6.4.8远程命令注入

更新规则:
1. 攻击[23811]:Apache APR_PSPrintf 内存破坏漏洞
2. 攻击[24457]:ElasticSearch远程任意代码执行漏洞(CVE-2014-3120)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21512. This package include changed rules:

new rules:
1. threat[41726]:Lemon_Duck PowerShell malware C2 server communication
2. threat[24613]:WiKID Systems 2FA EnterpriseSQL Injection Vulnerability (CVE-2019-17117)
3. threat[24614]:Sahi Pro 7.x / 8.x Directory Traversal(CVE-2018-20470)
4. threat[24615]:FaceSentry Access Control System 6.4.8 Remote Command Injection

update rules:
1. threat[23811]:Apache APR_PSPrintf Memory Corruption Vulnerability
2. threat[24457]:ElasticSearch Remote Arbitrary Code Execution Vulnerability (CVE-2014-3120)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-12 17:32:42
名称: eoi.unify.allrulepatch.ips.5.6.10.21465.rule 版本:5.6.10.21465
MD5:f800f1a9222cdb354e49d7b55d7da8b8 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21465。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41725]:MyKings僵尸网络通信

更新规则:
1. 攻击[23997]:Jackson-Databind框架json反序列化代码执行漏洞(CVE-2017-7525)
2. 攻击[60192]:SMTP服务器命令格式串漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21465. This package include changed rules:

new rules:
1. threat[41725]:MyKings Botnet Communication

update rules:
1. threat[23997]:Jackson-Databind framework json deserialization code execution vulnerability(CVE-2017-7525)
2. threat[60192]:SMTP Server Command Format String Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-05 18:36:25
名称: eoi.unify.allrulepatch.ips.5.6.10.21443.rule 版本:5.6.10.21443
MD5:308249bca22a641b42d623ae7046c3d6 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21443。该升级包新增/改进的规则有:


更新规则:
1. 攻击[66892]:PHP CGI查询字符串参数处理代码注入漏洞(CVE-2012-1823)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21443. This package include changed rules:


update rules:
1. threat[66892]:PHP CGI Query String Parameter Handling Code Injection Vulnerability(CVE-2012-1823)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-29 11:07:21
名称: eoi.unify.allrulepatch.ips.5.6.10.21434.rule 版本:5.6.10.21434
MD5:3f819796f14c370eb3f769390e5fe3a0 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21434。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41724]:APT组织TransparentTribe攻击活动

更新规则:
1. 攻击[24605]:HPE智能管理中心AMF3反序列化漏洞(CVE-2019-11944)
2. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
3. 攻击[23783]:nginx文件类型错误解析漏洞
4. 攻击[66892]:PHP CGI查询字符串参数处理代码注入漏洞(CVE-2012-1823)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21434. This package include changed rules:


new rules:
1. threat[41724]:APT organizes the TransparentTribe attack

update rules:
1. threat[24605]:HPE Intelligent Management Center AMF3 Externalizable Deserialization Vulnerability(CVE-2019-11944)
2. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution
3. threat[23783]:nginx Incorrect File Type Parse Vulnerability
4. threat[66892]:PHP CGI Query String Parameter Handling Code Injection Vulnerability(CVE-2012-1823)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-22 15:02:09
名称: eoi.unify.allrulepatch.ips.5.6.10.21411.rule 版本:5.6.10.21411
MD5:dfd2ea5ae7cd529b377fee17306bc6de 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21411。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24602]:OpenEMR facility_admin.php跨站脚本漏洞(CVE-2019-8368)
2. 攻击[24603]:YouPHPTube远程代码执行漏洞(CVE-2019-16124)
3. 攻击[24604]:Windows NTLM认证篡改漏洞(CVE-2019-1166)
4. 攻击[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL注入漏洞
5. 攻击[24607]:OpenEMR C_Document.class.php view_action doc_id 跨站脚本攻击(CVE-2019-3964)
6. 攻击[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet SQL注入
7. 攻击[24609]:Citrix StoreFront Server 7.15-XML外部实体注入
8. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
9. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
10. 攻击[41723]:APT组织"黑格莎"攻击活动

更新规则:
1. 攻击[49013]:挖矿程序连接矿池服务器通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21411. This package include changed rules:

new rules:
1. threat[24602]:OpenEMR facility_admin.php Cross-Site Scripting Vulnerability(CVE-2019-8368)
2. threat[24603]:YouPHPTube Remote Code Execution Vulnerability(CVE-2019-16124)
3. threat[24604]:Windows NTLM Message Integrity Check Tampering Vulnerability(CVE-2019-1166)
4. threat[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL Injection Vulnerability
5. threat[24607]:OpenEMR C_Document.class.php view_action doc_id Cross-Site Scripting(CVE-2019-3964)
6. threat[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet category SQL Injection
7. threat[24609]:Citrix StoreFront Server 7.15 - XML External Entity Injection
8. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704)
9. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution
10. threat[41723]:APT Ognization Higaisa Attack Behavior

update rules:
1. threat[49013]:Mining program connects mine pool server communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-14 22:09:59
名称: eoi.unify.allrulepatch.ips.5.6.10.21357.rule 版本:5.6.10.21357
MD5:4ed1bf4de75d23b97b65138c30ca0f7c 大小:25.22M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21357。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24599]:RConfig未授权RCE漏洞
2. 攻击[24598]:Apache Solr远程代码执行漏洞
3. 攻击[24600]:rConfig v3.9.2 远程代码执行漏洞
4. 攻击[24597]:Joomla 远程代码执行漏洞
5. 攻击[24601]:ThinkcmfX php代码注入漏洞

更新规则:
1. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞(RCE)(CVE-2017-12629)
2. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193)
3. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21357. This package include changed rules:

new rules:
1. threat[24599]:RConfig unauthorized RCE vulnerability
2. threat[24598]:Apache Solr Remote Code Execution Vulnerability
3. threat[24600]:rConfig v3.9.2 Remote Code Excution Vulnerability
4. threat[24597]:Joomla Remote Code Execution Vulnerability
5. threat[24601]:ThinkcmfX php Code Injection Vulnerability

update rules:
1. threat[24308]:Apache Solr/LuceneXML Remote Command Execution Vulnerability (RCE) (CVE-2017-12629)
2. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193)
3. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-07 18:53:34
名称: eoi.unify.allrulepatch.ips.5.6.10.21325.rule 版本:5.6.10.21325
MD5:578cae607f794639e445693ce1a31c37 大小:25.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21325。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24594]:研华WebAccess BwRPswd.exe基于堆栈的缓冲区溢出(CVE-2019-6550)
2. 攻击[24596]:php-fpm远程代码执行漏洞(CVE-2019-11043)

更新规则:
1. 攻击[62708]:IBM Rational Quality Manager后门账号漏洞
2. 应用:TeamViewer
3. 应用:TeamView


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21325. This package include changed rules:

new rules:
1. threat[24594]:Advantech WebAccess BwRPswd.exe Stack-based Buffer Overflow(CVE-2019-6550)
2. threat[24596]:php-fpm Remote Code Execution Vulnerability(CVE-2019-11043)

update rules:
1. threat[62708]:IBM Rational Quality Manager and Test Lab Manager Remote Code Execution Vulnerability
2. app:TeamViewer
3. app:teamviewer


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-01 11:31:59
名称: eoi.unify.allrulepatch.ips.5.6.10.21297.rule 版本:5.6.10.21297
MD5:dca33c40da10444ee04cbd382c7f26b9 大小:25.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21297。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24586]:Adobe Acrobat JOBOPTIONS 文件解析越界写漏洞
2. 攻击[24587]:HPE IMC CustomReportTemplateSelectBean 表达式语言注入漏洞(CVE-2019-5373)
3. 攻击[50575]:向日葵远程控制软件连接服务器
4. 攻击[24588]:HPE IMC OperatorGroupTreeSelectBean 表达式语言注入漏洞(CVE-2019-5374)
5. 攻击[24589]:Cisco IOS XE WebUI命令注入漏洞(CVE-2019-12650)
6. 攻击[24590]:Tibco JasperSoft 路径目录遍历漏洞(CVE-2018-18809)
7. 攻击[24591]:Exim string_vformat函数堆缓冲区溢出漏洞(CVE-2019-16928)
8. 攻击[24592]:Elasticsearch Kibana 远程代码执行漏洞(CVE-2019-7609)
9. 攻击[24593]:Adobe Acrobat JOBOPTIONS 文件解析越界读(CVE-2019-7110)

更新规则:
1. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞(CVE-2015-1427)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21297. This package include changed rules:


new rules:
1. threat[24586]:Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Write Vulnerability
2. threat[24587]:HPE IMC CustomReportTemplateSelectBean Expression Language Injection Vulnerability(CVE-2019-5373)
3. threat[50575]:Remote Control Tool Sunlogin Connecting Server
4. threat[24588]:HPE IMC OperatorGroupTreeSelectBean Expression Language Injection Vulnerability(CVE-2019-5374)
5. threat[24589]:Cisco IOS XE WebUI Command Injection Vulnerability(CVE-2019-12650)
6. threat[24590]:Tibco JasperSoft Path Traversal Vulnerability(CVE-2018-18809)
7. threat[24591]:Exim string_vformat Heap-based Buffer Overflow Vulnerability(CVE-2019-16928)
8. threat[24592]:Elasticsearch Kibana Remote Code Execution Vulnerability(CVE-2019-7609)
9. threat[24593]:Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Read(CVE-2019-7110)

update rules:
1. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-24 22:21:10
名称: eoi.unify.allrulepatch.ips.5.6.10.21238.rule 版本:5.6.10.21238
MD5:eda28aa8e4c74a3fc8d514bb61cad6e6 大小:24.68M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21238。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24577]:Atlassian Confluence服务器 PackageResourceManager信息泄露漏洞(CVE-2019-3394)
2. 攻击[24579]:OpenEMR ajax_download.php目录遍历漏洞(CVE-2019-14530)
3. 攻击[24578]:Zabbix认证绕过漏洞
4. 攻击[24580]:OpenEMR ajax_download.php目录遍历漏洞(CVE-2019-3967)
5. 攻击[24581]:uftpd FTP服务器compose_path目录遍历漏洞
6. 攻击[24582]:Jenkins FileParameterValue目录遍历漏洞(CVE-2019-10352)
7. 攻击[24583]:Pulse Secure diag.cgi命令注入(CVE-2019-11539)
8. 攻击[24584]:Pulse Secure Guacamol URI信息泄漏(CVE-2019-11510)
9. 攻击[10500]:Squid Proxy Digest认证拒绝服务漏洞(CVE-2019-12525)
10. 攻击[24585]:D-Link路由器未授权远程命令执行漏洞(CVE-2019-16920)
11. 应用:第一财经
12. 应用:虎扑体育
13. 应用:驱动人生
14. 应用:人人影视
15. 应用:和讯网

更新规则:
1. 攻击[24553]:冰蝎 Webshell 连接
2. 应用:I2P


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21238. This package include changed rules:

new rules:
1. threat[24577]:Atlassian Confluence Server PackageResourceManager Information Disclosure Vulnerability(CVE-2019-3394)
2. threat[24579]:OpenEMR ajax_download.php Directory Traversal Vulnerability(CVE-2019-14530)
3. threat[24578]:Zabbix Authentication Bypass Vulnerability
4. threat[24580]:OpenEMR ajax_download.php Directory Traversal Vulnerability(CVE-2019-3967)
5. threat[24581]:uftpd FTP Server compose_path Directory Traversal Vulnerability
6. threat[24582]:Jenkins FileParameterValue Directory Traversal Vulnerability(CVE-2019-10352)
7. threat[24583]:Pulse Secure diag.cgi Command Injection(CVE-2019-11539)
8. threat[24584]:Pulse Secure Guacamole URI Information Disclosure(CVE-2019-11510)
9. threat[10500]:Squid Proxy Digest Authentication Denial of Service(CVE-2019-12525)
10. threat[24585]:D-Link Routers Unauthorized Remote Command Execution Vulnerability(CVE-2019-16920)
11. app:First Finance and Economics
12. app:Tiger Sports
13. app:Driving life
14. app:RRTV
15. app:

update rules:
1. threat[24553]:Behinder Webshell Connect
2. app:I2P


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-17 21:03:57
名称: eoi.unify.allrulepatch.ips.5.6.10.21169.rule 版本:5.6.10.21169
MD5:91b3e75d19619e1750f94889f7567bc2 大小:24.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21169。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24573]:Microsoft IIS 4.0/5.0 Unicode扩展编码目录遍历漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21169. This package include changed rules:

new rules:
1. threat[24573]:Microsoft IIS 4.0/5.0 Unicode Encoding Directory Traversal Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-10 19:23:29
名称: eoi.unify.allrulepatch.ips.5.6.10.21152.rule 版本:5.6.10.21152
MD5:15269c2042d9eef8d77b04a6663a501b 大小:24.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21152。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24571]:FusionPBX 4.4.8 远程代码执行漏洞
2. 攻击[24572]:vbulletin 5.x 远程代码执行漏洞
3. 攻击[41720]:蚁剑Webshell管理工具连接控制



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21152. This package include changed rules:

new rules:
1. threat[24571]:FusionPBX 4.4.8 Remote Code Execution Vulnerability
2. threat[24572]:Vbulletin 5.x Remote Code Execution Vulnerability
3. threat[41720]:AntSword Webshell Management Tool Connection and Control



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-04 10:15:30
名称: eoi.unify.allrulepatch.ips.5.6.10.21135.rule 版本:5.6.10.21135
MD5:ace336a64eec6f952269753ea4ce0a8a 大小:24.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21135。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24568]:Windows NTLM认证篡改漏洞(CVE-2019-1040)
2. 攻击[24569]:Jenkins Git client插件远程命令执行漏洞(CVE-2019-10392)
3. 攻击[41718]:内网隧道工具reGeorg连接



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21135. This package include changed rules:

new rules:
1. threat[24568]:Windows NTLM Message Integrity Check Tampering Vulnerability(CVE-2019-1040)
2. threat[24569]:Jenkins Git client Plugin Remote Code Execution Vulnerability(CVE-2019-10392)
3. threat[41718]:Intranet tunneling tool reGeorg connection



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-26 15:17:50
名称: eoi.unify.allrulepatch.ips.5.6.10.21114.rule 版本:5.6.10.21114
MD5:2fe4426263aac37a15d859f748ac0b45 大小:24.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21114。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24567]:泛微e-cology OA系统远程代码执行漏洞

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21114. This package include changed rules:


new rules:
1. threat[24567]:Weaver e-cology OA System Remote Code Execution Vulnerability

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-22 11:08:35
名称: eoi.unify.allrulepatch.ips.5.6.10.21077.rule 版本:5.6.10.21077
MD5:4bfa29102a8157eaa1b1ad602ff04887 大小:24.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21077。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30724]:通用服务敏感信息访问

更新规则:
1. 攻击[24530]:Jira未授权服务端模板注入远程代码执行漏洞(CVE-2019-11581)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21077. This package include changed rules:

new rules:
1. threat[30724]:General Service Sensitive Infomation Access

update rules:
1. threat[24530]:Jira Unauthorized Server Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-19 16:30:20
名称: eoi.unify.allrulepatch.ips.5.6.10.21041.rule 版本:5.6.10.21041
MD5:5bd7ff8ce3310ed405250937a8720f1e 大小:24.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21041。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24557]:Apache httpd mod_md 空指针解引用漏洞(CVE-2018-8011)
2. 攻击[24558]:HPE智能管理中心TopoMsgServlet className表达式语言注入漏洞(CVE-2019-11942)
3. 攻击[24559]:HPE智能管理中心PlatNavigationToBean URL表达式语言注入漏洞(CVE-2019-5387)
4. 攻击[24561]:XStream Library ReflectionConverter反序列化漏洞(CVE-2019-10173)
5. 攻击[41712]:OpenVAS扫描攻击探测
6. 攻击[10498]:Fastjson远程拒绝服务漏洞
7. 攻击[50573]:协议隧道工具dnscat连接
8. 攻击[24546]:Adobe ColdFusion CVE-2019-7839远程执行代码(CVE-2019-7839)

更新规则:
1. 攻击[23964]:Microsoft Edge远程信息泄露漏洞(CVE-2016-7206)(MS16-145)
2. 应用:Tor


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21041. This package include changed rules:

new rules:
1. threat[24557]:Apache httpd mod_md Null Pointer Dereference(CVE-2018-8011)
2. threat[24558]:HPE Intelligent Management Center TopoMsgServlet className Expression Language Injection Vulnerability(CVE-2019-11942)
3. threat[24559]:HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection Vulnerability(CVE-2019-5387)
4. threat[24561]:XStream Library ReflectionConverter Insecure Deserialization Vulnerability(CVE-2019-10173)
5. threat[41712]:OpenVAS scanning attack detection
6. threat[10498]:Fastjson Remote Denial of Service Vulnerability
7. threat[50573]:Protocol tunnel tool dnscat connection
8. threat[24546]:Adobe ColdFusion CVE-2019-7839 Remote Code Execution(CVE-2019-7839)

update rules:
1. threat[23964]:Microsoft Edge Information Disclosure Vulnerability(CVE-2016-7206)(MS16-145)
2. app:Tor


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-13 09:59:53
名称: eoi.unify.allrulepatch.ips.5.6.10.21006.rule 版本:5.6.10.21006
MD5:120a0b584bb2719eb5f789494d422a98 大小:24.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21006。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24555]:HPE智能管理中心IctTableExportToCSVBean表达式语言注入(CVE-2019-5370)

更新规则:
1. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21006. This package include changed rules:

new rules:
1. threat[24555]:HPE Intelligent Management Center IctTableExportToCSVBean Expression Language Injection(CVE-2019-5370)

update rules:
1. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-06 11:56:51
名称: eoi.unify.allrulepatch.ips.5.6.10.20956.rule 版本:5.6.10.20956
MD5:101b1346b189dfe5d18c45985add103f 大小:24.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20956。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10497]:slowhttptest慢速攻击
2. 攻击[24550]:Webmin(CVE-2019-15107)远程代码执行漏洞

更新规则:
1. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞
2. 攻击[23649]:Intellicom NetBiter Hostname字段缓冲区溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20956. This package include changed rules:

new rules:
1. threat[10497]:Slowhttptest slow attack
2. threat[24550]:Webmin (CVE-2019-15107) Remote Code Execution Vulnerability

update rules:
1. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability
2. threat[23649]:Intellicom Netbiter Hostname Stack Buffer Overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-30 09:26:10
名称: eoi.unify.allrulepatch.ips.5.6.10.20927.rule 版本:5.6.10.20927
MD5:82a00dc4300530890ff5a4b27a5cae9b 大小:24.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20927。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24548]:Cisco Prime Data Center Network Manager 任意文件上传漏洞

更新规则:
1. 攻击[41499]:HTTP请求敏感路径访问尝试
2. 攻击[60607]:多个厂商DNS消息解压远程拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20927. This package include changed rules:

new rules:
1. threat[24548]:Cisco Prime Data Center Network Manager fileUpload Arbitrary File Upload vulnerability

update rules:
1. threat[41499]:HTTP Request Sensitive Path Access Attempt
2. threat[60607]:Multiple Vendor DNS Message Decompression Remote Denial of Service Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-23 09:45:22
名称: eoi.unify.allrulepatch.ips.5.6.10.20907.rule 版本:5.6.10.20907
MD5:a6589d90e97f162c4aee3c3f9efbd2f5 大小:24.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20907。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24544]:Netgate pfSense 跨站脚本漏洞(CVE-2019-12347)
2. 攻击[41709]:Microsoft IIS IISADMPWD Virtual Directory 信息枚举漏洞
3. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞
4. 攻击[41710]:Linux系统Shell反向连接
5. 攻击[24546]:Adobe ColdFusion CVE-2019-7839远程执行代码(CVE-2019-7839)

更新规则:
1. 攻击[30651]:Nessus漏洞扫描工具HTTP服务扫描操作
2. 攻击[41499]:HTTP请求敏感路径访问尝试


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20907. This package include changed rules:

new rules:
1. threat[24544]:Netgate pfSense Cross-Site Scripting(XSS) Vulnerability(CVE-2019-12347)
2. threat[41709]:Microsoft IIS IISADMPWD Virtual Directory Information Enumeration Vulnerability
3. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability
4. threat[41710]:Linux Shell Reverse Connect
5. threat[24546]:Adobe ColdFusion CVE-2019-7839 Remote Code Execution(CVE-2019-7839)


update rules:
1. threat[30651]:Nessus Vulnerability Scanner HTTP Server Scan Operation
2. threat[41499]:HTTP Request Sensitive Path Access Attempt


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-15 18:04:43
名称: eoi.unify.allrulepatch.ips.5.6.10.20856.rule 版本:5.6.10.20856
MD5:e6dfc2929f4d8db4dc92ea6e4f503eb2 大小:24.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20856。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193)
2. 攻击[24539]:Drupal Core远程代码执行漏洞(CVE-2019-6339)
3. 攻击[24540]:HPE Intelligent Management Center perfSelectTask远程代码执行漏洞(CVE-2019-5385)

更新规则:
1. 攻击[49036]:APT组织索伦之眼(ProjectSauron)攻击



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20856. This package include changed rules:

new rules:
1. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193)
2. threat[24539]:Drupal Core Remote Code Execution Vulnerability(CVE-2019-6339)
3. threat[24540]:HPE Intelligent Management Center perfSelectTask Remote Code Execution Vulnerability(CVE-2019-5385)

update rules:
1. threat[49036]:APT organization ProjectSauron attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-09 09:37:42
名称: eoi.unify.allrulepatch.ips.5.6.10.20818.rule 版本:5.6.10.20818
MD5:1dde7be41a9f7640f0c8fa6a58a40c88 大小:24.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20818。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24536]:HPE智能管理中心TopoDebugServlet不安全反序列化
2. 攻击[24537]:Firefly CMS 1.0 远程命令执行漏洞
3. 攻击[24538]:Xstream反序列化远程代码执行漏洞(CVE-2013-7285)(CVE-2019-10173)

更新规则:
1. 攻击[24392]:LAquis SCADA Web服务器acompanhamentotela PAGINA命令注入(CVE-2018-18992)
2. 攻击[68655]:可疑Webshell后门访问控制
3. 攻击[68654]:可疑Webshell脚本文件上传行为
4. 攻击[40958]:木马后门程序Chopper Webshell检测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20818. This package include changed rules:


new rules:
1. threat[24536]:HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization
2. threat[24537]:Firefly CMS 1.0 Remote Command Execution vulnerability
3. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285)(CVE-2019-10173)

update rules:
1. threat[24392]:LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection(CVE-2018-18992)
2. threat[68655]:Suspicious Webshell Backdoor Access and Control
3. threat[68654]:Suspicious Webshell Script Files Upload Behavior
4. threat[40958]:Backdoor/Trojan Chopper Webshell Detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-01 17:49:38
名称: eoi.unify.allrulepatch.ips.5.6.10.20765.rule 版本:5.6.10.20765
MD5:324acb3e9a1a3ce4f8f2fe4a6284d311 大小:24.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20765。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24531]:Blue Angel Software Suite 命令执行漏洞
2. 攻击[24533]:SOCA Access Control System 180612 信息泄露漏洞
3. 攻击[24534]:Electronic Arts OriginURI处理程序模板注入漏洞(CVE-2019-11354)
4. 攻击[24535]:Jackson-databind远程代码执行漏洞(CVE-2019-12384)

更新规则:
1. 攻击[23612]:Jboss JMX Java反序列化漏洞
2. 攻击[63085]:Adobe Flash Player栈溢出漏洞(CVE-2012-2035)
3. 攻击[24532]:Jenkins 远程代码执行漏洞(CVE-2019-1003000)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20765. This package include changed rules:

new rules:
1. threat[24531]:Blue Angel Software Suite Command Execution vulnerability
2. threat[24533]:SOCA Access Control System 180612 Information Disclosure vulnerability
3. threat[24534]:Electronic Arts Origin Client URI Handler Template Injection Vulnerability(CVE-2019-11354)
4. threat[24535]:Jackson-databind Remote Code Execution Vulnerability(CVE-2019-12384)

update rules:
1. threat[23612]:Jboss JMX Java Unserialization Vulnerability
2. threat[63085]:Adobe Flash Player StackOverflow Vulnerability(CVE-2012-2035)
3. threat[24532]:Jenkins Remote Code Execution Vulnerability (CVE-2019-1003000)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-25 20:04:48
名称: eoi.unify.allrulepatch.ips.5.6.10.20697.rule 版本:5.6.10.20697
MD5:6dba75adefbb21811f9bdc1f9a4f3a17 大小:24.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20697。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41704]:Windows CMD命令行反向连接
2. 攻击[24524]:Cisco Elastic Services Controller REST API认证绕过漏洞(CVE-2019-1867)
3. 攻击[24525]:HPE Intelligent Management Center AccessMgrServlet反序列化漏洞(CVE-2019-11945)
4. 攻击[41705]:木马后门程序苏拉克网络通信
5. 攻击[41706]:木马后门程序Blackshades恶意通信
6. 攻击[24526]:PHP7 zip组件整型溢出漏洞(CVE-2016-3078)

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞
2. 攻击[23777]:GraphicsMagick和ImageMagick远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20697. This package include changed rules:


new rules:
1. threat[41704]:Windows CMD Command Line Reverse Connect
2. threat[24524]:Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability(CVE-2019-1867)
3. threat[24525]:HPE Intelligent Management Center AccessMgrServlet Deserialization Vulnerability(CVE-2019-11945)
4. threat[41705]:Trojan/Backdoor Surak Network Communication
5. threat[41706]:Trojan/Backdoor BlackShades Malicious Communication
6. threat[24526]:PHP7 zip Component Integer Overflow Vulnerability(CVE-2016-3078)

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability
2. threat[23777]:GraphicsMagick and ImageMagick Remote code execution vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-18 18:08:56
名称: eoi.unify.allrulepatch.ips.5.6.10.20655.rule 版本:5.6.10.20655
MD5:384fa57d9e18d6cde153d79e841359fd 大小:24.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20655。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24522]:Microsoft Office Outlook 安全绕过漏洞(CVE-2017-11774)
2. 攻击[30723]:Sahi Pro 8.x目录遍历漏洞(CVE-2019-13063)
3. 攻击[41700]:Sqlmap扫描攻击探测
4. 攻击[41701]:Sqlmap Tamper space2blank 模块扫描攻击探测
5. 攻击[41702]:Nmap扫描攻击探测
6. 攻击[41703]:DirBuster扫描攻击探测
7. 攻击[49037]:GandCrab勒索软件请求恶意域名

更新规则:
1. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
2. 攻击[41187]:Acunetix Web Vulnerability Scanner扫描探测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20655. This package include changed rules:

new rules:
1. threat[24522]:Microsoft Office Outlook security bypass vulnerability (CVE-2017-11774)
2. threat[30723]:Sahi Pro 8.x Directory Traversal Vulnerability(CVE-2019-13063)
3. threat[41700]:Sqlmap scan attack detection
4. threat[41701]:Sqlmap Tamper space2blank module scan attack detection
5. threat[41702]:Nmap scan attack detection
6. threat[41703]:DirBuster scanning attack detection
7. threat[49037]:Ransomware GandCrab Query Malicious Domain

update rules:
1. threat[49014]:Mining program query DNS mine pool server domain name
2. threat[41187]:Acunetix Web Vulnerability Scanner Detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-11 17:54:34
名称: eoi.unify.allrulepatch.ips.5.6.10.20624.rule 版本:5.6.10.20624
MD5:4c8ef910e875d7b8dfdd5943ab0df20d 大小:24.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20624。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24516]:BlogEngine.NET XML注入漏洞(CVE-2019-10718)
2. 攻击[24517]:Hosting Controller HC10无效指针写入漏洞(CVE-2019-12323)
3. 攻击[24518]:OMRON CX-One CX-Protocol CMessage 类型混淆漏洞
4. 攻击[24520]:Spring Security OAuth开放重定向漏洞(CVE-2019-3778)(CVE-2019-11269)
5. 攻击[49036]:APT组织索伦之眼(ProjectSauron)攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20624. This package include changed rules:

new rules:
1. threat[24516]:BlogEngine.NET XML Injection Vulnerability(CVE-2019-10718)
2. threat[24517]:Hosting Controller HC10 Remote Invalid Pointer Write Vulnerability(CVE-2019-12323)
3. threat[24518]:OMRON CX-One CX-Protocol CMessage Type Confusion vulnerability
4. threat[24520]:Spring Security OAuth Open Redirector Vulnerability(CVE-2019-3778)(CVE-2019-11269)
5. threat[49036]:APT organization ProjectSauron attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-04 18:31:48
名称: eoi.unify.allrulepatch.ips.5.6.10.20597.rule 版本:5.6.10.20597
MD5:842dceb9d106321ec8331c06c88ec7e6 大小:24.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20597。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24512]:Koha Library Software 18.1106000 重定向攻击
2. 攻击[24513]:Windows MS17-010系列漏洞扫描攻击
3. 攻击[24514]:IBM Websphere Application Server反序列化远程代码执行漏洞(CVE-2019-4279)

更新规则:
1. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
2. 攻击[22696]:Netgear DGN1000B setup.cgi 远程命令注入漏洞
3. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20597. This package include changed rules:

new rules:
1. threat[24512]:Koha Library Software 18.1106000 Open Redirection
2. threat[24513]:Windows MS17-010 Vulnerabilities Scanning
3. threat[24514]:IBM Websphere Application Server Untrusted Data Deserialization Remote Code Execution(CVE-2019-4279)

update rules:
1. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
2. threat[22696]:Netgear DGN1000B setup.cgi Remote Command Execution
3. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-26 18:48:17
名称: eoi.unify.allrulepatch.ips.5.6.10.20557.rule 版本:5.6.10.20557
MD5:6147338fd184e71a8f86cc420ff76b3a 大小:24.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20557。该升级包新增/改进的规则有:


更新规则:
1. 攻击[50519]:远程控制工具NetWire连接
2. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20557. This package include changed rules:


update rules:
1. threat[50519]:Remote Control tool NetWire
2. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-22 11:56:17
名称: eoi.unify.allrulepatch.ips.5.6.10.20554.rule 版本:5.6.10.20554
MD5:d287ed3fa1ea77398b2f3614c51625ad 大小:24.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20554。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10494]:Advantech WebAccess节点webvrpcs uninstallwa拒绝服务漏洞(CVE-2019-6554)
2. 攻击[24509]:LAquis SCADA Web Server relatorioindividual TAG参数代码注入漏洞
3. 攻击[24511]:Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL注入漏洞(CVE-2019-11469)

更新规则:
1. 攻击[24437]:OpenMRS webservices.rest不安全对象反序列化漏洞(CVE-2018-19276)
2. 攻击[30709]:施耐德派尔高Sarix Pro网络摄像头信息泄露漏洞
3. 攻击[24465]:confluence远程代码执行漏洞(CVE-2019-3396)
4. 攻击[41489]:后门程序Doublepulsar通信
5. 攻击[41529]:木马后门程序熊宝宝远控网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20554. This package include changed rules:

new rules:
1. threat[10494]:Advantech WebAccess Node webvrpcs uninstallwa Denial of Service Vulnerability(CVE-2019-6554)
2. threat[24509]:LAquis SCADA Web Server relatorioindividual TAG Code Injection vulnerability
3. threat[24511]:Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL Injection Vulnerability(CVE-2019-11469)

update rules:
1. threat[24437]:OpenMRS webservices.rest Insecure Object Deserialization Vulnerabilities(CVE-2018-19276)
2. threat[30709]:Schneider Pelco Sarix Pro Webcam Information Disclosure Vulnerability
3. threat[24465]:Confluence remote code execution vulnerability (cve-2019-3396)
4. threat[41489]:Backdoor Doublepulsar Communication
5. threat[41529]:Trojan/Backdoor XiongBaoBao Network Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-21 18:15:28
名称: eoi.unify.allrulepatch.ips.5.6.10.20521.rule 版本:5.6.10.20521
MD5:17a7dbb9865ec543a1884c46614eac64 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20521。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24508]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 攻击[30722]:Coremail 配置信息泄漏漏洞
4. 攻击[23589]:Mongodb未授权访问漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20521. This package include changed rules:

new rules:
1. threat[24508]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. threat[30722]:Coremail Configuration Information Disclosure Vulnerability
4. threat[23589]:Mongodb Unauthorized Access Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-17 21:46:54
名称: eoi.unify.allrulepatch.ips.5.6.10.20507.rule 版本:5.6.10.20507
MD5:035acba8deb999319c3968e800f14b11 大小:24.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20507。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24504]:基于URI的SQL注入
2. 攻击[24505]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)
3. 攻击[24506]:Coremail论客邮件系统信息泄露漏洞
4. 攻击[41697]:冰蝎加密ASP Webshell文件上传
5. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
6. 攻击[41699]:冰蝎加密JSP Webshell文件上传
7. 攻击[24507]:http请求uri/referer字段目录遍历

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[23597]:Redis未授权访问远程获得服务器权限漏洞
3. 攻击[50563]:Elasticsearch服务敏感路径访问
4. 攻击[68654]:可疑Webshell脚本文件上传行为


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20507. This package include changed rules:

new rules:
1. threat[24504]:URI-based SQL injection
2. threat[24505]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)
3. threat[24506]:Coremail Mail System Information Disclosure Vulnerability
4. threat[41697]:Behinder Encrypted ASP Webshell File Upload
5. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
6. threat[41699]:Behinder Encrypted JSP Webshell File Upload
7. threat[24507]:Http request uri/referer field directory traversal

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[23597]:Redis Unauthorized Access obtain Remote server permission Vulnerability
3. threat[50563]:Elasticsearch service sensitive path access
4. threat[68654]:Suspicious Webshell Script Files Upload Behavior


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-14 23:04:06
名称: eoi.unify.allrulepatch.ips.5.6.10.20483.rule 版本:5.6.10.20483
MD5:08111d35fce272f5fd54da9ed71d9e94 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20483。该升级包新增/改进的规则有:


新增规则:
1. 攻击[49034]:恶意挖矿病毒Xmrig DNS请求连接
2. 攻击[24503]:Ecshop 2.x/3.x SQL注入/任意代码执行漏洞

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24236]:Asterisk 越界写漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20483. This package include changed rules:


new rules:
1. threat[49034]:Malware Mining Virus Xmrig DNS Request Connection
2. threat[24503]:Ecshop 2.x/3.x SQL Injection/Arbitary Code Execution Vulnerability

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24236]:Asterisk out-of-bounds write vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-13 19:05:04
名称: eoi.unify.allrulepatch.ips.5.6.10.20441.rule 版本:5.6.10.20441
MD5:3aba5e2bc21389898fd2c0407553244b 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20441。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24502]:反射型XSS注入攻击

更新规则:
1. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
2. 攻击[22532]:WordPress plugin Foxypress uploadify.php任意代码执行漏洞
3. 攻击[23705]:WordPress Foxypress插件uploadify.php 任意文件上传漏洞
4. 攻击[23589]:Mongodb未授权访问漏洞
5. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20441. This package include changed rules:


new rules:
1. threat[24502]:Reflective XSS injection attack

update rules:
1. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
2. threat[22532]:WordPress plugin Foxypress uploadify.php Arbitrary Code Execution Vulnerability
3. threat[23705]:WordPress Foxypress XActive uploadify.php Arbitrary File Upload Vulnerability
4. threat[23589]:Mongodb Unauthorized Access Vulnerability
5. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-06 15:07:10
名称: eoi.unify.allrulepatch.ips.5.6.10.20383.rule 版本:5.6.10.20383
MD5:756f3a76ddae060e40a694098b8de32e 大小:24.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20383。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24490]:D-Link DWL-2600AP Save Configuration 命令注入
2. 攻击[24491]:WordPress wp-content themes重定向
3. 攻击[24492]:施耐德电气U.Motion Builder 1.3.4命令注入漏洞(CVE-2018-7841)
4. 攻击[24493]:GAT-Ship Web模块1.30信息泄露漏洞
5. 攻击[24494]:Spring Cloud Config 2.1.x 路径遍历(CVE-2019-3799)
6. 攻击[30718]:masscan扫描工具web服务扫描
7. 攻击[24495]:Zookeeper未授权访问漏洞

