首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

系统规则升级包升级包列表

名称: eoi.unify.allrulepatch.ips.5.6.10.28617.rule 版本:5.6.10.28617
MD5:03269b4d8d8608b3e898071092e3813c 大小:29.17M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28617。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25743]:联软it安全运维管理系统ScanAcutaInfoController/deleteChoosed反序列化漏洞
2. 攻击[25744]:慧点 OA wordOperationRest/taoda 任意文件上传
3. 攻击[50622]:Anydesk远程控制软件运行

更新规则:
1. 攻击[25449]:XXL-JOB(REST接口)未授权远程执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28617. This package include changed rules:


new rules:
1. threat[25743]:LeagSoft IT Security Operation And Maintenance Management System ScanAcutaInfoController/deleteChoosed Deserialization Vulnerability
2. threat[25744]:WisePoint OA wordOperationRest/taoda Arbitrary File Upload Vulnerability
3. threat[50622]:Remote Control Tool Anydesk Running

update rules:
1. threat[25449]:XXL-JOB (REST API) Unauthorized Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-25 14:47:45
名称: eoi.unify.allrulepatch.ips.5.6.10.28552.rule 版本:5.6.10.28552
MD5:e797cba057c84f320c274168cdd2c4d2 大小:29.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28552。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25737]:用友FE templateOfTaohong_manager.jsp 目录遍历漏洞
2. 攻击[41907]:reDuh http隧道内网代理连接 (php)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28552. This package include changed rules:

new rules:
1. threat[25737]:Yonyou FE templateOfTaohong_manager.jsp Directory Traversal Vulnerability
2. threat[41907]:reDuh http tunnel proxy connection (php)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-17 19:21:23
名称: eoi.unify.allrulepatch.ips.5.6.10.28523.rule 版本:5.6.10.28523
MD5:2edef5f028ef66b1b3d281d879b34dc0 大小:28.27M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28523。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25733]:Ivanti Avalanche EnterpriseServer getApplicationData SQL注入漏洞
2. 攻击[25734]:Servlet型内存马上传
3. 攻击[25735]:Filter型内存马上传
4. 攻击[25736]:Listener型内存马上传
5. 攻击[25731]:Linux样本下载类型二
6. 攻击[25732]:Windows样本下载类型二



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28523. This package include changed rules:

new rules:
1. threat[25733]:Ivanti Avalanche EnterpriseServer getApplicationData SQL Injection Vulnerability
2. threat[25734]:Servlet Memory Shell Upload
3. threat[25735]:Filter Memory Shell Upload
4. threat[25736]:Listener Memory Shell Upload
5. threat[25731]:Linux Sample Download Type Two
6. threat[25732]:Windows Sample Download Type Two



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-10 18:08:35
名称: eoi.unify.allrulepatch.ips.5.6.10.28498.rule 版本:5.6.10.28498
MD5:8d471c6eb529d673faeba3c457bb9b71 大小:28.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28498。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25721]:Microsoft Windows SChannel缓冲区溢出漏洞(CVE-2014-6321)
2. 攻击[25722]:ForgeRock Access Management and OpenAM Jato反序列化漏洞(CVE-2021-35464)
3. 攻击[25723]:JBoss JMX Console Deployer 任意文件上传漏洞(CVE-2007-1036)
4. 攻击[25724]:TrendNET路由器权限绕过漏洞 (CVE-2018-7034)
5. 攻击[25725]:WordPress True Ranker 目录遍历漏洞 (CVE-2021-39312)
6. 攻击[25729]:Aria2 任意文件写入漏洞
7. 攻击[25727]:Linux样本下载类型一
8. 攻击[25726]:Windows样本下载类型一

更新规则:
1. 攻击[41720]:蚁剑Webshell管理工具连接控制
2. 攻击[60464]:HTTP服务目录遍历漏洞
3. 攻击[25614]:Apache Spark UI doAs命令注入漏洞 (CVE-2022-33891)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28498. This package include changed rules:

new rules:
1. threat[25721]:Microsoft Windows SChannel Buffer Overflow Vulnerability(CVE-2014-6321)
2. threat[25722]:ForgeRock Access Management and OpenAM Jato Insecure Deserialization Vulnerability (CVE-2021-35464)
3. threat[25723]:JBoss JMX Console Deployer Arbitrary File Upload Vulnerability(CVE-2007-1036)
4. threat[25724]:TrendNET Router Authorization Bypass Vulnerability(CVE-2018-7034)
5. threat[25725]:WordPress True Ranker Directory Traversal Vulnerability (CVE-2021-39312)
6. threat[25729]:Aria2 Arbitrary File Write Vulnerability
7. threat[25727]:Linux Sample Download Type One
8. threat[25726]:Windows Sample Download Type One

update rules:
1. threat[41720]:AntSword Webshell Management Tool Connection and Control
2. threat[60464]:HTTP Directory Traversal Vulnerability
3. threat[25614]:Apache Spark UI doAs Command Injection Vulnerability (CVE-2022-33891)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-11-04 17:14:32
名称: eoi.unify.allrulepatch.ips.5.6.10.28462.rule 版本:5.6.10.28462
MD5:67f903b0b041cf8dc829aefb8cc76193 大小:28.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28462。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25708]:Ivanti Avalanche SmartDeviceServer DeviceLogsManager 目录遍历漏洞
2. 攻击[25709]:Netgear ProSafe 远程命令执行漏洞
3. 攻击[25710]:BEWARD N100 H.264 VGA 网络摄像机远程代码执行漏洞
4. 攻击[25712]:WordPress Slider Revolution Responsive 任意文件下载漏洞(CVE-2014-9734)
5. 攻击[25713]:Joomla DT Register SQL注入漏洞(CVE-2018-6584)
6. 攻击[25714]:WordPress 内容注入漏洞(CVE-2017-5487)
7. 攻击[25715]:Atlassian Questions 硬编码漏洞(CVE-2022-26138)
8. 攻击[25716]:VMware vCenter Server 任意文件上传漏洞(CVE-2021-22005)
9. 攻击[25717]:Laravel _ignition 远程代码执行漏洞(CVE-2021-3129)
10. 攻击[25718]:Tendar Router AC11 缓冲区溢出漏洞(CVE-2021-31755)
11. 攻击[25711]:nostromo nhttpd 目录遍历漏洞(CVE-2019-16278)
12. 攻击[25719]:ASUS b1m projector applg.cgi 远程命令执行漏洞

更新规则:
1. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552)
2. 攻击[24670]:PandoraFMS v7.0NG 远程代码执行漏洞(CVE-2019-20224)
3. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28462. This package include changed rules:

new rules:
1. threat[25708]:Ivanti Avalanche SmartDeviceServer DeviceLogsManager Directory Traversal Vulnerability
2. threat[25709]:Netgear ProSafe Remote Command Execution Vulnerability
3. threat[25710]:BEWARD N100 H.264 VGA IP Camera Remote Code Execution Vulnerability
4. threat[25712]:WordPress Slider Revolution Responsive Arbitrary File Download Vulnerability(CVE-2014-9734)
5. threat[25713]:Joomla DT Register SQL Injection Vulnerability(CVE-2018-6584)
6. threat[25714]:WordPress Content Injection Vulnerability(CVE-2017-5487)
7. threat[25715]:Atlassian Questions Hardcoded Password Vulnerability(CVE-2022-26138)
8. threat[25716]:VMware vCenter Server Arbitrary File Upload Vulnerability(CVE-2021-22005)
9. threat[25717]:Laravel _ignition Remote Code Execution Vulnerability(CVE-2021-3129)
10. threat[25718]:Tendar Router AC11 Stack Buffer Overflow Vulnerability(CVE-2021-31755)
11. threat[25711]:nostromo nhttpd Directory Traversal Vulnerability(CVE-2019-16278)
12. threat[25719]:ASUS b1m projector applg.cgi Remote Code Execution Vulnerability

update rules:
1. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552)
2. threat[24670]:PandoraFMS v7.0NG Remote Code Execution Vulnerability (CVE-2019-20224)
3. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-28 13:48:23
名称: eoi.unify.allrulepatch.ips.5.6.10.28434.rule 版本:5.6.10.28434
MD5:5da2e7f58219967141008f903aac8274 大小:28.15M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28434。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25700]:Teleport堡垒机 do-login 任意用户登录漏洞
2. 攻击[25701]:SeaCMS search.php 远程代码执行漏洞
3. 攻击[25702]:Realtek Jungle SDK命令注入漏洞(CVE-2021-35394)
4. 攻击[25703]:Craft CMS SEOmatic 注入漏洞(CVE-2020-9757)
5. 攻击[25704]:Apache Commons JXPath 远程代码执行漏洞(CVE-2022-41852)
6. 攻击[25705]:Apache Commons-Text 远程命令执行漏洞 (CVE-2022-42889)
7. 攻击[25706]:Cobalt Strike远程代码执行漏洞 (CVE-2022-39197)
8. 攻击[25707]:深信服 EDR c.php 远程命令执行漏洞(CNVD-2020-46552)

更新规则:
1. 攻击[25377]:Gitlab服务器端请求伪造(SSRF)漏洞(CVE-2021-22214)
2. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)
3. 攻击[24846]:phpcms2008 代码注入漏洞
4. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
5. 攻击[25614]:Apache Spark UI 命令注入漏洞 (CVE-2022-33891)
6. 攻击[41901]:冰蝎 Webshell 连接(image)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28434. This package include changed rules:

new rules:
1. threat[25700]:Teleport do-login Arbitrary User Login Vulnerability
2. threat[25701]:SeaCMS search.php Remote Code Execution Vulnerability
3. threat[25702]:Realtek Jungle SDK Command Injection Vulnerability(CVE-2021-35394)
4. threat[25703]:Craft CMS SEOmatic Server-Side Template Injection Vulnerability(CVE-2020-9757)
5. threat[25704]:Apache Commons JXPath Remote Code Execution Vulnerability(CVE-2022-41852)
6. threat[25705]:Apache Commons-Text Remote Code Execution Vulnerability (CVE-2022-42889)
7. threat[25706]:Cobalt Strike Remote Code Execution Vulnerability (CVE-2022-39197)
8. threat[25707]:Sangfor EDR c.php Remote Code Execution Vulnerability(CNVD-2020-46552)

update rules:
1. threat[25377]:Gitlab Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-22214)
2. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)
3. threat[24846]:phpcms2008 code injection vulnerability
4. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
5. threat[25614]:Apache Spark UI Command Injection Vulnerability (CVE-2022-33891)
6. threat[41901]:Behinder Webshell Connect(image)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-21 17:29:14
名称: eoi.unify.allrulepatch.ips.5.6.10.28396.rule 版本:5.6.10.28396
MD5:71034dd8cb7baf9e371547c623fc19f8 大小:28.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28396。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25691]:LILIN DVR命令注入漏洞
2. 攻击[25692]:Seowon Intech SWC-9100 命令注入漏洞(CVE-2013-7179)
3. 攻击[25694]:蓝凌OA EKP 后台SQL注入漏洞(CNVD-2021-01363)
4. 攻击[25693]:安川机器人Telnet默认密码漏洞
5. 攻击[25695]:Atlassian Jira Server and Data Center 服务器端请求伪造漏洞(CVE-2022-26135)
6. 攻击[25696]:金蝶OA server_file 目录遍历漏洞(CNVD-2021-43484)
7. 攻击[25698]:用友畅捷通T+ DownloadProxy.aspx 任意文件读取漏洞
8. 攻击[25699]:用友畅捷通T+ RecoverPassword.aspx 管理员密码修改漏洞
9. 攻击[25697]:Exchange Server服务器端请求伪造漏洞(CVE-2022-41040)