更新规则:
1. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞(CVE-2019-2725)
2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
3. 攻击[24489]:微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20383. This package include changed rules:

new rules:
1. threat[24490]:D-Link DWL-2600AP Save Configuration Command Injection
2. threat[24491]:WordPress wp-content themes Open Redirection
3. threat[24492]:Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability(CVE-2018-7841)
4. threat[24493]:GAT-Ship Web Module 1.30 Information Disclosure Vulnerability
5. threat[24494]:Spring Cloud Config 2.1.x Path Traversal(CVE-2019-3799)
6. threat[30718]:Scanner masscan Scaning Web Service
7. threat[24495]:Zookeeper Unauthorized Access Vulnerability

update rules:
1. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725)
2. threat[49014]:Mining program query DNS mine pool server domain name
3. threat[24489]:Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-30 19:24:09
名称: eoi.unify.allrulepatch.ips.5.6.10.20340.rule 版本:5.6.10.20340
MD5:275fd2c2003c8f2a5aa6118223c0162a 大小:24.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20340。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24488]:SOCA访问控制系统180612跨站点脚本攻击
2. 攻击[41689]:Linux挖矿程序kworkerds下载恶意文件
3. 攻击[24489]:微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)

更新规则:
1. 攻击[61534]:Webmin /Usermin信息泄露漏洞
2. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20340. This package include changed rules:

new rules:
1. threat[24488]:SOCA Access Control System 180612 Cross Site Scripting
2. threat[41689]:Linux mining program kworkerds downloads malicious files
3. threat[24489]:Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

update rules:
1. threat[61534]:Webmin Arbitrary File Disclosure Vulnerability
2. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-22 12:20:23
名称: eoi.unify.allrulepatch.ips.5.6.10.20306.rule 版本:5.6.10.20306
MD5:ac4cd90b0f3a91552ab35e681a02d67a 大小:24.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20306。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24482]:多个应用application.ini数据库配置文件泄露漏洞
2. 攻击[24483]:Cisco Webex Teams URI处理程序远程执行代码漏洞(CVE-2019-1636)
3. 攻击[41688]:恶意程序generic/VBS.SLoad网络通信
4. 攻击[24484]:Malwarebytes防恶意软件URI处理程序远程执行代码漏洞(CVE-2019-6739)
5. 攻击[24485]:Microsoft Office Word安全特性绕过(CVE-2019-0540)
6. 攻击[24486]:HTTP URL参数SQL注入尝试
7. 攻击[41684]:恶意程序generic/Drun.Downloader_a网络通信
8. 攻击[41685]:恶意程序generic/MSIL.LimeRat_a网络通信
9. 攻击[41686]:恶意程序generic/PcClient.Rat网络通信
10. 攻击[41687]:恶意程序generic/SappyCache网络通信

更新规则:
1. 攻击[24471]:WebLogic任意文件上传漏洞(CVE-2019-2618)
2. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞
3. 攻击[24438]:Apache Solr 反序列化远程代码执行漏洞(CVE-2019-0192)
4. 攻击[63682]:HTTP SQL注入尝试类型三



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20306. This package include changed rules:

new rules:
1. threat[24482]:Multiple application's application.ini Database Configuration Disclosure Vulnerability
2. threat[24483]:Cisco Webex Teams URI Handler Remote Code Execution Vulnerability(CVE-2019-1636)
3. threat[41688]:Malicious program generic/VBS.SLoad network communication
4. threat[24484]:Malwarebytes Anti-Malware URI Handler Remote Code Execution Vulnerability(CVE-2019-6739)
5. threat[24485]:Microsoft Office Word Security Feature Bypass(CVE-2019-0540)
6. threat[24486]:HTTP URL Parameters SQL Injection Attempt
7. threat[41684]:Malicious program generic/Drun.Downloader_a network communication
8. threat[41685]:Malicious program generic/MSIL.LimeRat_a network communication
9. threat[41686]:Malicious program generic/PcClient.Rat network communication
10. threat[41687]:Malicious program generic/SappyCache network communication

update rules:
1. threat[24471]:WebLogic Arbitrary File Upload Vulnerability (CVE-2019-2618)
2. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability
3. threat[24438]:Apache Solr Deserialization Remote Code Execution Vulnerability(CVE-2019-0192)
4. threat[63682]:HTTP SQL Injection Attempt Type Three



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-17 15:39:35
名称: eoi.unify.allrulepatch.ips.5.6.10.20255.rule 版本:5.6.10.20255
MD5:851b3133c7a11452f74b5178efec9453 大小:24.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20255。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24478]:Sony Smart TV Photo Sharing Plus 信息泄露漏洞(CVE-2019-11336)
2. 攻击[24479]:Wordpress Social Warfare 远程代码执行(CVE-2019-9978)
3. 攻击[24480]:Xitami Web Server 2.5 远程缓冲区溢出漏洞
4. 攻击[24481]:Oracle WebLogic Server FileDistributionServlet 信息泄露



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20255. This package include changed rules:

new rules:
1. threat[24478]:Sony Smart TV Photo Sharing Plus Information Disclosure Vulnerability(CVE-2019-11336)
2. threat[24479]:Wordpress Social Warfare Remote Code Execution(CVE-2019-9978)
3. threat[24480]:Xitami Web Server 2.5 Remote Buffer Overflow
4. threat[24481]:Oracle WebLogic Server FileDistributionServlet Information Disclosure



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-09 19:34:25
名称: eoi.unify.allrulepatch.ips.5.6.10.20205.rule 版本:5.6.10.20205
MD5:5f34cf08a84d457b3ade02f91642437e 大小:22.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20205。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24476]:Sierra Wireless AirLink ES450 ACEManager template_load.cgi信息披露(CVE-2018-4067)
2. 攻击[24477]:JioFi 4G M2S 1.0.2拒绝服务(CVE-2019-7439)

更新规则:
1. 攻击[41655]:"驱动人生"下载器木马通信
2. 攻击[41680]:APT34组织黑客攻击工具检测
3. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞(CVE-2019-2725)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20205. This package include changed rules:


new rules:
1. threat[24476]:Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure(CVE-2018-4067)
2. threat[24477]:JioFi 4G M2S 1.0.2 Denial Of Service(CVE-2019-7439)

update rules:
1. threat[41655]:"Driver Talent" Downloader Trojan Communication
2. threat[41680]:APT34 Organization Hacking Tool Detection
3. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-30 14:05:26
名称: eoi.unify.allrulepatch.ips.5.6.10.20173.rule 版本:5.6.10.20173
MD5:0a7f1e97dd2f38610a42ac666cd6f13a 大小:22.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20173。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24472]:WordPress _wp_attached_file wp_crop_image 目录遍历漏洞(CVE-2019-8942)
2. 攻击[41680]:APT34组织黑客攻击工具检测
3. 攻击[24474]:Oracle Business Intelligence XML Publisher 12.2.1.4.0 - XML外部实体注入漏洞(CVE-2019-2616)
4. 攻击[24471]:WebLogic任意文件上传漏洞(CVE-2019-2618)

更新规则:
1. 攻击[24431]:HPE智能管理中心iccSelectCommand表达式语言注入漏洞
2. 攻击[40328]:木马后门程序冰河木马通信
3. 攻击[60464]:HTTP服务目录遍历漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20173. This package include changed rules:


new rules:
1. threat[24472]:WordPress _wp_attached_file wp_crop_image Directory Traversal Vulnerability(CVE-2019-8942)
2. threat[41680]:APT34 Organization Hacking Tool Detection
3. threat[24474]:Oracle Business Intelligence XML Publisher 12.2.1.4.0 - XML External Entity Injection Vulnerability(CVE-2019-2616)
4. threat[24471]:WebLogic Arbitrary File Upload Vulnerability (CVE-2019-2618)


update rules:
1. threat[24431]:HPE Intelligent Management Center iccSelectCommand Expression Language Injection Vulnerability
2. threat[40328]:Backdoor/Trojan Glacier Trojan Communication
2. threat[60464]:HTTP Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-25 18:50:19
名称: eoi.unify.allrulepatch.ips.5.6.10.20147.rule 版本:5.6.10.20147
MD5:e9275340a0b44367cd49d66819d6186a 大小:68.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20147。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24470]:Weblogic blind XXE漏洞
2. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20147. This package include changed rules:

new rules:
1. threat[24470]:Weblogic blind XXE vulnerability
2. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-20 09:48:33
名称: eoi.unify.allrulepatch.ips.5.6.10.20109.rule 版本:5.6.10.20109
MD5:567c16a420ba30e1074bba481a137341 大小:68.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20109。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24459]:Pegasus CMS 远程命令执行漏洞
2. 攻击[24460]:metinfo 6.2.0前台SQL注入漏洞
3. 攻击[41665]:利用Jenkins RCE漏洞的ImposterMiner挖矿木马
4. 攻击[41666]:暗云木马通信
5. 攻击[41310]:Bill Gates僵尸网络通讯
6. 攻击[24461]:Loytec LGATE-902任意文件删除漏洞(CVE-2018-14916)
7. 攻击[24462]:Horde Groupware Webmail 认证任意文件注入(CVE-2019-9858)
8. 攻击[50556]:MySQL登录认证成功

更新规则:
1. 攻击[49014]:门罗币挖矿程序网络通信
2. 攻击[49013]:挖矿程序连接矿池服务器通信]
3. 攻击[49005]:暗云木马查询控制服务器域名
4. 攻击[49008]:Bill Gates僵尸网络查询控制服务器域名


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20109. This package include changed rules:


new rules:
1. threat[24459]:Pegasus CMS Remote Code Execution Vulnerability
2. threat[24460]:metinfo 6.2.0 SQL Injection Vulnerability
3. threat[41665]:ImposterMiner mining horse using Jenkins RCE vulnerability
4. threat[41666]:Dark clouds Trojan Communication with Server
5. threat[41310]:Bill Gates BotNet Communication
6. threat[24461]:Loytec LGATE-902 Arbitrary File Deletion Vulnerability(CVE-2018-14916)
7. threat[24462]:Horde Groupware Webmail Authenticated Arbitrary File Injection(CVE-2019-9858)
8. threat[50556]:MySQL login authentication succeeded

update rules:
1. threat[49014]:Monero XMR Mining Programs Communication
2. threat[49013]:挖矿程序连接矿池服务器通信
3. threat[49005]:Dark clouds Trojan Query CnC Server Domain
4. threat[49008]:Bill Gates BotNet Query CnC Server Domain Name


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-19 10:12:48
名称: eoi.unify.allrulepatch.ips.5.6.10.20043.rule 版本:5.6.10.20043
MD5:cf18442986f225b927345dc3082ea460 大小:68.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20043。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24452]:WordPress Ultimate Form Builder 1.0数据库泄漏
2. 攻击[24453]:TP-Link SR20 本地网络远程代码执行漏洞
3. 攻击[24454]:Masch CMStudio横幅模块8.6.1打开重定向导致网络钓鱼
4. 攻击[24456]:惠普打印机认证绕过漏洞
5. 攻击[24455]:WordPress article2pdf任意文件读取漏洞(CVE-2019-1010257)
6. 攻击[41664]:基于Linux环境的CryptoSink挖矿活动
7. 攻击[41663]:基于Windows环境的CryptoSink挖矿活动
8. 攻击[24457]:ElasticSearch远程任意代码执行漏洞(CVE-2014-3120)
9. 攻击[24458]:PhreeBooks ERP 5.2.3任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20043. This package include changed rules:

new rules:
1. threat[24452]:WordPress Ultimate Form Builder 1.0 Database Disclosure
2. threat[24453]:TP-Link SR20 LAN RCE Vulnerability
3. threat[24454]:Masch CMStudio Banners Modules 8.6.1 Open Redirection TO Phishing
4. threat[24456]:HP LaserJet Printer Authentication Bypass
5. threat[24455]:WordPress article2pdf File Disclosure Vulnerability(CVE-2019-1010257)
6. threat[41664]:CryptoSink mining activity based on Linux environment
7. threat[41663]:CryptoSink mining activity based on Windows environment
8. threat[24457]:ElasticSearch Remote Arbitrary Code Execution Vulnerability (CVE-2014-3120)
9. threat[24458]:PhreeBooks ERP 5.2.3 Arbitrary File Upload Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-11 20:04:54
名称: eoi.unify.allrulepatch.ips.5.6.10.20014.rule 版本:5.6.10.20014
MD5:4e385337061ce16fda8da43e702b7473 大小:69.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20014。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24447]:JFrog Artifactory Administrator身份验证绕过(CVE-2019-9733)
2. 攻击[24448]:Ruby on Rails 路径穿越与任意文件读取(CVE-2019-5418)
3. 攻击[24449]:WordPress AND-AntiBounce 1.0.3 重定向漏洞
4. 攻击[41661]:WordPress 2.0.2 WP-Forum Plugins 1.7.8 数据库文件泄露漏洞
5. 攻击[24451]:Titan FTP Server 路径遍历漏洞(CVE-2019-10009)

更新规则:
1. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193)
2. 攻击[49019]:挖矿蠕虫WannaMine连接通信
3. 攻击[62801]:Apache HTTP Server换行内存分配拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20014. This package include changed rules:

new rules:
1. threat[24447]:JFrog Artifactory Administrator Authentication Bypass(CVE-2019-9733)
2. threat[24448]:Ruby on Rails path traversal with arbitrary file read (cve-2019-5418)
3. threat[24449]:WordPress AND-AntiBounce 1.0.3 Redirection Vulnerability
4. threat[41661]:WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure Vulnerability
5. threat[24451]:Titan FTP Server Directory Traversal Vulnerability(CVE-2019-10009)

update rules:
1. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193)
2. threat[49019]:Miner Worm WannaMine Connection
3. threat[62801]:Apache HTTP Server Linefeed Memory Allocation Denial of Service Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-04 23:48:25
名称: eoi.unify.allrulepatch.ips.5.6.10.19989.rule 版本:5.6.10.19989
MD5:732177484b1239c272dd8eb8fca7d9a2 大小:46.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19989。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24437]:OpenMRS webservices.rest不安全对象反序列化漏洞(CVE-2018-19276)
2. 攻击[24438]:Apache Solr 反序列化远程代码执行漏洞(CVE-2019-0192)
3. 攻击[24439]:FreeBSD NFS 服务 NFSv4 操作码越界写(CVE-2018-17157)
4. 攻击[24440]:CMS Made Simple Showtime2 3.6.2 任意文件上传漏洞(CVE-2019-9692)
5. 攻击[24441]:HPE 智能管理中心 dbman decryptMsgAes 堆栈缓冲区溢出(CVE-2018-7114)
6. 攻击[24442]:Microsoft Windows DHCP Client 远程代码执行漏洞(CVE-2019-0726)
7. 攻击[24443]:TUTOS 1.3 - 'cmd.php' 远程代码执行(CVE-2008-0148)
8. 攻击[24444]:HPE Intelligent Management Center PrimeFaces 表达式语言注入漏洞
9. 攻击[24445]:WordPress插件DZS-VideoGallery - 跨站点脚本攻击漏洞
10. 攻击[24446]:WordPress插件DZS-VideoGallery命令注入漏洞
11. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193)

更新规则:
1. 攻击[49014]:门罗币挖矿程序网络通信
2. 攻击[60494]:DivX Web Player NPDIVX32.DLL ActiveX控件远程拒绝服务漏洞
3. 攻击[60560]:AOL Picture Editor YGPPicEdit.dll ActiveX控件多个缓冲区溢出漏洞
4. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
5. 攻击[24415]:Jenkins远程执行代码
6. 攻击[50049]:TELNET服务用户认证成功
7. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19989. This package include changed rules:

new rules:
1. threat[24437]:OpenMRS webservices.rest Insecure Object Deserialization Vulnerabilities(CVE-2018-19276)
2. threat[24438]:Apache Solr Deserialization Remote Code Execution Vulnerability(CVE-2019-0192)
3. threat[24439]:FreeBSD NFS Server NFSv4 Opcode Out-of-Bounds Write(CVE-2018-17157)
4. threat[24440]:CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload Vulnerability(CVE-2019-9692)
5. threat[24441]:HPE Intelligent Management Center dbman decryptMsgAes Stack Buffer Overflow(CVE-2018-7114)
6. threat[24442]:Microsoft Windows DHCP Client Remote Code Execution Vulnerability(CVE-2019-0726)
7. threat[24443]:TUTOS 1.3 - 'cmd.php' Remote Command Execution(CVE-2008-0148)
8. threat[24444]:HPE Intelligent Management Center PrimeFaces Expression Language Injection Vulnerability
9. threat[24445]:WordPress Plugin DZS-VideoGallery - Cross-Site Scripting Vulnerability
10. threat[24446]:WordPress Plugin DZS-VideoGallery Command Injection Vulnerabilities
11. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193)

update rules:
1. threat[49014]:Monero XMR Mining Programs Communication
2. threat[60494]:DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability
3. threat[60560]:AOL Picture Editor YGPPicEdit.dll ActiveX Control Multiple Buffer Overflow Vulnerabilities
4. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238)
5. threat[24415]:Jenkins Remote Code Execution
6. threat[50049]:TELNET Service User Authentication Success
7. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-28 22:59:29
名称: eoi.unify.allrulepatch.ips.5.6.10.19933.rule 版本:5.6.10.19933
MD5:c13c5890b3400a4162f514d399ef7b71 大小:23.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19933。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41656]:WSO PHP Webshell访问
2. 攻击[41657]:Webshell后门程序JspSpy访问控制
3. 攻击[41658]:Webshell后门程序中国菜刀访问控制

更新规则:
1. 攻击[24436]:Sparkasse - 多个持久性跨站脚本攻击Web漏洞
2. 攻击[63308]:Symantec杀毒软件Intel LANDesk Common Base Agent服务任意代码执行漏洞
3. 攻击[41644]:Webshell后门程序PHP Angel访问控制
4. 攻击[60657]:Microsoft Internet Explorer JavaScript跨域信息泄露漏洞(MS09-019)
5. 攻击[60743]:McAfee多个产品HTTP服务器头处理缓冲区溢出漏洞
6. 攻击[60279]:Microsoft Visual FoxPro FPOLE.OCX ActiveX控件缓冲区溢出漏洞
7. 攻击[60903]:Apache mod_proxy远程缓冲区溢出漏洞
8. 攻击[60767]:Java Web Start远程代码注入漏洞
9. 攻击[60345]:BrowseDialog ActiveX控件CCRPBDS6.DLL拒绝服务漏洞
10. 攻击[60825]:Mozilla Firefox IconURL任意JavaScript执行漏洞
11. 攻击[60352]:Microsoft Internet Explorer ADODB.Recordset空指针引用拒绝服务漏洞
12. 攻击[60355]:Microsoft Internet Explorer6 RDS.DataControl处理URL参数拒绝服务漏洞
13. 攻击[60726]:Mozilla Firefox CSS字母间距堆溢出漏洞
14. 攻击[60362]:Macromedia Shockwave 10 SwDir.dll ActiveX控件拒绝服务漏洞
15. 攻击[49026]:恶意程序windows/Brushaloader_a网络通信
16. 攻击[61025]:Microsoft Windows Speech组件语音识别远程命令执行漏洞(MS08-032)
17. 攻击[60368]:Microsoft MDAC "SoftwareDistribution.WebControl"ActiveX控件代码执行漏洞
18. 攻击[60413]:Microsoft Internet Explorer结构化图形控件拒绝服务漏洞
19. 攻击[60418]:Microsoft Internet Explorer DirectAnimation.DAUserData拒绝服务漏洞
20. 攻击[60464]:HTTP服务目录遍历漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19933. This package include changed rules:


new rules:
1. threat[41656]:WSO PHP Webshell Access
2. threat[41657]:Webshell Backdoor JspSpy Access and Control
3. threat[41658]:Webshell Backdoor Chinese Chopper Access and Control

update rules:
1. threat[24436]:Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities
2. threat[63308]:Symantec System Center Alert Management System Command Execution Vulnerability
3. threat[41644]:Webshell Backdoor Program PHP Angel Access and Control
4. threat[60657]:Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability(MS09-019)
5. threat[60743]:McAfee Multiple Products HTTP Server Header Processing Buffer Overflow Vulnerability
6. threat[60279]:Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability
7. threat[60903]:HTTP Response Content Length Too Long
8. threat[60767]:Sun Java Web Start System Property Tags Remote Unauthorized Access Vulnerability
9. threat[60345]:HTTP BrowseDialog ActiveX Control CCRPBDS6.DLL DoS Vulnerability
10. threat[60825]:Mozilla Firefox IconURL Arbitrary JavaScript Execution Vulnerability
11. threat[60352]:Microsoft Internet Explorer ADODB.Recordset ActiveX object DOS Vulnerability
12. threat[60355]:Microsoft Internet Explorer RDS.DataControl ActiveX object DOS Vulnerability
13. threat[60726]:Mozilla Firefox CSS Letter-Spacing HeapOverflow Vulnerability
14. threat[60362]:Macromedia Shockwave 10 SwDir.dll ActiveX Control DoS Vulnerability
15. threat[49026]:Malicious Program windows/Brushaloader_a Network Communications
16. threat[61025]:Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability
17. threat[60368]:Microsoft MDAC SoftwareDistribution.WebControl ActiveX Code execution Vulnerability
18. threat[60413]:Microsoft Internet Explorer Structured Graphics Control Denial of Service Vulnerability
19. threat[60418]:Microsoft Internet Explorer DirectAnimation.DAUserData Denial of Service Vulnerability
20. threat[60464]:HTTP Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-21 18:31:30
名称: eoi.unify.allrulepatch.ips.5.6.10.19893.rule 版本:5.6.10.19893
MD5:0dcfb85f5c51485847f7b9dcffb6ccb1 大小:23.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19893。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24431]:HPE智能管理中心iccSelectCommand表达式语言注入漏洞
2. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
3. 攻击[10488]:Microsoft IIS ISAPI过滤器处理错误拒绝服务攻击漏洞(CVE-2002-0072)(MS02-018)
4. 攻击[24434]:Supervisord 远程命令执行漏洞(CVE-2017-11610)
5. 攻击[24435]:Fiberhome AN5506-04-F RP2669跨站点脚本攻击漏洞(CVE-2019-9556)
6. 攻击[22583]:OPENi-CMS pluginIndex.php oi_dir 参数文件包含漏洞
7. 攻击[24436]:Sparkasse - 多个持久性跨站脚本攻击Web漏洞


更新规则:
1. 攻击[62489]:Microsoft Internet Explorer多个缓存对象区域绕过漏洞(MS02-066)
2. 攻击[20473]:Microsoft WINS服务畸形包远程缓冲区溢出攻击
3. 攻击[62725]:IDAutomation Aztec SaveBarcode ActiveX控件文件写入漏洞
4. 攻击[62801]:Apache HTTP Server换行内存分配拒绝服务漏洞
5. 攻击[21390]:McAfee产品查验管理器栈溢出漏洞
6. 攻击[63308]:Symantec杀毒软件Intel LANDesk Common Base Agent服务任意代码执行漏洞
7. 攻击[61678]:Squid Web代理缓存HTTP版本号解析拒绝服务漏洞
8. 攻击[20548]:Snort Back Orifice预处理器缓冲区溢出漏洞(CVE-2005-3252)
9. 攻击[65190]:TWiki rev参数Shell命令注入漏洞(BID-14834)
10. 攻击[65225]:AOL Instant Messenger Away消息缓冲区溢出漏洞
11. 攻击[65340]:NCTsoft NCTAudioFile2 ActiveX控件SetFormatLikeSample()方法超长参数栈溢出漏洞
12. 攻击[20344]:Microsoft IIS 5.0 WebDAV远程缓冲区溢出攻击
13. 攻击[62051]:iLife Photocast XML标题格式串漏洞
14. 攻击[22584]:Flashchat aedating4CMS.php dir[inc
15. 攻击[22812]:Microsoft Internet Explorer安装引擎存在漏洞(MS04-038)
16. 攻击[40784]:Microsoft Internet Explorer COM对象实例化内存破坏漏洞(CVE-2005-1990)
17. 攻击[60009]:Microsoft Internet Explorer HTML标签内存破坏漏洞(MS06-013)
18. 攻击[60028]:Microsoft Internet Explorer拖放处理存在漏洞(MS04-038)
19. 攻击[60029]:Microsoft Internet Explorer "Popup.Show"拖放漏洞
20. 攻击[20580]:PeerCast URI解析栈溢出漏洞(CVE-2006-1148)
21. 攻击[10140]:Oracle9iAS Web Cache远程拒绝服务攻击
22. 攻击[20820]:Microsoft IIS 5.1远程缓冲区溢出攻击(MS07-041)
23. 攻击[20709]:Sabdrimer CMS advanced1.php远程文件包含攻击
24. 攻击[20846]:Mozilla Suite/Firefox compareTo()代码执行攻击
25. 攻击[20848]:Mozilla Firefox Javascript导航器对象远程代码执行攻击
26. 攻击[20876]:Microsoft Internet Explorer Daxctle.OCX KeyFrame Method堆溢出攻击
27. 攻击[21115]:Microsoft Internet Explorer FTP Web浏览界面跨站脚本攻击
28. 攻击[21119]:网络蠕虫Lupper.A XML-RPC 传播请求变种


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19893. This package include changed rules:

new rules:
1. threat[24431]:HPE Intelligent Management Center iccSelectCommand Expression Language Injection Vulnerability
2. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238)
3. threat[10488]:Microsoft IIS URL Access Violation DoS Vulnerability(CVE-2002-0072)(MS02-018)
4. threat[24434]:Supervisord Remote Command Execution Vulnerability(CVE-2017-11610)
5. threat[24435]:Fiberhome AN5506-04-F RP2669 Cross Site Scripting vulnerability(CVE-2019-9556)
6. threat[22583]:OPENi-CMS pluginIndex.php oi_dir Parameter PHP File Include
7. threat[24436]:Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities


update rules:
1. threat[62489]:Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability(MS02-066)
2. threat[20473]:Microsoft WINS Service Malformed Packet Remote Buffer Overflow
3. threat[62725]:IDAutomation Aztec SaveBarcode ActiveX Arbitrary File Write Vulnerability
4. threat[62801]:Apache HTTP Server Linefeed Memory Allocation Denial of Service Vulnerability
5. threat[21390]:McAfee Subscription Manager Stack Buffer Overflow
6. threat[63308]:Symantec System Center Alert Management System Command Execution Vulnerability
7. threat[61678]:Squid HTTP Version Number Parsing Denial of Service
8. threat[20548]:Snort Back Orifice Pre-Processor Buffer Overflow Vulnerability(CVE-2005-3252)
9. threat[65190]:TWiki rev Parameter Shell Command Injection Vulnerability(BID-14834)
10. threat[65225]:AOL Instant Messenger Away Message Buffer Overflow Vulnerability
11. threat[65340]:NCTsoft NCTAudioFile2 ActiveX Control SetFormatLikeSample() Method Overlength Parameter Stack Buffer Overflow
12. threat[20344]:Microsoft IIS 5.0 WebDAV Remote Buffer Overflow
13. threat[62051]:iLife Photocast XML Title Format String Vulnerability
14. threat[22584]:Flashchat aedating4CMS.php dir[inc
15. threat[22812]:Microsoft Internet Explorer Install Engine SetCifFileOverflow
16. threat[40784]:Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability(CVE-2005-1990)
17. threat[60009]:Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
18. threat[60028]:Microsoft Internet Explorer AnchorClick Behavior Drag and Drop Vulnerability
19. threat[60029]:Microsoft Internet Explorer Popup.Show Drag and Drop Vulnerability
20. threat[20580]:PeerCast URI Parsing StackOverflow Vulnerability(CVE-2006-1148)
21. threat[10140]:Oracle9iAS Web Cache Remote Denial of Service
22. threat[20820]:Microsoft IIS 5.1 Remote Buffer Overflow (MS07-041)
23. threat[20709]:Sabdrimer CMS advanced1.php Remote File Inclusion
24. threat[20846]:Mozilla Suite/Firefox compareTo() Code Execution
25. threat[20848]:Mozilla Firefox Javascript Navigator Object Remote Code Execution
26. threat[20876]:Microsoft Internet Explorer Daxctle.OCX KeyFrame Method HeapOverflow
27. threat[21115]:Microsoft Internet Explorer FTP Web View XSS
28. threat[21119]:Network Worm Lupper.A XML-RPC Propogation Request Variant


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-14 18:08:05
名称: eoi.unify.allrulepatch.ips.5.6.10.19827.rule 版本:5.6.10.19827
MD5:3e856029aa58f81026e09f17280c6815 大小:23.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19827。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24426]:RavenDB 4.1.4 跨站脚本攻击
2. 攻击[41654]:Linux watchdogs挖矿病毒恶意文件下载
3. 攻击[49027]:watchdogs挖矿木马DNS通信
4. 攻击[49026]:恶意程序windows/Brushaloader_a网络通信
5. 攻击[24427]:Video Downloader 和 Video Downloader Plus 谷歌Chrome浏览器扩展程序UXSS漏洞
6. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞
7. 攻击[24429]:Windows Vista RSS Feeds Gadget 跨站点脚本漏洞(CVE-2007-3033)
8. 攻击[30716]:Chrome打开pdf文件信息泄露漏洞
9. 攻击[41655]:"驱动人生"下载器木马通信
10. 攻击[24430]:Microsoft Windows DHCP 服务代码执行(CVE-2019-0626)
11. 攻击[30717]:NTPsec ntpd process_control越界读取漏洞(CVE-2019-6444)

更新规则:
1. 攻击[21412]:Microsoft Internet Explorer WebViewFolderIcon "setSlice"整数溢出漏洞(CVE-2006-3730)
2. 攻击[61636]:Oracle BEA Weblogic Server console-help.portal XSS漏洞(CVE-2009-1975)
3. 攻击[20074]:Quiksoft EasyMail SMTP ActiveX控件远程栈缓冲区溢出漏洞
4. 攻击[62397]:Microsoft Internet Explorer语音控制对象内存破坏漏洞(CVE-2007-2222)
5. 攻击[62400]:Microsoft CAPICOM ActiveX控件远程代码执行漏洞(MS07-028)
6. 攻击[61780]:GNU Mailman附件正规化器UTF8文件名拒绝服务漏洞
7. 攻击[62776]:ebCrypt ActiveX控件任意文件覆盖及拒绝服务漏洞
8. 攻击[62788]:Microsoft Internet Explorer Sysmon拒绝服务漏洞
9. 攻击[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts拒绝服务漏洞
10. 攻击[62754]:Microsoft Internet Explorer Applet文件路径拒绝服务漏洞
11. 攻击[20310]:Sendmail 8.12 邮件头处理远程缓冲区溢出攻击
12. 攻击[62408]:Apple WebKit WebCore 远程拒绝服务漏洞
13. 攻击[62409]:Microsoft Internet Explorer浏览器弹出窗口对象类型验证漏洞(MS03-040)
14. 攻击[62051]:iLife Photocast XML标题格式串漏洞
15. 攻击[62260]:Microsoft Excel日历对象验证内存破坏漏洞
16. 攻击[62468]:Oracle 9i HTTP服务器 OWA_UTIL存储过程信息泄露漏洞
17. 攻击[62283]:Internet Explorer 6 权限和访问控制漏洞
18. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞(CVE-2019-6340)
19. 攻击[62287]:Microsoft Internet Explorer脚本操作处理器缓冲区溢出漏洞(MS06-013)
20. 攻击[24315]:Zoho ManageEngine OpManager FailOverHelperServlet跨站点脚本(CVE-2018-12998)
21. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
22. 攻击[20344]:Microsoft IIS 5.0 WebDAV远程缓冲区溢出攻击
23. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
24. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
25. 攻击[62358]:Microsoft Windows Media Player插件缓冲区溢出漏洞(MS06-006)
26. 攻击[62368]:Microsoft PowerPoint列表值解析代码执行漏洞(MS08-051)
27. 攻击[62370]:Microsoft Windows WinHlp项目缓冲区溢出漏洞(http)
28. 攻击[62372]:Microsoft Vista侧栏联系人及天气小工具远程代码执行漏洞(MS07-048)
29. 攻击[62375]:Mozilla Firefox远程任意命令执行漏洞
30. 攻击[62376]:Microsoft Internet Explorer MSXML3竞争条件内存破坏漏洞(MS08-069)
31. 攻击[62485]:CUPS处理"/.."请求时逻辑错误远程拒绝服务漏洞
32. 攻击[62377]:Microsoft Windows Media Format运行时库远程任意指令执行漏洞
33. 攻击[62395]:Microsoft Internet Explorer COM对象实例化代码执行漏洞(MS06-021)
34. 攻击[61275]:Microsoft Internet Explorer事件处理跨域安全绕过漏洞(CVE-2008-3474)
35. 攻击[61302]:Firefox JavaScript: favicons代码插入执行漏洞
36. 攻击[61372]:uTorrent Torrent文件处理远程缓冲区溢出漏洞
37. 攻击[61374]:Apple Mac OS X Terminal x-man-path URI任意命令注入漏洞
38. 攻击[61476]:Altnet Download Manager ActiveX控件缓冲区溢出漏洞
39. 攻击[61552]:Microsoft Office PowerPoint遗留文件格式漏洞(client)
40. 攻击[61555]:Microsoft PowerPoint PP7X32.DLL库多个栈溢出漏洞(MS09-017)
41. 攻击[61559]:Microsoft PowerPoint Notes容器堆溢出漏洞(MS09-017)
42. 攻击[61560]:Microsoft Office PowerPoint数据越界漏洞
43. 攻击[20418]:Microsoft PCT协议远程缓冲区溢出攻击
44. 攻击[49022]:恶意病毒程序永恒之石DNS请求连接(EternalRocks)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19827. This package include changed rules:

new rules:
1. threat[24426]:RavenDB 4.1.4 Cross Site Scripting
2. threat[41654]:Miner Linux watchdogs Downloading Malicious Programs
3. threat[49027]:Watchdogs mining trojan DNS communication
4. threat[49026]:Malicious Program windows/Brushaloader_a Network Communications
5. threat[24427]:Video Downloader and Video Downloader Plus Chrome Extension UXSS Vulnerability
6. threat[24428]:Drupal 8.6.9 REST Remote Code Execution
7. threat[24429]:Windows Vista RSS Feeds Gadget Cross Site Scripting Vulnerability(CVE-2007-3033)
8. threat[30716]:Chrome opens pdf file information disclosure Vulnerability
9. threat[41655]:"Driver Talent" Downloader Trojan Communication
10. threat[24430]:Microsoft Windows DHCP Server Code Execution(CVE-2019-0626)
11. threat[30717]:NTPsec ntpd process_control Out of Bounds Read Vulnerability(CVE-2019-6444)

update rules:
1. threat[21412]:Microsoft Internet Explorer WebViewFolderIcon setSlice Integer Overflow Vulnerability(CVE-2006-3730)
2. threat[61636]:Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting Vulnerability(CVE-2009-1975)
3. threat[20074]:Quiksoft EasyMail SMTP ActiveX Controls Remote Stack Buffer Overflow Vulnerability
4. threat[62397]:Microsoft Internet Explorer Speech Control Object Memory Corruption Vulnerability(CVE-2007-2222)
5. threat[62400]:CAPICOM.Certificates ActiveX Control Remote Code Execution
6. threat[61780]:GNU Mailman Attachment Scrubber UTF8 Filename Denial of Service Vulnerability
7. threat[62776]:EBCRYPT ActiveX Denial of Service Vulnerability
8. threat[62788]:Microsoft Internet Explorer Sysmon Denial of Service Vulnerability
9. threat[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts Denial of Service Vulnerability
10. threat[62754]:Microsoft Internet Explorer Applet File Path Denial of Service Vulnerability
11. threat[20310]:Sendmail 8.12 Mail Header Handling Remote Buffer Overflow
12. threat[62408]:Apple Webkit HTML Parsing Rowspan Denial of Service
13. threat[62409]:Microsoft Internet Explorer Browser Popup Window Object Type Validation Vulnerability(MS03-040)
14. threat[62051]:iLife Photocast XML Title Format String Vulnerability
15. threat[62260]:Microsoft Excel Calendar Object Validation Memory Corruption Vulnerability
16. threat[62468]:Oracle 9i HTTP Server OWA_UTIL Stored Procedures Information Disclosure Vulnerability
17. threat[62283]:Microsoft Internet Explorer File Upload Keystroke Hijack
18. threat[24428]:Drupal 8.6.9 REST Remote Code Execution(CVE-2019-6340)
19. threat[62287]:Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability(MS06-013)
20. threat[24315]:Zoho ManageEngine OpManager FailOverHelperServlet Cross-Site Scripting(CVE-2018-12998)
21. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
22. threat[20344]:Microsoft IIS 5.0 WebDAV Remote Buffer Overflow
23. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
24. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
25. threat[62358]:Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability(MS06-006)
26. threat[62368]:Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability(MS08-051)
27. threat[62370]:Microsoft Windows WinHlp Item Buffer Overflow Vulnerability(http)
28. threat[62372]:Windows Vista Contacts Gadget Remote Code Execution Vulnerability
29. threat[62375]:Mozilla Firefox Remote Arbitrary Commands Execution Vulnerability
30. threat[62376]:Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability(MS08-069)
31. threat[62485]:CUPS Malformed Directory Traversal HTTP Request DOS
32. threat[62377]:Microsoft Windows Media Format Runngingtime Remote Code Execution Exploition
33. threat[62395]:Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability(MS06-021)
34. threat[61275]:Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability(CVE-2008-3474)
35. threat[61302]:Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability
36. threat[61372]:uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
37. threat[61374]:Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
38. threat[61476]:Altnet Download Manager ActiveX Control Buffer Overflow Vulnerability
39. threat[61552]:Microsoft Office PowerPoint Legacy File Format Vulnerability(client)
40. threat[61555]:Microsoft Office PowerPoint Memory Corruption Vulnerability(MS09-017)
41. threat[61559]:Microsoft Office PowerPoint Heap Corruption Vulnerability
42. threat[61560]:Microsoft Office PowerPoint Data Out of Bounds Vulnerability
43. threat[20418]:Microsoft PCT Protocol Remote Buffer Overflow
44. threat[49022]:Malware Eternal Stone DNS request connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-07 18:28:00
名称: eoi.unify.allrulepatch.ips.5.6.10.19741.rule 版本:5.6.10.19741
MD5:0993324eb537c20e7e9d44bc73cd0e01 大小:23.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19741。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24400]:Dell OpenManage Network Manager 访问控制漏洞(CVE-2018-15768)
2. 攻击[24409]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8391)
3. 攻击[24410]:SuiteCRM 7.10.7 SQL注入
6. 攻击[24413]:Joomla附件模块3.2.6版 Shell上传
7. 攻击[24412]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8390)
8. 攻击[24414]:Webiness Inventory 2.3版任意文件上传(CVE-2019-8404)
9. 攻击[24415]:Jenkins远程执行代码
10. 攻击[24416]:WordPress WP-JS-External-Link-Info url重定向漏洞
11. 攻击[24417]:WinRAR ACE文件处理路径遍历漏洞(CVE-2018-20250)
12. 攻击[24418]:KindEditor编辑器文件上传漏洞
13: 攻击[24419]:Hoteldruid 2.3 - 'nsextt' XSS 注入(CVE-2019-8937)
14. 攻击[24420]:Zoho ManageEngine ServiceDesk Plus(SDP)任意文件上传(CVE-2019-8394)
15. 攻击[24421]:WordPress wp_crop_image目录遍历漏洞(CVE-2019-8943)
16. 攻击[30715]:Joomla PrayerCenter 3.0.4 数据库sql文件泄露
17. 攻击[24423]:Raisecom Technology GPON-ONU HT803G-07 命令注入漏洞
18. 攻击[24425]:Drupal Public Download Count(Pubdlcnt) Modules开放式重定向漏洞
19. 攻击[24424]:PDF Signer 3.0 模板注入漏洞

更新规则:
1. 攻击[60054]:Mozilla/Netscape/Firefox浏览器域名远程溢出漏洞
2. 攻击[62783]:Microsoft Internet Explorer AxDebugger.Document拒绝服务漏洞
3. 攻击[62807]:Apple Safari Feed拒绝服务漏洞
4. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
5. 攻击[62291]:raSMP User-Agent HTTP报文头HTML注入漏洞
6. 攻击[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper远程拒绝服务漏洞
7. 攻击[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter拒绝服务漏洞
8. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
9. 攻击[31654]:Microsoft Outlook Web Access for Exchange Server 邮件字段XSS漏洞(CVE-2008-2247)
10. 攻击[24302]:可疑XML外部实体(XXE)注入攻击尝试
11. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
12. 应用:http-methods

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19741. This package include changed rules:

new rules:
1. threat[24400]:Dell OpenManage Network Manager MySQL Improper Access Control(CVE-2018-15768)
2. threat[24409]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8391)
3. threat[24410]:SuiteCRM 7.10.7 SQL Injection
4. threat[24411]:Master IP CAM 01 3.3.4.2103 Remote Command Execution(CVE-2019-8387)
5. threat[24413]:Joomla Attachments 3.2.6 Shell Upload
6. threat[24412]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8390)
7. threat[24414]:Webiness Inventory 2.3 Arbitrary File Upload(CVE-2019-8404)
8. threat[24415]:Jenkins Remote Code Execution
9. threat[24416]:WordPress WP-JS-External-Link-Info Open Redirection Vulnerability
10. threat[24417]:WinRAR ACE File Handling Path Traversal Vulnerability(CVE-2018-20250)
11. threat[24418]:KindEditor editor file upload vulnerability
12. threat[24419]:Hoteldruid 2.3 - 'nsextt' XSS Injection(CVE-2019-8937)
13. threat[24420]:Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload(CVE-2019-8394)
14. threat[24421]:WordPress wp_crop_image Directory Traversal Vulnerability (CVE-2019-8943)
15. threat[30715]:Joomla PrayerCenter 3.0.4 Database Disclosure Vulnerability
16. threat[24423]:Raisecom Technology GPON-ONU HT803G-07 Command Injection Vulnerability
17. threat[24425]:Drupal Public Download Count(Pubdlcnt) Modules Open Redirection Vulnerability
18. threat[24424]:PDF Signer 3.0 Template Injection Vulnerability

update rules:
1. threat[60054]:Mozilla Products International Domain Name Parsing Buffer Overflow Vulnerability
2. threat[62783]:Microsoft Internet Explorer AxDebugger.Document Denial of Service Vulnerability
3. threat[62807]:Apple Safari Feed Denial of Service Vulnerability
4. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
5. threat[62291]:raSMP User-Agent Parsing Cross-Site Scripting Vulnerability
6. threat[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object DOS Vulnerability
7. threat[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial of Service Vulnerability
8. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
9. threat[31654]:Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability(CVE-2008-2247)
10. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt
11. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
12. app:http-methods


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-28 22:03:36
名称: eoi.unify.allrulepatch.ips.5.6.10.19662.rule 版本:5.6.10.19662
MD5:18779151a1b28eb806a4d34eccacc016 大小:23.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19662。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)
2. 攻击[24393]:LAquis SCADA Web服务器 relatorioindividual TITULO命令注入
3. 攻击[24392]:LAquis SCADA Web服务器acompanhamentotela PAGINA命令注入
4. 攻击[24403]:IBM Security QRadar SIEM身份验证绕过漏洞(CVE-2018-1418)
5. 攻击[24395]:Elasticsearch Kibana本地文件包含漏洞(CVE-2018-17246)
6. 攻击[24396]:libVNC LibVNCServer文件传输扩展堆溢出漏洞(CVE-2018-15127)
7. 攻击[24397]:libVNC LibVNCServer文件传输扩展释放后重用漏洞(CVE-2018-6307)
8. 攻击[24398]:Raisecom Technology GPON-ONU HT803G-07 命令注入(CVE-2019-7384)
9. 攻击[24401]:phpMyAdmin tbl_replace.php本地文件包含漏洞(CVE-2018-19968)
10. 攻击[24399]:ZeroMQ libzmq v2_decoder 整数溢出漏洞(CVE-2019-6250)
11. 攻击[24402]:Zoho ManageEngine OpManager XML注入漏洞(CVE-2018-18980)
12. 攻击[24404]:F3-CMS FatFreeFramework 0.0.1 数据库泄露
13. 攻击[24406]:Zoho ManageEngine OpManager DataMigrationServlet不安全的反序列化
14. 攻击[24405]:SYSTORME ISG命令注入
15. 攻击[24407]:Nuxeo NuxeoUnknownResource 表达式语言注入漏洞(CVE-2018-16341)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19662. This package include changed rules:

new rules:
1. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)
2. threat[24393]:LAquis SCADA Web Server relatorioindividual TITULO Command Injection
3. threat[24392]:LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection
4. threat[24403]:IBM QRadar SIEM Authentication Bypass(CVE-2018-1418)
5. threat[24395]:Elastic Kibana Local File Inclusion Vulnerability(CVE-2018-17246)
6. threat[24396]:libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow(CVE-2018-15127)
7. threat[24397]:libVNC LibVNCServer Tight File Transfer Extension Use After Free(CVE-2018-6307)
8. threat[24398]:Raisecom Technology GPON-ONU HT803G-07 Command Injection(CVE-2019-7384)
9. threat[24401]:phpMyAdmin tbl_replace.php Local File Inclusion Vulnerability(CVE-2018-19968)
10. threat[24399]:ZeroMQ libzmq v2_decoder Integer Overflow vulnerability(CVE-2019-6250)
11. threat[24402]:Zoho ManageEngine OpManager XXE Injection Vulnerability(CVE-2018-18980)
12. threat[24404]:F3-CMS FatFreeFramework 0.0.1 Database Disclosure
13. threat[24406]:Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization
14. threat[24405]:SYSTORME ISG Command Injection
15. threat[24407]:Nuxeo NuxeoUnknownResource Expression Language Injection Vulnerability(CVE-2018-16341)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-21 18:58:05
名称: eoi.unify.allrulepatch.ips.5.6.10.19608.rule 版本:5.6.10.19608
MD5:37068bbb8b8fb006cded81d50fc847ca 大小:23.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19608。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41640]:恶意程序Windows/Nitol.S0P3R7_a网络通信
2. 攻击[41649]:DarkHydrus APT后门程序DNS信道通信
3. 攻击[24387]:Coppermine 1.5.46 跨站脚本攻击(cve-2018-14478)
4. 攻击[49025]:恶意挖矿程序Adylkuzz DNS请求连接
5. 攻击[49023]:恶意程序BadRabbit(坏兔子)勒索病毒DNS请求连接
6. 攻击[49024]:恶意程序CTB-Locker的比特币敲诈病毒DNS请求连接
7. 攻击[24388]:Cisco Small Business RV320/RV325 命令注入漏洞(CVE-2019-1652)
8. 攻击[24389]:NTPsec ntpd ctl_getitem 越界读取(CVE-2019-6443)
9. 攻击[24390]:Kubernetes Dashboard 认证绕过信息泄露(CVE-2018-18264)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19608. This package include changed rules:

new rules:
1. threat[41640]:Malware Windows/Nitol.S0P3R7_a Network Communication
2. threat[41649]:DarkHydrus APT Backdoor Program Communication through DNS Protocol
3. threat[24387]:Coppermine 1.5.46 Cross Site Scripting(cve-2018-14478)
4. threat[49025]:Malware Mining Adylkuzz DNS Request Connection
5. threat[49023]:Malware BadRabbit (bad rabbit) Ransomware DNS Request Connection
6. threat[49024]:Malware CTB-Locker bitcoin blackmail virus DNS Request Connection
7. threat[24388]:Cisco Small Business RV320/RV325 Command Injection Vulnerability(CVE-2019-1652)
8. threat[24389]:NTPsec ntpd ctl_getitem Out of Bounds Read(CVE-2019-6443)
9. threat[24390]:Kubernetes Dashboard Authentication Bypass Information Disclosure(CVE-2018-18264)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-14 19:30:27
名称: eoi.unify.allrulepatch.ips.5.6.10.19571.rule 版本:5.6.10.19571
MD5:2a28b810bcf41be7d35383b1573b7492 大小:23.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19571。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41648]:勒索病毒WannaCry尝试通信



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19571. This package include changed rules:

new rules:
1. threat[41648]:Ransom virus WannaCry tries to communicate



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-07 20:21:10
名称: eoi.unify.allrulepatch.ips.5.6.10.19567.rule 版本:5.6.10.19567
MD5:7bc2d7754ba3e3903892ffe451597a01 大小:23.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19567。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24385]:DotNetNuke事件日历1.x版本文件下载漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19567. This package include changed rules:

new rules:
1. threat[24385]:DotNetNuke Events Calendar 1.x File Download



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-31 14:31:00
名称: eoi.unify.allrulepatch.ips.5.6.10.19562.rule 版本:5.6.10.19562
MD5:86a8dc8ebc483ad76bacef4f05e4412e 大小:23.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19562。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24382]:HMS Netbiter WS100 3.30.5 XSS漏洞
2. 攻击[24383]:Hucart CMS CSRF漏洞
3. 攻击[41645]:Webshell后门程序Jsp File Browser访问控制
4. 攻击[41646]:零魂php一句话木马客户端上传Webshell后门程序
5. 攻击[41547]:JSP Webshell 后门访问
6. 攻击[41647]:Webshell后门程序phpspy2010访问控制
7. 攻击[24384]:Mitel Connect ONSITE和Mitel ST conferencing远程命令执行漏洞(CVE-2018-5782)
8. 攻击[24386]:doorGets CMS 7.0 任意文件下载漏洞

更新规则:
1. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞
2. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19562. This package include changed rules:

new rules:
1. threat[24382]:HMS Netbiter WS100 3.30.5 Cross Site Scripting
2. threat[24383]:Hucart CMS Cross Site Request Forgery
3. threat[41645]:Webshell Backdoor Jsp File Browser Access and Control
4. threat[41646]:Zerosoul Webshell Uploader Uploading Webshell Backdoor Programs
5. threat[41547]:JSP Webshell Backdoor Access
6. threat[41647]:Webshell Backdoor phpspy2010 Access and Control
7. threat[24384]:Mitel Connect ONSITE and Mitel ST conferencing Remote Code Execution(CVE-2018-5782)
8. threat[24386]:doorGets CMS 7.0 Arbitrary File Download Vulnerability

update rules:
1. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability
2. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-24 16:43:39
名称: eoi.unify.allrulepatch.ips.5.6.10.19535.rule 版本:5.6.10.19535
MD5:57d90cc2386b4764324b0ad3bd5d6502 大小:23.42M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19535。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24376]:Oracle Database Server Application Express远程安全漏洞(CVE-2018-2699)
2. 攻击[24377]:Roxy Fileman 1.4.5 目录遍历漏洞(CVE-2018-20525)
3. 攻击[24379]:Mailcleaner 远程代码执行漏洞
4. 攻击[10487]:UA-Parser正则表达式拒绝服务漏洞(CVE-2018-20164)
5. 攻击[24381]:Webgalamb Client-IP HTTP头SQL注入(CVE-2018-19510)
6. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞

更新规则:
1. 攻击[41546]:ASP Webshell 后门访问


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19535. This package include changed rules:

new rules:
1. threat[24376]:Oracle Database Server Application Express Remote Security Vulnerability (CVE-2018-2699)
2. threat[24377]:Roxy Fileman 1.4.5 Directory Traversal Vulnerability(CVE-2018-20525)
3. threat[24379]:Mailcleaner Remote Code Execution
4. threat[10487]:UA-Parser Regular expression Denial of Service Vulnerability(CVE-2018-20164)
5. threat[24381]:Webgalamb Client-IP HTTP header SQL injection(CVE-2018-19510)
6. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability

update rules:
1. threat[41546]:ASP Webshell Backdoor Access


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-17 18:21:20
名称: eoi.unify.allrulepatch.ips.5.6.10.19516.rule 版本:5.6.10.19516
MD5:480e0c7270ce3d2a4b3b1ed2dd07d807 大小:23.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19516。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24375]:ThinkPHP5 5.0.23 远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19516. This package include changed rules:

new rules:
1. threat[24375]:ThinkPHP5 5.0.23 Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-12 21:28:08
名称: eoi.unify.allrulepatch.ips.5.6.10.19470.rule 版本:5.6.10.19470
MD5:72916a2e277972afee0cbb39bd312f98 大小:23.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19470。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24373]:HPE Moonshot Provisioning Manager Appliance目录遍历漏洞(CVE-2017-8977)

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24255]:Web服务远程命令执行攻击
3. 应用:优酷土豆视频


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19470. This package include changed rules:

new rules:
1. threat[24373]:HPE Moonshot Provisioning Manager Appliance Directory Traversal(CVE-2017-8977)

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24255]:Web Service Remote Command Execution Attack
3. app:Youku Tudou Vedio


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-10 19:44:16
名称: eoi.unify.allrulepatch.ips.5.6.10.19452.rule 版本:5.6.10.19452
MD5:1b378e9af7c6b24f6359eb5d47cefd8a 大小:23.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19452。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24371]:Xen Project XAPI Update 目录遍历漏洞(CVE-2018-14007)
2. 攻击[24372]:Micro Focus Secure Messaging Gateway enginelist.php SQL注入(CVE-2018-12464)
3. 攻击[24369]:思科自适应安全设备Webvpn XML Parser Double Free漏洞(CVE-2018-0101)
4. 攻击[24370]:Apache Tika tika-server命令注入漏洞(CVE-2018-1335)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


发布时间:2019-01-03 18:17:08
名称: eoi.unify.allrulepatch.ips.5.6.10.19418.rule 版本:5.6.10.19418
MD5:46570dea9a43bb35b1b2134b26102773 大小:23.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19418。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19418. This package include changed rules:

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-28 01:11:57
名称: eoi.unify.allrulepatch.ips.5.6.10.19388.rule 版本:5.6.10.19388
MD5:d0e98e7e0359b4ba3f2a51656c1ce82f 大小:23.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19388。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24362]:Zoho ManageEngine OpManager OpManagerFailoverUtil customerName SQL注入(CVE-2018-9088)
2. 攻击[24361]:Cisco Prime Infrastructure swimtemp TFTP 任意文件上传漏洞(CVE-2018-15379)
3. 攻击[24363]:Zoho ManageEngine OpManager RelationalMailServer addMailServerSettings SQL注入(CVE-2018-18949)
4. 攻击[41636]:恶意程序A-311 Death与控制服务器通信
5. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
6. 攻击[24366]:Apache Tomcat Default Servlet 重定向漏洞(CVE-2018-11784)

更新规则:
1. 攻击[24359]:Nagios XI Cmdsubsys命令注入(CVE-2018-15709)
2. 攻击[24360]:Nagios XI Magpie cURL参数注射(CVE-2018-15708)
3. 攻击[24255]:Web服务远程命令执行攻击
4. 攻击[68612]:Webshell样本100426上传
5. 攻击[68654]:可疑Webshell脚本文件上传行为


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19388. This package include changed rules:

new rules:
1. threat[24362]:Zoho ManageEngine OpManager OpManagerFailoverUtil customerName SQL Injection(CVE-2018-9088)
2. threat[24361]:Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload Vulnerability(CVE-2018-15379)
3. threat[24363]:Zoho ManageEngine OpManager RelationalMailServer addMailServerSettings SQL Injection(CVE-2018-18949)
4. threat[41636]:Malware A-311 Death Communicating with C&C Server
5. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
6. threat[24366]:Apache Tomcat Default Servlet Open Redirect Vulnerability(CVE-2018-11784)

update rules:
1. threat[24359]:Nagios XI Cmdsubsys Command Injection(CVE-2018-15709)
2. threat[24360]:Nagios XI Magpie cURL Argument Injection(CVE-2018-15708)
3. threat[24255]:Web Service Remote Command Execution Attack
4. threat[68612]:Webshell Sample 100426 Upload
5. threat[68654]:Suspicious Webshell Script Files Upload Behavior


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-20 17:46:19
名称: eoi.unify.allrulepatch.ips.5.6.10.19348.rule 版本:5.6.10.19348
MD5:b485c081ec5b0e42af97045d2979fd4e 大小:23.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19348。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24350]:ACME mini_httpd任意文件读取漏洞(CVE-2018-18778)
2. 攻击[24352]:Siemens 多个产品XML外部实体注入漏洞(CVE-2017-12069)
3. 攻击[24353]:Advantech WebAccess SCADA WADashboard readFile 目录遍历(CVE-2018-15706)
4. 攻击[24354]:Advantech WebAccess SCADA WADashboard writeFile任意文件覆盖漏洞(CVE-2018-15705)
5. 攻击[24355]:Oracle GoldenGate Manager组件栈缓冲区溢出漏洞(CVE-2018-2913)
6. 攻击[24357]:Oracle Weblogic反序列化远程代码执行漏洞(CVE-2018-3252)
7. 攻击[24358]:Advantech WebAccess SCADA bwMainLeft.asp 跨站脚本攻击(CVE-2018-15707)
8. 应用:OPC UA

更新规则:
1. 攻击[24349]:Cisco Unity Express任意命令执行漏洞(CVE-2018-15381)
2. 应用:DNS协议
3. 应用:远程桌面


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19348. This package include changed rules:

new rules:
1. threat[24350]:ACME mini_httpd Arbitrary File Read vulnerability(CVE-2018-18778)
2. threat[24352]:Siemens Products XML External Entity Injection(CVE-2017-12069)
3. threat[24353]:Advantech WebAccess SCADA WADashboard readFile Directory Traversal(CVE-2018-15706)
4. threat[24354]:Advantech WebAccess SCADA WADashboard writeFile Arbitrary File Overwrite Vulnerability(CVE-2018-15705)
5. threat[24355]:Oracle GoldenGate Manager Stack Buffer Overflow Vulnerability(CVE-2018-2913)
6. threat[24357]:Oracle WebLogic Server Insecure Deserialization Remote Code Execution(CVE-2018-3252)
7. threat[24358]:Advantech WebAccess SCADA bwMainLeft.asp Cross-Site Scripting(CVE-2018-15707)
8. app:OPC UA

update rules:
1. threat[24349]:Cisco Unity Express RMI Insecure Deserialization Arbitrary Command Execution Vulnerability(CVE-2018-15381)
2. app:DNS Protocol
3. app:Remote Desktop


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-14 08:24:51
名称: eoi.unify.allrulepatch.ips.5.6.10.19287.rule 版本:5.6.10.19287
MD5:41d5f615b239efd7072690f9166f0a69 大小:23.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19287。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet任意文件上传(CVE-2018-1306)
2. 攻击[24336]:JBoss Application Server EJBInvokerServlet/JMXInvokerServlet远程代码执行漏洞(CVE-2013-4810)
3. 攻击[24337]:OPC Foundation UA Client Applications信息泄露漏洞(CVE-2018-12087)
4. 攻击[24338]:多款OPC产品信息泄露漏洞(CVE-2018-7559)
5. 攻击[41635]:恶意勒索病毒Satan.lucky变种通信
6. 攻击[24339]:Adobe Acrobat/Reader任意代码执行漏洞(CVE-2018-12855)
7. 攻击[24340]:ISPConfig user_settings.php任意文件包含漏洞(CVE-2018-17984)
8. 攻击[24341]:Microsoft Windows Shell 远程执行代码漏洞(CVE-2018-8495)
9. 攻击[24342]:Zoho ManageEngine OpManager认证绕过漏洞(CVE-2018-17283)
10. 攻击[24343]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2018-17283))
11. 攻击[24344]:Adobe Acrobat ImageConversion EmfPlusDrawBeziers字段导致信息泄露漏洞(CVE-2018-15946)
12. 攻击[24345]:Quest KACE IT资产管理系统run_cross_report SQL注入漏洞
13. 攻击[24346]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2018-17243)
14. 攻击[24347]:Advantech WebAccess SCADA notify2 基于堆栈的缓冲区溢出(CVE-2018-7499)
15. 应用:S7Comm

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 应用:mqtt


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19287. This package include changed rules:

new rules:
1. threat[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet Arbitrary File Upload(CVE-2018-1306)
2. threat[24336]:JBoss Application Server EJBInvokerServlet/JMXInvokerServlet Remote Code Execution Vulnerability(CVE-2013-4810)
3. threat[24337]:OPC Foundation UA Client Applications information leakage vulnerability (CVE-2018-12087)
4. threat[24338]:Multiple OPC product information leakage vulnerabilities(CVE-2018-7559)
5. threat[41635]:Malicious Ransomware Satan Variant lucky Communication
6. threat[24339]:Adobe Acrobat/Reader Arbitrary Code Execution Vulnerability(CVE-2018-12855)
7. threat[24340]:ISPConfig user_settings.php Arbitrary File Inclusion Vulnerability(CVE-2018-17984)
8. threat[24341]:Microsoft Windows Shell Remote Code Execution Vulnerability(CVE-2018-8495)
9. threat[24342]:Zoho ManageEngine OpManager Authentication Bypass Vulnerability(CVE-2018-17283)
10. threat[24343]:Zoho ManageEngine OpManager setManaged SQL Injection Vulnerability(CVE-2018-17283)
11. threat[24344]:Adobe Acrobat ImageConversion EmfPlusDrawBeziers Information Disclosure Vulnerability(CVE-2018-15946)
12. threat[24345]:Quest KACE Systems Management run_cross_report SQL Injection Vulnerability
13. threat[24346]:Zoho ManageEngine OpManager SQL Injection Vulnerability(CVE-2018-17243)
14. threat[24347]:Advantech WebAccess SCADA notify2 Stack-based Buffer Overflow(CVE-2018-7499)
15. app:S7Comm

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. app:


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-06 17:48:33
名称: eoi.unify.allrulepatch.ips.5.6.10.19201.rule 版本:5.6.10.19201
MD5:2a77a7465f5b931316f7439ed0cf8b20 大小:23.23M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19201。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[24333]:Apache Struts2 Commons FileUpload反序列远程代码执行漏洞
3. 攻击[41627]:恶意程序windows/qbot_a网络通信
4. 攻击[41475]:恶意程序windows/njRAT_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19201. This package include changed rules:


update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[24333]:Apache Struts2 Commons FileUpload Unserialization Remote Code Execution Vulnerability
3. threat[41627]:Malicious program windows/qbot_a network communication
4. threat[41475]:Malicious program windows/njRAT_a network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-30 10:53:17
名称: eoi.unify.allrulepatch.ips.5.6.10.19144.rule 版本:5.6.10.19144
MD5:0c2543ec327e969584ffd6a175230a7a 大小:23.15M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19144。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41210]:恶意程序linux/mayday_a网络通信
2. 攻击[24333]:Apache Struts2 Commons FileUpload反序列远程代码执行漏洞

更新规则:
1. 攻击[41611]:恶意程序xorddos.origin/linux_b网络通信
2. 攻击[24255]:Web服务远程命令执行攻击
3. 攻击[24207]:Oracle WebLogic Server远程代码执行漏洞(CVE-2017-10271)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19144. This package include changed rules:

new rules:
1. threat[41210]:Malicious program linux/mayday_a network communication
2. threat[24333]:Apache Struts2 Commons FileUpload Unserialization Remote Code Execution Vulnerability

update rules:
1. threat[41611]:Malware xorddos.origin/linux_b network communication
2. threat[24255]:Web Service Remote Command Execution Attack
3. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2017-10271)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-20 21:00:46
名称: eoi.unify.allrulepatch.ips.5.6.10.18935.rule 版本:5.6.10.18935
MD5:1115ce937eadc6c5cdf4db036fe78d43 大小:22.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18935。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30713]:Apache Traffic服务器ESI插件信息泄露漏洞(CVE-2018-8040)
2. 攻击[41624]:恶意程序Windows/WORM.VBNA.S0P0R0.WO_a网络通信
3. 攻击[41625]:恶意程序Windows/WORM.VBNA.S0P0R0.WO_b网络通信
4. 攻击[41627]:恶意程序windows/qbot_a网络通信
5. 攻击[41628]:恶意程序windows/swordrat_a网络通信

更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[23154]:tnftp ftp客户端任意命令执行漏洞(CVE-2014-8517)
3. 攻击[41611]:恶意程序xorddos.origin/linux_b网络通信
4. 攻击[62698]:ProFTPD后门未授权访问漏洞
5. 攻击[41475]:恶意程序windows/njRAT_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18935. This package include changed rules:

new rules:
1. threat[30713]:Apache Traffic Server ESI Plugin Information Disclosure Vulnerability(CVE-2018-8040)
2. threat[41624]:Malware Windows/WORM.VBNA.S0P0R0.WO_a Network Connection
3. threat[41625]:Malware Windows/WORM.VBNA.S0P0R0.WO_b Network Connection
4. threat[41627]:Malicious program windows/qbot_a network communication
5. threat[41628]:Malicious program windows/swordrat_a network communication

update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[23154]:tnftp ftp client arbitrary command execution vulnerability (CVE-2014-8517)
3. threat[41611]:Malware xorddos.origin/linux_b network communication
4. threat[62698]:ProFTPD Backdoor Unauthorized Access Vulnerability
5. threat[41475]:Malicious program windows/njRAT_a network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-08 18:02:36
名称: eoi.unify.allrulepatch.ips.5.6.10.18860.rule 版本:5.6.10.18860
MD5:c9bef0b1e0ca6f7bad2739f7a56195e8 大小:22.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18860。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24316]:Quest KACE 系统管理 run_report命令注入
2. 攻击[24317]:LIVE555 RTSP服务器缓冲区溢出漏洞(CVE-2018-4013)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18860. This package include changed rules:

new rules:
1. threat[24316]:Quest KACE Systems Management run_report Command Injection
2. threat[24317]:LIVE555 RTSP Server Buffer Overflow Vulnerability(CVE-2018-4013)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-01 21:07:24
名称: eoi.unify.allrulepatch.ips.5.6.10.18832.rule 版本:5.6.10.18832
MD5:5bff4df34bf07a40465d43f0633b31ef 大小:22.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18832。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23154]:tnftp ftp客户端任意命令执行漏洞(CVE-2014-8517)
2. 攻击[10431]:NetGear ProSafe交换机远程拒绝服务漏洞(CVE-2013-4776)
3. 攻击[62815]:Wireshark SigComp UDVM 缓冲区溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18832. This package include changed rules:


update rules:
1. threat[23154]:tnftp ftp client arbitrary command execution vulnerability (CVE-2014-8517)
2. threat[10431]:Netgear ProSafe GET filesystem Denial of Service(CVE-2013-4776)
3. threat[62815]:Wireshark SigComp UDVM Buffer Overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-25 18:09:17
名称: eoi.unify.allrulepatch.ips.5.6.10.18794.rule 版本:5.6.10.18794
MD5:b66f782742741a061746bc51a05b7f18 大小:22.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18794。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24311]:GNU C库(glibc)gethostname函数堆缓冲区溢出 - Wordpress XML-RPC
2. 攻击[24312]:Microsoft Windows Shell命令注入(CVE-2012-0175)
3. 攻击[24313]:Cgit路径参数目录遍历信息披露(CVE-2018-14912)
4. 攻击[24314]:Microsoft Windows Shell SettingContentms远程执行代码(CVE-2018-8414)

更新规则:
1. 攻击[65502]:Microsoft Internet Explorer HTML对象处理内存损坏漏洞
2. 攻击[23381]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2015-0053)(MS15-009)
3. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞(CVE-2015-1427)
4. 攻击[62920]:Microsoft Host Integration Server拒绝服务漏洞
5. 攻击[63352]:Microsoft .NET Framework Open Data Protocol "Replace()"拒绝服务漏洞(MS13-007)
6. 攻击[10412]:Apache HTTP Server畸形Range和Range-Request选项处理远程拒绝服务漏洞
7. 攻击[67726]:Microsoft IE HTML渲染远程代码执行漏洞(MS10-018)
8. 攻击[10366]:APACHE COMMONS FILEUPLOAD组件DOS漏洞
9. 攻击[50532]:Windows SMB协议用户认证成功
10. 攻击[63450]:HP SiteScope SOAP调用APIPreferenceImpl安全绕过漏洞
11. 攻击[23010]:ELASTICSEARCH远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18794. This package include changed rules:

new rules:
1. threat[24311]:GNU C Library (glibc) gethostname Function Heap Buffer Overflow - Wordpress XML-RPC
2. threat[24312]:Microsoft Windows Shell Command Injection(CVE-2012-0175)
3. threat[24313]:Cgit Path Parameter Directory Traversal Information Disclosure(CVE-2018-14912)
4. threat[24314]:Microsoft Windows Shell SettingContentms Remote Code Execution(CVE-2018-8414)

update rules:
1. threat[65502]:Microsoft Internet Explorer HTML Object Handling Memory Corruption Vulnerability)
2. threat[23381]:Microsoft Internet Explorer CVE-2015-0053 Remote Memory Corruption Vulnerability
3. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427)
4. threat[62920]:Microsoft Host Integration Server Access of Unallocated Memory Denial of Service Vulnerability
5. threat[63352]:Microsoft .NET Framework OData Denial of Service Vulnerability
6. threat[10412]:Apache HTTP Server Denial Of Service Vulnerability
7. threat[67726]:Microsoft IE HTML Rendering Remote Code Execution Vulnerability (MS10-018)
8. threat[10366]:APACHE COMMONS FILEUPLOAD Module DOS Vulnerability
9. threat[50532]:Windows SMB User Authentication Success
10. threat[63450]:HP SiteScope SOAP Call APIPreferenceImpl Security Bypass Vulnerability
11. threat[23010]:ELASTICSEARCH Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-18 18:59:50
名称: eoi.unify.allrulepatch.ips.5.6.10.18722.rule 版本:5.6.10.18722
MD5:d4fa42dc04c785007c071f73f172132b 大小:22.71M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18722。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30712]:HP SiteScope SOAP调用 远程任意文件访问(CVE-2015-3259)(CVE-2012-3260)
2. 攻击[10483]:Apache Tomcat 块请求远程拒绝服务漏洞(CVE-2014-0075)
3. 攻击[24310]:Apache Struts2通配符OGNL命令执行(CVE-2013-2134)

更新规则:
1. 攻击[63450]:HP SiteScope SOAP调用APIPreferenceImpl安全绕过漏洞
2. 攻击[23131]:ManageEngine产品任意文件上传漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18722. This package include changed rules:

new rules:
1. threat[30712]:HP SiteScope SOAP Call Remote Arbitray File Access(CVE-2015-3259)(CVE-2012-3260)
2. threat[10483]:Apache Tomcat HTTP Chunked Encoding Chunk Size Denial of Service(CVE-2014-0075)
3. threat[24310]:Apache Struts2 wildcard OGNL command execution(CVE-2013-2134)

update rules:
1. threat[63450]:HP SiteScope SOAP Call APIPreferenceImpl Security Bypass Vulnerability
2. threat[23131]:ManageEngine Desktop Central StatusUpdate Arbitrary File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-11 17:59:45
名称: eoi.unify.allrulepatch.ips.5.6.10.18694.rule 版本:5.6.10.18694
MD5:f4e6eed44378c0b463145ac2d28a503f 大小:22.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18694。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18694. This package include changed rules:


update rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-04 20:02:53
名称: eoi.unify.allrulepatch.ips.5.6.10.18693.rule 版本:5.6.10.18693
MD5:87994da9fda861b432db0b3b4fc7ee52 大小:22.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18693。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[41619]:恶意软件Xbash向C2服务器上传扫描结果信息
3. 攻击[41618]:恶意软件Xbash C2服务器通信