更新规则:
1. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361)
2. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞
3. 攻击[25637]:万户OA任意文件上传漏洞
4. 攻击[24560]:Totaljs CMS 12.0 目录遍历漏洞(CVE-2019-15952)
5. 攻击[21898]:V-CMS PHP文件上传和执行漏洞(CVE-2011-4828)
6. 攻击[25603]:致远OA(A6/A8) wpsAssistServlet 任意文件上传漏洞
7. 攻击[25641]:H3C CAS虚拟化平台任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28396. This package include changed rules:

new rules:
1. threat[25691]:LILIN DVR Command Injection Vulnerability
2. threat[25692]:Seowon Intech SWC-9100 Command Injection Vulnerability(CVE-2013-7179)
3. threat[25694]:Landray-OA EKP SQL Injection Vulnerability(CNVD-2021-01363)
4. threat[25693]:Yaskawa robot Telnet default password vulnerability
5. threat[25695]:Atlassian Jira Server and Data Center Server-Side Request Forgery Vulnerability(CVE-2022-26135)
6. threat[25696]:Kingdee OA server_file Directory Traversal Vulnerability(CNVD-2021-43484)
7. threat[25698]:Yonyou CHANJET T+ DownloadProxy.aspx Arbitrary File Read Vulnerability
8. threat[25699]:Yonyou CHANJET T+ RecoverPassword.aspx Admin Password Reset Vulnerability
9. threat[25697]:Exchange Server Server-Side Request Forgery Vulnerability(CVE-2022-41040)

update rules:
1. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361)
2. threat[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 remote code execution vulnerability
3. threat[25637]:Wanhu OA Arbitrary File Upload Vulnerability
4. threat[24560]:Totaljs CMS 12.0 Path Traversal Vulnerability(CVE-2019-15952)
5. threat[21898]:V-CMS PHP File Upload and Execute Vulnerability(CVE-2011-4828)
6. threat[25603]:Seeyon OA (A6/A8) wpsAssistServlet Arbitrary File Upload Vulnerability
7. threat[25641]:H3C CAS Virtualization Platform Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-15 17:17:26
名称: eoi.unify.allrulepatch.ips.5.6.10.28343.rule 版本:5.6.10.28343
MD5:a398063a093dabf9d23fe445f5b86aa2 大小:28.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28343。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25689]:Jenkins Rundeck插件存储型跨站脚本漏洞(CVE-2022-30956)
2. 攻击[25690]:Wordpress Paid Memberships Pro 插件SQL注入漏洞(CVE-2021-25114)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28343. This package include changed rules:

new rules:
1. threat[25689]:Jenkins Rundeck Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-30956)
2. threat[25690]:Wordpress Paid Memberships Pro Plugin SQL Injection Vulnerability(CVE-2021-25114)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-10-06 20:04:02
名称: eoi.unify.allrulepatch.ips.5.6.10.28334.rule 版本:5.6.10.28334
MD5:e3794ec9b347c1929747db92d6b20c8c 大小:28.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28334。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25686]:PHPCMS 9.6.0 任意文件上传漏洞(CVE-2018-14399)
2. 攻击[25687]:Advantech iView updatePROMFile SQL注入漏洞(CVE-2022-2136)
3. 攻击[25688]:Jenkins GitLab Plugin 跨站脚本漏洞(CVE-2022-34777)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28334. This package include changed rules:

new rules:
1. threat[25686]:PHPCMS 9.6.0 Arbitrary File Upload Vulnerability(CVE-2018-14399)
2. threat[25687]:Advantech iView updatePROMFile SQL Injection Vulnerability(CVE-2022-2136)
3. threat[25688]:Jenkins GitLab Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-34777)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-30 15:11:31
名称: eoi.unify.allrulepatch.ips.5.6.10.28324.rule 版本:5.6.10.28324
MD5:21bbf6be83a3043af4a9a506f5141f05 大小:28.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28324。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25682]:Zoho ManageEngine ADAudit Plus外部实体注入漏洞(CVE-2022-28219)
2. 攻击[25683]:Horde Groupware Webmail Edition 反序列化漏洞(CVE-2022-30287)
3. 攻击[25684]:Zimbra Collaboration Calendar 反射型跨站脚本漏洞(CVE-2022-24682)
4. 攻击[25685]:GLPI-Project GLPI SQL漏洞(CVE-2022-31061)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28324. This package include changed rules:

new rules:
1. threat[25682]:Zoho ManageEngine ADAudit Plus External Entity Injection Vulnerability (CVE-2022-28219)
2. threat[25683]:Horde Groupware Webmail Edition Deserialization Vulnerability(CVE-2022-30287)
3. threat[25684]:Zimbra Collaboration Calendar Reflected Cross-Site Scripting Vulnerability(CVE-2022-24682)
4. threat[25685]:GLPI-Project GLPI SQL Injection Vulnerability(CVE-2022-31061)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-26 09:21:40
名称: eoi.unify.allrulepatch.ips.5.6.10.28291.rule 版本:5.6.10.28291
MD5:de389e2518e26c16104ff14808b1775a 大小:28.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28291。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25680]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2022-26887)
2. 攻击[25681]:Advantech iView getAllActiveTraps search_date SQL 注入漏洞(CVE-2022-2135)

更新规则:
1. 攻击[50621]:Todesk远程控制软件运行


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28291. This package include changed rules:

new rules:
1. threat[25680]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2022-26887)
2. threat[25681]:Advantech iView getAllActiveTraps search_date SQL Injection Vulnerability(CVE-2022-2135)

update rules:
1. threat[50621]:Remote Control Tool Todesk Running


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-16 17:11:06
名称: eoi.unify.allrulepatch.ips.5.6.10.28277.rule 版本:5.6.10.28277
MD5:8f05a25b8c9433417940259b8cca9204 大小:28.05M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28277。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25672]:Windows LNK 远程代码执行漏洞(CVE-2020-1421)
2. 攻击[25674]:WordPress Popup Maker Plugin Popup Settings存储型跨站脚本漏洞(CVE-2022-1104)
3. 攻击[25675]:Microsoft Windows DHCP Client 远程代码执行漏洞(CVE-2019-0547)
4. 攻击[25676]:Gogs Git Endpoints目录遍历漏洞(CVE-2022-1993)
5. 攻击[25677]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2022-1367)
6. 攻击[25678]:Any800 框架任意文件写入漏洞
7. 攻击[25679]:Wordpress Google Tag Manager for WordPress 插件反射型跨站脚本漏洞(CVE-2022-1707)

更新规则:
1. 攻击[24955]:Windows LNK快捷方式文件远程代码执行漏洞(CVE-2020-0729)
2. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)
3. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611)
4. 攻击[23793]:Microsoft Internet Explorer Scripting Engine远程内存破坏漏洞(CVE-2016-3210)
5. 攻击[25670]:VanDyke VShell Server Trigger 命令注入漏洞 (HTTP协议) (CVE-2022-28054)
6. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28277. This package include changed rules:

new rules:
1. threat[25672]:Windows LNK remote code execution vulnerability (CVE-2020-1421)
2. threat[25674]:WordPress Popup Maker Plugin Popup Settings Stored Cross-Site Scripting Vulnerability(CVE-2022-1104)
3. threat[25675]:Microsoft Windows DHCP Client Remote Code Execution Vulnerability(CVE-2019-0547)
4. threat[25676]:Gogs Git Endpoints Directory Traversal Vulnerability(CVE-2022-1993)
5. threat[25677]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2022-1367)
6. threat[25678]:Any800 Framework Arbitrary File Write Vulnerability
7. threat[25679]:Wordpress Google Tag Manager for WordPress Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2022-1707)

update rules:
1. threat[24955]:Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
2. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)
3. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611)
4. threat[23793]:Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-3210)
5. threat[25670]:VanDyke VShell Server Trigger Command Injection Vulnerability (HTTP protocol) (CVE-2022-28054)
6. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-09 23:06:58
名称: eoi.unify.allrulepatch.ips.5.6.10.28230.rule 版本:5.6.10.28230
MD5:114ece8be699a662dd0e01f9c860c691 大小:28.05M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28230。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25666]:Acquia Mautic Tracking Pixel 存储型跨站脚本漏洞(CVE-2022-25772)
2. 攻击[25667]:Gitlab远程代码执行漏洞(CVE-2018-14364)
3. 攻击[25668]:致远OA未授权访问漏洞

更新规则:
1. 攻击[25663]:Eaton Intelligent Power Management存储型跨站脚本漏洞(CVE-2021-23282)
2. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485)
3. 攻击[24083]:Zabbix Server Active Proxy Trapper 命令注入漏洞(CVE-2017-2824)
4. 攻击[21816]:FCKeditor connectors模块文件上传代码执行漏洞
5. 攻击[10108]:Microsoft Windows 2000 RPC DCOM接口拒绝服务攻击
6. 攻击[25669]:用友畅捷通T+任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28230. This package include changed rules:

new rules:
1. threat[25666]:Acquia Mautic Tracking Pixel Stored Cross-Site Scripting Vulnerability(CVE-2022-25772)
2. threat[25667]:GitLab Remote Command Execution Vulnerability(CVE-2018-14364)
3. threat[25668]:Seeyon OA Unauthorized Access Vulnerability

update rules:
1. threat[25663]:Eaton Intelligent Power Management Stored Cross-Site Scripting Vulnerability(CVE-2021-23282)
2. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485)
3. threat[24083]:Zabbix Server Active Proxy Trapper Command Injection Vulnerability(CVE-2017-2824)
4. threat[21816]:ColdFusion 8.0.1 Arbitrary File Upload and Execute Vulnerability
5. threat[10108]:Microsoft Windows 2000 RPC DCOM Interface Denial of Service
6. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-09-02 19:47:17
名称: eoi.unify.allrulepatch.ips.5.6.10.28218.rule 版本:5.6.10.28218
MD5:a04a6dafe422b8dcc00d6a60c44cefe8 大小:28.04M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28218。该升级包新增/改进的规则有:


更新规则:
1. 攻击[25669]:用友畅捷通T+任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28218. This package include changed rules:


update rules:
1. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-30 22:58:49
名称: eoi.unify.allrulepatch.ips.5.6.10.28213.rule 版本:5.6.10.28213
MD5:05d13f14bacff2263f94fa5bee361db4 大小:28.04M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28213。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25669]:用友畅捷通T+任意文件上传漏洞




注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28213. This package include changed rules:

new rules:
1. threat[25669]:Yonyou CHANJET T+ Arbitrary File Upload Vulnerability




Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-30 15:58:44
名称: eoi.unify.allrulepatch.ips.5.6.10.28186.rule 版本:5.6.10.28186
MD5:87366357a32dc1da217e644efef96696 大小:28.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28186。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25659]:Zoho ManageEngine ADSelfService Plus 命令注入漏洞(CVE-2022-28810)
2. 攻击[25661]:Ivanti Avalanche EnterpriseServer Service getProfileApplicationData SQL注入漏洞
3. 攻击[25663]:Eaton Intelligent Power Management存储型跨站脚本漏洞(CVE-2021-23282)
4. 攻击[25662]:Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL注入漏洞(CVE-2022-1378)
5. 攻击[25664]:GitLab存储型跨站脚本漏洞(CVE-2022-2230)
6. 攻击[25665]:Lansweeper lansweeper AssetActions SQL注入漏洞(CVE-2022-21210)

更新规则:
1. 攻击[24463]:Apache Tomcat远程代码执行漏洞(CVE-2019-0232)
2. 攻击[25658]:Pimcore GridHelperService.php SQL注入漏洞(CVE-2022-1429)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28186. This package include changed rules:

new rules:
1. threat[25659]:Zoho ManageEngine ADSelfService Plus Command Injection Vulnerability(CVE-2022-28810)
2. threat[25661]:Ivanti Avalanche EnterpriseServer Service getProfileApplicationData SQL Injection Vulnerability
3. threat[25663]:Eaton Intelligent Power Management Stored Cross-Site Scripting Vulnerability(CVE-2021-23282)
4. threat[25662]:Delta Industrial Automation DIAEnergie DIAE_pgHandler.ashx GETOBJECT SQL Injection(CVE-2022-1378)
5. threat[25664]:GitLab Community and Enterprise Edition Project Settings Stored Cross-Site Scripting Vulnerability(CVE-2022-2230)
6. threat[25665]:Lansweeper lansweeper AssetActions SQL Injection Vulnerability(CVE-2022-21210)

update rules:
1. threat[24463]:Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
2. threat[25658]:Pimcore GridHelperService.php SQL Injection Vulnerability(CVE-2022-1429)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-26 10:22:21
名称: eoi.unify.allrulepatch.ips.5.6.10.28154.rule 版本:5.6.10.28154
MD5:71ce90c07c65711958326e18657be52b 大小:27.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28154。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25656]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2022-29535)
2. 攻击[25657]:Open-Falcon Falcon-Plus SQL注入漏洞(CVE-2022-26245)
3. 攻击[25658]:Pimcore GridHelperService.php SQL注入漏洞(CVE-2022-1429)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28154. This package include changed rules:

new rules:
1. threat[25656]:Zoho ManageEngine OpManager SQL Injection Vulnerability(CVE-2022-29535)
2. threat[25657]:Open-Falcon Falcon-Plus SQL Injection Vulnerability(CVE-2022-26245)
3. threat[25658]:Pimcore GridHelperService.php SQL Injection Vulnerability(CVE-2022-1429)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-19 11:12:45
名称: eoi.unify.allrulepatch.ips.5.6.10.28135.rule 版本:5.6.10.28135
MD5:b55cb4b2d11f24cb47dbc851237013c9 大小:27.99M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28135。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25654]:WordPress Modern Events Calendar Lite插件存储型跨站脚本漏洞(CVE-2022-0364)
2. 攻击[25655]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33734)

更新规则:
1. 攻击[25647]:帆软报表反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28135. This package include changed rules:

new rules:
1. threat[25654]:WordPress Modern Events Calendar Lite Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-0364)
2. threat[25655]:Siemens SINEC NMS SQL Injection Vulnerabolity(CVE-2021-33734)

update rules:
1. threat[25647]:FineReport Deserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-12 10:24:57
名称: eoi.unify.allrulepatch.ips.5.6.10.28125.rule 版本:5.6.10.28125
MD5:75a902d6ae7d575f1ae3ddd80cb3b5e0 大小:27.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28125。该升级包新增/改进的规则有:

新增规则:
1. 攻击[50621]:Todesk远程控制软件运行
2. 攻击[41905]:Webshell样本1005007上传



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28125. This package include changed rules:

new rules:
1. threat[50621]:Remote Control Tool Todesk Running
2. threat[41905]:Webshell Sample 1005007 Upload



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-07 22:22:13
名称: eoi.unify.allrulepatch.ips.5.6.10.28118.rule 版本:5.6.10.28118
MD5:da5deac878e6333c0ca0d1ac42405b9a 大小:27.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28118。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25652]:用友NC actionhandlerservlet接口反序列化漏洞
2. 攻击[25653]:用友NC ResourceManagerServlet接口反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28118. This package include changed rules:


new rules:
1. threat[25652]:Yonyou NC actionhandlerservlet Interface Deserialization Vulnerability
2. threat[25653]:Yonyou NC ResourceManagerServlet Interface Deserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-06 21:34:27
名称: eoi.unify.allrulepatch.ips.5.6.10.28110.rule 版本:5.6.10.28110
MD5:5f590045f0edf27e10145febf2dc2cb2 大小:27.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28110。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25650]:泛微e-cologyH2数据库远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28110. This package include changed rules:

new rules:
1. threat[25650]:Weaver e-Cologyh2 Database Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-06 08:55:40
名称: eoi.unify.allrulepatch.ips.5.6.10.28105.rule 版本:5.6.10.28105
MD5:1c06c9762113f1a5fdfa70092c5b5f1f 大小:27.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28105。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30789]:迈普ISG1000任意文件下载漏洞

更新规则:
1. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134)
2. 攻击[25648]:普元EOS反序列化漏洞
3. 攻击[25647]:帆软报表反序列化漏洞
4. 攻击[25600]:蓝凌OA远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28105. This package include changed rules:

new rules:
1. threat[30789]:MPSec ISG1000 Arbitrary File Download Vulnerability

update rules:
1. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134)
2. threat[25648]:Primeton EOS Deserialization Vulnerability
3. threat[25647]:FineReport Deserialization Vulnerability
4. threat[25600]:Landray-OA Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-05 10:55:05
名称: eoi.unify.allrulepatch.ips.5.6.10.28091.rule 版本:5.6.10.28091
MD5:fc4036b578e766c7de8a482997cf51a8 大小:27.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28091。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25648]:普元EOS反序列化漏洞(URLDNS)

更新规则:
1. 攻击[25620]:用友NC6.5任意文件上传漏洞
2. 攻击[41904]:隐匿命令执行攻击
3. 攻击[41781]:FRP内网穿透工具通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28091. This package include changed rules:

new rules:
1. threat[25648]:Primeton EOS Deserialization Vulnerability(URLDNS)

update rules:
1. threat[25620]:Yonyou NC6.5 Arbitrary File Upload Vulnerability
2. threat[41904]:Hidden Command Execution Attack
3. threat[41781]:Communication of FRP Intranet Penetration Tool


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-08-01 20:50:04
名称: eoi.unify.allrulepatch.ips.5.6.10.28082.rule 版本:5.6.10.28082
MD5:65b77171c5c0af8e2ae4405c1d7a8420 大小:27.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28082。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25646]:网神防火墙任意上传漏洞
2. 攻击[25647]:帆软报表反序列化漏洞
3. 攻击[41904]:HTTP请求头隐匿命令执行攻击



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28082. This package include changed rules:

new rules:
1. threat[25646]:SecGate Firewall Arbitrary File Upload Vulnerability
2. threat[25647]:FineReport Deserialization Vulnerability
3. threat[41904]:HTTP Header Hidden Command Execution Attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-31 22:32:17
名称: eoi.unify.allrulepatch.ips.5.6.10.28073.rule 版本:5.6.10.28073
MD5:14db4f7ecf4e3aa1295ceab27084ec4f 大小:27.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28073。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25641]:H3C CAS虚拟化平台任意文件上传漏洞
2. 攻击[25645]:用友GRP-U8任意文件上传漏洞
3. 攻击[25638]:用友NC6.5任意文件上传漏洞(grouptemplet)
4. 攻击[25639]:用友时空KSOA任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28073. This package include changed rules:

new rules:
1. threat[25641]:H3C CAS Virtualization Platform Arbitrary File Upload Vulnerability
2. threat[25645]:Yonyou GRP-U8 Arbitrary File Upload Vulnerability
3. threat[25638]:Yonyou NC6.5 Arbitrary File Upload Vulnerability(grouptemplet)
4. threat[25639]:Yonyou KSOA Arbitrary File Upload Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-31 09:56:00
名称: eoi.unify.allrulepatch.ips.5.6.10.28066.rule 版本:5.6.10.28066
MD5:48bfb58098d8592ca9005b2e5db308b3 大小:27.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28066。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25642]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28066. This package include changed rules:

new rules:
1. threat[25642]:Weblogic WLS component IIOP protocol remote code execution vulnerability

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-30 16:49:20
名称: eoi.unify.allrulepatch.ips.5.6.10.28054.rule 版本:5.6.10.28054
MD5:f3302a5a916e6782023ccc4cf1b5e9e0 大小:27.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28054。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25632]:中远麒麟堡垒机SQL注入漏洞
2. 攻击[25637]:万户OA任意文件上传漏洞

更新规则:
1. 攻击[25629]:拓尔思MAS 远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28054. This package include changed rules:

new rules:
1. threat[25632]:Zhongyuan Kylin Security Management System SQL Injection Vulnerability
2. threat[25637]:Wanhu OA Arbitrary File Upload Vulnerability

update rules:
1. threat[25629]:TRS-MAS Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-30 09:34:49
名称: eoi.unify.allrulepatch.ips.5.6.10.28043.rule 版本:5.6.10.28043
MD5:3ff8d23b98efc7b234aabba2ef03ff21 大小:27.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28043。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25626]:天融信上网行为管理系统命令执行漏洞
2. 攻击[25629]:TRS-MAS testCommandExecutor.jsp 远程命令执行漏洞
3. 攻击[25628]:泛微OA任意管理员登陆漏洞

更新规则:
1. 攻击[25619]:泛微e-mobile远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28043. This package include changed rules:

new rules:
1. threat[25626]:Topsec Internet Behavior Management System Command Execution Vulnerability
2. threat[25629]:TRS-MAS testCommandExecutor.jsp Remote Command Execution Vulnerability
3. threat[25628]:Weaver OA Arbitrary Administrator Login Vulnerability

update rules:
1. threat[25619]:Weaver e-mobile Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-28 13:56:41
名称: eoi.unify.allrulepatch.ips.5.6.10.28034.rule 版本:5.6.10.28034
MD5:8703cdb77bcf9d614bbcdc729a218901 大小:27.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28034。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25625]:禅道 16.5 SQL注入漏洞

更新规则:
1. 攻击[25084]:Elasticsearch未授权访问漏洞
2. 攻击[41780]:DNSLog查询请求


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28034. This package include changed rules:

new rules:
1. threat[25625]:Zentao 16.5 SQL Injection Vulnerability

update rules:
1. threat[25084]:Elasticsearch Unauthorized Access Vulnerability
2. threat[41780]:DNSLog Query Request


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-27 20:00:58
名称: eoi.unify.allrulepatch.ips.5.6.10.28025.rule 版本:5.6.10.28025
MD5:dace619a89c9644766b01c497fb53a0e 大小:27.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28025。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41901]:冰蝎 Webshell 连接(image)
2. 攻击[25619]:泛微e-mobile远程代码执行漏洞
3. 攻击[25620]:用友NC任意文件上传漏洞
4. 攻击[25621]:泛微E-cology任意文件上传漏洞