更新规则:
1. 攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18693. This package include changed rules:

new rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[41619]:Malware Xbash uploads scan result information to C2 server
3. threat[41618]:Malware Xbash Communicating with C2 Server

update rules:
1. threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-30 19:32:29
名称: eoi.unify.allrulepatch.ips.5.6.10.18657.rule 版本:5.6.10.18657
MD5:ed7a4c1af363dfe3f20f7d2ef1c9fc3f 大小:22.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18657。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41615]:Webshell后门程序Darkshell访问控制
2. 攻击[41616]:Webshell后门程序PHPJackal访问控制
3. 攻击[41617]:Webshell后门程序KA_uShell访问控制
4. 攻击[41611]:恶意程序xorddos.origin/linux_b网络通信

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24003]:Microsoft Windows SMB Server信息泄露漏洞扫描(CVE-2017-0147)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18657. This package include changed rules:

new rules:
1. threat[41615]:Webshell Backdoor Program Darkshell Access and Control
2. threat[41616]:Webshell Backdoor Program PHPJackal Access and Control
3. threat[41617]:Webshell Backdoor Program KA_uShell Access and Control
4. threat[41611]:Malware xorddos.origin/linux_b network communication

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24003]:Microsoft Windows SMB Server Information Disclosure Vulnerability Scan(CVE-2017-0147)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-27 20:40:43
名称: eoi.unify.allrulepatch.ips.5.6.10.18639.rule 版本:5.6.10.18639
MD5:5e96f1afb130b1ae62705becf9707c7a 大小:22.71M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18639。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24303]:HPE智能管理中心PLATtftp服务器fread函数堆栈缓冲区溢出
2. 攻击[24304]:Trend Micro Control Manager SQL注入漏洞(CVE-2018-3602)
3. 攻击[24305]:Advantech Webaccess webvrpcs 目录遍历远程代码执行
4. 攻击[41614]:Webshell后门操控数据库

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞
2. 攻击[24221]:PHPSPY Webshell访问控制
3. 攻击[20580]:PeerCast URI解析栈溢出漏洞(CVE-2006-1148)
4. 攻击[41608]:恶意程序windows/jenki_c网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18639. This package include changed rules:


new rules:
1. threat[24303]:HPE Intelligent Management Center PLAT tftpserver fread Stack Buffer Overflow
2. threat[24304]:Trend Micro Control Manager SQL Injection Vulnerability(CVE-2018-3602)
3. threat[24305]:Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution
4. threat[41614]:Webshell Backdoor Controlling Database

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability
2. threat[24221]:PHPSPY Webshell Access and Control
3. threat[20580]:PeerCast URI Parsing StackOverflow Vulnerability(CVE-2006-1148)
4. threat[41608]:Malicious program windows/jenki_c network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-20 16:32:17
名称: eoi.unify.allrulepatch.ips.5.6.10.18603.rule 版本:5.6.10.18603
MD5:8b4386512cb6800ea023fd49d593ba91 大小:22.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18603。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41613]:恶意程序windows/storm.a_a网络通信
2. 应用:APPS: 极路由SSL


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18603. This package include changed rules:

new rules:
1. threat[41613]:Malicious Program windows/storm.a_a Network Communications
2. app:


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-13 17:02:05
名称: eoi.unify.allrulepatch.ips.5.6.10.18583.rule 版本:5.6.10.18583
MD5:3c43d13e5d23cab611943f9ae01261a7 大小:22.67M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18583。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24236]:Asterisk 越界写漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18583. This package include changed rules:


update rules:
1. threat[24236]:Asterisk out-of-bounds write vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-10 16:07:38
名称: eoi.unify.allrulepatch.ips.5.6.10.18551.rule 版本:5.6.10.18551
MD5:3649ee15782a5a033c4d61818cea5f39 大小:22.67M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18551。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41604]:恶意程序windows/Ramnit网络通信
2. 攻击[41605]:恶意程序windows/FlawedAmmyyRAT网络通信
3. 攻击[41606]:恶意程序windows/jenki_a网络通信
4. 攻击[41607]:恶意程序windows/jenki_b网络通信
5. 攻击[41608]:恶意程序windows/jenki_b网络通信
6. 攻击[24302]:可疑XML外部实体(XXE)注入攻击尝试
7. 应用:魔百盒
8. 应用:叮咚音箱

更新规则:
1. 攻击[20580]:PeerCast URI解析栈溢出漏洞(CVE-2006-1148)
2. 攻击[23426]:Allegro RomPager HTTP Cookie处理安全限制绕过漏洞(CVE-2014-9222)
3. 攻击[10428]:Apache ActiveMQ 未授权关闭拒绝服务攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18551. This package include changed rules:


new rules:
1. threat[41604]:Malicious program windows/Ramnit network communication
2. threat[41605]:Malicious program windows/FlawedAmmyyRAT network communication
3. threat[41606]:Malicious program windows/jenki_a network communication
4. threat[41607]:Malicious program windows/jenki_b network communication
5. threat[41608]:Malicious program windows/jenki_c network communication
6. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt
7. app:Mobaihe
8. app:DingDong Smart Speaker

update rules:
1. threat[20580]:PeerCast URI Parsing StackOverflow Vulnerability(CVE-2006-1148)
2. threat[23426]:Allegro Software RomPager 'Fortune Cookie' Unspecified HTTP Authentication Bypass (CVE-2014-9222)
3. threat[10428]:Apache ActiveMQ Unauthorized Shutdown Denial of Service


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-06 18:01:44
名称: eoi.unify.allrulepatch.ips.5.6.10.18500.rule 版本:5.6.10.18500
MD5:2dc55d14751b195455798280a2abe197 大小:22.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18500。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24300]:GPON Home Gateway 远程命令执行漏洞(CVE-2018-10561,CVE-2018-10562)
2. 攻击[24301]:BusyBox wget缓冲区溢出(CVE-2018-1000517)

更新规则:
1. 攻击[24299]:D-Link DSL-2750B任意命令执行漏洞
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 攻击[24236]:Asterisk 越界写漏洞
4. 攻击[10251]:Microsoft Windows ASP.NET拒绝服务攻击
5. 应用:DNS协议


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18500. This package include changed rules:

new rules:
1. threat[24300]:Remote command execution vulnerability of GPON Home Gateway (cve-2018-10561,cve-2018-10562)
2. threat[24301]:BusyBox Project BusyBox wget Buffer Overflow(CVE-2018-1000517)

update rules:
1. threat[24299]:D-Link DSL-2750B Arbitrary Command Execution Vulnerability
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. threat[24236]:Asterisk out-of-bounds write vulnerability
4. threat[10251]:ASP.NET in Microsoft Windows Denial of Service
5. app:DNS Protocol


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-30 23:01:42
名称: eoi.unify.allrulepatch.ips.5.6.10.18479.rule 版本:5.6.10.18479
MD5:34496185ed375c18a5b2f6f4356945f4 大小:22.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18479。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24296]:Adobe Acrobat EMF EmfPlusDrawLines计数堆缓冲区溢出漏洞(CVE-2018-5067)
2. 攻击[24297]:Node.js nghttp2 nghttp2_frame_altsvc_free 空指针引用(CVE-2018-1000168)
3. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)

更新规则:
1. 攻击[24294]:Apache Solr XML 外部实体注入漏洞(CVE-2018-8010,CVE-2018-8026)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18479. This package include changed rules:

new rules:
1. threat[24296]:Adobe Acrobat EMF EmfPlusDrawLines Count Heap Buffer Overflow Vulnerability(CVE-2018-5067)
2. threat[24297]:Node.js Foundation Node.js nghttp2 nghttp2_frame_altsvc_free Null Pointer Dereference(CVE-2018-1000168)
3. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)

update rules:
1. threat[24294]:Apache Solr ConfigSets XML External Entity Expansion Information Disclosure(CVE-2018-8010,CVE-2018-8026)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-23 18:24:08
名称: eoi.unify.allrulepatch.ips.5.6.10.18434.rule 版本:5.6.10.18434
MD5:db17bfbe2dd386216aebefe97e914716 大小:22.66M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18434。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41601]:恶意程序Linux/Fbot.Linux.Agent.fy_a网络通信
2. 攻击[41603]:恶意程序windows/feifan_a网络通信
3. 攻击[41602]:恶意程序windows/hellbot_a网络通信
4. 攻击[24290]:phpMyAdmin index.php本地文件包含漏洞(CVE-2018-12613)
5. 攻击[24291]:Trend Micro Control Manager sCloudService GetPassword SQL注入(CVE-2018-3604)

更新规则:
1. 攻击[24003]:Microsoft Windows SMB Server信息泄露漏洞(CVE-2017-0147)
2. 攻击[24011]:IBM IMAP 邮件箱名字栈溢出漏洞(EMPHASISMINE)
3. 攻击[24165]:Microsoft Edge ProfiledLdElem 类型混淆


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18434. This package include changed rules:

new rules:
1. threat[41601]:Malicious Program Linux/Fbot.Linux.Agent.fy_a Network Communications
2. threat[41603]:Malicious Programs windows/feifan_a Network Communication
3. threat[41602]:Malicious Program windows/hellbot_a Network Communications
4. threat[24290]:phpMyAdmin index.php Local File Inclusion Vulnerability(CVE-2018-12613)
5. threat[24291]:Trend Micro Control Manager sCloudService GetPassword SQL Injection vulnerability(CVE-2018-3604)

update rules:
1. threat[24003]:Microsoft Windows SMB Server Information Disclosure Vulnerability(CVE-2017-0147)
2. threat[24011]:IBM Domino IMAP Mailbox Name Stack Buffer Overflow(EMPHASISMINE)
3. threat[24165]:Microsoft Edge ProfiledLdElem Type Confusion



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-16 22:44:38
名称: eoi.unify.allrulepatch.ips.5.6.10.18383.rule 版本:5.6.10.18383
MD5:6fdcbdedd72f4619e841fa103d05f4ea 大小:22.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18383。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24289]:Zoho ManageEngine ApplicationManager testCredential.do 命令注入(CVE-2018-7890)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18383. This package include changed rules:

new rules:
1. threat[24289]:Zoho ManageEngine ApplicationManager testCredential.do Command Injection(CVE-2018-7890)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-09 19:09:09
名称: eoi.unify.allrulepatch.ips.5.6.10.18344.rule 版本:5.6.10.18344
MD5:e3a8c3f7128e94b7bce51a483f9fb58a 大小:22.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18344。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41598]:恶意程序linux/daserf_a网络通信
2. 攻击[41597]:恶意程序linux/chinaz_c网络通信
3. 攻击[41599]:恶意程序windows/diamondfox_a 网络通信
4. 攻击[24287]:Modx Revolution远程代码执行漏洞(CVE-2018-1000207)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18344. This package include changed rules:

new rules:
1. threat[41598]:Malicious Programs linux/daserf_a Network Communication
2. threat[41597]:Malicious Programs linux/chinaz_c Network Communication
3. threat[41599]:Malicious Programs windows/diamondfox_a Network Communication
4. threat[24287]:Modx Revolution Remote Code Execution Vulnerability(CVE-2018-1000207)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-02 18:13:16
名称: eoi.unify.allrulepatch.ips.5.6.10.18317.rule 版本:5.6.10.18317
MD5:3a4b170d37688d31a69096754f0a48c3 大小:22.28M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18317。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10482]:Asterisk PJSIP Invalid fmtp Media 属性拒绝服务漏洞(CVE-2018-1000099)
2. 攻击[24284]:Cisco Prime Infrastructure和DCNM目录遍历漏洞(CVE-2018-0258)
3. 攻击[24285]:CMS Made Simple密码重置漏洞(CVE-2018-10081)
4. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)
5. 攻击[41596]:恶意程序linux/chinaz_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18317. This package include changed rules:

new rules:
1. threat[10482]:Asterisk PJSIP Invalid fmtp Media Attribute Denial Of Service Vulnerability(CVE-2018-1000099)
2. threat[24284]:Cisco Prime Infrastructure And DCNM Directory Traversal Vulnerability(CVE-2018-0258)
3. threat[24285]:CMS Made Simple Password Reset Vulnerability(CVE-2018-10081)
4. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894)
5. threat[41596]:Malicious Programs linux/chinaz_a Network Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-27 15:06:59
名称: eoi.unify.allrulepatch.ips.5.6.10.18230.rule 版本:5.6.10.18230
MD5:d9237bf4d84d1d4a685bea64f1f1a27d 大小:22.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18230。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24282]:Dell EMC VMAX Virtual Appliance Manager 认证绕过漏洞
2. 攻击[24283]:Oracle WebLogic Remote Diagnosis Assistant rda_tfa_ref_date 命令注入漏洞(CVE-2018-2615)

更新规则:
1. 攻击[41588]:PHP Webshell脚本上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18230. This package include changed rules:

new rules:
1. threat[24282]:Dell EMC VMAX Virtual Appliance Manager Authentication Bypass Vulnerability
2. threat[24283]:Oracle WebLogic Remote Diagnosis Assistant rda_tfa_ref_date Command Injection Vulnerability(CVE-2018-2615)

update rules:
1. threat[41588]:PHP Webshell Script Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-19 18:12:01
名称: eoi.unify.allrulepatch.ips.5.6.10.18181.rule 版本:5.6.10.18181
MD5:e470d1e9b7d06ac7015d8da1be030529 大小:22.64M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18181。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24278]:NetGain Systems Enterprise Manager 反序列化任意代码执行漏洞
2. 攻击[24280]:Adobe Acrobat/Reader ImageConversion堆缓冲区溢出漏洞(CVE-2018-4982)
3. 攻击[24281]:Adobe Acrobat ImageConversion EmfPlusPath对象堆缓冲区溢出漏洞(CVE-2018-4978)

更新规则:
1. 攻击[24264]:NetGain Systems Enterprise Manager snmpwalk ip参数目录遍历漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18181. This package include changed rules:


new rules:
1. threat[24278]:NetGain Systems Enterprise Manager Deserialization Arbitrary Code Execution Vulnerability
2. threat[24280]:Adobe Acrobat/Reader ImageConversion Heap Buffer Overflow(CVE-2018-4982)
3. threat[24281]:Adobe Acrobat ImageConversion EmfPlusPath Object Heap Buffer Overflow(CVE-2018-4978)

update rules:
1. threat[24264]:NetGain Systems Enterprise Manager snmpwalk ip Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-12 20:15:31
名称: eoi.unify.allrulepatch.ips.5.6.10.18149.rule 版本:5.6.10.18149
MD5:a8d124c329f56514d5817a13d9085a84 大小:22.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18149。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24277]:Foxit Reader BMP biWidth 堆溢出漏洞(CVE-2017-17557)

更新规则:
1. 攻击[24276]:Apache HTTP Server远程安全限制绕过漏洞(CVE-2018-15715)
2. 攻击[41588]:PHP Webshell脚本上传
3. 攻击[41579]:恶意程序windows/drive_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18149. This package include changed rules:

new rules:
1. threat[24277]:Foxit Reader BMP biWidth Heap-based Buffer Overflow Vulnerability(CVE-2017-17557)

update rules:
1. threat[24276]:Apache HTTP Server Remote Security Limit Bypass Vulnerability (CVE-2018-15715)
2. threat[41588]:PHP Webshell Script Upload
3. threat[41579]:Malware windows/drive_a Network Connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-05 18:21:00
名称: eoi.unify.allrulepatch.ips.5.6.10.18133.rule 版本:5.6.10.18133
MD5:64d5f04ea51395cf685a72e7cf4af9e9 大小:22.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18133。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30711]:思科路由器iou-web未授权访问

更新规则:
1. 攻击[23627]:Nano-10 PLC远程拒绝服务漏洞(CVE-2013-5741)
2. 攻击[67469]:Postgres登陆失败


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18133. This package include changed rules:

new rules:
1. threat[30711]:Cisco router iou-web is not authorized to access

update rules:
1. threat[23627]:Nano-10 PLC Remote Denial of Service Vulnerability(CVE-2013-5741)
2. threat[67469]:Postgres Login Error


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-28 17:25:14
名称: eoi.unify.allrulepatch.ips.5.6.10.18054.rule 版本:5.6.10.18054
MD5:3f52c732a972d3d2ef8c5e8d78b04df5 大小:22.62M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18054。该升级包新增/改进的规则有:

更新规则:
1. 攻击[24162]:Autodesk Design Review BMP biClrUsed缓冲区溢出漏洞
2. 攻击[23843]:Cisco ASA防火墙SNMP溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18054. This package include changed rules:

update rules:
1. threat[24162]:Autodesk Design Review BMP biClrUsed Buffer Overflow Vulnerability
2. threat[23843]:Cisco ASA SNMP OID parsing stack buffer overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-21 19:02:28
名称: eoi.unify.allrulepatch.ips.5.6.10.18051.rule 版本:5.6.10.18051
MD5:ae1aedb16794db7df5cd07fc1d5b781a 大小:22.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18051。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41588]:PHP Webshell脚本上传
2. 攻击[24275]:OMRON CX-One CX-FLnet Version 字段堆溢出漏洞

更新规则:
1. 攻击[24268]:Drupal远程代码执行漏洞(CVE-2018-7602)
2. 攻击[41562]:恶意程序windows/kasidet_v1.0网络通信
3. 攻击[41581]:恶意程序windows/drive_d网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18051. This package include changed rules:

new rules:
1. threat[41588]:PHP Webshell Script Upload
2. threat[24275]:OMRON CX-One CX-FLnet Version Heap-based Buffer Overflow Vulnerability

update rules:
1. threat[24268]:Drupal Remote Code Execution Vulnerability (CVE-2018-7602)
2. threat[41562]:Malware windows/kasidet_v1.0 Network Communication
3. threat[41581]:Malware windows/drive_d Network Connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-14 19:26:11
名称: eoi.unify.allrulepatch.ips.5.6.10.18026.rule 版本:5.6.10.18026
MD5:214d4c03084bf22a3ececf4798698135 大小:22.01M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18026。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24272]:Roundcube Webmail archive.php IMAP命令注入
2. 攻击[24273]:Adobe Acrobat ImageConversion EMF EMR STRETCHBLT越界读取漏洞
3. 攻击[24274]:Advantech WebAccess Node chkLogin2 SQL 注入漏洞

更新规则:
1. 攻击[41575]:恶意程序windows/solar_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18026. This package include changed rules:


new rules:
1. threat[24272]:Roundcube Webmail archive.php IMAP Command Injection
2. threat[24273]:Adobe Acrobat ImageConversion EMF EMR STRETCHBLT Out of Bounds Read Vulnerability
3. threat[24274]:Advantech WebAccess Node chkLogin2 SQL Injection Vulnerability

update rules:
1. threat[41575]:Malicious windows/solar_a network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-07 18:03:43
名称: eoi.unify.allrulepatch.ips.5.6.10.17954.rule 版本:5.6.10.17954
MD5:03b0a8281f173e7b7464569e6efefc32 大小:21.89M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17954。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24266]:Joomla! Core SQL注入漏洞(CVE-2018-8045)
2. 攻击[24267]:Microsoft Internet Explorer脚本引擎内存破坏漏洞(CVE-2018-0935)
3. 攻击[24269]:Microsoft Windows Shell远程代码执行漏洞(CVE-2018-0883)
4. 攻击[41582]:恶意程序windows/umbraloader_b网络通信
5. 攻击[24270]:PHP phar 404页面跨站脚本漏洞(CVE-2018-5712)
6. 攻击[24271]:Microsoft Windows SNMP服务拒绝服务漏洞(CVE-2018-0967)

更新规则:
1. 攻击[41533]:Gafgyt僵尸网络通信
2. 攻击[62698]:ProFTPD后门未授权访问漏洞
3. 攻击[41562]:恶意程序windows/kasidet_v1.0网络通信
4. 应用:NFS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17954. This package include changed rules:


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-01 09:33:28
名称: eoi.unify.allrulepatch.ips.5.6.10.17911.rule 版本:5.6.10.17911
MD5:b665831e209b0b196768b7fb60793da8 大小:21.87M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17911。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41573]:恶意程序windows/Jukbot_a网络通信
2. 攻击[41574]:恶意程序windows/madness_a网络通信
3. 攻击[24265]:HPE Moonshot Provisioning Manager 设备 khuploadfile cgi 目录遍历漏洞
4. 攻击[41575]:恶意程序windows/solar_a网络通信
5. 攻击[41576]:恶意程序linux/MrBlackDDos_a网络通信 + ++ +
6. 攻击[41577]:恶意程序linux/MrBlackDDos_b网络通信 +++++
7. 攻击[41578]:恶意程序Windows/dirtjumper.RussKill_a网络通信
8. 攻击[41579]:恶意程序windows/drive_a网络通信
9. 攻击[41580]:恶意程序windows/drive_c网络通信
10. 攻击[41581]:恶意程序windows/drive_d网络通信
11. 攻击[41563]:恶意程序windows/Lokibot网络通信
12. 攻击[24260]:Adobe Acrobat XPS Path元素越界写入漏洞


更新规则:
1. 攻击[41502]:魔鼬DDoS木马通信
2. 攻击[24163]:GoAhead httpd LD_PRELOAD 远程代码执行漏洞
3. 攻击[24250]:Drupal核心远程代码执行漏洞
4. 攻击[41495]:9527win僵尸网络肉鸡上线


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17911. This package include changed rules:

new rules:
1. threat[41573]:Malicious windows/Jukbot_a network communication
2. threat[41574]:Malicious windows/madness_a network communication
3. threat[24265]:HPE Moonshot Provisioning Manager Appliance khuploadfile cgi Directory Traversal Vulnerability
4. threat[41575]:Malicious windows/solar_a network communication
5. threat[41576]:Malicious linux/MrBlackDDos_a network communication
6. threat[41577]:Malicious linux/MrBlackDDos_b network communication
7. threat[41578]:Malware Windows/dirtjumper.RussKill_a Network Connection
8. threat[41579]:Malware windows/drive_a Network Connection
9. threat[41580]:Malware windows/drive_c Network Connection
10. threat[41581]:Malware windows/drive_d Network Connection
11. threat[41563]:Malware windows/Lokibot Network Communication
12. threat[24260]:Adobe Acrobat XPS Path Element Out of Bounds Write Vulnerability

update rules:
1. threat[41502]:DDoS Trojan.moyou Communication
2. threat[24163]:GoAhead httpd LD_PRELOAD Remote Code Execution Vulnerability
3. threat[24250]:Drupal Core Remote Code Execution Vulnerability
4. threat[41495]:Zombies of Botnet 9527win Connect to the Server


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-24 18:01:30
名称: eoi.unify.allrulepatch.ips.5.6.10.17838.rule 版本:5.6.10.17838
MD5:151a1f0165c2b18af208d42988edb505 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17838。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24259]:TBK DVR硬盘录像机认证绕过漏洞
2. 攻击[41556]:恶意软件 Aldi/windows_a 网络通信
3. 攻击[41556]:恶意程序umbraloader/win_a网络通信
4. 攻击[41560]:恶意程序windows/gyddos.nitol_c网络攻击
5. 攻击[41561]:恶意程序windows/IPKiller_a网络通信
6. 攻击[41562]:恶意程序windows/kasidet_v1.0_a网络通信
7. 攻击[41564]:恶意程序UUGangt.Reconyc/win_a网络通信
8. 攻击[41565]:恶意程序Windows/vertexnet_a网络通信
9. 攻击[41566]:恶意程序windows/vertexnet_b网络通信
10. 攻击[41567]:恶意程序windows/wmddos_a网络通信
11. 攻击[41568]:恶意程序Windows/wmddos_c网络通信
12. 攻击[24264]:NetGain Systems Enterprise Manager snmpwalk ip参数目录遍历漏洞
13. 攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17838. This package include changed rules:

new rules:
1. threat[24259]:TBK DVR Devices Authentication Bypass Vulnerability
2. threat[41556]:Malicious Programs Aldi/windows_a Network Communication
3. threat[41556]:Malware umbraloader/win_a Network Communication
4. threat[41560]:Malware windows/gyddos.nitol_c Network Attack
5. threat[41561]:Malware windows/IPKiller_a Network Communication
6. threat[41562]:Malware windows/kasidet_v1.0_a Network Communication
7. threat[41564]:Malware UUGangt.Reconyc/win_a network communication
8. threat[41565]:Malware Windows/vertexnet_a Network Communication
9. threat[41566]:Malware Windows/vertexnet_b network communication
10. threat[41567]:Malware windows/wmddos_a Network Connection
11. threat[41568]:Malware Windows/wmddos_c Network connection
12. threat[24264]:NetGain Systems Enterprise Manager snmpwalk ip Directory Traversal Vulnerability
13. threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-18 08:38:03
名称: eoi.unify.allrulepatch.ips.5.6.10.17704.rule 版本:5.6.10.17704
MD5:7c72b54d6ca78746650eb7a11722e974 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17704。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24256]:Spring Messaging 远程代码执行漏洞
2. 攻击[24257]:Spring Data Commons 远程代码执行漏洞
3. 攻击[24258]:Adobe Acrobat ImageConversion EMF EMR STRETCHDIBITS 堆缓冲区溢出漏洞


更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 应用:百度音乐(原千千静听)
3. 应用:优酷土豆视频

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17704. This package include changed rules:

new rules:
1. threat[24256]:Spring Messaging Remote Code Execution Vulnerability
1. threat[24257]:Spring Data Commons Remote Code Execution Vulnerability
1. threat[24258]:Adobe Acrobat ImageConversion EMF EMR STRETCHDIBITS Heap-based Buffer Overflow Vulnerability


update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. app:Baidu music(TTPlayer)
3. app:Youku Tudou Vedio


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-10 19:33:26
名称: eoi.unify.allrulepatch.ips.5.6.10.17680.rule 版本:5.6.10.17680
MD5:5da7b5d5309d7905ef04b8dfe97beb01 大小:21.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17680。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24254]:Advantech WebAccess SCADA certUpdate.asp 目录遍历漏洞
2. 攻击[24255]:Web服务远程命令执行攻击



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17680. This package include changed rules:

new rules:
1. threat[24254]:Advantech WebAccess SCADA certUpdate asp filename Directory Traversal Vulnerability
2. threat[24255]:Web Service Remote Command Execution Attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-03 18:18:03
名称: eoi.unify.allrulepatch.ips.5.6.10.17666.rule 版本:5.6.10.17666
MD5:9be46d354a224eca5eb06c07e6430631 大小:21.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17666。该升级包新增/改进的规则有:


更新规则:
1. 攻击[21460]:木马后门程序Backdoor.ASP.Ace ASP Web访问


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17666. This package include changed rules:


update rules:
1. threat[21460]:Backdoor/Trojan Backdoor.ASP.Ace ASP Web Access


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-26 18:39:21
名称: eoi.unify.allrulepatch.ips.5.6.10.17654.rule 版本:5.6.10.17654
MD5:a39635afa64e1028a0b189f1c8584b86 大小:21.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17654。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24248]:Oracle OSS Support Tools Diagnostic Assistant远程命令注入漏洞
2. 攻击[10481]:Squid HTTP Caching Proxy拒绝服务攻击漏洞(CVE-2018-1000027)
3. 攻击[24249]:Microsoft IE浏览器 JsErrorToString 堆溢出漏洞
4. 攻击[50546]:Allen Bradley Micrologix 1400 Series B Session泄露风险
5. 攻击[24250]:Drupal核心远程代码执行漏洞
6. 攻击[24251]:Adobe Acrobat ImageConversion EMF 文件整数溢出漏洞
7. 攻击[24253]:Adobe ColdFusion RMI Registry 反序列化漏洞

更新规则:
1. 攻击[41493]:lostlove僵尸网络肉鸡上线
2. 攻击[24133]:HPE Intelligent Management Center getSelInsBean表达式语言注入漏洞(CVE-2017-12490)
3. 攻击[24148]:HPE Intelligent Management Center saveSelectedDevices表达式语言注入漏洞(CVE-2017-12491)
4. 攻击[24247]:Allen Bradley Micrologix 1400系列 B Memory Module Store Program 文件写入漏洞
5. 攻击[41548]:Webshell后门伪装404错误页面


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17654. This package include changed rules:

new rules:
1. threat[24248]:Oracle OSS Support Tools Diagnostic Assistant Remote Code Injection Vulnerability
2. threat[10481]:Squid HTTP Caching Proxy Denial of Service Vulnerability(CVE-2018-1000027)
3. threat[24249]:Microsoft Internet Explorer JsErrorToString Heap Buffer Overflow Vulnerability
4. threat[50546]:Allen Bradley Micrologix 1400 Series B Session Revelation Risk
5. threat[24250]:Drupal Core Remote Code Execution Vulnerability
6. threat[24251]:Adobe Acrobat ImageConversion EMF Integer Overflow Vulnerability
7. threat[24253]:Adobe ColdFusion RMI Registry Insecure Deserialization Vulnerability

update rules:
1. threat[41493]:Zombies of Botnet lostlove Connect to the Server
2. threat[24133]:HPE Intelligent Management Center getSelInsBean Expression Language Injection Vulnerability(CVE-2017-12490)
3. threat[24148]:HPE Intelligent Management Center saveSelectedDevices Expression Language Injection Vulnerability(CVE-2017-12491)
4. threat[24247]:Allen Bradley Micrologix 1400 Series B Memory Module Store Program File Write Vulnerability
5. threat[41548]:Webshell Backdoor Pretended as 404 Page


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-19 17:51:08
名称: eoi.unify.allrulepatch.ips.5.6.10.17650.rule 版本:5.6.10.17650
MD5:a96cc058328c8e93133bcb5d27f5cd8e 大小:22.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17650。该升级包新增/改进的规则有:

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17650. This package include changed rules:

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-17 22:55:01
名称: eoi.unify.allrulepatch.ips.5.6.10.17608.rule 版本:5.6.10.17608
MD5:b42e997f26d0121a8cb91360430cd90c 大小:21.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17608。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24247]:Allen Bradley Micrologix 1400系列 B Memory Module Store Program 文件写入漏洞
2. 攻击[10480]:Allen Bradley Micrologix 1400 Series B Ethernet功能拒绝服务漏洞
3. 攻击[24245]:锐捷网关设备远程命令执行漏洞
4. 攻击[24244]:IBM Informix OpenAdmin Tool welcomeService.php 命令执行漏洞
5. 攻击[24246]:Cisco IOS and IOS XE Software Smart Install 远程代码执行漏洞

更新规则:
1. 攻击[41386]:TrickBot银行木马通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17608. This package include changed rules:

new rules:
1. threat[24247]:Allen Bradley Micrologix 1400 Series B Memory Module Store Program File Write Vulnerability
2. threat[10480]:Allen Bradley Micrologix 1400 Series B Ethernet Card Malformed Packet Denial of Service Vulnerability
3. threat[24245]:Ruijie Gateway Device Remote Command Execution Vulnerability
4. threat[24244]:IBM Informix OpenAdmin Tool welcomeService php Command Execution Vulnerability
5. threat[24246]:Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

update rules:
1. threat[41386]:TrickBot Banking Trojan Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-12 23:26:43
名称: eoi.unify.allrulepatch.ips.5.6.10.17567.rule 版本:5.6.10.17567
MD5:d90c099a9af14f7fe68bbdb350251775 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17567。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24241]:NetIQ Access Manager Identity Server目录遍历漏洞
2. 攻击[24242]:Microsoft Office远程内存栈溢出漏洞(CVE-2018-0802)
3. 攻击[24243]:Mozilla Firefox WebAssembly Table整数下溢漏洞
4. 攻击[41549]:PHP Webshell后门访问
5. 攻击[41550]:Ani-Shell PHP Webshell访问
6. 攻击[41548]:Webshell后门伪装404错误页面
7. 攻击[30710]:智能型管理中心不安全反序列化漏洞
8. 攻击[24239]:Dell EMC Storage Manager目录遍历漏洞(CVE-2017-14384)
9. 攻击[24240]:Flexense SyncBreeze Enterprise HTTP服务器缓冲区漏洞
10. 攻击[24235]:Microsoft SQL RDBMS 引擎 UNC 路径注入权限升级漏洞
11. 攻击[24238]:趋势科技邮件安全虚拟设备认证绕过漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17567. This package include changed rules:


add rules:
1. threat[24241]:NetIQ Access Manager Identity Server Directory Traversal Vulnerability
2. threat[24242]:Microsoft Office Remote Stack Overflow Vulnerability(CVE-2018-0802)
3. threat[24243]:Mozilla Firefox WebAssembly Table Integer Underflow Vulnerability
4. threat[41549]:PHP Webshell Backdoor Access
5. threat[41550]:Ani-Shell PHP Webshell Access
6. threat[41548]:Webshell Backdoor Pretended as 404 Page
7. threat[30710]:HPE Intelligent Management Center Insecure Deserialization Vulnerability
8. threat[24239]:Dell EMC Storage Manager Directory Traversal Vulnerability(CVE-2017-14384)
9. threat[24240]:Flexense SyncBreeze Enterprise ParseHttpHeader Stack Buffer Overflow
10. threat[24235]:Microsoft SQL RDBMS Engine UNC Path Injection Privilege Escalation Vulnerability
11. threat[24238]:Trend Micro InterScan Mail Security Virtual Appliance Authentication Bypass Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-05 21:57:50
名称: eoi.unify.allrulepatch.ips.5.6.10.17515.rule 版本:5.6.10.17515
MD5:0fa39fb4833954ac930b7b54092c4579 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17515。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41542]:PHP木马文件phpspy2014上传
2. 攻击[24231]:EMC Data Protection Advisor应用服务认证绕过漏洞
3. 攻击[24232]:ElectronJs远程代码执行漏洞 (CVE-2018-1000006)
4. 攻击[24234]:VMware VNC VMWDynResolution堆缓冲区溢出漏洞
5. 攻击[41543]:木马后门程序ASP一句话木马
6. 攻击[24236]:Asterisk 越界写漏洞
7. 攻击[41544]:木马后门程序JSP一句话木马文件上传
8. 攻击[24237]:Jenkins 目录遍历漏洞
9. 攻击[24233]:D-Link Router service.cgi 任意代码执行漏洞

更新规则:
1. 攻击[41060]:木马后门程序PHP一句话木马


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17515. This package include changed rules:

new rules:
1. threat[41542]:PHP Trojan File phpspy2014 Uploading
2. threat[24231]:EMC Data Protection Advisor Application Service Authentication Bypass Vulnerability
3. threat[24232]:ElectronJs Remote Code Execution Vulnerability(CVE-2018-1000006)
4. threat[24234]:VMware VNC VMWDynResolution Heap Buffer Overflow Vulnerability
5. threat[41543]:Trojan/Backdoor General ASP trojan
6. threat[24236]:Asterisk out-of-bounds write vulnerability
7. threat[41544]:Trojan/Backdoor General JSP trojan Files Upload
8. threat[24237]:Jenkins directory traversal vulnerability
9. threat[24233]:D-Link Router service.cgi Arbitrary Code Execution Vulnerability

update rules:
1. threat[41060]:Trojan/Backdoor General PHP trojan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-29 18:20:21
名称: eoi.unify.allrulepatch.ips.5.6.10.17482.rule 版本:5.6.10.17482
MD5:6c50264c3a0d57bb1e43c815d2649276 大小:21.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17482。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49018]:蠕虫病毒W32.Faedevour建立后门通信
2. 攻击[41535]:木马后门程序Zusy变种网络通信
3. 攻击[41536]:木马后门程序Forced Entry网络通信
4. 攻击[41537]:木马后门程序EvilFTP网络通信
5. 攻击[41538]:木马后门程序Millenium网络通信
6. 攻击[41539]:木马后门程序HVL-RAT网络通信
7. 攻击[41540]:木马后门程序Coma网络通信