更新规则:
1. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON)
2. 攻击[41697]:冰蝎加密ASP Webshell文件上传
3. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
4. 攻击[41699]:冰蝎加密JSP Webshell文件上传
5. 攻击[41696]:冰蝎加密PHP Webshell文件上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28025. This package include changed rules:

new rules:
1. threat[41901]:Behinder Webshell Connect(image)
2. threat[25619]:Weaver e-mobile Remote Code Execution Vulnerability
3. threat[25620]:Yonyou NC Arbitrary File Upload Vulnerability
4. threat[25621]:Weaver E-cology Arbitrary File Upload Vulnerability

update rules:
1. threat[41903]:Behinder 4.0 Webshell Connect(JSON)
2. threat[41697]:Behinder Encrypted ASP Webshell File Upload
3. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
4. threat[41699]:Behinder Encrypted JSP Webshell File Upload
5. threat[41696]:Behinder Encrypted PHP Webshell File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-27 09:23:17
名称: eoi.unify.allrulepatch.ips.5.6.10.28008.rule 版本:5.6.10.28008
MD5:b062e57e2bc9e53b5ac771add2b6f937 大小:27.90M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.28008。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25615]:致远OA JDBC接口反序列化漏洞
2. 攻击[25616]:通达OA 任意文件上传漏洞
3. 攻击[41903]:冰蝎 4.0 Webshell 连接(JSON)

更新规则:
1. 攻击[41699]:冰蝎加密JSP Webshell文件上传
2. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
3. 攻击[41696]:冰蝎加密PHP Webshell文件上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.28008. This package include changed rules:

new rules:
1. threat[25615]:Seeyon OA JDBC API Deserialization Vulnerability
2. threat[25616]:TongDa OA Arbitrary File Upload Vulnerability
3. threat[41903]:Behinder 4.0 Webshell Connect(JSON)

update rules:
1. threat[41699]:Behinder Encrypted JSP Webshell File Upload
2. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
3. threat[41696]:Behinder Encrypted PHP Webshell File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-26 00:07:02
名称: eoi.unify.allrulepatch.ips.5.6.10.27982.rule 版本:5.6.10.27982
MD5:1c83a35f109a1b0d0a9ad08b60bfd9d7 大小:27.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27982。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25606]:Apache Solr JMX服务远程代码执行漏洞(CVE-2019-12409)
2. 攻击[25608]:Gogs 文件上传命令注入漏洞(CVE-2022-0415)
3. 攻击[25609]:dotCMS 任意文件上传漏洞(CVE-2022-26352)
4. 攻击[25610]:Oracle MySQL Cluster Management API dumpState堆栈缓冲区溢出漏洞(CVE-2022-21280)
5. 攻击[25611]:Delta Industrial Automation CNCSoft ScreenEditor堆栈缓冲区溢出漏洞(CVE-2021-43982)
6. 攻击[25612]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2022-27908)
7. 攻击[25613]:Django SQL注入漏洞(CVE-2022-34265)
8. 攻击[25614]:Apache Spark UI 命令注入漏洞 (CVE-2022-33891)

更新规则:
1. 攻击[41776]:冰蝎 Webshell 连接(ASP)
2. 攻击[25600]:蓝凌OA远程代码执行漏洞
3. 攻击[25027]:Tea LaTex 1.0-远程执行代码漏洞
4. 攻击[41499]:HTTP请求敏感路径访问尝试
5. 攻击[25315]:F5 BIG-IP 认证绕过漏洞(CVE-2021-22986)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27982. This package include changed rules:

new rules:
1. threat[25606]:Apache Solr JMX Service Remote Code Execution Vulnerability(CVE-2019-12409)
2. threat[25608]:Gogs File Upload tree_path Command Injection Vulnerability(CVE-2022-0415)
3. threat[25609]:dotCMS Arbitrary File Upload Vulnerability(CVE-2022-26352)
4. threat[25610]:Oracle MySQL Cluster Management API dumpState Stack Buffer Overflows Vulnerability(CVE-2022-21280)
5. threat[25611]:Delta Industrial Automation CNCSoft ScreenEditor Stack Buffer Overflow Vulnerability(CVE-2021-43982)
6. threat[25612]:Zoho ManageEngine OpManager Inventory Reports SQL Injection Vulnerability(CVE-2022-27908)
7. threat[25613]:Django SQL Injection Vulnerability(CVE-2022-34265)
8. threat[25614]:Apache Spark UI Command Injection Vulnerability (CVE-2022-33891)

update rules:
1. threat[41776]:Behinder Webshell Connect(ASP)
2. threat[25600]:Landray-OA Remote Code Execution Vulnerability
3. threat[25027]:Tea LaTex 1.0 - Remote Code Execution Vulnerability
4. threat[41499]:HTTP Request Sensitive Path Access Attempt
5. threat[25315]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2021-22986)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-21 17:51:25
名称: eoi.unify.allrulepatch.ips.5.6.10.27944.rule 版本:5.6.10.27944
MD5:7fb7f6587fc98c2ac8e2ccc20be9d5cd 大小:27.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27944。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25604]:nopCommerce nopCommerce BackupAction目录遍历漏洞(CVE-2022-28451)
2. 攻击[41900]:FastTunnel内网穿透工具通信
3. 攻击[25605]:WECON LeviStudioU ScreenInfo ScrnFile堆缓冲区溢出漏洞(CVE-2021-23157)
4. 攻击[25601]:WSO2 API Manager ToolsAnyFileUploadExecutor目录遍历漏洞(CVE-2022-29464)
5. 攻击[25602]:OpenEMR C_DocumentCategory.class.php存储型跨站脚本漏洞(CVE-2022-1178)

更新规则:
1. 攻击[41893]:MetaSploit渗透攻击工具Beacon加密通信
2. 攻击[41894]:Cobalt Strike攻击工具Beacon加密通信
3. 攻击[50620]:Cobalt Strike/MetaSploit攻击工具Beacon加密通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27944. This package include changed rules:

new rules:
1. threat[25604]:nopCommerce nopCommerce BackupAction Directory Traversal Vulnerability(CVE-2022-28451)
2. threat[41900]:FastTunnel Intranet Penetration Tool Communication
3. threat[25605]:WECON LeviStudioU ScreenInfo ScrnFile Heap Buffer Overflow Vulnerability(CVE-2021-23157)
4. threat[25601]:WSO2 API Manager ToolsAnyFileUploadExecutor Directory Traversal Vulnerability(CVE-2022-29464)
5. threat[25602]:OpenEMR C_DocumentCategory.class.php Stored Cross-Site Scripting(CVE-2022-1178)

update rules:
1. threat[41893]:Penetration Test Tool MetaSploit Beacon Encrypted Communication
2. threat[41894]:Penetration Test Tool Cobalt Strike Beacon Encrypted Communication
3. threat[50620]:Penetration Test Tool Cobalt Strike/ MetaSploit Beacon Encrypted Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-14 18:49:52
名称: eoi.unify.allrulepatch.ips.5.6.10.27924.rule 版本:5.6.10.27924
MD5:08394d212fadc18e0aa0c6f39a477adb 大小:27.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27924。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25603]:致远OA(A6/A8) 任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27924. This package include changed rules:

new rules:
1. threat[25603]:Seeyon OA (A6/A8) Arbitrary File Upload Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-12 13:45:29
名称: eoi.unify.allrulepatch.ips.5.6.10.27905.rule 版本:5.6.10.27905
MD5:c43b08e1479cfabdc8c42b867d39f2c0 大小:27.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27905。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25594]:Spring Shiro/Security框架认证绕过漏洞(CVE-2022-32532/CVE-2022-22978)
2. 攻击[41898]:APT-C-40可疑域名访问
3. 攻击[25595]:Patrowl PatrowlManager Unrestricted文件上传漏洞(CVE-2021-43829)
4. 攻击[25596]:Jenkins Credentials Plugin存储型跨站脚本漏洞(CVE-2022-29036)
5. 攻击[25597]:Delta Industrial Automation DIALink存储型跨站脚本漏洞(CVE-2021-38488)
6. 攻击[25598]:VMware Spring Cloud Function SpEL代码执行漏洞(CVE-2022-22963)
7. 攻击[41893]:MetaSploit渗透攻击工具Beacon加密通信
8. 攻击[50620]:Cobalt Strike/MetaSploit攻击工具Beacon加密通信
9. 攻击[25599]:蓝凌OA任意文件读取漏洞
10. 攻击[25600]:蓝凌OA远程代码执行漏洞
11. 攻击[41894]:Cobalt Strike攻击工具Beacon加密通信

更新规则:
1. 攻击[22591]:FCKEditor 'FileUpload()'函数任意文件上传漏洞
2. 攻击[24999]:Spring Boot Actuator未授权访问
3. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接
4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)
5. 攻击[25011]:哥斯拉Godzilla PHP_XOR_RAW Webshell 连接




注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27905. This package include changed rules:

new rules:
1. threat[25594]:Spring Shiro/Security Framework Authentication Bypass Vulnerability(CVE-2022-32532/CVE-2022-22978)
2. threat[41898]:APT-C-40 Suspicious Domain Access
3. threat[25595]:Patrowl PatrowlManager Unrestricted File Upload Vulnerability(CVE-2021-43829)
4. threat[25596]:Jenkins Credentials Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-29036)
5. threat[25597]:Delta Industrial Automation DIALink events Stored Cross-Site Scripting Vulnerability(CVE-2021-38488)
6. threat[25598]:VMware Spring Cloud Function SpEL Code Injection Vulnerability(CVE-2022-22963)
7. threat[41893]:Penetration Test Tool MetaSploit Beacon Encrypted Communication
8. threat[50620]:Penetration Test Tool Cobalt Strike/ MetaSploit Beacon Encrypted Communication
9. threat[25599]:Landray-OA Arbitrary File Read Vulnerability
10. threat[25600]:Landray-OA Remote Code Execution Vulnerability
11. threat[41894]:Penetration Test Tool Cobalt Strike Beacon Encrypted Communication

update rules:
1. threat[22591]:FCKEditor 'FileUpload()' Function Arbitray File Upload Vulnerability
2. threat[24999]:Spring Boot Actuator Unauthorized Access
3. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect
4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)
5. threat[25011]:Godzilla PHP_XOR_RAW Webshell Connect



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-07-09 10:46:11
名称: eoi.unify.allrulepatch.ips.5.6.10.27845.rule 版本:5.6.10.27845
MD5:2ff28e73bdbc877fb874699cf272f07f 大小:27.69M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27845。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25591]:Webmin 远程代码执行漏洞(CVE-2022-0824)
2. 攻击[25592]:NginxProxyManager Proxy Host 存储型跨站脚本漏洞(CVE-2022-28379)
3. 攻击[25593]:Lansweeper Lansweeper HelpdeskSetupActions SQL注入漏洞(CVE-2022-22149)

更新规则:
1. 攻击[25182]:nps http内网代理连接
2. 应用:ssl


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27845. This package include changed rules:

new rules:
1. threat[25591]:Webmin Remote Code Execution Vulnerability(CVE-2022-0824)
2. threat[25592]:NginxProxyManager Proxy Host Stored Cross-Site Scripting Vulnerability (CVE-2022-28379)
3. threat[25593]:Lansweeper lansweeper HelpdeskSetupActions SQL Injection Vulnerability (CVE-2022-22149)

update rules:
1. threat[25182]:nps http proxy connection
2. app:ssl


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-30 15:04:45
名称: eoi.unify.allrulepatch.ips.5.6.10.27812.rule 版本:5.6.10.27812
MD5:9fad890ba8b61a748053e4bf8af217a7 大小:27.64M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27812。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25580]:OPF OpenProject Activities API SQL注入漏洞(CVE-2019-11600)
2. 攻击[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL注入漏洞(CVE-2017-17420)
3. 攻击[25581]:SolarWinds SRM Profiler SQL注入漏洞(CVE-2016-4350)
4. 攻击[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS漏洞(CVE-2017-7309)
5. 攻击[25585]:Oracle E-Business Suite General Ledger SQL注入漏洞(CVE-2019-2638)
6. 攻击[25589]:Netgate pfSense diag_routes.php 命令注入漏洞(CVE-2021-41282)
7. 攻击[25590]:SalesAgility SuiteCRM 远程代码执行漏洞(CVE-2022-23940)

更新规则:
1. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27812. This package include changed rules:

new rules:
1. threat[25580]:OPF OpenProject Activities API SQL Injection Vulnerability(CVE-2019-11600)
2. threat[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL Injection Vulnerability(CVE-2017-17420)
3. threat[25581]:SolarWinds SRM Profiler SQL Injection Vulnerability(CVE-2016-4350)
4. threat[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS Vulnerability(CVE-2017-7309)
5. threat[25585]:Oracle E-Business Suite General Ledger SQL Injection Vulnerability(CVE-2019-2638)
6. threat[25589]:Netgate pfSense diag_routes.php Command Injection Vulnerability(CVE-2021-41282)
7. threat[25590]:SalesAgility SuiteCRM email_recipients Remote Code Execution Vulnerability(CVE-2022-23940)

update rules:
1. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-23 18:03:44
名称: eoi.unify.allrulepatch.ips.5.6.10.27748.rule 版本:5.6.10.27748
MD5:a5e03c424d90010ad0964399109b2824 大小:27.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27748。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41896]:Goby工具扫描攻击探测
2. 攻击[41897]:Xray工具扫描攻击探测
3. 攻击[25578]:Spring Security 认证绕过漏洞(CVE-2022-22978)
4. 攻击[25576]:Lansweeper lansweeper WebUserActions存储型跨站脚本漏洞(CVE-2022-21145)
5. 攻击[25577]:Oracle Access Manager OpenSSO Agent不安全反序列化漏洞(CVE-2021-35587)
6. 攻击[10531]:HAProxy HTTP 头处理拒绝服务漏洞(CVE-2022-0711)
7. 攻击[25579]:WordPress Photo Gallery Plugin存储型跨站脚本漏洞(CVE-2022-0750)

更新规则:
1. 攻击[41820]:HTTP CRLF注入攻击
2. 攻击[41781]:FRP内网穿透工具通信
3. 攻击[41782]:FRP内网穿透工具 - 通过域名访问
4. 应用:pop3


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27748. This package include changed rules:

new rules:
1. threat[41896]:Goby scan attack detection
2. threat[41897]:Xray scan attack detection
3. threat[25578]:Spring Security Authentication Bypass Vulnerability(CVE-2022-22978)
4. threat[25576]:Lansweeper lansweeper WebUserActions Stored Cross-Site Scripting Vulnerability(CVE-2022-21145)
5. threat[25577]:Oracle Access Manager OpenSSO Agent Insecure Deserialization(CVE-2021-35587)
6. threat[10531]:HAProxy Set-Cookie2 Header Handling Denial of Service Vulnerability (CVE-2022-0711)
7. threat[25579]:WordPress Photo Gallery Plugin Stored Cross Site Scripting Vulnerability(CVE-2022-0750)

update rules:
1. threat[41820]:HTTP CRLF Injection Attack
2. threat[41781]:Communication of FRP Intranet Penetration Tool
3. threat[41782]:FRP intranet penetration tool - Access via domain name
4. app:pop3


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-16 23:56:51
名称: eoi.unify.allrulepatch.ips.5.6.10.27711.rule 版本:5.6.10.27711
MD5:0c0c9c2d0a1f3491330e9c67124f42b3 大小:27.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27711。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25573]:WordPress Photo Gallery插件SQL注入漏洞(CVE-2022-1281)
2. 攻击[25574]:WordPress All-in-One WP Migration 插件目录遍历漏洞(CVE-2022-1476)
3. 攻击[25575]:WordPress TI WooCommerce Wishlist插件SQL注入漏洞 (CVE-2022-0412)
4. 攻击[25570]:Tiny File Manager tinyfilemanager.php fullpath目录遍历漏洞(CVE-2021-45010)
5. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134)
6. 攻击[41895]:Fscan webtitle攻击探测

更新规则:
1. 攻击[22915]:Microsoft IE内存破坏漏洞(CVE-2013-3914)(MS13-088)
2. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
3. 应用:mqtt


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27711. This package include changed rules:

new rules:
1. threat[25573]:WordPress Photo Gallery Plugin filter_tag SQL Injection Vulnerability(CVE-2022-1281)
2. threat[25574]:WordPress All-in-One WP Migration Plugin Backups Directory Traversal Vulnerability(CVE-2022-1476)
3. threat[25575]:WordPress TI WooCommerce Wishlist Plugin SQL Injection Vulnerability (CVE-2022-0412)
4. threat[25570]:Tiny File Manager tinyfilemanager.php fullpath Directory Traversal Vulnerability(CVE-2021-45010)
5. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134)
6. threat[41895]:Fscan Webtitle attack detection

update rules:
1. threat[22915]:Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2013-3914)(MS13-088)
2. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
3. app:mqtt


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-10 17:54:13
名称: eoi.unify.allrulepatch.ips.5.6.10.27646.rule 版本:5.6.10.27646
MD5:ffd9a60695956c6999d84993df6c41c6 大小:27.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27646。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25564]:Vmware Workspace One Access服务端模板注入漏洞(CVE-2022-22954)
2. 攻击[25566]:Lansweeper GetAssetsByGroupId SQL注入漏洞(CVE-2022-21234)
3. 攻击[25567]:VMware 认证绕过漏洞(CVE-2022-22972)
4. 攻击[25568]:Microsoft Windows Support Diagnostic Tool远程代码执行漏洞(CVE-2022-30190)
5. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112)

更新规则:
1. 攻击[41820]:HTTP CRLF注入攻击
2. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27646. This package include changed rules:

new rules:
1. threat[25564]:Vmware Workspace One Access Server Template Injection Vulnerability(CVE-2022-22954)
2. threat[25566]:Lansweeper GetAssetsByGroupId SQL Injection Vulnerability(CVE-2022-21234)
3. threat[25567]:VMware Authentication Bypass Vulnerability(CVE-2022-22972)
4. threat[25568]:Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability(CVE-2022-30190)
5. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112)

update rules:
1. threat[41820]:HTTP CRLF Injection Attack
2. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-06-02 20:50:59
名称: eoi.unify.allrulepatch.ips.5.6.10.27602.rule 版本:5.6.10.27602
MD5:7d3a2f83ca1091ac71ded488e37e70c2 大小:27.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27602。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25560]:Apache CouchDB 远程代码执行漏洞(CVE-2022-24706)
2. 攻击[25561]:Webmin 命令注入漏洞 (CVE-2019-15642)
3. 攻击[30787]:Swagger 敏感信息泄漏漏洞
4. 攻击[25563]:Spring Boot H2 Database 远程命令执行漏洞 (CVE-2021-42392)
5. 攻击[25562]:Windows Network File System 远程代码执行漏洞(CVE-2022-26937)

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞
2. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27602. This package include changed rules:


new rules:
1. threat[25560]:Apache CouchDB Remote Code Execution Vulnerability(CVE-2022-24706)
2. threat[25561]:Webmin Command Injection Vulnerability (CVE-2019-15642)
3. threat[30787]:Swagger Sensitive Information Disclosure Vulnerability
4. threat[25563]:Spring Boot H2 Database RCE Vulnerability (CVE-2021-42392)
5. threat[25562]:Windows Network File System Remote Code Execution Vulnerability(CVE-2022-26937)

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability
2. threat[41766]:Godzilla Webshell JSP Scripts Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-27 15:39:46
名称: eoi.unify.allrulepatch.ips.5.6.10.27562.rule 版本:5.6.10.27562
MD5:9d0064fd2b78fa49e8f84d7daff15b16 大小:27.57M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27562。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
2. 攻击[25558]:ZZZCMS远程执行代码漏洞(CVE-2021-32605)
3. 攻击[25559]:Dolibarr ERP and CRM 代码注入漏洞( CVE-2022-0819)

更新规则:
1. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)
2. 攻击[41887]:Ngrok内网穿透工具通信
3. 攻击[24835]:Discuz ML远程代码执行漏洞(CVE-2019-13956)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27562. This package include changed rules:


new rules:
1. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
2. threat[25558]:ZZZCMS Remote Code Execution Vulnerability (CVE-2021-32605)
3. threat[25559]:Dolibarr ERP and CRM Code Injection Vulnerability( CVE-2022-0819)

update rules:
1. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)
2. threat[41887]:Ngrok Intranet Penetration Tool Communication
3. threat[24835]:Discuz ML RCE Vulnerability (CVE-2019-13956)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-20 17:09:56
名称: eoi.unify.allrulepatch.ips.5.6.10.27527.rule 版本:5.6.10.27527
MD5:888bd9dbab2f4b447c0227cecc837a76 大小:27.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27527。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25552]:Ruby On Rails 目录穿越漏洞(CVE-2018-3760)
2. 攻击[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL注入漏洞(CVE-2022-0169)
3. 攻击[25554]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33732)
4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)

更新规则:
1. 攻击[20171]:Microsoft IIS 4.0/5.0 CGI文件名错误解码攻击
2. 攻击[24257]:Pivotal Spring Framework isWritableProperty SpEL 表达式注入漏洞(CVE-2018-1273)
3. 攻击[30748]:DiscuzX前台任意文件删除漏洞
4. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27527. This package include changed rules:

new rules:
1. threat[25552]:Ruby On Rails Directory Traversal Vulnerability(CVE-2018-3760)
2. threat[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL Injection Vulnerability(CVE-2022-0169)
3. threat[25554]:Siemens SINEC NMS SQL Injection Vulnerability(CVE-2021-33732)
4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)

update rules:
1. threat[20171]:Microsoft IIS 4.0/5.0 CGI Filename Incorrect Decoding Vulnerability
2. threat[24257]:Pivotal Spring Framework isWritableProperty SpEL Injection Vulnerability(CVE-2018-1273)
3. threat[30748]:Discuz X foreground any file deletion vulnerability
4. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-12 18:23:40
名称: eoi.unify.allrulepatch.ips.5.6.10.27503.rule 版本:5.6.10.27503
MD5:c4e96ed13e1d31bd1860a08d9d777ce5 大小:27.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27503。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25548]:齐治堡垒机命令执行漏洞
2. 攻击[25549]:Spring Boot Eureka XStream 反序列化远程代码执行漏洞
3. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485)
4. 攻击[25551]:用友NC未授权反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27503. This package include changed rules:


new rules:
1. threat[25548]:Shterm Security Management System Command Execution Vulnerability
2. threat[25549]:Spring Boot Eureka XStream Deserializable Remote Code Execution Vulnerability
3. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485)
4. threat[25551]:Yonyou NC Unauthorized Deserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-05-07 20:09:31
名称: eoi.unify.allrulepatch.ips.5.6.10.27477.rule 版本:5.6.10.27477
MD5:13bdc2e3146c9edb1f23ed5e93cad5fe 大小:27.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27477。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25542]:Delta Industrial Automation DIAEnergie SQL注入漏洞(CVE-2021-38391)
2. 攻击[25543]:Oracle WebLogic Server 反序列化漏洞 (CVE-2018-2628)
3. 攻击[25545]:WordPress WP Statistics SQL注入漏洞(CVE-2022-25148)
4. 攻击[25546]:WordPress WP Statistics SQL注入漏洞(CVE-2022-25149)
5. 攻击[25544]:Pimcore Title Field存储型跨站脚本漏洞(CVE-2022-0832)
6. 攻击[25547]:Pimcore Key Field存储型跨站脚本漏洞(CVE-2022-0831)