更新规则:
1. 攻击[24228]:Citect Scada ODBC 缓冲区溢出漏洞
2. 攻击[24230]:Novell ZENworks Handheld Management IP Conduit Hardware Data Payload Size Buffer Overflow 缓冲区溢出漏洞
3. 攻击[40337]:木马后门程序Netspy木马通信
4. 攻击[40340]:木马后门程序GirlFriend木马连接建立
5. 攻击[40021]:木马后门程序Gatecrasher木马建立连接
6. 攻击[40173]:木马后门程序DonaldDick木马建立连接
7. 攻击[40486]:木马后门程序Bugs木马通信
8. 攻击[20424]:网络蠕虫Sasser(震荡波)FTP后门缓冲区溢出攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17482. This package include changed rules:

new rules:
1. threat[49018]:Worm W32.Faedevour Backdoor Communication
2. threat[41535]:Trojan/Backdoor Zusy.Variant Network Communication
3. threat[41536]:Trojan/Backdoor Forced Entry Network Communication
4. threat[41537]:Trojan/Backdoor EvilFTP Network Communication
5. threat[41538]:Trojan/Backdoor Millenium Network Communication
6. threat[41539]:Trojan/Backdoor HVL-RAT Network Communication
7. threat[41540]:Trojan/Backdoor Coma Network Communication

update rules:
1. threat[24228]:Citect Scada ODBC Buffer Overflow
2. threat[24230]:Novell ZENworks Handheld Management IP Conduit Hardware Data Payload Size Buffer Overflow
3. threat[40337]:Backdoor/Trojan Netspy Trojan Communication
4. threat[40340]:Backdoor/Trojan GirlFriend Communication
5. threat[40021]:Backdoor/Trojan Gatecrasher Connection
6. threat[40173]:Backdoor/Trojan DonaldDick Connection
7. threat[40486]:Backdoor/Trojan Bugs Communication
8. threat[20424]:Network Worm Sasser FTP Backdoor Buffer Overflow


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-22 17:09:49
名称: eoi.unify.allrulepatch.ips.5.6.10.17419.rule 版本:5.6.10.17419
MD5:db9f2d6a27a38c58f1be5787aa9261cd 大小:21.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17419。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49018]:蠕虫病毒W32.Faedevour建立后门通信
2. 攻击[41535]:木马后门程序Zusy变种网络通信
3. 攻击[41337]:远程连接windows命令行



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17419. This package include changed rules:

new rules:
1. threat[49018]:Worm W32.Faedevour Backdoor Communication
2. threat[41535]:Trojan/Backdoor Zusy.Variant Network Communication
3. threat[41337]:Remote Connections to Windows cmd Command Line



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-15 16:33:13
名称: eoi.unify.allrulepatch.ips.5.6.10.17397.rule 版本:5.6.10.17397
MD5:616ae346cd9246382109d5479b15ebaa 大小:21.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17397。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24224]:CMS Made Simple 2.1.6 远程代码执行漏洞
2. 攻击[41533]:Gafgyt僵尸网络通信
3. 攻击[41534]:网页包含挖矿脚本代码



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17397. This package include changed rules:

new rules:
1. threat[24224]:CMS Made Simple 2.1.6 - Remote Code Execution Vulnerability
2. threat[41533]:Botnet Gafgyt Communication
3. threat[41534]:Web Page Contains Mining Script Code



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-08 16:53:26
名称: eoi.unify.allrulepatch.ips.5.6.10.17379.rule 版本:5.6.10.17379
MD5:598f7c83c8db66d4385eae928fd1c363 大小:21.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17379。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24223]:NetEx HyperIP 6.1.0 Post-Auth 远程命令执行
2. 攻击[24224]:CMS Made Simple 2.1.6 远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17379. This package include changed rules:

new rules:
1. threat[24223]:NetEx HyperIP Post-Auth Command Execution
2. threat[24224]:CMS Made Simple 2.1.6 - Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-01 18:54:22
名称: eoi.unify.allrulepatch.ips.5.6.10.17357.rule 版本:5.6.10.17357
MD5:d135156358df26997165eea363922e47 大小:21.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17357。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24194]:Oracle Application Testing Suite组件UploadServlet filename字段目录遍历漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17357. This package include changed rules:


update rules:
1. threat[24194]:Oracle Application Testing Suite UploadServlet filename Directory Traversal


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-22 17:59:54
名称: eoi.unify.allrulepatch.ips.5.6.10.17353.rule 版本:5.6.10.17353
MD5:0a5f076f537e338cf43b825315fbddc2 大小:21.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17353。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24220]:PHPSPY v2006 Webshell访问
2. 攻击[24221]:PHPSPY v2008 Webshell访问
3. 攻击[24222]:PHPSPY v2013 Webshell访问
4. 攻击[24216]:WSO PHP Webshell访问



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17353. This package include changed rules:

new rules:
1. threat[24220]:PHPSPY v2006 Webshell Access
2. threat[24221]:PHPSPY v2008 Webshell Access
3. threat[24222]:PHPSPY v2013 Webshell Access
4. threat[24216]:WSO PHP Webshell Access



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-15 13:25:24
名称: eoi.unify.allrulepatch.ips.5.6.10.17341.rule 版本:5.6.10.17341
MD5:38a1b9b42acbed2252f15ec50986b2d7 大小:21.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17341。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24209]:施耐德派尔高Sarix Pro摄像头session.cgi程序缓冲区溢出漏洞
2. 攻击[24210]:施耐德派尔高Sarix enhanced摄像头命令执行漏洞
3. 攻击[30709]:施耐德派尔高Sarix Pro网络摄像头信息泄露漏洞
4. 攻击[24211]:施耐德派尔高Sarix Pro网络摄像头WEB管理界面登录认证绕过漏洞
5. 攻击[24213]:施耐德派尔高Sarix Pro网络摄像头web界面空帐号密码账号漏洞
6. 攻击[24217]:施耐德派尔高Sarix Pro网络摄像头import.cgi XML实体注入漏洞
7. 攻击[24218]:施耐德派尔高Sarix Pro网络摄像头set_param程序system.opkg.remove命令执行漏洞
8. 攻击[24219]:施耐德派尔高Sarix Pro网络摄像头set_param程序network.ieee8021x.delete_certs命令执行漏洞

更新规则:
1. 攻击[23896]:Memcached Append/Prepend操作整数溢出漏洞(CVE-2016-8704)
2. 攻击[23897]:Memcached Update整数溢出漏洞(CVE-2016-8705)
3. 攻击[23898]:Memcached SASL认证整数溢出漏洞(CVE-2016-8706)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17341. This package include changed rules:

new rules:
1. threat[24209]:Schneider Parr Sarix Pro camera session.cgi program buffer overflow vulnerability
2. threat[24210]:Schneider Parr Sarix enhanced Camera Command Execution Vulnerability
3. threat[30709]:Schneider Pelco Sarix Pro Webcam Information Disclosure Vulnerability
4. threat[24211]:Schneider Pelco Sarix Pro Webcam WEB Management Interface Login Certified Bypass Vulnerability
5. threat[24213]:Schneider Pelco Sarix Pro webcam's web management interface has an empty username and password account
6. threat[24217]:Schneider Pelco Sarix Pro Webcam import.cgi XML Entity Injection Vulnerability
7. threat[24218]:Schneider Pelco Sarix Pro webcam set_param program system.opkg.remove Command Execution Vulnerability
8. threat[24219]:Schneider Pelco Sarix Pro webcam set_param program network.ieee8021x.delete_certs Command Execution Vulnerability

update rules:
1. threat[23896]:Memcached Append/Prepend Operations Integer Overflow Vulnerability(CVE-2016-8704)
2. threat[23897]:Memcached Update Integer Overflow Vulnerability(CVE-2016-8705)
3. threat[23898]:Memcached SASL Authentication Integer Overflow Vulnerability(CVE-2016-8706)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-08 18:13:06
名称: eoi.unify.allrulepatch.ips.5.6.10.17305.rule 版本:5.6.10.17305
MD5:2149f0455d11ed3d662bb38b49e0dca5 大小:21.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17305。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24207]:Oracle WebLogic Server远程代码执行漏洞(CVE-2017-10271)
2. 攻击[24208]:HPE Intelligent Management Center 远程代码执行漏洞(CVE-2017-12521)

更新规则:
1. 攻击[49014]:门罗币挖矿程序网络通信
2. 攻击[49013]:比特币矿机尝试连接矿池服务器)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17305. This package include changed rules:


new rules:
1. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2017-10271)
2. threat[24208]:HPE Intelligent Management Center Remote Code Execution Vulnerability(CVE-2017-12521)

update rules:
1. threat[49014]:Monero XMR Mining Programs Communication
2. threat[49013]:Bitcoin Miners Attempt to Connect the Mining Pool


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-02 09:18:37
名称: eoi.unify.allrulepatch.ips.5.6.10.17276.rule 版本:5.6.10.17276
MD5:e6b0c55836e08700c9db0e4eec7e27f8 大小:21.89M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17276。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49017]:恶意软件RubyMiner挖矿程序连接服务器
2. 攻击[10473]:Node.js zlib windowBits 拒绝服务漏洞(CVE-2017-14919)
3. 攻击[30706]:NetGain Systems Enterprise Manager type字段目录遍历漏洞(CVE-2017-16599)
4. 攻击[41531]:木马后门程序任我行远控网络通信
5. 攻击[24203]:ESF pfSense system_groupmanager.php命令注入漏洞
6. 攻击[24201]:NetGain Systems Enterprise Manager exec jsp 命令执行漏洞(CVE-2017-16602)
7. 攻击[41529]:木马后门程序熊宝宝远控网络通信

更新规则:
1. 攻击[23621]:Sielco Sistemi Winlog Lite 缓冲区溢出漏洞
2. 攻击[49014]:门罗币挖矿程序网络通信
3. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
4. 攻击[24118]:Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17276. This package include changed rules:

new rules:
1. threat[49017]:Malware RubyMiner Connect to Server
2. threat[10473]:Node.js zlib windowBits Denial of Service(CVE-2017-14919)
3. threat[30706]:NetGain Systems Enterprise Manager misc sample jsp type Directory_Traversal(CVE-2017-16599)
4. threat[41531]:Trojan/Backdoor RenWoXing Network Communication
5. threat[24203]:ESF pfSense system_groupmanager.php Command Injection Vulnerability
6. threat[24201]:NetGain Systems Enterprise Manager exec jsp Command Execution(CVE-2017-16602)
7. threat[41529]:Trojan/Backdoor XiongBaoBao Network Communication

update rules:
1. threat[23621]:Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
2. threat[49014]:Monero XMR Mining Programs Communication
3. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
4. threat[24118]:Apache HTTP Server Memory Corruption Vulnerability(CVE-2017-9788)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-01-25 16:21:00
名称: eoi.unify.allrulepatch.ips.5.6.10.17225.rule 版本:5.6.10.17225
MD5:c258d04b4e1dd4e7da665590a237e69f 大小:21.88M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17225。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24196]:Microsoft Edge类型混淆漏洞(CVE-2018-0775)
2. 攻击[24197]:Microsoft Edge Scripting Engine内存破坏漏洞(CVE-2018-0758)
3. 攻击[24198]:Microsoft Edge Scripting Engine内存破坏漏洞(CVE-2018-0776)
4. 攻击[24199]:Microsoft Edge Scripting Engine Remote内存破坏漏洞(CVE-2018-0773)
5. 攻击[24200]:Microsoft Internet Explorer/Edge脚本引擎远程内存破坏漏洞(CVE-2018-0762)
6. 攻击[10472]:SysGauge Server 3.6.18 拒绝服务漏洞(CVE-2017-15667)
7. 应用:赛风

更新规则:
1. 攻击[49002]:苹果XcodeGhost木马连接服务器
2. 攻击[49003]:Mirai僵尸连接服务器
3. 攻击[49004]:Blackmoon银行木马通信
4. 攻击[49005]:暗云木马通信
5. 攻击[49006]:海莲花(OceanLotus)特种木马连接服务器
6. 攻击[49007]:黑暗力量(Black Energy)木马通信
7. 攻击[49009]:可疑僵尸网络通信
8. 攻击[49010]:僵尸网络程序bluebot客户端连接服务器
9. 攻击[49011]:NetSarang XShell/Xmanager/Xftp nssock2.dll后门程序通信
10. 攻击[49012]:DownLoader:Win32/flexible恶意程序通信
11. 攻击[49013]:比特币矿机尝试连接矿池服务器
12. 攻击[49014]:门罗币挖矿程序网络通信
13. 攻击[49015]:Windows系统下威金蠕虫病毒解析恶意网站域名
14. 攻击[49016]:Windows系统下熊猫烧香蠕虫病毒解析恶意网站域名
15. 攻击[41525]:IoT蠕虫DarkCat传播
16. 攻击[49004]:Blackmoon银行木马通信
17. 攻击[49008]:Bill Gates僵尸网络通讯
18. 应用:微信传文件


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17225. This package include changed rules:


new rules:
1. threat[24196]:Microsoft Edge type confusion vulnerability(CVE-2018-0775)
2. threat[24197]:Microsoft Edge Scripting Engine Memory Corruption Vulnerability(CVE-2018-0758)
3. threat[24198]:Microsoft Edge Scripting Engine Memory Corruption Vulnerability(CVE-2018-0776)
4. threat[24199]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2018-0773)
5. threat[24200]:Microsoft Internet Explorer/Edge Script Engine Memory Corruption Vulnerability(CVE-2018-0762)
6. threat[10472]:SysGauge Server 3.6.18 Denial of Service vulnerability(CVE-2017-15667)
7. app:psiphon

update rules:
1. threat[49002]:Apple XcodeGhost Trojan Connecting Server
2. threat[49003]:Mirai Botnet Connecting to the Server
3. threat[49004]:Blackmoon Banking Trojan Communication
4. threat[49005]:Dark clouds Trojan Communication
5. threat[49006]:Special Trojan OceanLotus Connecting Server
6. threat[49007]:Trojan.BlackEnergy Communication
7. threat[49009]:Suspicious Botnet Communication
8. threat[49010]:Botnet bluebot Client Connecting to Server
9. threat[49011]:NetSarang XShell/Xmanager/Xftp nssock2.dll Backdoor Communication
10. threat[49012]:DownLoader:Win32/flexible Communication
11. threat[49013]:Bitcoin Miners Attempt to Connect the Mining Pool
12. threat[49014]:Monero XMR Mining Programs Communication
13. threat[49015]:Worm.Viking Parsing Malicious Website Domain Name on Windows System
14. threat[49016]:Nimaya Parsing Malicious Website Domain Name on Windows System
15. threat[41525]:IoT Worm DarkCat Spreading
16. threat[49004]:Blackmoon Banking Trojan Communication
17. threat[49008]:Bill Gates BotNet Communication
18. app:WeChat File Transfer


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-01-18 18:04:50
名称: eoi.unify.allrulepatch.ips.5.6.10.17150.rule 版本:5.6.10.17150
MD5:546a405e4b8beda7bd47f0d547dff6ac 大小:21.87M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17150。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10470]:Digium Asterisk chan_skinny SCCP 拒绝服务漏洞
2. 攻击[24192]:Apache CouchDB _config命令执行漏洞(CVE-2017-12636)
3. 攻击[24193]:HPE Intelligent Management Center PLAT flexFileUpload 任意文件上传漏洞(CVE-2017-8961)
4. 攻击[24194]:Oracle Application Testing Suite组件UploadServlet filename字段目录遍历漏洞
5. 攻击[41525]:IoT蠕虫DarkCat传播
6. 攻击[24195]:浏览器CPU Spectre 漏洞(CVE-2017-5753 and CVE-2017-5715)

更新规则:
1. 攻击[41181]:Suspicious Webshell 文件上传后门



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17150. This package include changed rules:

new rules:
1. threat[10470]:Digium Asterisk chan_skinny SCCP packet Denial of Service
2. threat[24192]:Apache CouchDB _config Command Execution Vulnerability(CVE-2017-12636)
3. threat[24193]:HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload Vulnerability(CVE-2017-8961)
4. threat[24194]:Oracle Application Testing Suite UploadServlet filename Directory Traversal
5. threat[41525]:IoT Worm DarkCat Spreading
6. threat[24195]:Browser CPU Spectre vulnerability(CVE-2017-5753 and CVE-2017-5715)

update rules:
1. threat[41181]:Suspicious Webshell File Upload Backdoor



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-01-11 13:45:31
名称: eoi.unify.allrulepatch.ips.5.6.10.17122.rule 版本:5.6.10.17122
MD5:a597636088345154fc2299c4f032af87 大小:21.87M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17122。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24181]:PHP zend_hash_destroy Uninitialized Pointer代码执行漏洞(CVE-2017-5340)
2. 攻击[24183]:HPE Intelligent Management Center dbman FileTrans任意文件写入漏洞
3. 攻击[24182]:HPE Intelligent Management Center dbman RestartDB 命令注入漏洞
4. 攻击[24184]:HPE Intelligent Management Center CommonUtils ZIP 目录穿越漏洞
5. 攻击[24185]:HPE智能管理中心accessMgrServlet不安全的反序列化漏洞
6. 攻击[24186]:华为HG532路由器远程命令执行漏洞(CVE-2017-17215)
7. 攻击[24187]:vBulletin routestring Unauthenticated远程代码执行漏洞
8. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361)

更新规则:
1. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
2. 攻击[23992]:IIS 6.0远程代码执行漏洞(CVE-2017-7269)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17122. This package include changed rules:

new rules:
1. threat[24181]:PHP zend_hash_destroy Uninitialized Pointer Code Execution Vulnerability(CVE-2017-5340)
2. threat[24183]:HPE Intelligent Management Center dbman FileTrans Arbitrary File Write Vulnerability
3. threat[24182]:HPE Intelligent Management Center dbman RestartDB Command Injection
4. threat[24184]:HPE Intelligent Management Center CommonUtils ZIP Directory Traversal
5. threat[24185]:HPE Intelligent Management Center accessMgrServlet Insecure Deserialization
6. threat[24186]:HUAWEI HG532 Routers Remote Command Execution Vulnerability(CVE-2017-17215)
7. threat[24187]:vBulletin routestring Unauthenticated Remote Code Execution Vulnerability
8. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361)

update rules:
1. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
2. threat[23992]:IIS 6.0Remote Code Execution Vulnerability(CVE-2017-7269)

发布时间:2018-01-04 16:48:43
名称: eoi.unify.allrulepatch.ips.5.6.10.17082.rule 版本:5.6.10.17082
MD5:1d621647e6e726958002149406489312 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17082。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24172]:HPE Intelligent Management Center RMI Registry Insecure反序列化漏洞(CVE-2017-5792)
2. 攻击[24165]:Microsoft Edge ProfiledLdElem 类型混淆
3. 攻击[24167]:Microsoft Edge Frame 元素同源策略绕过
4. 攻击[30705]:Dell SonicWALL GMS-Analyzer license.jsp信息泄露漏洞
5. 攻击[24168]:HPE Intelligent Management Center栈缓冲区溢出漏洞(CVE-2017-5805)
6. 攻击[24173]:Magento 2.0.6反序列化远程代码执行漏洞(CVE-2016-4010)
7. 攻击[24171]:Trend Micro Mobile Security Enterprise eas 代理同步客户端 slink id SQL注入

更新规则:
1. 攻击[23967]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7287)(MS16-144)
2. 攻击[24160]:Microsoft Internet Explorer and Edge Blocksite htm 欺骗
3. 攻击[24097]:Trend Micro IWSVA LogSettingHandler doPostMountDevice 命令注入漏洞
4. 攻击[41523]:门罗币挖矿程序网络通信
5. 攻击[23915]:Cisco Adaptive Security Appliance SNMP远程代码执行漏洞(CVE-2016-6366)
6. 应用:ipsec-esp-udp


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17082. This package include changed rules:

new rules:
1. threat[24172]:HPE Intelligent Management Center RMI Registry Insecure Deserialization Vulnerability(CVE-2017-5792)
2. threat[24165]:Microsoft Edge ProfiledLdElem Type Confusion
3. threat[24167]:Microsoft Edge Frame Elements Same Origin Policy Bypass
4. threat[30705]:Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure Vulnerability
5. threat[24168]:HPE Intelligent Management Center Stack Buffer Overflow Vulnerability(CVE-2017-5805)
6. threat[24173]:Magento 2.0.6 Unserialize Remote Code Execution Vulnerability(CVE-2016-4010)
7. threat[24171]:Trend Micro Mobile Security Enterprise eas agent sync client info slink id SQL Injection

update rules:
1. threat[23967]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-7287)(MS16-144)
2. threat[24160]:Microsoft Internet Explorer and Edge Blocksite htm Spoofing
3. threat[24097]:Trend Micro IWSVA LogSettingHandler doPostMountDevice Command Injection Vulnerability
4. threat[41523]:Monero XMR Mining Programs Communication
5. threat[23915]:Cisco Adaptive Security Appliance SNMP Code Execution(CVE-2016-6366)
6. app:ipsec-esp-udp

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-28 15:57:29
名称: eoi.unify.allrulepatch.ips.5.6.10.17063.rule 版本:5.6.10.17063
MD5:44009b0bf4ed41a2cd8a9707dd44632e 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17063。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞
2. 攻击[41523]:门罗币挖矿程序网络通信

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17063. This package include changed rules:

new rules:
1. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability
2. threat[41523]:Monero XMR Mining Programs Communication

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-22 20:36:06
名称: eoi.unify.allrulepatch.ips.5.6.10.16995.rule 版本:5.6.10.16995
MD5:e8b7079dd3b6e1fafe5011662819856a 大小:21.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16995。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24157]:Diasoft File Replication Pro ExecCommand命令执行漏洞
2. 攻击[24158]:op5 Monitor command_test.php命令注入漏洞
3. 攻击[24159]:Samba NDR Parsing ndr_pull_dnsp_name整数溢出漏洞
4. 攻击[24161]:Microsoft Internet Explorer CVE-2017-0008 信息泄露漏洞
5. 攻击[24162]:Autodesk Design Review BMP biClrUsed缓冲区溢出漏洞

更新规则:
1. 攻击[30657]:远程控制工具VNC软件连接
2. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16995. This package include changed rules:


new rules:
1. threat[24157]:Diasoft File Replication Pro ExecCommand Command Execution Vulnerability
2. threat[24158]:op5 Monitor command_test.php Command Injection Vulnerability
3. threat[24159]:Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow Vulnerability
4. threat[24161]:Microsoft Internet Explorer CVE-2017-0008 Information Disclosure
5. threat[24162]:Autodesk Design Review BMP biClrUsed Buffer Overflow Vulnerability

update rules:
1. threat[30657]:Remote Control Tool VNC Software Connection
2. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-21 18:03:56
名称: eoi.unify.allrulepatch.ips.5.6.10.16993.rule 版本:5.6.10.16993
MD5:a5f93afac1b34cff92e55d9386c10328 大小:21.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16993。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24163]:GoAhead httpd LD_PRELOAD 远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16993. This package include changed rules:

new rules:
1. threat[24163]:GoAhead httpd LD_PRELOAD Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-19 20:18:01
名称: eoi.unify.allrulepatch.ips.5.6.10.16964.rule 版本:5.6.10.16964
MD5:cabf916547fb063dd28ac40d4321f52f 大小:21.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16964。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41523]:门罗币挖矿程序网络通信
2. 攻击[24156]:Microsoft MSXML 信息泄露(CVE-2017-0022)
3. 攻击[24150]:IPFire ids cgi OINKCODE Parameter命令注入漏洞(CVE-2017-9757)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16964. This package include changed rules:

new rules:
1. threat[41523]:Monero XMR Mining Programs Communication
2. threat[24156]:Microsoft MSXML Information Disclosure(CVE-2017-0022)
3. threat[24150]:IPFire ids cgi OINKCODE Parameter Command Injection Vulnerability(CVE-2017-9757)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-14 17:23:36
名称: eoi.unify.allrulepatch.ips.5.6.10.16934.rule 版本:5.6.10.16934
MD5:3671b43a51ed0a65fa48924017bd3edc 大小:24.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16934。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10458]:Apache Struts2 REST插件拒绝服务漏洞(CVE-2017-9793)
2. 攻击[24149]:IBM Informix Dynamic Server index.php testconn堆缓冲区溢出漏洞(CVE-2017-1092)
3. 攻击[30704]:HPE Network Automation FileServlet 信息泄露漏洞
4. 攻击[24148]:HPE Intelligent Management Center saveSelectedDevices表达式语言注入漏洞(CVE-2017-12491)

更新规则:
1. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635)
2. 攻击[23210]:SSH 服务暴力猜测用户口令


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16934. This package include changed rules:

new rules:
1. threat[10458]:Apache Struts 2 REST Plugin XStream Denial of Service(CVE-2017-9793)
2. threat[24149]:IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow Vulnerability(CVE-2017-1092)
3. threat[30704]:HPE Network Automation FileServlet Information Disclosure Vulnerability
4. threat[24148]:HPE Intelligent Management Center saveSelectedDevices Expression Language Injection Vulnerability(CVE-2017-12491)

update rules:
1. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635)
2. threat[23210]:SSH Service User Password Brute Forcce


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-07 17:33:57
名称: eoi.unify.allrulepatch.ips.5.6.10.16910.rule 版本:5.6.10.16910
MD5:6ec4fd1b6a55f03211ceefa41eef6cfe 大小:24.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16910。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24140]:趋势科技企业设备 SafeSync SQL注入漏洞
2. 攻击[24142]:趋势 IWSVA 命令注入漏洞
3. 攻击[24143]:AlienVault USM and OSSIM fqdn get_fqdn命令注入漏洞
4. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635)
5. 攻击[24144]:趋势 IWSVA命令注入漏洞
6. 攻击[24145]:趋势控制管理器lang参数任意文件包含漏洞
7. 攻击[24146]:JbossAS反序列化远程命令执行漏洞(CVE-2017-12149)

更新规则:
1. 攻击[24138]:VIPA Controls WinPLC7 recv Stack-based缓冲区溢出漏洞(CVE-2017-5177)
2. 攻击[24133]:HPE Intelligent Management Center getSelInsBean表达式语言注入漏洞(CVE-2017-12490)
3. 应用:腾讯资源
4. 应用:新浪微博
5. 应用:百度音乐(原千千静听)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16910. This package include changed rules:


new rules:
1. threat[24140]:Trend Micro SafeSync for Enterprise deviceTool pm get device info SQL Injection
2. threat[24142]:Trend Micro IWSVA DomainList TestingADKerberos Command Injection
3. threat[24143]:AlienVault USM and OSSIM fqdn get_fqdn Command Injection Vulnerability
4. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635)
5. threat[24144]:Trend_Micro_IWSVA_DeploymentWizardAction_GetClusterInfo_Command_Injection
6. threat[24145]:Trend Micro Control Manager lang Parameter Arbitrary File Inclusion
7. threat[24146]:JbossAS Serialized Object Remote Code Execution Vulnerability(CVE-2017-12149)

update rules:
1. threat[24138]:VIPA Controls WinPLC7 recv Stack-based Buffer Overflow Vulnerability(CVE-2017-5177)
2. threat[24133]:HPE Intelligent Management Center getSelInsBean Expression Language Injection Vulnerability(CVE-2017-12490)
3. app:Tencent resources
4. app:Sina Micro-blog
5. app:Baidu music(TTPlayer)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-01 10:19:24
名称: eoi.unify.allrulepatch.ips.5.6.10.16875.rule 版本:5.6.10.16875
MD5:8c95c715862650c9caa3f0bed75ba837 大小:24.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16875。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30702]:趋势微控制管理器XML外部实体处理错误
2. 攻击[30703]:趋势SafeSync 命令注入
3. 攻击[24128]:趋势微控制管理器 SQL注入漏洞
4. 攻击[24130]:赛门铁克消息网关命令注入漏洞
5. 攻击[24129]:Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11249)
6. 攻击[24131]:HPE Intelligent Management Center dbman缓冲区溢出漏洞(CVE-2017-8956)
7. 攻击[24132]:Splunk企业服务器web告警模块服务端端请求伪造
8. 攻击[24134]:Red Hat JBoss BPM Suite BRMS 跨站脚本漏洞
9. 攻击[24135]:HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string堆溢出漏洞(CVE-2017-5789)
10. 攻击[24136]:Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3036)
11. 攻击[24137]:Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11227)
12. 攻击[24117]:Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Stack-based缓冲区溢出远程代码执行漏洞(CVE-2017-9638)
13. 攻击[24139]:Microsoft Edge Chakra arguments 参数一个字节溢出

更新规则:
1. 攻击[41489]:后门程序Doublepulsar通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16875. This package include changed rules:

new rules:
1. threat[30702]:Trend_Micro_Control_Manager_XML_External_Entity_Processing
2. threat[30703]:Trend_Micro_SafeSync_for_Enterprise_storage_pm_discovery_iscsi_device_Command_Injection
3. threat[24128]:Trend Micro Control Manager SQL Injection
4. threat[24130]:Symantec_Messaging_Gateway_performRestore_Command_Injection
5. threat[24129]:Adobe Acrobat/Reader Memory Corruption Vulnerability(CVE-2017-11249)
6. threat[24131]:HPE Intelligent Management Center dbman Stack Buffer Overflow Vulnerability(CVE-2017-8956)
7. threat[24132]:Splunk Enterprise alerts alerts id Server-Side Request Forgery
8. threat[24134]:Red_Hat_JBoss_BPM_Suite_BRMS_Tasks_List_Cross-Site_Scripting
9. threat[24135]:HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow Vulnerability(CVE-2017-5789)
10. threat[24136]:Adobe Acrobat/Reader Memory Corruption Vulnerability(CVE-2017-3036)
11. threat[24137]:Adobe Acrobat/Reader Memory Corruption Vulnerability(CVE-2017-11227)
12. threat[24117]:Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow
13. threat[24139]:Microsoft Edge Chakra arguments Off By One

update rules:
1. threat[41489]:Backdoor Doublepulsar Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-23 18:02:57
名称: eoi.unify.allrulepatch.ips.5.6.10.16817.rule 版本:5.6.10.16817
MD5:50e378d3167e65019052f8262c33411b 大小:24.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16817。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24121]:EFS Software Easy File Sharing Web Server sendemail.ghp缓冲区溢出漏洞
2. 攻击[24122]:Flexense DiskPulse Enterprise Server ParseHttpHeader缓冲区溢出漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16817. This package include changed rules:

new rules:
1. threat[24121]:EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow Vulnerability
2. threat[24122]:Flexense DiskPulse Enterprise Server ParseHttpHeader Stack Buffer Overflow Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-16 18:51:02
名称: eoi.unify.allrulepatch.ips.5.6.10.16806.rule 版本:5.6.10.16806
MD5:b4b7f56630c1eb139640c56455daaf11 大小:24.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16806。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24119]:FasterXML Jackson-databind反序列化代码执行漏洞(CVE-2017-15095)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16806. This package include changed rules:

new rules:
1. threat[24119]:FasterXML Jackson-databind Deserialization Remote Code Execution Vulnerability(CVE-2017-15095)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-09 16:39:20
名称: eoi.unify.allrulepatch.ips.5.6.10.16786.rule 版本:5.6.10.16786
MD5:0bfc9d6c60974dcf7d7bcd16c8bd4658 大小:24.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16786。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24116]:Microsoft Office远程代码执行漏洞(CVE-2017-8570)
2. 攻击[50545]:比特币矿机尝试连接矿池服务器
3. 攻击[24117]:Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Stack-based缓冲区溢出远程代码执行漏洞(CVE-2017-9638)
4. 攻击[24118]:Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)

更新规则:
1. 攻击[24109]:Apache Solr/Lucene信息泄露及远程代码执行漏洞(CVE-2017-12629)




注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16786. This package include changed rules:


new rules:
1. threat[24116]:Microsoft Office Remote Code Execution Vulnerability(CVE-2017-8570)
2. threat[50545]:Bitcoin Miners Attempt to Connect the Mining Pool
3. threat[24117]:Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Stack-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2017-9638)
4. threat[24118]:Apache HTTP Server Memory Corruption Vulnerability(CVE-2017-9788)

update rules:
1. threat[24109]:Apache Solr/Lucene Information Disclosure and Remote Code Execution Vulnerabilities(CVE-2017-12629)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-02 15:25:52
名称: eoi.unify.allrulepatch.ips.5.6.10.16764.rule 版本:5.6.10.16764
MD5:204801a214c5cfa573d12d0e4349d0e2 大小:24.42M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16764。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24110]:HPE Intelligent Management Center 远程代码执行漏洞(CVE-2017-12500)
2. 攻击[24111]:HPE Intelligent Management Center远程代码执行漏洞(CVE-2017-12526)
3. 攻击[24112]:Systemd dns_packet_new函数堆缓冲区远程溢出漏洞
4. 攻击[24113]:Kaspersky Anti-Virus for Linux File Server路径遍历漏洞
5. 攻击[24109]:Apache Solr/Lucene信息泄露及远程代码执行漏洞(CVE-2017-12629)
6. 攻击[24108]:Oracle Fusion Middleware MapViewer FileUploaderServlet fileName远程代码执行漏洞(CVE-2017-3230)
7. 攻击[41520]:恶意程序Downloader:Win32/Carbanak-20171016-2C0CFDC5B5653CB3E8B0F8EEEF55FC32网络通信
8. 攻击[41521]:DownLoader:Win32/flexible恶意程序通信
9. 攻击[41522]:Spyware:Win32/flexible恶意程序通信

更新规则:
1. 攻击[41310]:Bill Gates僵尸网络通讯



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16764. This package include changed rules:

new rules:
1. threat[24110]:HPE Intelligent Management Center Remote Code Execution Vulnerability(CVE-2017-12500)
2. threat[24111]:HPE Intelligent Management Center Remote Code Execution Vulnerability(CVE-2017-12526)
3. threat[24112]:Systemd dns_packet_new Heap Buffer Overflow Vulnerability
4. threat[24113]:Kaspersky Anti-Virus for Linux File Server Directory Traversal Vulnerability
5. threat[24109]:Apache Solr/Lucene Information Disclosure and Remote Code Execution Vulnerabilities(CVE-2017-12629)
6. threat[24108]:Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Remote Code Execution Vulnerability(CVE-2017-3230)
7. threat[41520]:Malicious File Downloader:Win32/Carbanak-20171016-2C0CFDC5B5653CB3E8B0F8EEEF55FC32 Network Communication
8. threat[41521]:DownLoader:Win32/flexible Communication
9. threat[41522]:Spyware:Win32/flexible Communication

update rules:
1. threat[41310]:Bill Gates BotNet Communication



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-10-26 18:27:49
名称: eoi.unify.allrulepatch.ips.5.6.10.16722.rule 版本:5.6.10.16722
MD5:07fbfc54e8aa8ef080a35a06b87f844e 大小:24.42M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16722。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24107]:Symantec Messaging Gateway远程代码执行漏洞(CVE-2017-6327)
2. 攻击[41520]:恶意程序Downloader:Win32/Carbanak-20171016-2C0CFDC5B5653CB3E8B0F8EEEF55FC32网络通信
3. 攻击[24108]:Oracle Fusion Middleware MapViewer FileUploaderServlet fileName远程代码执行漏洞(CVE-2017-3230)
4. 攻击[24109]:Apache Solr/Lucene信息泄露及远程代码执行漏洞(CVE-2017-12629)