更新规则:
1. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)
2. 攻击[23991]:Fastjson远程代码执行漏洞
3. 攻击[25418]:Python PIL/Pillow远程命令执行漏洞(Ghostscript)(CVE-2018-16509)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27477. This package include changed rules:

new rules:
1. threat[25542]:Delta Industrial Automation DIAEnergie SQL Injection Vulnerability(CVE-2021-38391)
2. threat[25543]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2018-2628)
3. threat[25545]:WordPress WP Statistics Plugin current_page_id SQL Injection Vulnerability(CVE-2022-25148)
4. threat[25546]:WordPress WP Statistics Plugin ip SQL Injection Vulnerability(CVE-2022-25149)
5. threat[25544]:Pimcore Title Field Stored Cross-Site Scripting Vulnerability(CVE-2022-0832)
6. threat[25547]:Pimcore Key Field Stored Cross-Site Scripting Vulnerability(CVE-2022-0831)

update rules:
1. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)
2. threat[23991]:Fastjson Remote Code Execution Vulnerability
3. threat[25418]:Python PIL/Pillow Remote Code Execution Vulnerability(Ghostscript)(CVE-2018-16509)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-28 15:30:14
名称: eoi.unify.allrulepatch.ips.5.6.10.27443.rule 版本:5.6.10.27443
MD5:a22a2b420e6ad20d8b795b68c6274d86 大小:27.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27443。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25539]:Foxit PDF Reader and Editor Annotation rotate释放后重用漏洞(CVE-2021-34847)
2. 攻击[25540]:Apache OpenOffice dBase 缓冲区溢出漏洞(CVE-2021-33035)
3. 攻击[25541]:Microsoft Windows Remote Procedure Call Runtime远程代码执行漏洞(CVE-2022-26809)

更新规则:
1. 攻击[24881]:Zabbix latest.php SQL注入漏洞(CVE-2016-10134)
2. 攻击[25483]:HAProxy HTTP 头处理整数溢出漏洞(CVE-2021-40346)
3. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
4. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145)
5. 攻击[41887]:Ngrok内网穿透工具通信
6. 攻击[41710]:Linux系统Shell反向连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27443. This package include changed rules:

new rules:
1. threat[25539]:Foxit PDF Reader and Editor Annotation rotate Use After Free Vulnerability(CVE-2021-34847)
2. threat[25540]:Apache OpenOffice dBase Buffer Overflow Vulnerability(CVE-2021-33035)
3. threat[25541]:Microsoft Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability(CVE-2022-26809)

update rules:
1. threat[24881]:Zabbix latest.php SQL injection vulnerability (CVE-2016-10134)
2. threat[25483]:HAProxy HTTP Header Handling Integer Overflow Vulnerability(CVE-2021-40346)
3. threat[49014]:Mining program query DNS mine pool server domain name
4. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145)
5. threat[41887]:Ngrok Intranet Penetration Tool Communication
6. threat[41710]:Linux Shell Reverse Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-24 09:18:53
名称: eoi.unify.allrulepatch.ips.5.6.10.27394.rule 版本:5.6.10.27394
MD5:fbcbeb2e4fccd8a087a084eaccbf760d 大小:27.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27394。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25533]:Grafana Labs Grafana组件目录遍历漏洞(CVE-2021-43798)
2. 攻击[25534]:Apereo CAS 4.X反序列化漏洞
3. 攻击[25536]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2021-41288)
4. 攻击[25535]:Zoho ManageEngine ADSelfService Plus 认证绕过漏洞(CVE-2021-40539)
5. 攻击[25537]:Foxit PDF Reader and Editor Annotation richDefaults释放后重用漏洞(CVE-2021-34848)
6. 应用:百度手机端
7. 应用:反恐精英-全球攻势

更新规则:
1. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接
2. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564)
3. 攻击[40339]:木马后门程序Matrix木马通信
4. 攻击[41887]:Ngrok内网穿透工具通信
5. 应用:滴滴出行
6. 应用:王者荣耀
7. 应用:网易云音乐
8. 应用:高德地图
9. 应用:美团团购
10. 应用:今日头条
11. 应用:1688阿里巴巴
12. 应用:百度地图
13. 应用:腾讯视频
14. 应用:BiliBili
15. 应用:优酷视频
16. 应用:ftp
17. 应用:telnet


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27394. This package include changed rules:

new rules:
1. threat[25533]:Grafana Labs Grafana Plugin Directory Traversal Vulnerability(CVE-2021-43798)
2. threat[25534]:Apereo CAS 4.X Insecure Deserialization Vulnerability
3. threat[25536]:Zoho ManageEngine OpManager getReportData SQL Injection Vulnerability(CVE-2021-41288)
4. threat[25535]:Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability(CVE-2021-40539)
5. threat[25537]:Foxit PDF Reader and Editor Annotation richDefaults Use After Free Vulnerability(CVE-2021-34848)
6. app:Baidu mobile app
7. app:CSGO

update rules:
1. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect
2. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564)
3. threat[40339]:Backdoor/Trojan Matrix Communication
4. threat[41887]:Ngrok Intranet Penetration Tool Communication
5. app:DIDI
6. app:Glory of Kings
7. app:NetEase CloudMusic
8. app:AMAP
9. app:MEITUAN
10. app:Toutiao
11. app:1688-Alibaba
12. app:Baidu Map
13. app:Tencent Video
14. app:BiliBili
15. app:Youku Video
16. app:ftp
17. app:telnet


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-18 09:37:14
名称: eoi.unify.allrulepatch.ips.5.6.10.27355.rule 版本:5.6.10.27355
MD5:6cdaf59d64b9f7acfdcecf0424b387e0 大小:27.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27355。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41888]:SSF代理工具连接建立
2. 攻击[41889]:Termite内网穿透工具通信



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27355. This package include changed rules:

new rules:
1. threat[41888]:SSF Proxy Tool Connection
2. threat[41889]:Termite Intranet Penetration Tool Communication



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-07 18:02:17
名称: eoi.unify.allrulepatch.ips.5.6.10.27337.rule 版本:5.6.10.27337
MD5:c8f3681c8c10ed04642d9965105d299f 大小:27.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27337。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25530]:Spring Cloud Function SPEL表达式注入漏洞

更新规则:
1. 攻击[25450]:GitLab远程命令执行漏洞(CVE-2021-22205)
2. 攻击[24853]:Pippo FastjsonEngine Fastjson远程代码执行漏洞(CVE-2017-18349)
3. 攻击[25312]:用友NC6.5 bsh.servlet.BshServlet 远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27337. This package include changed rules:

new rules:
1. threat[25530]:Spring Cloud Function SPEL Injection Vulnerability

update rules:
1. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205)
2. threat[24853]:Pippo FastjsonEngine Fastjson RCE Vulnerability(CVE-2017-18349)
3. threat[25312]:Yonyou NC6.5 bsh.servlet.BshServlet Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-04-01 09:56:54
名称: eoi.unify.allrulepatch.ips.5.6.10.27310.rule 版本:5.6.10.27310
MD5:6d6101e2109e336a9af5cae432a89f30 大小:27.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27310。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25529]:Atlassian JIRA Data Center不安全反序列化漏洞 CVE-2020-36239
2. 攻击[41887]:Ngrok内网穿透工具通信


更新规则:
1. 攻击[24250]:Drupal核心远程代码执行漏洞
2. 攻击[24797]:PHPUnit 远程代码执行漏洞(CVE-2017-9841)
3. 应用:iec104



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27310. This package include changed rules:

new rules:
1. threat[25529]:Atlassian JIRA Data Center Insecure Deserialization Vulnerability CVE-2020-36239
2. threat[41887]:Ngrok Intranet Penetration Tool Communication


update rules:
1. threat[24250]:Drupal Core Remote Code Execution Vulnerability
2. threat[24797]:PHPUnit Remote Code Execution Vulnerability(CVE-2017-9841)
3. app:iec104



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-30 12:53:59
名称: eoi.unify.allrulepatch.ips.5.6.10.27270.rule 版本:5.6.10.27270
MD5:443b3770fc7190a19bb79fb732332828 大小:27.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27270。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41886]:Pystinger代理工具连接建立
2. 攻击[25526]:YouPHPTube Encoder 命令注入漏洞(CVE-2019-5129)
3. 攻击[25527]:Nagios XI Custom Includes Component任意文件上传漏洞(CVE-2021-40344)
4. 攻击[25528]:GitLab Community and Enterprise Edition DesignReferenceFilter存储型跨站脚本漏洞(CVE-2021-22238)

更新规则:
1. 攻击[25506]:Advantech WebAccess HMI Designer 堆缓冲区溢出漏洞(CVE-2021-33000)
2. 攻击[24361]:Cisco Prime Infrastructure swimtemp TFTP 任意文件上传漏洞(CVE-2018-15379)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27270. This package include changed rules:

new rules:
1. threat[41886]:Pystinger Proxy Tool Connection
2. threat[25526]:YouPHPTube Encoder Command Injection Vulnerability(CVE-2019-5129)
3. threat[25527]:Nagios XI Custom Includes Component Arbitrary File Upload Vulnerability(CVE-2021-40344)
4. threat[25528]:GitLab Community and Enterprise Edition DesignReferenceFilter Stored Cross-Site Scripting(CVE-2021-22238)

update rules:
1. threat[25506]:Advantech WebAccess HMI Designer Heap Buffer Overflow Vulnerability(CVE-2021-33000)
2. threat[24361]:Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload Vulnerability(CVE-2018-15379)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-24 17:49:47
名称: eoi.unify.allrulepatch.ips.5.6.10.27243.rule 版本:5.6.10.27243
MD5:f4cddd25ebc03aac57dd4903f6822f6b 大小:27.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27243。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30786]:Metabase任意文件读取漏洞(CVE-2021-41277)
2. 攻击[25522]:Oracle WebLogic Server远程执行代码漏洞(CVE-2021-2394)
3. 攻击[41884]:恶意挖矿程序ETHMiner通信
4. 攻击[25523]:Nagios XI cmdsubsys.php Archive Name命令注入漏洞(CVE-2021-40345)
5. 攻击[41885]:Ecloud代理工具连接建立
6. 攻击[25524]:Oracle WebLogic Server本地文件包含漏洞(CVE-2022-21371)
7. 攻击[25525]:D-link DSL-2888A 命令注入漏洞(CVE-2020-24581)

更新规则:
1. 攻击[24656]:Spring Web Flow远程代码执行漏洞(CVE-2017-4971)
2. 攻击[24880]:FasterXML jackson-databind 远程代码执行漏洞(CVE-2020-11113)
3. 攻击[49004]:Blackmoon银行木马通信
4. 应用:ftps


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27243. This package include changed rules:

new rules:
1. threat[30786]:Metabase Arbitrary File Read Vulnerability(CVE-2021-41277)
2. threat[25522]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2021-2394)
3. threat[41884]:Malicious Mining Program Ethminer Communication
4. threat[25523]:Nagios XI cmdsubsys.php Archive Name Command Injection(CVE-2021-40345)
5. threat[41885]:Ecloud Proxy Tool Connection
6. threat[25524]:Oracle WebLogic Server Local File Inclusion Vulnerability(CVE-2022-21371)
7. threat[25525]:D-link DSL-2888A Command Injection Vulnerability(CVE-2020-24581)

update rules:
1. threat[24656]:Spring Web Flow Remote Code Execution Vulnerability(CVE-2017-4971)
2. threat[24880]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-11113)
3. threat[49004]:Blackmoon Banking Trojan Communication
4. app:ftps


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-18 09:09:39
名称: eoi.unify.allrulepatch.ips.5.6.10.27207.rule 版本:5.6.10.27207
MD5:10f8b9a63d6e428dcd8a39a0ddc17c03 大小:27.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27207。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25516]:Spring Cloud Gateway远程代码执行漏洞(CVE-2022-22947)
2. 攻击[25517]:Schneider Electric Struxureware Data Center目录遍历漏洞(CVE-2021-22794)
3. 攻击[25518]:Schneider Electric Struxureware Data Center命令注入漏洞(CVE-2021-22795)
4. 攻击[25519]:Advantech WebAccess HMI Designer 内存破坏漏洞(CVE-2021-33004)

更新规则:
1. 攻击[30785]:D-Link DCS-2530L/DCS-2670L信息泄露漏洞(CVE-2020-25078)
2. 攻击[25511]:Autodesk FBX Review ZIP目录遍历漏洞(CVE-2021-27030)
3. 攻击[22722]:Apache Struts2远程代码执行漏洞(S2-013)
4. 应用:FTPS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27207. This package include changed rules:

new rules:
1. threat[25516]:Spring Cloud Gateway Remote Code Execution Vulnerability(CVE-2022-22947)
2. threat[25517]:Schneider Electric Struxureware Data Center Expert Firmware Update Directory Traversal Vulnerability(CVE-2021-22794)
3. threat[25518]:Schneider Electric Struxureware Data Center Expert testRepository Command Injection Vulnerability(CVE-2021-22795)
4. threat[25519]:Advantech WebAccess HMI Designer PM3 NHTrendGraph Memory Corruption Vulnerability(CVE-2021-33004)

update rules:
1. threat[30785]:D-Link DCS-2530L/DCS-2670L Information Disclosure Vulnerability(CVE-2020-25078)
2. threat[25511]:Autodesk FBX Review ZIP Directory Traversal Vulnerability(CVE-2021-27030)
3. threat[22722]:Apache Struts2 Remote Command Execution(S2-013)
4. app:FTPS


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-11 09:10:48
名称: eoi.unify.allrulepatch.ips.5.6.10.27156.rule 版本:5.6.10.27156
MD5:0f7d8ea5722305d9a677529ed4e11893 大小:26.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27156。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25515]:Blueimp jQuery-File-Upload 文件上传漏洞(CVE-2018-9206)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27156. This package include changed rules:

new rules:
1. threat[25515]:Blueimp jQuery-File-Upload File Upload Vulnerability(CVE-2018-9206)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-03-03 17:11:45
名称: eoi.unify.allrulepatch.ips.5.6.10.27135.rule 版本:5.6.10.27135
MD5:bb4a5ff44115cbfb244d383f843b6e05 大小:26.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27135。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25508]:Samba vfs_fruit越界读写漏洞(CVE-2021-44142)
2. 攻击[25509]:向日葵远程代码执行漏洞
3. 攻击[41883]:恶意软件T-Rex挖矿活动
4. 攻击[25510]:Fortinet FortiWeb SAML Server Configuration命令注入漏洞(CVE-2021-22123)
5. 攻击[30785]:D-Link DCS-2530L/DCS-2670L信息泄露漏洞(CVE-2020-25078)
6. 攻击[25511]:Autodesk FBX Review ZIP目录遍历漏洞(CVE-2021-27030)
7. 攻击[25512]:Sonatype Nexus Repository Manager跨站脚本漏洞(CVE-2021-37152)
8. 攻击[25513]:NETGEAR JGS516PE远程代码执行漏洞(CVE-2020-26919)
9. 应用:udt
10. 应用:ovation
11. 应用:moxa-nport
12. 应用:gbt-32960
13. 应用:jt905
14. 应用:tridium-niagara-fox
15. 应用:jt809
16. 应用:doip
17. 应用:ddp
18. 应用:foxboro
19. 应用:atg
20. 应用:ansi-c1222

更新规则:
1. 攻击[25289]:SonarQube api 信息泄露漏洞(CVE-2020-27986)
2. 应用:afp
3. 应用:amqp
4. 应用:cip
5. 应用:dhcp
6. 应用:edp
7. 应用:egd
8. 应用:iecmms
9. 应用:ike
10. 应用:imap
11. 应用:ipsec-esp-udp
12. 应用:jabber
13. 应用:jt808
14. 应用:l2tp
15. 应用:nfs
16. 应用:ntp
17. 应用:omron_fins
18. 应用:open-vpn
19. 应用:pop3
20. 应用:pptp
21. 应用:radius
22. 应用:rtcp
23. 应用:rtmp
24. 应用:rtp
25. 应用:smtp
26. 应用:snmp
27. 应用:socks
28. 应用:ssdp
29. 应用:tftp
30. 应用:xdmcp
31. 应用:xmpp
32. 应用:synchrophasor
33. 应用:iec104
34. 应用:smtps
35. 应用:dicom
36. 应用:ATG
37. 应用:modbus
38. 应用:rpc


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27135. This package include changed rules:

new rules:
1. threat[25508]:Samba vfs_fruit Module ADEID_FINDERI Handling Out-Of-Bounds Read and Write Vulnerability(CVE-2021-44142)
2. threat[25509]:Sunlogin Remote Code Execution Vulnerability
3. threat[41883]:Malware T-Rex Mining Activities
4. threat[25510]:Fortinet FortiWeb SAML Server Configuration Command Injection Vulnerability(CVE-2021-22123)
5. threat[30785]:D-Link DCS-2530L/DCS-2670L Information Disclosure Vulnerability(CVE-2020-25078)
6. threat[25511]:Autodesk FBX Review ZIP Directory Traversal Vulnerability(CVE-2021-27030)
7. threat[25512]:Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability(CVE-2021-37152)
8. threat[25513]:NETGEAR JGS516PE Remote Code Execution Vulnerability(CVE-2020-26919)
9. app:udt
10. app:ovation
11. app:moxa-nport
12. app:gbt-32960
13. app:jt905
14. app:tridium-niagara-fox
15. app:jt809
16. app:doip
17. app:ddp
18. app:foxboro
19. app:atg
20. app:ansi-c1222

update rules:
1. threat[25289]:SonarQube api Information Disclosure Vulnerability(CVE-2020-27986)
2. app:afp
3. app:amqp
4. app:cip
5. app:dhcp
6. app:edp
7. app:egd
8. app:iecmms
9. app:ike
10. app:imap
11. app:ipsec-esp-udp
12. app:jabber
13. app:jt808
14. app:l2tp
15. app:nfs
16. app:ntp
17. app:omron_fins
18. app:open-vpn
19. app:pop3
20. app:pptp
21. app:radius
22. app:rtcp
23. app:rtmp
24. app:rtp
25. app:smtp
26. app:snmp
27. app:socks
28. app:ssdp
29. app:tftp
30. app:xdmcp
31. app:xmpp
32. app:synchrophasor
33. app:iec104
34. app:smtps
35. app:dicom
36. app:ATG
37. app:modbus
38. app:rpc


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-25 01:00:37
名称: eoi.unify.allrulepatch.ips.5.6.10.27090.rule 版本:5.6.10.27090
MD5:3a051d58dd062a86bd6254331e4d44bb 大小:26.89M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27090。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41881]:Lanproxy内网穿透工具通信
2. 攻击[41882]:reDuh http隧道内网代理连接
3. 攻击[25502]:MeterSphere任意文件读取漏洞(CVE-2021-45789)
4. 攻击[25503]:MeterSphere任意文件上传漏洞(CVE-2021-45790)
5. 攻击[25504]:phpKF CMS 3.00 Beta y6远程代码执行漏洞
6. 攻击[25505]:Delta Industrial Automation DIAEnergie HandlerEnergyType.aspx SQL注入漏洞(CVE-2021-38390)
7. 攻击[25506]:Advantech WebAccess HMI Designer 堆缓冲区溢出漏洞(CVE-2021-33000)
8. 攻击[50619]:PHP Xdebug远程调试
9. 攻击[25507]:Terramaster TOS 命令注入漏洞(CVE-2020-28188)

更新规则:
1.攻击[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL注入漏洞(CVE-2021-38393)
2. 攻击[23875]:IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385)
3. 攻击[41710]:Linux系统Shell反向连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27090. This package include changed rules:

new rules:
1. threat[41881]:Lanproxy Intranet Penetration Tool Communication
2. threat[41882]:reDuh http tunnel proxy connection
3. threat[25502]:MeterSphere Arbitrary File Read Vulnerability(CVE-2021-45789)
4. threat[25503]:MeterSphere Arbitrary File Upload Vulnerability(CVE-2021-45790)
5. threat[25504]:phpKF CMS 3.00 Beta y6 Remote Code Execution Vulnerability
6. threat[25505]:Delta Industrial Automation DIAEnergie HandlerEnergyType.aspx SQL Injection Vulnerability(CVE-2021-38390)
7. threat[25506]:Advantech WebAccess HMI Designer Heap Buffer Overflow Vulnerability(CVE-2021-33000)
8. threat[50619]:PHP Xdebug Remote Debug
9. threat[25507]:Terramaster TOS Command Injection Vulnerability(CVE-2020-28188)

update rules:
1. threat[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL Injection(CVE-2021-38393)
2. threat[23875]:IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385)
3. threat[41710]:Linux Shell Reverse Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-18 09:59:26
名称: eoi.unify.allrulepatch.ips.5.6.10.27049.rule 版本:5.6.10.27049
MD5:3a4dbf41ca06230bb2df7803b7abaa8f 大小:26.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27049。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25499]:SearchBlox 任意文件读取漏洞 (CVE-2020-35580)
2. 攻击[25500]:Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL注入漏洞(CVE-2021-37558)
3. 攻击[25501]:Delta Industrial Automation DIAEnergie 任意文件上传漏洞(CVE-2021-32955)