更新规则:
1. 攻击[41310]:Bill Gates僵尸网络通讯


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16722. This package include changed rules:

new rules:
1. threat[24107]:Symantec Messaging Gateway Remote Code Execution Vulnerability(CVE-2017-6327)
2. threat[41520]:Malicious File Downloader:Win32/Carbanak-20171016-2C0CFDC5B5653CB3E8B0F8EEEF55FC32 Network Communication
3. threat[24108]:Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Remote Code Execution Vulnerability(CVE-2017-3230)
4. threat[24109]:Apache Solr/Lucene Information Disclosure and Remote Code Execution Vulnerabilities(CVE-2017-12629)

update rules:
1. threat[41310]:Bill Gates BotNet Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-10-20 13:02:30
名称: eoi.unify.allrulepatch.ips.5.6.10.16695.rule 版本:5.6.10.16695
MD5:08cbfc33e5f2bba5941055b98f3da014 大小:23.80M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16695。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24106]:Apache Tomcat远程代码执行漏洞(CVE-2017-12617)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16695. This package include changed rules:


update rules:
1. threat[24106]:Apache Tomcat remote Code Execution Vulnerability(CVE-2017-12617)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-10-12 18:40:48
名称: eoi.unify.allrulepatch.ips.5.6.10.16679.rule 版本:5.6.10.16679
MD5:b3785c2c06c6171b32847a0cf4444cc2 大小:23.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16679。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24103]:Trend Micro OfficeScan Proxy.php命令注入漏洞
2. 攻击[30700]:Microsoft Windows XXE 信息泄露漏洞


更新规则:
1. 攻击[24104]:博科网络顾问filereceiveservlet文件目录遍历


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16679. This package include changed rules:

new rules:
1. threat[24103]:Trend Micro OfficeScan Proxy.php Command Injection Vulnerability
2. threat[30700]:Microsoft Windows XXE Information Disclosure


update rules:
1. threat[24104]:Brocade Network Advisor FileReceiveServlet filename Directory Traversal


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-10-05 22:55:39
名称: eoi.unify.allrulepatch.ips.5.6.10.16668.rule 版本:5.6.10.16668
MD5:7baa6385b1742fa6a9c2f47c81539a5c 大小:24.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16668。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24105]:Spring Data REST远程代码执行漏洞(CVE-2017-8046)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16668. This package include changed rules:


new rules:
1. threat[24105]:Spring Data REST Remote Code Execution Vulnerability(CVE-2017-8046)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-09-29 19:06:45
名称: eoi.unify.allrulepatch.ips.5.6.10.16628.rule 版本:5.6.10.16628
MD5:b9b5d122b99948f0e58ffa31c8ef09b7 大小:24.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16628。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23579]:Elasticsearch 目录遍历漏洞
2. 应用:淘宝资源
3. 应用:腾讯微信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16628. This package include changed rules:


update rules:
1. threat[23579]:Elasticsearch Path Traversal Vulnerability
2. app:TaoBao resources
3. app:wechat


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-09-28 16:40:29
名称: eoi.unify.allrulepatch.ips.5.6.10.16610.rule 版本:5.6.10.16610
MD5:5046171f8914ec996786311b631fc763 大小:23.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16610。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24099]:HPE Intelligent Management Center栈缓冲区溢出漏洞(CVE-2017-5806)
2. 攻击[24100]:Microsoft .NET Framework WSDL解析器代码注入漏洞(CVE-2017-8759)
3. 攻击[41507]:konni木马链接
4. 攻击[24101]:Apache Tomcat 远程代码执行漏洞(CVE-2017-12615)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16610. This package include changed rules:


new rules:
1. threat[24099]:HPE Intelligent Management Center Stack Buffer Overflow Vulnerability(CVE-2017-5806)
2. threat[24100]:Microsoft .NET Framework WSDL Parser Code Injection Vulnerability(CVE-2017-8759)
3. threat[41507]:konni trojan connect
4. threat[24101]:Apache Tomcat Remote Code Execution Vulnerability(CVE-2017-12615)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-09-21 10:20:29
名称: eoi.unify.allrulepatch.ips.5.6.10.16527.rule 版本:5.6.10.16527
MD5:64c8548631c3e23a845d01256c0fcd5d 大小:24.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16527。该升级包新增/改进的规则有:


更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[23673]:Microsoft IE及Edge远程内存破坏漏洞(CVE-2015-6159)(MS15-125)
3. 攻击[23729]:Microsoft IE远程内存破坏漏洞(CVE-2016-0063)
4. 攻击[23779]:Microsoft Edge脚本引擎内存破坏漏洞(CVE-2016-0193)(MS16-052)
5. 攻击[23854]:Microsoft Internet Explorer and Edge Remote内存破坏漏洞(CVE-2016-3295)
6. 攻击[41503]:NetSarang XShell/Xmanager/Xftp nssock2.dll后门程序通信
7. 攻击[21228]:Microsoft WMI工具ActiveX控件远程代码执行漏洞(MS11-027)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16527. This package include changed rules:


update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[23673]:Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2015-6159)(MS15-125)
3. threat[23729]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-0063)
4. threat[23779]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-0193)(MS16-052)
5. threat[23854]:Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-3295)
6. threat[41503]:NetSarang XShell/Xmanager/Xftp nssock2.dll Backdoor Communication
7. threat[21228]:Microsoft WMITools ActiveX Remote Code Execution Vulnerability(MS11-027)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-09-15 13:44:44
名称: eoi.unify.allrulepatch.ips.5.6.10.16521.rule 版本:5.6.10.16521
MD5:f7c5e785275a62716a5d9e06aa75561f 大小:24.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16521。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16521. This package include changed rules:


update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-09-06 18:19:50
名称: eoi.unify.allrulepatch.ips.5.6.10.16481.rule 版本:5.6.10.16481
MD5:8dc0e7c7bc8d6e5c86ff64b436217f7c 大小:23.81M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16481。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24094]:PHP 'gd_gif_in.c'内存破坏漏洞
2. 攻击[24095]:Trend Micro IWSVA testConfiguration命令注入漏洞

更新规则:
1. 攻击[41388]:Mirai僵尸连接服务器
2. 攻击[22796]:Apache Struts远程代码执行漏洞 (CVE-2013-2251)
3. 应用:QQ牧场
4. 应用:QQ餐厅
5. 应用:QQ农场


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16481. This package include changed rules:


new rules:
1. threat[24094]:php gd_gif_in.c out of bounds read vulnerability
2. threat[24095]:Trend Micro IWSVA testConfiguration Command Injection Vulnerability

update rules:
1. threat[41388]:Mirai Botnet Connecting to the Server
2. threat[22796]:Apache Struts Remote Code Execution(CVE-2013-2251)
3. app:QQ Ranch
4. app:QQ Cook
5. app:QQ Farm


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-08-31 16:25:35
名称: eoi.unify.allrulepatch.ips.5.6.10.16453.rule 版本:5.6.10.16453
MD5:56cbe5f9a3fd5fcf5003301c305a11a7 大小:23.79M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16453。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41503]:NetSarang XShell/Xmanager/Xftp nssock2.dll后门程序通信

更新规则:
1. 攻击[41388]:Mirai僵尸连接服务器
2. 攻击[24091]:趋势Web安全网关ReportHandler DoCmd命令注入漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16453. This package include changed rules:


new rules:
1. threat[41503]:NetSarang XShell/Xmanager/Xftp nssock2.dll Backdoor Communication

update rules:
1. threat[41388]:Mirai Botnet Connecting to the Server
2. threat[24091]:Trend Micro IWSVA ReportHandler DoCmd Command Injection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-08-24 17:01:37
名称: eoi.unify.allrulepatch.ips.5.6.10.16440.rule 版本:5.6.10.16440
MD5:e831fd7b30590aa4c39544822c9b275d 大小:23.80M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16440。该升级包新增/改进的规则有:


更新规则:
1. 攻击[41388]:Mirai僵尸连接服务器


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16440. This package include changed rules:


update rules:
1. threat[41388]:Mirai Botnet Connecting to the Server


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-08-18 09:11:36
名称: eoi.unify.allrulepatch.ips.5.6.10.16429.rule 版本:5.6.10.16429
MD5:28fd2426094f58a7cb01df5368c000c9 大小:23.79M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16429。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41503]:NetSarang XShell/Xmanager/Xftp nssock2.dll后门程序通信



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16429. This package include changed rules:

new rules:
1. threat[41503]:NetSarang XShell/Xmanager/Xftp nssock2.dll Backdoor Communication



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-08-14 19:09:56
名称: eoi.unify.allrulepatch.ips.5.6.10.16381.rule 版本:5.6.10.16381
MD5:5f78d7970475b89c5eeac185f813e3cc 大小:23.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16381。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24087]:趋势Micro SafeSync产品企业许可命令注入
2. 攻击[24088]:趋势SafeSync企业私有云check_nfs_server_status命令注入漏洞

更新规则:
1. 攻击[23994]:Windows SMB远程代码执行漏洞(Shadow Brokers EternalBlue)(CVE-2017-0144)
2. 应用:FTP


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16381. This package include changed rules:

new rules:
1. threat[24087]:Trend_Micro_SafeSync_for_Enterprise_license_Command_Injection
2. threat[24088]:Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection

update rules:
1. threat[23994]:Windows SMB Remote Code Execution Vulnerability(Shadow Brokers EternalBlue)(CVE-2017-0144)
2. app:FTP


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-08-11 14:07:42
名称: eoi.unify.allrulepatch.ips.5.6.10.16346.rule 版本:5.6.10.16346
MD5:ffd829dcc46464dfc571f4ce16697fa7 大小:23.79M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16346。该升级包新增/改进的规则有:

新增规则:
1. 应用:58同城资源

更新规则:
1. 攻击[23613]:IBM Websphere Java反序列化漏洞
2. 应用:58同城-Android


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16346. This package include changed rules:

new rules:
1. app:58.com-Resources

update rules:
1. threat[23613]:IBM Websphere Java Unserialization Vulnerability
2. app:58.com-Android


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-08-03 17:29:54
名称: eoi.unify.allrulepatch.ips.5.6.10.16335.rule 版本:5.6.10.16335
MD5:85464221638df27cad586e876fbe0858 大小:23.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16335。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24082]:Microsoft Windows OLE远程代码执行漏洞(CVE-2017-8487)(Englishmansdentis)
2. 攻击[41500]:可疑PLC蠕虫病毒传播
3. 攻击[24083]:Zabbix Server Active Proxy Trapper 命令注入漏洞(CVE-2017-2824)
4. 应用:糯米团购-资源

更新规则:
1. 攻击[63682]:HTTP SQL注入尝试类型三
2. 应用:糯米团购-Android
3. 应用:QQ


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16335. This package include changed rules:


new rules:
1. threat[24082]:Microsoft Windows OLE Remote Code Execution Vulnerability(CVE-2017-8487)(Englishmansdentis)
2. threat[41500]:Suspicious PLC Worm Propagation
3. threat[24083]:Zabbix Server Active Proxy Trapper Command Injection Vulnerability(CVE-2017-2824)
4. app:Nuomi Tuan resources

update rules:
1. threat[63682]:HTTP SQL Injection Attempt Type Three
2. app:Nuomi-Android
3. app:QQ


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-07-27 16:41:48
名称: eoi.unify.allrulepatch.ips.5.6.10.16295.rule 版本:5.6.10.16295
MD5:5ddb8022b1fb4eef0828d3a1600d0e6c 大小:23.80M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16295。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24075]:Disk Pulse Enterprise Server HttpParser缓冲区溢出漏洞
2. 攻击[24076]:MailStore Server search-result Reflected跨站脚本漏洞
3. 攻击[24077]:McAfee ePolicy Orchestrator SQL注入漏洞
4. 攻击[24078]:Microsoft Edge 远程内存破坏漏洞(CVE-2017-8605)
5. 攻击[24079]:Microsoft Edge 远程代码执行漏洞(CVE-2017-8619)
6. 攻击[24080]:Microsoft Edge 远程代码执行漏洞(CVE-2017-8617)
7. 攻击[24081]:Aerospike数据库服务器IndexName栈缓冲区溢出漏洞

更新规则:
1. 攻击[20926]:Samba MS-RPC远程Shell命令注入执行攻击
2. 攻击[10453]:Apache HTTP Server mod_http2 空指针间接引用漏洞(CVE-2017-7659)
3. 攻击[41351]:HTTP URL目录插入规避尝试



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16295. This package include changed rules:

new rules:
1. threat[24075]:Disk Pulse Enterprise Server HttpParser Buffer Overflow Vulnerability
2. threat[24076]:MailStore Server search-result Reflected Cross-Site Scripting Vulnerability
3. threat[24077]:McAfee ePolicy Orchestrator SQL Injection Vulnerabilitiy
4. threat[24078]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2017-8605)
5. threat[24079]:Microsoft Edge Remote Code Execution Vulnerability(CVE-2017-8619)
6. threat[24080]:Microsoft Edge Remote Code Execution Vulnerability(CVE-2017-8617)
7. threat[24081]:Aerospike Database Server Index Name Stack Buffer Overflow Vulnerability


update rules:
1. threat[20926]:Samba MS-RPC Remote Shell Command Injection Attack
2. threat[10453]:Apache HTTP Server mod_http2 Null Pointer Dereference Vulnerability(CVE-2017-7659)
3. threat[41351]:HTTP Request URL Directory Inserting Attempt



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-07-20 17:23:46
名称: eoi.unify.allrulepatch.ips.5.6.10.16272.rule 版本:5.6.10.16272
MD5:04ab4d6f6d01c73c60fa4f12e948719f 大小:23.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16272。该升级包新增/改进的规则有:


更新规则:
1. 攻击[10452]:Microsoft Windows LSASS认证拒绝服务漏洞(CVE-2017-0004)(MS17-004)
2. 攻击[24071]:Microsoft Edge远程权限提升漏洞(CVE-2017-0002)(MS17-001)
3. 攻击[24072]:PHP phar parse pharfile Function filename len Property整数溢出漏洞(CVE-2016-10159)
4. 攻击[24073]:HP Enterprise Operations Orchestration远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16272. This package include changed rules:


update rules:
1. threat[10452]:Microsoft Windows LSASS Authentication Denial of Service Vulnerability(CVE-2017-0004)(MS17-004)
2. threat[24071]:Microsoft Edge Remote Privilege Escalation Vulnerability(CVE-2017-0002)(MS17-001)
3. threat[24072]:PHP phar parse pharfile Function filename len Property Integer Overflow Vulnerability(CVE-2016-10159)
4. threat[24073]:HP Enterprise Operations Orchestration Remote Code Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-07-14 11:22:16
名称: eoi.unify.allrulepatch.ips.5.6.10.16246.rule 版本:5.6.10.16246
MD5:4a50c324bbf98a1a5a71ae2376bd0e26 大小:23.77M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16246。该升级包新增/改进的规则有:


新增规则:
1. 攻击[10453]:Apache HTTP Server mod_http2 空指针间接引用漏洞(CVE-2017-7659)

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16246. This package include changed rules:


new rules:
1. threat[10453]:Apache HTTP Server mod_http2 Null Pointer Dereference Vulnerability(CVE-2017-7659)

update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-07-08 00:50:50
名称: eoi.unify.allrulepatch.ips.5.6.10.16212.rule 版本:5.6.10.16212
MD5:7a5fb1da3cbf4e3d417771e802031dc3 大小:23.76M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16212。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24065]:Trend Micro Control Manager dlp_policy.php目录遍历漏洞
2. 攻击[24066]:Trend Micro Control Manager download.php信息泄露漏洞
3. 攻击[24067]:Trend Micro Control Manager importFile.php目录遍历漏洞
4. 攻击[24068]:Trend Micro Control Manager Widget importFile.php目录遍历漏洞
5. 攻击[24064]:VegaDNS axfr_get.php命令注入漏洞
6. 攻击[10451]:PHP Exception toString反序列化拒绝服务攻击漏洞
7. 攻击[24069]:趋势微智能保护服务器 wcs_bwlists_handler_php php命令注入攻击
8. 攻击[24070]:趋势微智能保护服务器 _discovery_iscsi_device命令注入攻击

更新规则:
1. 攻击[41185]:SSH登录请求认证
2. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16212. This package include changed rules:

new rules:
1. threat[24065]:Trend Micro Control Manager dlp_policy.php Directory Traversal Vulnerability
2. threat[24066]:Trend Micro Control Manager download.php Information Disclosure Vulnerability
3. threat[24067]:Trend Micro Control Manager importFile.php Directory Traversal Vulnerability
4. threat[24068]:Trend Micro Control Manager Widget importFile.php Directory Traversal Vulnerability
5. threat[24064]:VegaDNS axfr_get.php Command Injection Vulnerability
6. threat[10451]:PHP exception toString Unserialization Denial of Service
7. threat[24069]:Trend_Micro_Smart_Protection_Server_wcs_bwlists_handler_php_Command_Injection
8. threat[24070]:Trend_Micro_SafeSync_for_Enterprise_storage_pm_discovery_iscsi_device_Command_Injection

update rules:
1. threat[41185]:SSH Login Request Authorization
2. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-07-06 17:16:56
名称: eoi.unify.allrulepatch.ips.5.6.10.16172.rule 版本:5.6.10.16172
MD5:cd38adfb80bb63b82c5d39ed2e16a551 大小:23.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16172。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24060]:Microsoft Edge远程内存破坏漏洞(CVE-2017-8496)
2. 攻击[24061]:Microsoft Edge远程内存破坏漏洞(CVE-2017-8497)
3. 攻击[24059]:Microsoft Windows LNK远程代码执行漏洞(CVE-2017-8464)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16172. This package include changed rules:

new rules:
1. threat[24060]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2017-8496)
2. threat[24061]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2017-8497)
3. threat[24059]:Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2017-8464)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-06-29 17:36:38
名称: eoi.unify.allrulepatch.ips.5.6.10.16166.rule 版本:5.6.10.16166
MD5:74ad5aea9588ccabb45204ad86c9417a 大小:23.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16166。该升级包新增/改进的规则有:


更新规则:
1. 攻击[41498]:暗云木马通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16166. This package include changed rules:


update rules:
1. threat[41498]:Dark clouds Trojan Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-06-22 17:21:43
名称: eoi.unify.allrulepatch.ips.5.6.10.16155.rule 版本:5.6.10.16155
MD5:a8f7ef357c288a17a16d1b7c6c4db3dc 大小:23.76M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16155。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41498]:暗云Ⅲ木马通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16155. This package include changed rules:

new rules:
1. threat[41498]:Dark clouds Ⅲ

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-06-15 18:27:37
名称: eoi.unify.allrulepatch.ips.5.6.10.16108.rule 版本:5.6.10.16108
MD5:24f3dd2cfa41fac0fd73ce8df684a96a 大小:23.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16108。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24007]:Windows 远程桌面代码执行漏洞(Shadow Broker ESTEEMAUDIT)
2. 攻击[24006]:Adobe Acrobat Reader堆缓冲区溢出漏洞(CVE-2017-2959)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16108. This package include changed rules:


new rules:
1. threat[24007]:Windows RDP Code Execution Vulnerability(Shadow Broker ESTEEMAUDIT)
2. threat[24006]:Adobe Acrobat ImageConversion JPEG Heap-based Buffer Overflow(CVE-2017-2959)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-06-08 18:05:16
名称: eoi.unify.allrulepatch.ips.5.6.10.16098.rule 版本:5.6.10.16098
MD5:ff1b85416a2e5a6fc3c2491537cbae10 大小:23.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16098。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23994]:Windows SMB远程代码执行漏洞(Shadow Brokers EternalBlue)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16098. This package include changed rules:


update rules:
1. threat[23994]:Windows SMB Remote Code Execution Vulnerability(Shadow Brokers EternalBlue)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-06-01 16:36:53
名称: eoi.unify.allrulepatch.ips.5.6.10.16097.rule 版本:5.6.10.16097
MD5:17e92620a75344b92fd0ee76d39a2248 大小:23.73M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16097。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24005]:Samba远程代码执行漏洞(CVE-2017-7494)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16097. This package include changed rules:


update rules:
1. threat[24005]:Samba Remote Code Execution Vulnerability(CVE-2017-7494)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-05-27 18:34:26
名称: eoi.unify.allrulepatch.ips.5.6.10.16079.rule 版本:5.6.10.16079
MD5:46c7ddc76f43bf2240ee949d9c98becc 大小:23.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16079。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23999]:Microsoft Edge远程内存破坏漏洞(CVE-2017-0236)
2. 攻击[24000]:Microsoft Edge远程内存破坏漏洞(CVE-2017-0240)
3. 攻击[24001]:Microsoft Edge远程内存破坏漏洞(CVE-2017-0227)
4. 攻击[41496]:Blackmoon银行木马通信
5. 攻击[24002]:Microsoft Windows SMB Server远程代码执行漏洞(CVE-2017-0145)

更新规则:
1. 攻击[23866]:PHP htmlspecialchars()/htmlentities() 函数堆溢出


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16079. This package include changed rules:


new rules:
1. threat[23999]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2017-0236)
2. threat[24000]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2017-0240)
3. threat[24001]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2017-0227)
4. threat[41496]:Blackmoon Banking Trojan Communication
5. threat[24002]:Microsoft Windows SMB Server Remote Code Execution Vulnerability(CVE-2017-0145)

update rules:
1. threat[23866]:PHP htmlspecialchars()/htmlentities() Heap Overflow


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-05-23 17:22:57
名称: eoi.unify.allrulepatch.ips.5.6.10.16052.rule 版本:5.6.10.16052
MD5:69eec4eaff386d3e7460f7103fd0062f 大小:23.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16052。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41490]:artemis僵尸网络肉鸡上线
2. 攻击[41491]:UUgangT僵尸网络肉鸡上线
3. 攻击[41492]:Macriddos僵尸网络肉鸡上线
4. 攻击[41493]:lostlove僵尸网络肉鸡上线
5. 攻击[41494]:WinHelp32僵尸网络肉鸡上线
6. 攻击[41495]:9527win僵尸网络肉鸡上线
7. 应用:起点读书-资源

更新规则:
1. 攻击[10338]:Microsoft Windows SSL远程拒绝服务漏洞(MS04-011)
2. 攻击[23808]:HTTP协议URI字段超长
3. 应用:三国杀Online
4. 应用:起点读书-Android
5. 应用:腾讯新闻-Android


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16052. This package include changed rules:


new rules:
1. threat[41490]:Zombies of Botnet artemis Connect to the Server
2. threat[41491]:Zombies of Botnet UUgangT Connect to the Server
3. threat[41492]:Zombies of Botnet Macriddos Connect to the Server
4. threat[41493]:Zombies of Botnet lostlove Connect to the Server
5. threat[41494]:Zombies of Botnet WinHelp32 Connect to the Server
6. threat[41495]:Zombies of Botnet 9527win Connect to the Server
7. app:qidian-Resources

update rules:
1. threat[10338]:Microsoft Windows SSL Remote DoS Vulnerability(MS04-011)
2. threat[23808]:HTTP Protocol Over-Long URI
3. app:Sanguosha Online
4. app:qidian-Android
5. app:Tencent News-Android


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-05-18 18:33:26
名称: eoi.unify.allrulepatch.ips.5.6.10.16039.rule 版本:5.6.10.16039
MD5:714e6e97c2fff0b66f40e62db590f09c 大小:23.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16039。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23997]:Jackson-Databind框架json反序列化代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16039. This package include changed rules:


update rules:
1. threat[23997]:Jackson-Databind framework json deserialization code execution vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-05-11 17:08:01
名称: eoi.unify.allrulepatch.ips.5.6.10.16029.rule 版本:5.6.10.16029
MD5:c4fc510e3f2f14dc91b494e428762465 大小:23.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16029。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23998]:WordPress远程命令执行漏洞(PHPMailer)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16029. This package include changed rules:

new rules:
1. threat[23998]:WordPress Remote Code Execution Vulnerability(PHPMailer)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-05-04 17:43:41
名称: eoi.unify.allrulepatch.ips.5.6.10.15969.rule 版本:5.6.10.15969
MD5:a3eb872687d9c192372772ae75b95448 大小:23.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15969。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23997]:Jackson-Databind框架json反序列化代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15969. This package include changed rules:


add rules:
1. threat[23997]:Jackson-Databind framework json deserialization code execution vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-04-27 16:49:06
名称: eoi.unify.allrulepatch.ips.5.6.10.15956.rule 版本:5.6.10.15956
MD5:b28c639af2bacea46cf1f183045e1e65 大小:23.85M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15956。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41489]:后门程序Doublepulsar通信
2. 攻击[23993]:Microsoft Office OLE功能远程代码执行漏洞(CVE-2017-0199)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15956. This package include changed rules:

new rules:
1. threat[41489]:Backdoor Doublepulsar Communication
2. threat[23993]:Microsoft Office OLE Feature Remote Code Execution Vulnerability(CVE-2017-0199)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-04-20 18:43:37
名称: eoi.unify.allrulepatch.ips.5.6.10.15945.rule 版本:5.6.10.15945
MD5:81182811c65ef952a25ffdf5f4998d34 大小:23.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15945。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23994]:Windows SMB远程代码执行漏洞(Shadow Brokers EternalBlue)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15945. This package include changed rules:

new rules:
1. threat[23994]:Windows SMB Remote Code Execution Vulnerability(Shadow Brokers EternalBlue)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-04-15 23:49:11
名称: eoi.unify.allrulepatch.ips.5.6.10.15919.rule 版本:5.6.10.15919
MD5:6d9cff6d4b799307ac6a76a1a7fa26e8 大小:23.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15919。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41488]:felismus木马恶意通信
2. 攻击[30695]:施耐德Modicon TM221CE16R固件1.3.3.3远程密码信息泄露漏洞
3. 应用:网易资源



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15919. This package include changed rules:

new rules:
1. threat[41488]:Trojan felismus malicious communication
2. threat[30695]:Schneider Modicon TM221CE16R firmware 1.3.3.3 Password Information Disclosure Vulnerability
3. app:NetEase resources



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-04-13 16:08:42
名称: eoi.unify.allrulepatch.ips.5.6.10.15897.rule 版本:5.6.10.15897
MD5:8af346164262f58a270caafea29c5063 大小:23.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15897。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10449]:Novell Remote Manager Host字段拒绝服务攻击漏洞
2. 攻击[41487]:Shamoon2木马恶意通信

更新规则:
1. 攻击[67448]:IMAP身份认证失败
2. 攻击[40299]:Microsoft SQL 客户端SA用户默认空口令连接
3. 应用:腾讯视频-Android
4. 应用:QQ音乐


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15897. This package include changed rules:

new rules:
1. threat[10449]:Novell Remote Manager Host Header Denial of Service
2. threat[41487]:Trojan Shamoon2 malicious communication

update rules:
1. threat[67448]:IMAP Service Failed Authentication
2. threat[40299]:Microsoft SQL Client SA User Default Null Password Connection
3. app:QQVideo-Android
4. app:QQ Music


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-04-06 17:42:24
名称: eoi.unify.allrulepatch.ips.5.6.10.15881.rule 版本:5.6.10.15881
MD5:83d16eef207f3746126de99b63a518d7 大小:23.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15881。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23992]:IIS 6.0远程代码执行漏洞(CVE-2017-7269)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15881. This package include changed rules:


new rules:
1. threat[23992]:IIS 6.0Remote Code Execution Vulnerability(CVE-2017-7269)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-03-28 16:18:53
名称: eoi.unify.allrulepatch.ips.5.6.10.15863.rule 版本:5.6.10.15863
MD5:48454ee15ff466d6c1d60849d9f0b506 大小:23.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15863。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞

更新规则:
1. 攻击[23986]:Struts2远程命令执行漏洞(s2-045)(s2-046)(CVE-2017-5638)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15863. This package include changed rules:


new rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability

update rules:
1. threat[23986]:Struts2 Remote Command Execution Vulnerability(s2-045)(s2-046)(CVE-2017-5638)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-03-21 16:00:24
名称: eoi.unify.allrulepatch.ips.5.6.10.15838.rule 版本:5.6.10.15838
MD5:14dfcf7aa99bbdbd322d806874c4d990 大小:23.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15838。该升级包新增/改进的规则有:


新增规则:
1. 攻击[30694]:CVSTrac FileDiff v2命令行注入漏洞
2. 攻击[41474]:Njw0rm 病毒
3. 攻击[41475]:njRAT 病毒
4. 攻击[40331]:木马后门程序WinShell木马建立连接
5. 攻击[41478]:Baidu下载器被捆绑恶意代码
6. 攻击[41484]:大华监控设备非授权访问漏洞

更新规则:
1. 攻击[23986]:Struts2远程命令执行漏洞(s2-045)(CVE-2017-5638)
2. 攻击[60609]:Squid Proxy DNS域名解析器远程拒绝服务漏洞(CVE-2005-0446)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15838. This package include changed rules:


new rules:
1. threat[30694]:CVSTrac FileDiff V2 command injection vulnerability
2. threat[41474]:Njw0rm virus
3. threat[41475]:njRAT virus
4. threat[40331]:Backdoor/Trojan WinShell Connection
5. threat[41478]:Baidu downloader is bundled with malicious code
6. threat[41484]:Dahua DVR/NVR/IP Camera Unauthorized Access Vulnerability


update rules:
1. threat[23986]:Struts2 Remote Command Execution Vulnerability(s2-045)(CVE-2017-5638)
2. threat[60609]:Squid Proxy DNS Name Resolver Remote Denial of Service



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-03-16 18:16:07
名称: eoi.unify.allrulepatch.ips.5.6.10.15797.rule 版本:5.6.10.15797
MD5:4023f997e7fb36fae30f266df885a9bb 大小:23.80M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15797。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23986]:Struts2远程命令执行漏洞(s2-045)(CVE-2017-5638)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15797. This package include changed rules:

new rules:
1. threat[23986]:Struts2 Remote Command Execution Vulnerability(s2-045)(CVE-2017-5638)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-03-07 18:22:54
名称: eoi.unify.allrulepatch.ips.5.6.10.15742.rule 版本:5.6.10.15742
MD5:fed590e97c8248cf91d97c1c43bf77be 大小:23.76M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15742。该升级包新增/改进的规则有:


更新规则:
1. 攻击[41388]:Mirai僵尸连接服务器
2. 攻击[66129]:Oracle 9i TNS Listener SERVICE_NAME缓冲区溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15742. This package include changed rules:


update rules:
1. threat[41388]:Mirai Botnet Connecting to the Server
2. threat[66129]:Oracle 9i TNS Listener SERVICE_NAME Buffer Overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-03-02 18:20:11
名称: eoi.unify.allrulepatch.ips.5.6.10.15721.rule 版本:5.6.10.15721
MD5:0040d99d05d415be29c6921d3c3f460a 大小:23.77M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15721。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23980]:大华摄像头远程密码信息泄露漏洞

更新规则:
1. 攻击[41388]:Mirai僵尸连接服务器
2. 攻击[65539]:Microsoft Windows SMB Pool溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15721. This package include changed rules:


new rules:
1. threat[23980]:DAHUA Camera Password Information Disclosure Vulnerability

update rules:
1. threat[41388]:Mirai Botnet Connecting to the Server
2. threat[65539]:Microsoft Windows SMB PoolOverflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-02-23 17:15:50
名称: eoi.unify.allrulepatch.ips.5.6.10.15660.rule 版本:5.6.10.15660
MD5:b1c251ce43afe5940e0f6b246c9c1cd8 大小:21.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15660。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23721]:Microsoft Edge TextData类型混淆信息泄露漏洞(CVE-2016-0003)(MS16-002)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15660. This package include changed rules:


update rules:
1. threat[23721]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-0003)(MS16-002)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-02-16 16:23:04
名称: eoi.unify.allrulepatch.ips.5.6.10.15654.rule 版本:5.6.10.15654
MD5:06e382bff287523fcb85fffbd288d04b 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15654。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23923]:FortiOS Cookie解析器缓冲区溢出漏洞(CVE-2016-6909)
2. 攻击[23932]:Microsoft Edge isEqualNode 内存破坏漏洞(CVE-2016-3222)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15654. This package include changed rules:


update rules:
1. threat[23923]:FortiOS Cookie Parser Buffer Overflow Vulnerability(CVE-2016-6909)
2. threat[23932]:Microsoft Edge isEqualNode Memory Corruption (CVE-2016-3222)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-02-10 10:47:51
名称: eoi.unify.allrulepatch.ips.5.6.10.15614.rule 版本:5.6.10.15614
MD5:a25814112af79f06b3f38ace1b3a1284 大小:23.76M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15614。该升级包新增/改进的规则有:

更新规则:
1. 攻击[23971]:HTTP请求X-Forwarded-For字段注入攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15614. This package include changed rules:

update rules:
1. threat[23971]:HTTP Request X-Forwarded-For Field Injection Attack


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-02-02 14:53:01
名称: eoi.unify.allrulepatch.ips.5.6.10.15613.rule 版本:5.6.10.15613
MD5:b669373cac631e2fd3819e371ff6d5b5 大小:23.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15613。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23976]:Adobe Flash Player 堆缓冲区溢出漏洞(CVE-2017-2933)(APSB17-02)
2. 攻击[23977]:Adobe Flash Player 堆缓冲区溢出漏洞(CVE-2017-2934)(APSB17-02)
3. 攻击[23978]:Adobe Flash Player 堆缓冲区溢出漏洞(CVE-2017-2935)(APSB17-02)
4. 攻击[23979]:Adobe Acrobat Reader堆溢出漏洞(CVE-2017-2966)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15613. This package include changed rules:

new rules:
1. threat[23976]:Adobe Flash Player Heap Overflow Vulnerability(CVE-2017-2933)(APSB17-02)
2. threat[23977]:Adobe Flash Player Heap Overflow Vulnerability(CVE-2017-2934)(APSB17-02)
3. threat[23978]:Adobe Flash Player Heap Buffer Overflow Vulnerability(CVE-2017-2935)(APSB17-02)
4. threat[23979]:Adobe Acrobat Reader heap overflow vulnerability(CVE-2017-2966)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-01-26 16:51:56
名称: eoi.unify.allrulepatch.ips.5.6.10.15593.rule 版本:5.6.10.15593
MD5:fc407be45fea46950a0511afd7e41444 大小:23.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15593。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23973]: Microsoft Office 信息泄露漏洞(CVE-2016-7264)
2. 攻击[23974]: Red5 Server Apache Commons Collections不安全反序列化漏洞
3. 攻击[23975]: Adobe Reader/Acrobat远程内存破坏漏洞(CVE-2016-7854)

更新规则:
1. 攻击[23971]:HTTP请求X-Forwarded-For字段注入攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15593. This package include changed rules:


new rules:
1. threat[23973]: Microsoft Office Information Disclosure Vulnerability(CVE-2016-7264)
2. threat[23974]:Red5 Server Apache Commons Collections Insecure Deserialization Vulnerability
3. threat[23975]:Adobe Reader/Acrobat Remote Memory Corruption Vulnerability(CVE-2016-7854)

update rules:
1. threat[23971]:HTTP Request X-Forwarded-For Field Injection Attack


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-01-19 13:17:34
名称: eoi.unify.allrulepatch.ips.5.6.10.15559.rule 版本:5.6.10.15559
MD5:3487ac62242f700ff01f0e4a618164aa 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15559。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23971]: HTTP请求X-Forwarded-For字段注入攻击


更新规则:
1. 应用: 网易新闻-Android


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15559. This package include changed rules:


new rules:
1. threat[23971]: Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7286)(MS16-145)

update rules:
1. app: Netease News-Android


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-01-12 15:27:43
名称: eoi.unify.allrulepatch.ips.5.6.10.15543.rule 版本:5.6.10.15543
MD5:3702a372f8c1b2927aff8ea095967e8c 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15543。该升级包新增/改进的规则有:

新增规则:
1. 应用: UC资源


更新规则:
1. 攻击[23965]: Microsoft Edge远程内存破坏漏洞(CVE-2016-7286)(MS16-145)
2. 应用: UC浏览器-iOS
3. 应用: 迅雷看看


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15543. This package include changed rules:


new rules:
1. app: UCResources


update rules:
1. threat[23965]: Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7286)(MS16-145)
2. app: UC Browser-iOS
3. app: Thunder Kankan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-01-05 18:40:14
名称: eoi.unify.allrulepatch.ips.5.6.10.15510.rule 版本:5.6.10.15510
MD5:a44c63595f2ecfb35f893a610c0fdc4c 大小:20.64M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15510。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23964]:Microsoft Edge远程信息泄露漏洞(CVE-2016-7206)(MS16-145)
2. 攻击[41473]:HTTP/2 HEADERS和CONTINUATION帧连接
3. 攻击[23968]:Microsoft Edge远程信息泄露漏洞(CVE-2016-7280)
4. 攻击[23965]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7286)(MS16-145)
5. 攻击[23967]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7287)(MS16-144)

更新规则:
1. 攻击[23950]:IBM Tivoli Storage Manager FastBack服务器操作码1798代码执行漏洞(CVE-2015-8521)
2. 攻击[23951]:ImageMagick mvg Processing命令任意文件移动漏洞(CVE-2016-3716)
3. 攻击[23952]:MS Windows Word RTF图片大小信息泄露漏洞(CVE-2016-0052)
4. 攻击[23835]:Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3288)(MS16-095)
5. 攻击[23793]:Microsoft Internet Explorer Scripting Engine远程内存破坏漏洞(CVE-2016-3210)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15510. This package include changed rules:

new rules:
1. threat[23964]:Microsoft Edge Information Disclosure Vulnerability(CVE-2016-7206)(MS16-145)
2. threat[41473]:HTTP/2 HEADERS and CONTINUATION connection
3. threat[23968]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7280)
4. threat[23965]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7286)(MS16-145)
5. threat[23967]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-7287)(MS16-144)

update rules:
1. threat[23950]:IBM Tivoli Storage Manager FastBack Server Opcode 1798 Code Execution(CVE-2015-8521)
2. threat[23951]:ImageMagick mvg Processing Command Arbitrary File Move(CVE-2016-3716)
3. threat[23952]:MS Windows Word RTF Picture Size Information Disclosure(CVE-2016-0052)
4. threat[23835]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-3288)(MS16-095)
5. threat[23793]:Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-3210)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-12-29 15:18:05
名称: eoi.unify.allrulepatch.ips.5.6.10.15461.rule 版本:5.6.10.15461
MD5:2b7f279a2e0e6962e21adeaee2ddc448 大小:20.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15461。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23953]:Oracle 应用测试套件目录遍历任意文件上传漏洞 (CVE-2016-0489)
2. 攻击[23954]:Trihedral VTScada Wap 目录遍历漏洞(CVE-2016-4532)
3. 攻击[23955]:WECON LeviStudio项目文件多堆栈缓冲区溢出漏洞(CVE-2016-5781)
4. 攻击[23956]:Windows 图形远程代码执行漏洞(CVE-2016-7272)
5. 攻击[23958]:ImageMagick mvg任意文件读取漏洞(CVE-2016-3717)
6. 攻击[23959]:Micro Focus GroupWise Post Office Agent缓冲区溢出漏洞(CVE-2016-5762)
7. 攻击[23960]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7297)
8. 攻击[23957]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7202) (MS16-144)
9. 攻击[23961]:Microsoft Internet Explorer/Edge远程内存破坏漏洞(CVE-2016-3382)(MS16-118)
10. 攻击[23962]:Microsoft 浏览器信息泄露漏洞(CVE-2016-3325)(MS16-104)
11. 攻击[23951]:ImageMagick mvg Processing命令任意文件移动漏洞(CVE-2016-3716)
12. 攻击[23952]:MS Windows Word RTF图片大小信息泄露漏洞(CVE-2016-0052)
13. 攻击[23950]:IBM Tivoli Storage Manager FastBack服务器操作码1798代码执行漏洞(CVE-2015-8521)
14. 攻击[10443]:ISC DHCP服务器畸形请求处理拒绝服务攻击漏洞


更新规则:
1. 攻击[23778]:Microsoft Edge脚本引擎内存破坏漏洞(CVE-2016-0191)(MS16-052)
2. 攻击[23949]:ImageMagick Server Side Request Forgery安全绕过漏洞(CVE-2016-3718)
3. 攻击[21769]:phpMyAdmin setup.php脚本PHP代码注入漏洞
4. 攻击[23821]:Microsoft Edge 安全功能绕过漏洞(CVE-2016-3244)(MS16-085)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15461. This package include changed rules:

new rules:
1. threat[23953]:Oracle Application Testing Suite Directory Traversal Arbitrary File Upload (CVE-2016-0489)
2. threat[23954]:Trihedral VTScada Wap Directory Traversal(CVE-2016-4532)
3. threat[23955]:WECON LeviStudio Project File Multiple Stack Buffer Overflows(CVE-2016-5781)
4. threat[23956]:Microsoft Windows Graphics Component Remote Code Execution Vulnerability(CVE-2016-7272)
5. threat[23958]:ImageMagick mvg Arbitrary File Read Vulnerability(CVE-2016-3717)
6. threat[23959]:Micro Focus GroupWise Post Office Agent Buffer Overflow Vulnerability(CVE-2016-5762)
7. threat[23960]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7297)
8. threat[23957]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7202) (MS16-144)
9. threat[23961]:Microsoft Internet Explorer/Edge Remote Memory Corruption Vulnerability(CVE-2016-3382)(MS16-118)
10. threat[23962]:Microsoft Internet Explorer and Edge Information Disclosure Vulnerability(CVE-2016-3325)(MS16-104)
11. threat[23951]:ImageMagick mvg Processing Command Arbitrary File Move(CVE-2016-3716)
12. threat[23952]:MS Windows Word RTF Picture Size Information Disclosure(CVE-2016-0052)
13. threat[23950]:IBM Tivoli Storage Manager FastBack Server Opcode 1798 Code Execution(CVE-2015-8521)
14. threat[10443]:ISC DHCP Server Packet Processing Denial of Service Vulnerability


update rules:
1. threat[23778]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-0191)(MS16-052)
2. threat[23949]:ImageMagick Server Side Request Forgery Security Bypass Vulnerability(CVE-2016-3718)
3. threat[21769]:PhpMyAdmin Config File Code Injection Vulnerability
4. threat[23821]:Microsoft Edge ASLR Security Bypass Vulnerability(CVE-2016-3244)(MS16-085)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-12-22 15:32:38
名称: eoi.unify.allrulepatch.ips.5.6.10.15413.rule 版本:5.6.10.15413
MD5:a7158387961ee275fbc59d8539a2c850 大小:20.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15413。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23938]: Apache Jetspeed跨站脚本漏洞(CVE-2016-0711)
2. 攻击[23948]: Microsoft Edge远程内存破坏漏洞(CVE-2016-7194)(MS16-119)
3. 攻击[23947]: WordPress插件移动探测器插件远程文件的上传
4. 攻击[23946]: IBM Tivoli Storage Manager FastBack Server Opcode 4754代码执行漏洞(CVE-2015-8520)
5. 攻击[23939]: Microsoft Office 内存破坏漏洞(CVE-2016-0010)
6. 攻击[10442]: Apache Struts URLValidator类拒绝服务漏洞(CVE-2016-4465)
7. 攻击[30692]: 甲骨文应用程序测试工具目录遍历漏洞
8. 攻击[10444]: OpenBSD TCP Timeout Calculation拒绝服务攻击漏洞
9. 攻击[30691]: Symantec Enterprise防火墙DNSD DNS缓存投毒漏洞
10. 攻击[10443]: ISC DHCP服务器畸形请求处理拒绝服务攻击漏洞
11. 攻击[23937]: Advantech WebAccess DCE/RPC webnrpcs服务栈缓冲区溢出漏洞(CVE-2016-0856)
12. 攻击[23942]: Microsoft Edge 权限提升漏洞(CVE-2016-0161)(MS16-038)


更新规则:
1. 攻击[41350]: HTTP URL编码请求尝试
2. 攻击[23929]: Microsoft Edge 浏览器 Browser Chakra Engine Array.join 类型混乱漏洞(CVE-2016-7189)
3. 攻击[23944]: 微软Windows WORD RTF绘制对象内存损坏
4. 攻击[62682]: OpenSSL "ssl3_get_key_exchange"函数释放后重用内存破坏漏洞
5. 攻击[61057]: Squid处理WCCP消息远程拒绝服务漏洞
6. 攻击[60947]: Mozilla Firefox XPCOM访问缺陷用户执行任意代码漏洞
7. 攻击[61648]: Microsoft远程桌面连接客户端堆溢出漏洞(MS09-044)
8. 攻击[60751]: Microsoft IIS WebDAV请求源码泄露漏洞
9. 攻击[61094]: Gaim AIM-ICQ协议处理缓冲区溢出漏洞
10. 攻击[60599]: Apple Installer软件包文件名格式串处理漏洞)
11. 攻击[23943]: 微软浏览器利用编码混淆内存破坏漏洞
12. 攻击[23735]: Cisco ASA Software IKEv1/IKEv2缓冲区溢出漏洞
13. 攻击[23928]: ESF pfSense 2.2.6 代码注入漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15413. This package include changed rules:

new rules:
1. threat[23938]: Apache Jetspeed XSS Vulnerability(CVE-2016-0711)
2. threat[23948]: Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7194)(MS16-119)
3. threat[23947]: Wordpress Mobile Detector Plugin Remote File Upload
4. threat[23946]: IBM Tivoli Storage Manager FastBack Server Opcode 4754 Code Execution Vulnerability(CVE-2015-8520)
5. threat[23939]: Microsoft Office Memory Corruption Vulnerability(CVE-2016-0010)
6. threat[10442]: Apache Struts URLValidator Forward Slashes Denial of Service Vulnerability(CVE-2016-4465)
7. threat[30692]: Oracle Application Testing Suite Directory Traversa
8. threat[10444]: OpenBSD TCP Timeout Calculation Denial of Service
9. threat[30691]: Symantec Enterprise Firewall DNSD Proxy Cache Poisoning
10. threat[10443]: ISC DHCP Server Packet Processing Denial of Service Vulnerability
11. threat[23937]: Advantech WebAccess DCE/RPC webnrpcs Service Stack Buffer Overflow(CVE-2016-0856)
12. threat[23942]: Microsoft Edge Remote Privilege Escalation Vulnerability(CVE-2016-0161)(MS16-038)


update rules:
1. threat[41350]: HTTP Request URL Encoding Attempt
2. threat[23929]: Microsoft Edge Browser Chakra Engine Array.join Type Confusion(CVE-2016-7189)
3. threat[23944]: MS Windows Word RTF Draw Object Memory Corruption
4. threat[62682]: OpenSSL ssl3_get_key_exchange Use-After-Free Memory Corruption Vulnerability
5. threat[61057]: Squid WCCP Message Parsing Denial of Service Vulnerability
6. threat[60947]: Mozilla Firefox Plugin Access Control Vulnerability
7. threat[61648]: Microsoft Windows Remote Desktop Connection HeapOverflow Vulnerability
8. threat[60751]: Microsoft IIS WebDAV Request Source Code Disclosure Vulnerability
9. threat[61094]: Gaim AIM-ICQ Protocol Handling Buffer Overflow Vulnerability
10. threat[60599]: Apple Mac OS X Installer Package Filename Format String Vulnerability
11. threat[23943]: Microsoft Browser Memory Corruption By Encode Confusion
12. threat[23735]: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
13. threat[23928]: ESF pfSense 2.2.6 Command Injection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-12-15 14:54:49
名称: eoi.unify.allrulepatch.ips.5.6.10.15324.rule 版本:5.6.10.15324
MD5:85d03be831a1a83554a14f5377c58178 大小:20.57M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15324。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23935]: Internet Explorer Internet Messaging API 信息泄露漏洞 (CVE-2016-3298)
2. 攻击[23934]: Microsoft Internet Explorer CAttrArray 释放后重利用漏洞 (CVE-2016-0106)
3. 攻击[23933]: Microsoft Internet Explorer and Edge Font Lang Parameter 释放后重利用漏洞(CVE-2016-3297)
4. 攻击[23931]: Microsoft Edge Chakra JavaScript Array.unshift 内存破坏漏洞(CVE-2016-0186)
5. 攻击[23927]: Cisco Adaptive 安全设备远程登录CLI特权升级漏洞(CVE-2016-6367)
6. 攻击[23926]: Apache Struts 远程代码执行漏洞(CVE-2016-3081)
7. 攻击[23924]: Oracle Application Testing Suite DownloadServlet scriptPath Parameter目录遍历漏洞(CVE-2016-0484)
8. 攻击[41472]: Netcore / Netis 路由器后门


更新规则:
1. 攻击[23597]: Redis未授权访问远程获得服务器权限漏洞
2. 攻击[10418]: ISC BIND Multiple RDATA COOKIE 选项拒绝服务漏洞
3. 攻击[23589]: Mongodb未授权访问漏洞
4. 攻击[41388]:Mirai僵尸连接服务器


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15324. This package include changed rules:


new rules:
1. threat[23935]: Microsoft Internet Explorer Internet Messaging API Information Disclosure (CVE-2016-3298)
2. threat[23934]: Microsoft Internet Explorer CAttrArray Use After Free (CVE-2016-0106)
3. threat[23933]: Microsoft Internet Explorer and Edge Font Lang Parameter Use After Free(CVE-2016-3297)
4. threat[23931]: Microsoft Edge Chakra JavaScript Array.unshift Memory Corruption(CVE-2016-0186)
5. threat[23927]: Cisco Adaptive Security Appliance Telnet CLI Privilege Escalation(CVE-2016-6367)
6. threat[23926]: Apache Struts Remote Command Execution(CVE-2016-3081)
7. threat[23924]: Oracle Application Testing Suite DownloadServlet scriptPath Parameter Directory Traversal Information Disclosure Vulnerability(CVE-2016-0484)
8. threat[41472]: Netis/Netcore Router backdoor


update rules:
1. threat[23597]: Redis Unauthorized Access obtain Remote server permission Vulnerability
2. threat[10418]: ISC BIND Multiple RDATA COOKIE Options Denial of Service
3. threat[23589]: Mongodb Unauthorized Access Vulnerability
4. threat[41388]:Mirai Botnet Connecting to the Server


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-12-08 18:10:42
名称: eoi.unify.allrulepatch.ips.5.6.10.15320.rule 版本:5.6.10.15320
MD5:936c467fab14e031fa0f5332bbb4befc 大小:20.57M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15320。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23930]: Firefox/Tor Browser SVG 代码执行漏洞(CVE-2016-9079)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15320. This package include changed rules:

new rules:
1. threat[23930]: Firefox/Tor Browser SVG Code execution vulnerability(CVE-2016-9079)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-12-02 21:48:06
名称: eoi.unify.allrulepatch.ips.5.6.10.15267.rule 版本:5.6.10.15267
MD5:91768a65cf089819a20357d777103a65 大小:20.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15267。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10441]:NTP拒绝服务漏洞(CVE-2016-9312)
2. 攻击[23913]:Apache Jetspeed访问限制安全漏洞
3. 攻击[23915]:Cisco Adaptive Security Appliance SNMP远程代码执行漏洞(CVE-2016-6366)
4. 攻击[23917]:Drupal RESTful web 服务模块默认页面回调函数PHP 远程代码执行漏洞
5. 攻击[30689]:ImageMagick mvg 处理命令任意文件删除
6. 攻击[23919]:Advantech WebAccess 文件上传漏洞(CVE-2016-0854)
7. 攻击[41471]:Crane木马通信

更新规则:
1. 攻击[50253]:HTTP协议下载视频文件


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15267. This package include changed rules:

new rules:
1. threat[10441]:NTP Denial of Service Vulnerability(CVE-2016-9312)
2. threat[23913]:Apache Jetspeed User Manager Services REST API Unauthorized Access
3. threat[23915]:Cisco Adaptive Security Appliance SNMP Code Execution(CVE-2016-6366)
4. threat[23917]:Drupal RESTful Web Services Module Default Page Callback Function Remote php Command Execution
5. threat[30689]:ImageMagick mvg Processing Command Arbitrary File Deletion
6. threat[23919]:Advantech WebAccess File Upload Vulnerability(CVE-2016-0854)
7. threat[41471]:Trojan.Crane Communication

update rules:
1. threat[50253]:Downloading Video Files Through HTTP Protocol


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-12-01 16:38:23
名称: eoi.unify.allrulepatch.ips.5.6.10.15196.rule 版本:5.6.10.15196
MD5:32680fba8562ba1512d23ee0e526936d 大小:20.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15196。该升级包新增/改进的规则有:

新增规则:
1. 攻击[40631]:SMTP服务发送Mydoom.Q蠕虫病毒邮件
2. 攻击[23908]:Edge浏览器Chakra引擎prototype_concat类型混乱漏洞(CVE-2016-7242)
3. 攻击[40648]:SMTP服务发送Mydoom.AF蠕虫病毒邮件
4. 攻击[50032]:SMTP服务发送Worm.MiMail蠕虫病毒邮件
5. 攻击[40641]:SMTP服务发送Mydoom.AB蠕虫病毒邮件


更新规则:
1. 攻击[23004]:Microsoft Internet Explorer远程代码执行漏洞(CVE-2014-1776)
2. 攻击[60245]:HTTP SQL注入尝试类型八
3. 攻击[22702]:DLink DIR-645 / DIR-815 diagnostic.php 命令注入漏洞
4. 攻击[22720]:Microsoft SQL Server分布式管理系统缓冲区溢出漏洞
5. 攻击[22757]:Lianja SQL Server 'db_netserver' 远程栈缓冲区溢出漏洞(CVE-2013-3563)
6. 攻击[22762]:SevOne网络性能管理应用程序暴力猜测
7. 攻击[22798]:HP Managed Printing Administration jobAcct远程命令执行
8. 攻击[22799]:D-Link Devices UPnP SOAP命令注入
9. 应用:ICQ-Web


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.



NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15196. This package include changed rules:

new rules:
1. threat[40631]:SMTP Service Sending Mails with Mydoom.Q
2. threat[23908]:Edge_Chakra__array_prototype_concat_Type_Confusion Vulnerability(CVE-2016-7242)
3. threat[40648]:SMTP Service Sending Mails with Mydoom.AF
4. threat[50032]:SMTP Service Sending Mails with Worm.MiMail
5. threat[40641]:SMTP Service Sending Mails with Mydoom.AB


update rules:
1. threat[23004]:Microsoft Internet Explorer Remote Code Execution 0day(CVE-2014-1776)
2. threat[60245]:HTTP SQL Injection Attempt Type Eight
3. threat[22702]:DLink DIR-645 / DIR-815 diagnostic.php Command Execution
4. threat[22720]:Microsoft SQL Server Distributed Management Objects Buffer Overflow Vulnerability
5. threat[22757]:Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow Vulnerability
6. threat[22762]:SevOne Network Performance Management Application Brute Force Login Utility
7. threat[22798]:HP Managed Printing Administration jobAcct Remote Command Execution
8. threat[22799]:D-Link Devices UPnP SOAP Command Execution
9. app:ICQ-Web


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-11-24 16:46:26
名称: eoi.unify.allrulepatch.ips.5.6.10.15166.rule 版本:5.6.10.15166
MD5:a7a1dcc8713367cc3f3bc56645ed72ed 大小:20.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15166。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41187]:Acunetix Web Vulnerability Scanner扫描探测
2. 攻击[23901]:Microsoft Internet Explorer和Edge远程内存破坏漏洞(CVE-2016-7196)(MS16-142)
3. 攻击[23902]:Microsoft Windows Kernel本地权限提升漏洞(CVE-2016-7246)(MS16-135)
4. 攻击[23906]:Edge浏览器ntdll_LdrpValidateUserCallTarget栈变量未初始化漏洞(CVE-2016-7198)
5. 攻击[23903]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7200)(MS16-129)
6. 攻击[23904]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7201)(MS16-129)
7. 攻击[23905]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7203)(MS16-129)

更新规则:
1. 攻击[23265]:Forum Livre busca2.asp palavra参数XSS跨站攻击漏洞
2. 攻击[22813]:网络蠕虫Linux Lupper A 利用Awstats漏洞
3. 攻击[22890]:D-Link路由器User-Agent后门漏洞
4. 攻击[41041]:木马后门程序核子鼠连接服务端
5. 攻击[41051]:木马后门程序KuGou RAT连接服务端
6. 攻击[41053]:木马后门程序Win32.bill后门可疑域名请求


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15166. This package include changed rules:

new rules:
1. threat[41187]:Acunetix Web Vulnerability Scanner Detection
2. threat[23901]:Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-7196)(MS16-142)
3. threat[23902]:Microsoft Windows Kernel Local Privilege Escalation Vulnerability(CVE-2016-7246)(MS16-135)
4. threat[23906]:Edge_ntdll_LdrpValidateUserCallTarget_Uninitialize_Stack_Variable Vulnerability(CVE-2016-7198)
5. threat[23903]:Microsoft Edge Scripting Engine Memory Corruption Vulnerability(CVE-2016-7200)(MS16-129)
6. threat[23904]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7201)(MS16-129)
7. threat[23905]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7203)(MS16-129)

update rules:
1. threat[23265]:Forum Livre busca2.asp palavra Parameter HTTP Post Cross Site Scripting
2. threat[22813]:Network worm Lupper A Awstats exploit Linux vulnerabilities
3. threat[22890]:D-Link Router User-Agent Backdoor Vulnerability
4. threat[41041]:Backdoor/Trojan Nuclear Rat Connection Server
5. threat[41051]:Backdoor/Trojan KuGou RAT Connection Server
6. threat[41053]:Backdoor/Trojan Win32.bill Suspicious DNS Request


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-11-17 16:18:46
名称: eoi.unify.allrulepatch.ips.5.6.10.15114.rule 版本:5.6.10.15114
MD5:1b6c204c53cf1de9a8ab9250a1092d4d 大小:20.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15114。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41388]: Mirai僵尸连接服务器
2. 攻击[41389]: 红黑远控受控端与服务器通信
3. 攻击[41387]: 远程控制工具hav-rat通信
4. 攻击[23891]: CA ARCserve Backup RPC Services RPC请求服务崩溃和任意代码执行漏洞(CVE-2012-2971)
5. 攻击[41386]: TrickBot银行木马通信
6. 攻击[41376]: 1937CN远程控制工具通信
7. 攻击[41384]: 僵尸网络程序bluebot客户端连接服务器
8. 攻击[41383]: 远程控制工具PcShare通信
9. 攻击[23890]: 微软Internet Explorer 布局对象释放后使用漏洞(CVE-2012-1526)
10. 攻击[23889]: 戴尔网络摄像机软件ActiveX控件缓冲区溢出漏洞

更新规则:
1. 攻击[22659]: Linksys WRT54GL 远程命令执行
2. 攻击[22656]: D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞
3. 攻击[63534]: Microsoft Internet Explorer跨域信息泄露漏洞(MS12-010)
4. 攻击[21518]: Microsoft Internet Explorer Navigation Cancel Page跨站脚本攻击(About)
5. 攻击[20536]: MailEnable IMAP STATUS命令邮箱名解析栈溢出漏洞
6. 攻击[10116]: Windows NT services.exe拒绝服务攻击
7. 攻击[63279]: Aladdin Knowledge System PrivAgent ActiveX 控件 "ChooseFilePath"参数缓冲区溢出漏洞
8. 攻击[40794]: Windows系统下熊猫烧香蠕虫病毒解析恶意网站域名
9. 攻击[21119]: 网络蠕虫Lupper.A XML-RPC 传播请求变种


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15114. This package include changed rules:


new rules:
1. threat[41388]: Mirai Botnet Connecting to the Server
2. threat[41389]: Remote Control Tool RedBlack Clients Connecting to Server
3. threat[41387]: Remote Control Tool hav-rat Communication
4. threat[23891]: CA ARCserve Backup RPC Services RPC Request Service Crash and arbitrary code execution vulnerability(CVE-2012-2971)
5. threat[41386]: TrickBot Banking Trojan Communication
6. threat[41376]: 1937CN Remote Control Tool Communication
7. threat[41384]: Botnet bluebot Client Connecting to Server
8. threat[41383]: Remote Control Tool PcShare Communication
9. threat[23890]: Microsoft Internet Explorer Layout Object Use After Free(CVE-2012-1526)
10. threat[23889]: Dell Webcam Software ActiveX Control Buffer Overflow


update rules:
1. threat[22659]: Linksys WRT54GL Remote Command Execution
2. threat[22656]: D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
3. threat[63534]: Microsoft Internet Explorer Copy And Paste Information Disclosure
4. threat[21518]: Microsoft Internet Explorer Navigation Cancel Page XSS (About)
5. threat[20536]: MailEnable IMAP STATUS Command MailBox Name Parsing StackOverflow Vulnerability
6. threat[10116]: Windows NT services.exe Denial of Service
7. threat[63279]: Aladdin Knowledge System PrivAgent ActiveX ChooseFilePath Buffer Overflow Vulnerability
8. threat[40794]: Nimaya Parsing Malicious Website Domain Name on Windows System
9. threat[21119]: Network Worm Lupper.A XML-RPC Propogation Request Variant

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-11-10 15:33:26
名称: eoi.unify.allrulepatch.ips.5.6.10.15103.rule 版本:5.6.10.15103
MD5:9db516fe754545fd7c961e8336e63170 大小:20.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.15103。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23896]: Memcached Append/Prepend操作整数溢出漏洞(CVE-2016-8704)
2. 攻击[23897]: Memcached Update整数溢出漏洞(CVE-2016-8705)
3. 攻击[23898]: Memcached SASL认证整数溢出漏洞(CVE-2016-8706)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.15103. This package include changed rules:


new rules:
1. threat[23896]: Memcached Append/Prepend Operations Integer Overflow Vulnerability(CVE-2016-8704)
2. threat[23897]: Memcached Update Integer Overflow Vulnerability(CVE-2016-8705)
3. threat[23898]: Memcached SASL Authentication Integer Overflow Vulnerability(CVE-2016-8706)

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-11-02 21:22:55
名称: eoi.unify.allrulepatch.ips.5.6.10.14964.rule 版本:5.6.10.14964
MD5:c786335a097f6fa8dfa89c95f5ab0d50 大小:20.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14964。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23881]: Apache Jetspeed跨站脚本漏洞(CVE-2016-0712)
2. 攻击[23888]: Microsoft Edge远程内存破坏漏洞(CVE-2016-7190)(MS16-119)
3. 攻击[23886]: Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-3383)(MS16-118)
4. 攻击[23882]: Microsoft Internet Explorer CSS邮件调用空状态漏洞(CVE 2012-2521)
5. 攻击[23880]: Novell iPrint Client缓冲区溢出漏洞(CVE 2009-1569)
6. 攻击[23878]: Apache Solr SolrResourceLoader目录遍历漏洞(CVE-2013-6397)
7. 攻击[23877]: Mozilla Firefox/SeaMonkey/Thunderbird 内存破坏漏洞

更新规则:
1. 攻击[23871]: Apache HTTP Server MERGE Request拒绝服务攻击(CVE-2013-1896)
2. 攻击[23876]: apache struts2 cookie OGNL 命令执行漏洞
3. 攻击[10424]: Incutio XML-RPC 库对象膨胀拒绝服务攻击(CVE 2014-5265)
4. 攻击[41382]: SpyEye 僵尸网络命令和控制通讯
5. 攻击[23872]: ABB 机器人缓冲区溢出

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14964. This package include changed rules:

new rules:
1. threat[23881]: Apache Jetspeed Portal URI Path XSS(CVE-2016-0712)
2. threat[23888]: Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7190)(MS16-119)
3. threat[23886]: Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-3383)(MS16-118)
4. threat[23882]: Microsoft Internet Explorer CSS Mailto Use After Free Condition(CVE 2012-2521)
5. threat[23880]: Novell iPrint Client volatile-date-time parameter Buffer Overflow(CVE 2009-1569)
6. threat[23878]: Apache Solr SolrResourceLoader Directory Traversal Vulnerability(CVE-2013-6397)
7. threat[23877]: Mozilla Firefox Thunderbird and Seamonkey Table Memory Corruption

update rules:
1. threat[23871]: Apache HTTP Server MERGE Request Denial of Service Vulnerability(CVE-2013-1896)
2. threat[23876]: apache struts2 cookie OGNL command execution
3. threat[10424]: Incutio XML-RPC Library Enitiy Expansion Denial of Service(CVE 2014-5265)
4. threat[41382]: SpyEye Botnet Command and Control Communications
5. threat[23872]: ABB Robot Products Stack Buffer Overflow

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-10-27 15:26:38
名称: eoi.unify.allrulepatch.ips.5.6.10.14914.rule 版本:5.6.10.14914
MD5:6372634a46f9823a8d2fa104b837f62a 大小:20.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14914。该升级包新增/改进的规则有:


新增规则:
1. 攻击[10437]: Serva 32 TFTP 2.1拒绝服务漏洞(CVE 2013-0145)
2. 攻击[23875]: IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385)
3. 攻击[23874]: Microsoft Edge Scripting Engine远程代码执行漏洞(CVE-2016-7189)
4. 攻击[10435]: NTP ntpd拒绝服务漏洞(CVE-2016-4957)
5. 攻击[10434]: Apache Qpid多个拒绝服务漏洞(CVE-2015-0203)
6. 攻击[23873]: Apple Remote Desktop VNC用户名处理格式字符串漏洞(CVE-2013-5135)
7. 攻击[10433]: 网络时间协议(NTP)拒绝服务漏洞(CVE-2015-7855)
8. 攻击[10432]: Novell iPrint Client ActiveX Control GetPrinterURLList函数拒绝服务漏洞(CVE-2013-3708)
9. 攻击[10422]: Squid HTTP 主机头部拒绝服务漏洞
10. 攻击[10431]: NetGear ProSafe交换机远程拒绝服务漏洞(CVE-2013-4776)
11. 攻击[10430]: Monkey HTTPD Server 1.1.1拒绝服务漏洞(CVE-2013-3724)
12. 攻击[10429]: Microsoft .NET Framework远程拒绝服务漏洞(CVE-2013-3860)(MS13-082)
13. 攻击[10428]: Apache ActiveMQ 未授权关闭拒绝服务攻击
14. 攻击[10427]: Apache mod_proxy拒绝服务攻击(CVE 2014-0117)
15. 攻击[10426]: ISC BIND 9 libdns递归正则表达式处理拒绝服务漏洞
16. 攻击[10425]: MIT Kerberos 5 setup_server_realm()函数远程拒绝服务漏洞(CVE-2013-1418)
17. 攻击[10423]: WordPress xmlrpc Pingback 拒绝服务攻击



更新规则:
1. 攻击[10421]: OpenLDAP ber_get_next拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14914. This package include changed rules:


new rules:
1. threat[10437]: Serva 32 TFTP 2.1 Denial of Service(CVE 2013-0145)
2. threat[23875]: IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385)
3. threat[23874]: Microsoft Edge Scripting Engine Remote Code Execution Vulnerability(CVE-2016-7189)
4. threat[10435]: NTP ntpd Denial of Service Vulnerability(CVE-2016-4957)
5. threat[10434]: Apache Qpid Multiple Denial of Service(CVE-2015-0203)
6. threat[23873]: Apple Remote Desktop VNC Format string vulnerability(CVE-2013-5135)
7. threat[10433]: Network Time Protocol(NTP) Denial-Of-Service Vulnerability(CVE-2015-7855)
8. threat[10432]: Novell iPrint Client ActiveX Control GetPrinterURLList Denial of Service Vulnerability(CVE-2013-3708)
9. threat[10422]: Squid HTTP Host Header Denial of Service
10. threat[10431]: Netgear ProSafe GET filesystem Denial of Service(CVE-2013-4776)
11. threat[10430]: Monkey HTTPD Server 1.1.1 Denial of Service(CVE-2013-3724)
12. threat[10429]: Microsoft .NET Framework Remote Denial of Service(CVE-2013-3860)(MS13-082)
13. threat[10428]: Apache ActiveMQ Unauthorized Shutdown Denial of Service
14. threat[10427]: Apache mod_proxy Denial of Service(CVE 2014-0117)
15. threat[10426]: ISC BIND Recursive Regular Expression Handling Denial of Service
16. threat[10425]: MIT Kerberos AS-REQ Nonexistant sname Denial of Service(CVE-2013-1418)
17. threat[10423]: WordPress xmlrpc Pingback Denial of Service


update rules:
1. threat[10421]: OpenLDAP ber_get_next Denial of Service

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-10-20 15:09:33
名称: eoi.unify.allrulepatch.ips.5.6.10.14911.rule 版本:5.6.10.14911
MD5:4d4741cfc1e7e0acdf8ff872721031f8 大小:20.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14911。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10438]: ISC BIND buffer.c拒绝服务漏洞(CVE-2016-2776)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14911. This package include changed rules:

new rules:
1. threat[10438]: ISC BIND buffer.c Denial of Service Vulnerability(CVE-2016-2776)


Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-10-14 21:35:36
名称: eoi.unify.allrulepatch.ips.5.6.10.14818.rule 版本:5.6.10.14818
MD5:d80c189c1139fc1bb7b3bd044ab13534 大小:20.41M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14818。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23861]: 微软Internet Explorer框架的空指针引用
2. 攻击[23869]: ManageEngine Desktop Central 权限许可和访问控制漏洞(CVE-2014-7862)
3. 攻击[10419]: VMware vSphere API SOAP拒绝服务攻击

更新规则:
1. 攻击[63424]: Helix SNMP Server "DisplayString"输入处理缓冲区溢出漏洞
2. 攻击[66753]: LANDesk Lenovo ThinkManagement控制台任意文件删除漏洞
3. 攻击[67646]: Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0274)(MS14-010)
4. 攻击[23618]: Advantech WebAccess 栈缓冲区溢出漏洞(CVE-2014-0764)
5. 攻击[66982]: Microsoft Internet Explorer "insertRow"远程代码执行漏洞
6. 攻击[21672]: Microsoft Internet Explorer "VML Style"内存破坏漏洞(CVE-2012-0172)
7. 攻击[21366]: Microsoft Internet Explorer VML对象访问内存破坏漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14818. This package include changed rules:

new rules:
1. threat[23861]: Microsoft Internet Explorer Frameset Null Pointer Dereference
2. threat[23869]: ManageEngine Desktop Central Remote Security Bypass Vulnerability(CVE-2014-7862)
3. threat[10419]: VMware vSphere API SOAP Request Denial Of Service

update rules:
1. threat[63424]: Helix SNMP Server DisplayString Input Handling Buffer Overflow Vulnerability
2. threat[66753]: LANDesk Lenovo ThinkManagement Console Arbitrary File Deletion Vulnerability
3. threat[67646]: Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2014-0274)(MS14-010)
4. threat[23618]: Advantech WebAccess Stack Buffer Overflow Vulnerability(CVE-2014-0764)
5. threat[66982]: Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability
6. threat[21672]: Microsoft Internet Explorer VML Style Memory Corruption Vulnerability(CVE-2012-0172)
7. threat[21366]: Microsoft Internet Explorer VML Object Access Memory Corruption Vulnerability

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-10-13 15:19:48
名称: eoi.unify.allrulepatch.ips.5.6.10.14694.rule 版本:5.6.10.14694
MD5:f259a5ff4a511422cb6cc7f61a3f484c 大小:20.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14694。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23859]: 齐博CMS splitword.php后门
2. 攻击[23862]: Cisco Prime LAN Management Solution虚拟设备远程命令执行漏洞(CVE-2012-6392)
3. 攻击[23863]: Digium Asterisk Cookie字段栈缓冲区溢出漏洞
4. 攻击[23865]: Microsoft IE畸形CSS处理内存破坏漏洞
5. 攻击[23864]: Zavio IP Cameras 任意命令注入漏洞(CVE-2013-2568)
6. 攻击[23867]: Symantec LiveUpdate Administrator未授权访问漏洞(CVE-2014-1644)
7. 攻击[23868]: 微软IE浏览器Select All 释放重利用

更新规则:
1. 攻击[21366]: Microsoft Internet Explorer VML对象访问内存破坏漏洞
2. 攻击[66093]: Microsoft Internet Explorer HtmlLayout远程代码执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14694. This package include changed rules:


new rules:
1. threat[23859]: qiboCMS splitword.php webshell
2. threat[23862]: Cisco Prime LAN Management Solution Command Execution Vulnerability(CVE-2012-6392)
3. threat[23863]: Digium Asterisk Cookie Stack Buffer Overflow Vulnerability
4. threat[23865]: Microsoft Internet Explorer CSS style memory corruption
5. threat[23864]: Zavio IP Cameras Arbitrary Command Injection Vulnerability(CVE-2013-2568)
6. threat[23867]: Symantec LiveUpdate Administrator Unauthorized Access Vulnerability(CVE-2014-1644)
7. threat[23868]: Microsoft Internet Explorer Select All Use After Free

update rules:
1. threat[21366]: Microsoft Internet Explorer VML Object Access Memory Corruption Vulnerability
2. threat[66093]: Microsoft Internet Explorer HtmlLayout Remote Code Execution Vulnerability

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-10-06 11:51:14
名称: eoi.unify.allrulepatch.ips.5.6.10.14634.rule 版本:5.6.10.14634
MD5:dd21ab996ad25d1bb077820e3c297398 大小:20.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14634。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41381]: 恶意勒索软件传输
2. 攻击[23858]: Microsoft Edge Remote内存破坏漏洞(CVE-2016-3377)

更新规则:
1. 攻击[50202]: 网络爬虫Baidu抓取网页信息
2. 攻击[60607]: 多个厂商DNS消息解压远程拒绝服务漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14634. This package include changed rules:

new rules:
1. threat[41381]: Malicious Ransomware Transmission
2. threat[23858]: Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-3377)

update rules:
1. threat[50202]: Web Crawler Baidu Capture Page Information
2. threat[60607]: Multiple Vendor DNS Message Decompression Remote Denial of Service Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-09-29 17:56:35
名称: eoi.unify.allrulepatch.ips.5.6.10.14533.rule 版本:5.6.10.14533
MD5:54de2d79a9f88badc6d6b6cb705c2c16 大小:20.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14533。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23853]: Microsoft Edge Remote内存破坏漏洞(CVE-2016-3294)
2. 攻击[23854]: Microsoft Internet Explorer and Edge Remote内存破坏漏洞(CVE-2016-3295)
3. 攻击[23855]: Microsoft VBScript Remote内存破坏漏洞(CVE-2016-3375)
4. 攻击[23857]: Microsoft Internet Explorer/Edge内存破坏漏洞(CVE-2016-3297)(MS16-104)
5. 攻击[23851]: SugarCRM REST Unserialize PHP代码执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14533. This package include changed rules:


new rules:
1. threat[23853]: Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-3294)
2. threat[23854]: Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-3295)
3. threat[23855]: Microsoft VBScript Remote Memory Corruption Vulnerability(CVE-2016-3375)
4. threat[23857]: Microsoft Internet Explorer/Edge Memory Corruption Vulnerability(CVE-2016-3297)(MS16-104)
5. threat[23851]: SugarCRM REST Unserialize PHP Code Execution Vulnerability

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-09-22 16:13:21
名称: eoi.unify.allrulepatch.ips.5.6.10.14501.rule 版本:5.6.10.14501
MD5:c23e0bb307ce6cdd341c6d45352120cb 大小:20.34M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14501。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23852]: Mysql远程Root代码执行漏洞(CVE-2016-6662)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14501. This package include changed rules:

new rules:
1. threat[23852]: Mysql Remote Root Code Execution Vulnerability(CVE-2016-6662)

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-09-13 21:47:50
名称: eoi.unify.allrulepatch.ips.5.6.10.14432.rule 版本:5.6.10.14432
MD5:42ebce08e629b3b4428691d996497234 大小:20.34M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14430。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23849]: IRC通讯木马后门程序PHP木马

更新规则:
1. 攻击[23837]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3322)(MS16-095)(MS16-096)
2. 应用: 网易新闻-Android
3. 应用: 百度音乐(原千千静听)
4. 应用: 优酷土豆视频


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14430. This package include changed rules:

new rules:
1. threat[23849]: Trojan/Backdoor IRC PHP trojan

update rules:
1. threat[23837]: Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-3322)(MS16-095)(MS16-096)
2. app: Netease News-Android
3. app: Baidu music(TTPlayer)
4. app: Youku Tudou Vedio



Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-09-08 15:59:35
名称: eoi.unify.allrulepatch.ips.5.6.10.14413.rule 版本:5.6.10.14413
MD5:e159bc32e29c98e473bdfce3f5424251 大小:20.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14413。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41375]: 鬼影DDoS工具受控端上线通信
2. 攻击[23846]: 天融信防火墙cookie字段溢出漏洞
3. 攻击[23850]: SugarCRM PHP代码执行漏洞
4. 攻击[23843]: Cisco ASA防火墙SNMP溢出漏洞
5. 攻击[50532]: Windows SMB协议用户认证成功
6. 攻击[50363]: Windows SMB协议用户认证失败
7. 攻击[23845]: 天融信防火墙maincgi.cgi参数命令执行漏洞
8. 攻击[23847]: 天融信防火墙cookie cid参数命令注入漏洞
9. 攻击[23844]: 天融信Topsec防火墙管理端口溢出漏洞

更新规则:
1. 攻击[50031]: FTP服务普通用户认证成功
2. 攻击[41339]: Locky 勒索软件恶意通信

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14413. This package include changed rules:

new rules:
1. threat[41375]: Guiying DDoS Tools Client Lauch Communication
2. threat[23846]: Topsec Firewall Cookie Buffer Overflow Vulnerability
3. threat[23850]: SugarCRM PHP Code Injection Vulnerability
4. threat[23843]: Cisco ASA SNMP OID parsing stack buffer overflow Vulnerability
5. threat[50532]: Windows SMB User Authentication Success
6. threat[50363]: Windows SMB User Authentication Failed
7. threat[23845]: Topsec Firewall maincgi.cgi Command Execution Vulnerability
8. threat[23847]: Topsec Firewall cookie cid Command Injection Vulnerability
9. threat[23844]: Topsec Firewall Manage Port Buffer Overflow Vulnerability


update rules:
1. threat[50031]: FTP Service Unprivileged User Authentication Success
2. threat[41339]: Locky ransomeware malicious communication


Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-08-31 15:39:31
名称: eoi.unify.allrulepatch.ips.5.6.10.14355.rule 版本:5.6.10.14355
MD5:6c53c866a42e1362b2684d59353eb975 大小:20.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14355。该升级包新增/改进的规则有:

新增规则:
1. 攻击[40749]: 木马后门程序Lyyshell通信
2. 攻击[23841]: Subrion v4.0.5 CMS SQL注入漏洞

更新规则:
1. 攻击[22796]: Apache Struts远程代码执行漏洞 (CVE-2013-2251)
2. 攻击[23614]: Oracle Weblogic Server Java反序列化漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级。

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14355. This package include changed rules:

new rules:
1. threat[40749]: Backdoor/Trojan Lyyshell Communication
2. threat[23841]: Subrion v4.0.5 CMS SQL Injection Vulnerability

update rules:
1. threat[22796]: Apache Struts Remote Code Execution(CVE-2013-2251)
2. threat[23614]: Oracle Weblogic Server Java Unserialization Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-08-25 15:52:02
名称: eoi.unify.allrulepatch.ips.5.6.10.14332.rule 版本:5.6.10.14332
MD5:1669493e4f879b0e7b7a0c435e2a2a3c 大小:20.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14332。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41368]: iSpySoft变种间谍软件窃取用户信息
2. 攻击[23838]: Microsoft Edge内存破坏漏洞(CVE-2016-3289)(MS16-096)
3. 攻击[23835]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3288)(MS16-095)
4. 攻击[23836]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3290)(MS16-095)
5. 攻击[23837]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3322)(MS16-095)(MS16-096)
6. 攻击[41372]: 木马后门程序XOR.DDoS连接控制服务器
7. 攻击[40952]: 木马后门程序Doly客户连接多个变种
8. 攻击[41374]: 疑似IRC botnet通信
9. 攻击[40697]: 木马后门程序MagicLink木马通信
10. 攻击[23839]: Microsoft Edge内存破坏漏洞(CVE-2016-3293)(MS16-096)
11. 攻击[30685]: Microsoft Internet Explorer本地文件名信息泄露漏洞(CVE-2016-3321)(MS16-095)
12. 攻击[41373]: 远程控制木马大灰狼连接C&C服务器
13. 攻击[22995]: Symantec Endpoint Protection Manager 远程代码执行
14. 攻击[22997]: 多个Generel Electric产品'gefebt.exe' Shell上传漏洞
15. 攻击[30631]: FreePBX config.php 远程代码执行
16. 攻击[30632]: Joomla weblinks-categories 非授权SQL注入读取任意文件
17. 攻击[23840]: Microsoft Internet Explorer/Edge信息泄露漏洞(CVE-2016-3327)(MS16-095)(MS16-096)


更新规则:
1. 攻击[41328]: DNS回应包长度异常
2. 攻击[41339]: Locky 勒索软件恶意通信
3. 攻击[41310]: Bill Gates僵尸网络通讯

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14332. This package include changed rules:

new rules:
1. threat[41368]: iSpySoft Variant Spyware Stealing User Information
2. threat[23838]: Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3289)(MS16-096)
3. threat[23835]: Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-3288)(MS16-095)
4. threat[23836]: Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-3290)(MS16-095)
5. threat[23837]: Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-3322)(MS16-095)(MS16-096)
6. threat[41372]: Trojan.XOR.DDos Connecting the C&C Server
7. threat[40952]: Backdoor/Trojan Doly Client Connection Multiple Variant
8. threat[41374]: Suspicious IRC Botnet Communication
9. threat[40697]: Backdoor/Trojan MagicLink Communication
10. threat[23839]: Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3293)(MS16-096)
11. threat[30685]: Microsoft Internet Explorer Local File Name Information Disclosure Vulnerability(CVE-2016-3321)(MS16-095)
12. threat[41373]: Remote Control Trojan Dahuilang Connecting the C&C Server
13. threat[22995]: Symantec Endpoint Protection Manager Remote Command Execution
14. threat[22997]: Multiple Generel Electric products'gefebt.exe'Shell upload vulnerability
15. threat[30631]: FreePBX config.php Remote Code Execution
16. threat[30632]: Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read
17. threat[23840]: Microsoft Internet Explorer and Edge Information Disclosure Vulnerability(CVE-2016-3327)(MS16-095)(MS16-096)


update rules:
1. threat[41328]: DNS Response Packet Overlong
2. threat[41339]: Locky ransomeware malicious communication
3. threat[41310]: Bill Gates BotNet Communication

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-08-18 16:13:43
名称: eoi.unify.allrulepatch.ips.5.6.10.14273.rule 版本:5.6.10.14273
MD5:ef0fadf7833cdfe8930b9aae2804dcc5 大小:20.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14273。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23834]: IPS Community Suite PHP远程代码执行漏洞(CVE-2016-6174)
2. 攻击[23833]: phpMyAdmin远程代码执行漏洞(CVE-2016-5734)
3. 攻击[41367]: JavaScript脚本木马下载器下载行为
4. 攻击[23832]: Trend Micro Deep Discovery hotfix_upload.cgi文件名称远程代码执行漏洞


更新规则:
1. 攻击[23816]: Ruby on Rails ActionPack Inline ERB代码执行漏洞(CVE-2016-2098)
2. 攻击[41365]: 可疑僵尸网络通信

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14273. This package include changed rules:

new rules:
1. threat[23834]: IPS Community Suite PHP Code Injection Vulnerability(CVE-2016-6174)
2. threat[23833]: phpMyAdmin Remote Code Execution Vulnerability(CVE-2016-5734)
3. threat[41367]: Trojan-Downloader.JS Downloading
4. threat[23832]: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability


update rules:
1. threat[23816]: Ruby on Rails ActionPack Inline ERB Code Execution Vulnerability(CVE-2016-2098)
2. threat[41365]: Suspicious Botnet Communication

Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-08-11 16:21:29
名称: eoi.unify.allrulepatch.ips.5.6.10.14249.rule 版本:5.6.10.14249
MD5:5cdc4db2bb64e0d554c2cc84f859e096 大小:20.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14249。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23831]: 微软浏览器欺骗漏洞(CVE-2016-3274)(MS16-084/85)
2. 攻击[23830]: Centreon Web Useralias命令执行漏洞
3. 攻击[23829]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3242)(MS16-084)
4. 攻击[23828]: Drupal RESTWS Module 7.x PHP远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14249. This package include changed rules:

new rules:
1. threat[23831]: Microsoft Internet Explorer/Edge Spoofing Vulnerability(CVE-2016-3274)(MS16-084/85)
2. threat[23830]: Centreon Web Useralias Command Execution Vulnerability
3. threat[23829]: Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2016-3242)(MS16-084)
4. threat[23828]: Drupal RESTWS Module 7.x Remote PHP Code Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-08-04 16:46:26
名称: eoi.unify.allrulepatch.ips.5.6.10.14230.rule 版本:5.6.10.14230
MD5:bbb438fab000f7dffb2f20dbd1f68ce9 大小:20.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14230。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41365]:可疑僵尸网络通信
2. 攻击[23820]:Microsoft Internet Explorer内存破坏漏洞(CVE-2016-3241)(MS16-084)
3. 攻击[23821]:Microsoft Edge 安全功能绕过漏洞(CVE-2016-3244)(MS16-085)
4. 攻击[23822]:微软浏览器内存破坏漏洞(CVE-2016-3259)(MS16-084/85)
5. 攻击[23823]:微软浏览器脚本引擎信息泄露漏洞(CVE-2016-3271)(MS16-085)
6. 攻击[23824]:微软浏览器信息泄露漏洞(CVE-2016-3277)(MS16-084/85)
7. 攻击[23826]:Adobe Flash Player内存破坏漏洞(CVE-2016-4190)
8. 攻击[23827]:Adobe Reader/Acrobat内存破坏漏洞(CVE-2016-4191)
9. 攻击[23825]:Microsoft Internet Explorer信息泄露漏洞(CVE-2016-3261)(MS16-084)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14230. This package include changed rules:

new rules:
1. threat[41365]: Suspicious Botnet Communication
2. threat[23820]: Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-3241)(MS16-084)
3. threat[23821]: Microsoft Edge ASLR Security Bypass Vulnerability(CVE-2016-3244)(MS16-085)
4. threat[23822]: Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability(CVE-2016-3259)(MS16-084/85)
5. threat[23823]: Microsoft Edge Scripting Engine Information Disclosure Vulnerability(CVE-2016-3271)(MS16-085)
6. threat[23824]: Microsoft Edge and Internet Explorer Information Disclosure Vulnerability(CVE-2016-3277)(MS16-084/85)
7. threat[23826]: Adobe Flash Player memory corruption vulnerabilities (CVE-2016-4190)
8. threat[23827]: Reader/Acrobat Adobe memory corruption vulnerability (CVE-2016-4191)
9. threat[23825]: Microsoft Internet Explorer Information Disclosure Vulnerability(CVE-2016-3261)(MS16-084)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-07-28 14:25:22
名称: eoi.unify.allrulepatch.ips.5.6.10.14206.rule 版本:5.6.10.14206
MD5:e430f5c55c2c46a4e7ff43193f267cb3 大小:20.28M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14206。该升级包新增/改进的规则有:

更新规则:
1. 攻击[20358]: Samba服务器call_trans2open远程缓冲区溢出攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14206. This package include changed rules:

update rules:
1. threat[20358]: Samba Server call_trans2open Remote Buffer Overflow

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-07-21 16:36:22
名称: eoi.unify.allrulepatch.ips.5.6.10.14191.rule 版本:5.6.10.14191
MD5:b1cfc60c2120e0bb4dc6fbfdff885896 大小:20.28M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14191。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23816]: Ruby on Rails ActionPack Inline ERB代码执行漏洞(CVE-2016-2098)
2. 攻击[23818]: Spring Boot框架SPEL表达式注入漏洞

更新规则:
1. 攻击[21470]: Apache SSI Error Page XSS漏洞
2. 攻击[23426]:Allegro RomPager HTTP Cookie处理安全限制绕过漏洞(CVE-2014-9222)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14191. This package include changed rules:

new rules:
1. threat[23816]: Ruby on Rails ActionPack Inline ERB Code Execution Vulnerability(CVE-2016-2098)
2. threat[23818]: Spring Boot Framework SPEL Expressions Injection Vulnerability

update rule:
1. threat[21470]: Apache SSI Error Page XSS Vulnerability
2. threat[23426]: Allegro Software RomPager 'Fortune Cookie' Unspecified HTTP Authentication Bypass (CVE-2014-9222)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-07-14 17:16:34
名称: eoi.unify.allrulepatch.ips.5.6.10.14185.rule 版本:5.6.10.14185
MD5:3f1868e2718c9a866932457c499a87ce 大小:20.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14185。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23817]: wget下载重定向任意文件写入漏洞(CVE-2016-4971)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14185. This package include changed rules:

new rules:
1. threat[23817]: wget Download Redirection Arbitrary Files Written Vulnerability(CVE-2016-4971)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-07-11 21:30:52
名称: eoi.unify.allrulepatch.ips.5.6.10.14150.rule 版本:5.6.10.14150
MD5:81b7469db55c1635c5171a1a26c4fbb8 大小:20.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14150。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23803]: Wolfcms 0.8.2 任意PHP文件上传漏洞
2. 攻击[23805]: MyLittleForum v2.3.5 PHP命令注入漏洞
3. 攻击[23808]: HTTP协议URI字段超长缓冲区溢出攻击
4. 攻击[23809]: Dave Carrigan Auth_LDAP远程格式字符串漏洞
5. 攻击[23806]: 木马后门程序JSP一句话木马
6. 攻击[23810]: Apache Web Server分块编码远程溢出漏洞
7. 攻击[23811]: Apache APR_PSPrintf 内存破坏漏洞
8. 攻击[23812]: Apache Win32批处理文件远程执行命令漏洞
9. 攻击[23815]: PeerCast getAuthUserPass函数栈溢出漏洞
10. 攻击[23814]: NetCat远程缓冲区溢出漏洞(CVE-2004-1317)


更新规则:
1. 攻击[60119]: Helix Server DESCRIBE请求远程堆溢出漏洞
2. 攻击[66279]: Microsoft IIS HTR分块编码传输堆溢出漏洞
3. 攻击[66214]: CA BrightStor ARCServe Backup LGServer缓冲区溢出漏洞
4. 攻击[30082]: Microsoft IIS .IDA / .IDQ ISAPI扩展远程路径泄露漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.



NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14150. This package include changed rules:

new rules:
1. threat[23803]: Wolfcms 0.8.2 Arbitrary PHP File Upload Vulnerability
2. threat[23805]: MyLittleForum v2.3.5 PHP Command Injection Vulnerability
3. threat[23808]: HTTP Protocol Over-Long URI Field Buffer Overflow
4. threat[23809]: Dave Carrigan Auth_LDAP Remote Format String Vulnerability
5. threat[23806]: Trojan/Backdoor General JSP trojan
6. threat[23810]: Apache Web Server Chunked-Encoding Memory Corruption Vulnerability
7. threat[23811]: Apache APR_PSPrintf Memory Corruption Vulnerability
8. threat[23812]: Apache Win32 DOS Batch File Arbitrary Command Execution
9. threat[23815]: PeerCast getAuthUserPass Function Stack Buffer Overflow Vulnerability
10. threat[23814]: NetCat Remote Buffer Overflow Vulnerability(CVE-2004-1317)


update rule:
1. threat[60119]: Helix DNA Server Describe Request LoadTestPassword HeapOverflow
2. threat[66279]: Microsoft IIS HTR Chunked Encoding Transfer HeapOverflow Vulnerability
3. threat[66214]: CA BrightStor ARCServe Backup LGServer Buffer Overflow Vulnerability
4. threat[30082]: Microsoft IIS .IDA / .IDQ ISAPI Extension Remote Path Disclosure

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-07-07 15:11:26
名称: eoi.unify.allrulepatch.ips.5.6.10.14105.rule 版本:5.6.10.14105
MD5:6004dcb0cc4c1e8e3ae29d618bf1b0db 大小:20.33M
描述:


本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14105。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23799]: Microsoft Edge 内存破坏漏洞(CVE-2016-3222)(MS16-068)
2. 攻击[23798]: Microsoft Edge 安全功能绕过漏洞(CVE-2016-3198)(MS16-068)
3. 攻击[23796]: phpwind哈希长度扩展攻击
4. 攻击[23797]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-0199)(MS16-063)
5. 攻击[23802]: SAP NetWeaver Java AS XXE注入漏洞(CVE-2016-3974)
6. 攻击[23803]: Wolfcms 0.8.2 任意PHP文件上传漏洞
更新规则:
1. 攻击[40958]: 木马后门程序Chopper Webshell检测

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.



NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14105. This package include changed rules:

new rules:
1. threat[23799]: Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3222)(MS16-068)
2. threat[23798]: Microsoft Edge Content Security Policy Bypass Vulnerability(CVE-2016-3198)(MS16-068)
3. threat[23796]: phpwind hash length attack hashpump getshell
4. threat[23797]: Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2016-0199)(MS16-063)
5. threat[23802]: SAP NetWeaver Java AS XXE Injection Vulnerability(CVE-2016-3974)
6. threat[23803]: Wolfcms 0.8.2 Arbitrary PHP File Upload Vulnerability
update rule:
1. threat[40958]: Backdoor/Trojan Chopper Webshell Detection

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-06-30 15:30:48
名称: eoi.unify.allrulepatch.ips.5.6.10.14083.rule 版本:5.6.10.14083
MD5:eb6ed7c25d443c46db7a7f14e7cb17f8 大小:20.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14083。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23788]: ESC 8832 Data Controller会话劫持漏洞
2. 攻击[23789]: Paessler PRTG Network Monitor本地文件读取漏洞
3. 攻击[23790]: Apache Continuum 1.4.2任意命令执行漏洞
4. 攻击[23793]: Microsoft Internet Explorer Scripting Engine远程内存破坏漏洞(CVE-2016-3210)
5. 攻击[23791]: Microsoft Internet Explorer内存破坏漏洞(CVE-2016-0200)
6. 攻击[23792]: Microsoft Edge脚本引擎内存破坏漏洞(CVE-2016-3199)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14083. This package include changed rules:

new rules:
1. threat[23788]: ESC 8832 Data Controller Session Hijack Vulnerability
2. threat[23789]: Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection
3. threat[23790]: Apache Continuum 1.4.2 Arbitrary Command Execution Vulnerability
4. threat[23793]: Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-3210)
5. threat[23791]: Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-0200)
6. threat[23792]: Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-3199)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-06-23 16:11:01
名称: eoi.unify.allrulepatch.ips.5.6.10.14080.rule 版本:5.6.10.14080
MD5:92f01888cf66e6011d61856560fe55c0 大小:20.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14080。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23795]: Microsoft Windows WPAD权限提升漏洞(BadTunnel漏洞) (CVE-2016-3213)(MS16-063)(MS16-077)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14080. This package include changed rules:

new rules:
1. threat[23795]: Microsoft Windows WPAD Privilege Escalation Vulnerability(BadTunnel) (CVE-2016-3213)(MS16-063)(MS16-077)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-06-17 21:40:41
名称: eoi.unify.allrulepatch.ips.5.6.10.14068.rule 版本:5.6.10.14068
MD5:d6c4cdbf6bb7eafaa3b00c5f1c5db7a7 大小:20.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14068。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23794]:Apache Struts远程代码执行漏洞(S2-033)(S2-037)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14068. This package include changed rules:

new rules:
1. threat[23794]:Apache Struts Remote Code Execute Vulnerability(S2-033)(S2-037)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-06-16 15:13:21
名称: eoi.unify.allrulepatch.ips.5.6.10.14045.rule 版本:5.6.10.14045
MD5:d69e0640768dd745365d9a21791bc2e1 大小:20.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14045。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23784]:JobScript远程代码执行漏洞
2. 攻击[23785]:HP Data Protector A.09.00任意命令执行漏洞
3. 攻击[23786]:Real Estate Portal v4.1远程代码执行漏洞
4. 攻击[41361]:MetaSploit通过生成木马获取Windows后门
5. 攻击[41362]:MetaSploit通过生成木马获取Linux Shell
6. 攻击[41363]:木马程序Gen:Variant.Zusy.Elzob.8031恶意文件传输


更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[10405]:ISC BIND named拒绝服务漏洞(CVE-2015-5477)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14045. This package include changed rules:

new rules:
1. threat[23784]:JobScript Remote Code Execution Vulnerability
2. threat[23785]:HP Data Protector A.09.00 Arbitrary Command Execution Vulnerability
3. threat[23786]:Real Estate Portal v4.1 Remote Code Execution Vulnerability
4. threat[41361]:MetaSploit Get Backdoor Through Generating Trojans
5. threat[41362]:MetaSploit Get Linux Shell Through Generating Trojans
6. threat[41363]:Trojan Gen:Variant.Zusy.Elzob.8031 Transporting


update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[10405]:ISC BIND named Denial of Service Vulnerability(CVE-2015-5477)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-06-09 16:08:23
名称: eoi.unify.allrulepatch.ips.5.6.10.14029.rule 版本:5.6.10.14029
MD5:aa95f195ddc49c78225db8ec7b84f443 大小:20.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14029。该升级包新增/改进的规则有:

更新规则:
1. 攻击[23777]:GraphicsMagick和ImageMagick远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.



NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14029. This package include changed rules:

update rules:
1. threat[23777]:GraphicsMagick and ImageMagick Remote code execution vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-05-31 18:14:56
名称: eoi.unify.allrulepatch.ips.5.6.10.14022.rule 版本:5.6.10.14022
MD5:62064c0e5a8fba3b051f01661d503c7b 大小:20.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.14022。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23778]:Microsoft Edge脚本引擎内存破坏漏洞(CVE-2016-0191)(MS16-052)
2. 攻击[23779]:Microsoft Edge脚本引擎内存破坏漏洞(CVE-2016-0193)(MS16-052)
3. 攻击[41359]:VNC登录失败
4. 攻击[23783]:nginx文件类型错误解析漏洞
5. 攻击[23782]:Microsoft IE/Edge内存破坏漏洞(CVE-2016-0192)(MS16-052/051)

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞
2. 攻击[23777]:ImageMagick远程命令执行漏洞(CVE-2016-3714)
3. 攻击[22796]:Apache Struts多个前缀参数远程代码执行漏洞(CVE-2013-2251)
4. 攻击[21374]:Apache Struts远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.14022. This package include changed rules:

new rules:
1. threat[23778]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-0191)(MS16-052)
2. threat[23779]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-0193)(MS16-052)
3. threat[41359]:VNC Login Failed
4. threat[23783]:nginx Incorrect File Type Parse Vulnerability
5. threat[23782]:Microsoft IE/Edge Memory Corruption Vulnerability(CVE-2016-0192)(MS16-052/051)

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability
2. threat[23777]:ImageMagick Remote code execution vulnerability(CVE-2016-3714)
3. threat[22796]:Apache Struts Remote Code Execution(CVE-2013-2251)
4. threat[21374]:Apache Struts Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-05-27 13:45:41
名称: eoi.unify.allrulepatch.ips.5.6.10.13995.rule 版本:5.6.10.13995
MD5:1d1462df4cc080eb934abe631eb66836 大小:20.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13995。该升级包新增/改进的规则有:

更新规则:
1. 攻击[23773]:Advantech WebAccess Dashboard Viewer文件上传漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13995. This package include changed rules:

update rules:
1. threat[23773]:Advantech WebAccess Dashboard Viewer Arbitrary File Upload Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-05-19 19:15:06
名称: eoi.unify.allrulepatch.ips.5.6.10.13954.rule 版本:5.6.10.13954
MD5:f7690f5d4989c27300196a185a27131f 大小:20.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13954。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41355]:Qakbot恶意通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13954. This package include changed rules:

new rules:
1. threat[41355]:Qakbot malicious communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-05-13 14:25:07
名称: eoi.unify.allrulepatch.ips.5.6.10.13946.rule 版本:5.6.10.13946
MD5:5a9a3512bd5bca7359347ac96296db93 大小:20.28M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13946。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23777]:ImageMagick远程命令执行漏洞(CVE-2016-3714)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13946. This package include changed rules:

new rules:
1. threat[23777]:ImageMagick Remote code execution vulnerability(CVE-2016-3714)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-05-05 21:34:27
名称: eoi.unify.allrulepatch.ips.5.6.10.13941.rule 版本:5.6.10.13941
MD5:39303bd2c2e58f0fc06cd387ad251851 大小:20.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13941。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23773]:Advantech WebAccess Dashboard Viewer文件上传漏洞
2. 攻击[23774]:Microsoft Edge 权限提升漏洞(CVE-2016-0158)(MS16-038)
3. 攻击[23775]:Microsoft Internet Explorer内存破坏漏洞(CVE-2016-0164)(MS16-037)
4. 攻击[23772]:Microsoft Edge 内存破坏漏洞(CVE-2016-0155)(MS16-038)

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[62054]:HTTP utf-7字符集编码HTML响应规避


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13941. This package include changed rules:


new rules:
1. threat[23773]:Advantech WebAccess Dashboard Viewer Arbitrary File Upload Vulnerability
2. threat[23774]:Microsoft Edge Remote Privilege Escalation Vulnerability(CVE-2016-0158)(MS16-038)
3. threat[23775]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-0164)(MS16-037)
4. threat[23772]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-0155)(MS16-038)

update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[62054]:HTTP utf-7 Charset Encoding HTML Response Evasion


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-05-05 16:46:55
名称: eoi.unify.allrulepatch.ips.5.6.10.13910.rule 版本:5.6.10.13910
MD5:57bf684cbeac9f9290573e5d6a089aca 大小:20.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13910。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23772]:Microsoft Edge 内存破坏漏洞(CVE-2016-0155)(MS16-038)
2. 攻击[23763]:WordPress Robo Gallery 2.0.14代码执行漏洞
3. 攻击[23764]:Joomla SimpleImageUpload任意文件上传漏洞
4. 攻击[23767]:Oracle Application Testing Suite UploadFileAction Servlet远程代码执行漏洞
5. 攻击[23766]:Dell KACE K1000文件上传漏洞
6. 攻击[41347]:C99 PHP Webshell访问


更新规则:
1. 攻击[60464]:HTTP服务目录遍历漏洞
2. 攻击[21374]:Apache Struts远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13910. This package include changed rules:


new rules:
1. threat[23772]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-0155)(MS16-038)
2. threat[23763]:WordPress Robo Gallery 2.0.14 Code Execution Vulnerability
3. threat[23764]:Joomla SimpleImageUpload Arbitrary File Upload Vulnerability
4. threat[23767]:Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability
5. threat[23766]:Dell KACE K1000 File Upload Vulnerability
6. threat[41347]:C99 PHP Webshell Access

update rules:
1. threat[60464]:HTTP Directory Traversal Vulnerability
2. threat[21374]:Apache Struts Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-04-27 21:46:40
名称: eoi.unify.allrulepatch.ips.5.6.10.13888.rule 版本:5.6.10.13888
MD5:9d47e21f2904c2fd644259c9b2db7ef7 大小:20.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13888。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41348]:黑暗幽灵木马恶意通信



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13888. This package include changed rules:

new rules:
1. threat[41348]:Trojan DCM malicious communication



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-04-20 23:33:50
名称: eoi.unify.allrulepatch.ips.5.6.10.13839.rule 版本:5.6.10.13839
MD5:3be2fcfc44cb1d3835022b9d62fd83a4 大小:20.27M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13839。该升级包新增/改进的规则有:

新增规则:
1. 攻击[23761]:MeshCMS 3.6远程命令执行漏洞
2. 攻击[23762]:Wordpress Plugin HB Audio Gallery Lite 任意文件下载漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13839. This package include changed rules:

new rules:
1. threat[23761]:MeshCMS 3.6 Remote Command Execution Vulnerability
2. threat[23762]:Wordpress Plugin HB Audio Gallery Lite Arbitrary File Download Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-04-14 17:13:02
名称: eoi.unify.allrulepatch.ips.5.6.10.13816.rule 版本:5.6.10.13816
MD5:5f11b77847a1d7ccd18efd007b251df6 大小:40.09M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13816。该升级包新增/改进的规则有:


新增规则:
1. 攻击[23756]:多种安防监控系统存在远程代码执行漏洞
2. 攻击[41340]:疑似恶意勒索软件通信
3. 攻击[23757]:Apache Jetspeed目录穿越漏洞
4. 攻击[23758]:Apache Jetspeed用户管理REST API未授权访问漏洞

更新规则:
1. 攻击[41339]:Locky 勒索软件恶意通信
2. 应用:优酷土豆视频
3. 应用:腾讯应用宝-Android
4. 应用:爱奇艺视频-Android
5. 应用:讯飞输入法-Android
6. 应用:搜狗输入法-Android
7. 应用:UC浏览器-Android
8. 应用:虾米音乐-Android
9. 应用:新浪微博-iOS
10. 应用:淘宝-Android
11. 应用:移动飞信-iOS
12. 应用:暴风影音
13. 应用:新浪微博


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13816. This package include changed rules:


new rules:
1. threat[23756]:Multiple CCTV-DVR Systems Remote Command Execution Vulnerability
2. threat[41340]:Suspicious Malicious Ransomware Communication
3. threat[23757]:Apache Jetspeed Directory Traversal Vulnerabiliy
4. threat[23758]:Apache Jetspeed User Manager REST API Unauthorized Access Vulnerability

update rules:
1. threat[41339]:Locky ransomeware malicious communication
2. app:Youku Tudou Vedio
3. app:Tencent myapp-Android
4. app:qiyi.com-Android
5. app:xunfei input-Android
6. app:Sogou-Android
7. app:UC Browser-Android
8. app:xiami-Android
9. app:Sina Weibo-iOS
10. app:TaoBao-Android
11. app:Mobile Fetion - iOS
12. app:Storm Player
13. app:Sina Micro-blog


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-04-07 16:18:07
名称: eoi.unify.allrulepatch.ips.5.6.10.13815.rule 版本:5.6.10.13815
MD5:0dac58b94f317c12ddb81a73a99904e8 大小:40.09M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13815。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41341]:僵尸网络程序KTN-RM(Linux/Remaiten)连接服务器



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13815. This package include changed rules:

new rules:
1. threat[41341]:Botnet Malware KTN-RM(Linux/Remaiten) Connecting to the Server



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-04-01 21:20:07
名称: eoi.unify.allrulepatch.ips.5.6.10.13756.rule 版本:5.6.10.13756
MD5:1d821103d4a9565865a31a1937bc120f 大小:40.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.13756。该升级包新增/改进的规则有:


更新规则:
1. 攻击[41339]:Locky 勒索软件恶意通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.13756. This package include changed rules:


update rules:
1. threat[41339]:Locky ransomeware malicious communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2016-03-24 21:20:03