更新规则:
1. 攻击[24582]:Jenkins FileParameterValue目录遍历漏洞(CVE-2019-10352)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27049. This package include changed rules:

new rules:
1. threat[25499]:SearchBlox Arbitrary File Read Vulnerability (CVE-2020-35580)
2. threat[25500]:Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL Injection Vulnerability(CVE-2021-37558)
3. threat[25501]:Delta Industrial Automation DIAEnergie Arbitrary File Upload Vulnerability(CVE-2021-32955)

update rules:
1. threat[24582]:Jenkins FileParameterValue Directory Traversal Vulnerability(CVE-2019-10352)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-11 13:07:23
名称: eoi.unify.allrulepatch.ips.5.6.10.27026.rule 版本:5.6.10.27026
MD5:0132e1d9faba18a6b85901c9d493abb4 大小:26.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27026。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41880]:Venom代理工具连接建立
2. 攻击[25497]:Microsoft Azure OMI认证绕过漏洞(CVE-2021-38647)
3. 攻击[25498]:D-Link DNS-320 命令注入漏洞 (CVE-2020-25506)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27026. This package include changed rules:

new rules:
1. threat[41880]:Venom proxy tool connection establishment
2. threat[25497]:Microsoft Azure Open Management Infrastructure Authentication Bypass Vulnerability(CVE-2021-38647)
3. threat[25498]:D-Link DNS-320 Command Injection Vulnerability (CVE-2020-25506)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-02-03 20:05:18
名称: eoi.unify.allrulepatch.ips.5.6.10.27013.rule 版本:5.6.10.27013
MD5:adb868ee106a7edc37ce273bddd26f2f 大小:26.85M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.27013。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25494]:Yealink Device Management 命令注入漏洞(CVE-2021-27561)
2. 攻击[25495]:用友NC6.5任意文件上传漏洞
3. 攻击[41879]:OneForAll资产收集工具子域名扫描
4. 攻击[41878]:恶意软件Windows/Aspxor_general网络通信
5. 攻击[25496]:WordPress Query SQL注入漏洞(CVE-2022-21661)

更新规则:
1. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085)
2. 攻击[49009]:可疑僵尸网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.27013. This package include changed rules:


new rules:
1. threat[25494]:Yealink Device Management Command Injection Vulnerability(CVE-2021-27561)
2. threat[25495]:Yonyou NC6.5 Arbitrary File Upload Vulnerability
3. threat[41879]:OneForAll Asset Collection Tool Scanning Subdomains
4. threat[41878]:Malware Windows/Aspxor_general Network Communication
5. threat[25496]:WordPress Query SQL Injection Vulnerability(CVE-2022-21661)

update rules:
1. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085)
2. threat[49009]:Suspicious Botnet Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-27 18:45:17
名称: eoi.unify.allrulepatch.ips.5.6.10.26975.rule 版本:5.6.10.26975
MD5:8dca39e0d20d58eee29a68df6aba7cb9 大小:26.85M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26975。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41876]:恶意软件Windows/Trojan.BlackRev_general网络通信
2. 攻击[41875]:恶意软件Windows/BotnetKernel.BlackEnergy_o网络通信
3. 攻击[50617]:协议隧道工具splitBrain连接
4. 攻击[50618]:内网隧道工具Privotnacci连接
5. 攻击[41877]:恶意软件Windows/Fakocan_a网络通信
6. 攻击[25493]:Windows HTTP协议栈远程代码执行漏洞(CVE-2022-21907)

更新规则:
1. 攻击[50616]:DNS隧道通信建立SSH连接
2. 攻击[49009]:可疑僵尸网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26975. This package include changed rules:

new rules:
1. threat[41876]:Malware Windows/Trojan.BlackRev_general Network Communication
2. threat[41875]:Malware Windows/BotnetKernel.BlackEnergy_o Network Communication
3. threat[50617]:Protocol Tunnel Tool splitBrain Connect
4. threat[50618]:Intranet tunneling tool Privotnacci connection
5. threat[41877]:Malware Windows/Fakocan_a Network Communication
6. threat[25493]:HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2022-21907)

update rules:
1. threat[50616]:DNS tunnel communication is established through SSH connection
2. threat[49009]:Suspicious Botnet Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-20 17:29:14
名称: eoi.unify.allrulepatch.ips.5.6.10.26941.rule 版本:5.6.10.26941
MD5:d7987189e98a7c720cc185bc2850ad99 大小:26.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26941。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25490]:go-http-tunnel隧道工具通信
2. 攻击[50616]:DNS隧道通信建立SSH连接
3. 攻击[25491]:MeterSphere远程代码执行漏洞
4. 攻击[41870]:恶意软件LifeCalendarWorm挖矿程序连接DNS服务器
5. 攻击[41873]:恶意软件Windows/Rukap_o网络通信
6. 攻击[41872]:恶意软件Windows/Prometei_o网络通信
7. 攻击[41871]:恶意软件Linux/Momentum_a网络通信
8. 攻击[25492]:Genexis Platinum 4410 远程代码执行漏洞 (CVE-2021-29003)
9. 攻击[41874]:firepass代理连接建立

更新规则:
1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26941. This package include changed rules:

new rules:
1. threat[25490]:go-http-tunnel Tunnel Communication
2. threat[50616]:DNS tunnel communication is established through SSH connection
3. threat[25491]:MeterSphere Remote Code Execution Vulnerability
4. threat[41870]:The Malware LifeCalendarWorm Mining Program Connects To DNS Server
5. threat[41873]:Malware Windows/Rukap_o Network Communication
6. threat[41872]:Malware Windows/Prometei_o Network Communication
7. threat[41871]:Malware Linux/Momentum_a Network Communication
8. threat[25492]:Genexis Platinum 4410 Remote Code Execution Vulnerability (CVE-2021-29003)
9. threat[41874]:Firepass proxy connection establishment

update rules:
1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-14 16:56:00
名称: eoi.unify.allrulepatch.ips.5.6.10.26897.rule 版本:5.6.10.26897
MD5:d6f6e57aa64f0975337966d02dbc4fde 大小:26.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26897。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25488]:Netgear NETGEAR 命令注入漏洞(CVE-2021-33514)
2. 攻击[25489]:Apache httpd mod_proxy Unix Socket 服务器端请求伪造漏洞 (CVE-2021-40438)
3. 应用:TRDP

更新规则:
1. 应用:opcua
2. 应用:sip
3. 应用:mqtt
4. 应用:rssp


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26897. This package include changed rules:

new rules:
1. threat[25488]:Netgear NETGEAR Command Injection Vulnerability(CVE-2021-33514)
2. threat[25489]:Apache httpd mod_proxy Unix Socket Server-Side Request Forgery Vulnerability (CVE-2021-40438)
3. app:TRDP

update rules:
1. app:opcua
2. app:sip
3. app:mqtt
4. app:rssp


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2022-01-07 09:08:03
名称: eoi.unify.allrulepatch.ips.5.6.10.26861.rule 版本:5.6.10.26861
MD5:bf343514c182d5dc7161a0f541f768d6 大小:26.82M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26861。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25485]:Persistent Systems Radia Client Automation命令执行漏洞(CVE-2015-1497)
2. 攻击[25487]:IBM Tivoli Storage Manager FastBack Server Opcode命令注入漏洞(CVE-2015-1949)
3. 攻击[30784]:Atlassian Confluence Server S端点信息泄露漏洞(CVE-2021-26085)
4. 应用:Yaskawa Robot
5. 应用:beckhoff_ads
6. 应用:codesys2
7. 应用:ANKONG500
8. 应用:Fanuc-CNC
9. 应用:vertx-edge
10. 应用:GIOP

更新规则:
1. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞
2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
3. 应用:MODBUS
4. 应用:UMAS
5. 应用:MELSECQ


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26861. This package include changed rules:

new rules:
1. threat[25485]:Persistent Systems Radia Client Automation Command Execution Vulnerability(CVE-2015-1497)
2. threat[25487]:IBM Tivoli Storage Manager FastBack Server Opcode Command Injection Vulnerability(CVE-2015-1949)
3. threat[30784]:Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability(CVE-2021-26085)
4. app:Yaskawa Robot
5. app:beckhoff_ads
6. app:codesys2
7. app:ANKONG500
8. app:Fanuc-CNC
9. app:vertx-edge
10. app:GIOP

update rules:
1. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability
2. threat[49014]:Mining program query DNS mine pool server domain name
3. app:MODBUS
4. app:UMAS
5. app:MELSECQ


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-30 17:45:35
名称: eoi.unify.allrulepatch.ips.5.6.10.26805.rule 版本:5.6.10.26805
MD5:ff27479d575a9426e279dfea400786a1 大小:26.80M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26805。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25479]:Adobe Acrobat and Acrobat Reader DC AcroForm Field Format Action释放后重用漏洞(CVE-2021-39840)
2. 攻击[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL注入漏洞(CVE-2021-38393)
3. 攻击[25481]:Adobe Acrobat and Acrobat Reader DC AcroForm buttonGetCaption释放后重用漏洞(CVE-2021-39838)
4. 攻击[25482]:GitLab Community and Enterprise Edition Branch Name 跨站脚本漏洞(CVE-2021-22241)
5. 攻击[25483]:HAProxy HTTP 头处理整数溢出漏洞(CVE-2021-40346)
6. 攻击[25484]:Grafana跨站脚本漏洞(CVE-2021-41174)
7. 攻击[41868]:恶意软件windows/ZeuS.ZbotCQJ_a僵尸网络通信

更新规则:
1. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26805. This package include changed rules:

new rules:
1. threat[25479]:Adobe Acrobat and Acrobat Reader DC AcroForm Field Format Action Use After Free Vulnerability(CVE-2021-39840)
2. threat[25480]:Delta Industrial Automation DIAEnergie HandlerAlarmGroup.aspx SQL Injection(CVE-2021-38393)
3. threat[25481]:Adobe Acrobat and Acrobat Reader DC AcroForm buttonGetCaption Use After Free Vulnerability(CVE-2021-39838)
4. threat[25482]:GitLab Community and Enterprise Edition Branch Name Stored Cross-Site Scripting Vulnerability(CVE-2021-22241)
5. threat[25483]:HAProxy HTTP Header Handling Integer Overflow Vulnerability(CVE-2021-40346)
6. threat[25484]:Grafana Labs Grafana Cross-Site Scripting Vulnerability(CVE-2021-41174)
7. threat[41868]:Malware windows/ZeuS.ZbotCQJ_a Botnet Communication

update rules:
1. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-23 17:06:58
名称: eoi.unify.allrulepatch.ips.5.6.10.26749.rule 版本:5.6.10.26749
MD5:c35cab9668b9ec9e2d774b4f9f9a2c8e 大小:26.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26749。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41867]:冰蝎 3.0 beta 9 Webshell 连接(PHP)
2. 攻击[25477]:WordPress LearnPress Plugin存储型跨站脚本漏洞(CVE-2021-39348)
3. 攻击[41866]:恶意软件Trojan.MSIL.Antiresys.A僵尸网络上线通信
4. 应用:ADB

更新规则:
1. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
2. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013)
3. 攻击[25475]:Apache Log4j2 远程代码执行漏洞(CVE-2021-44228)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26749. This package include changed rules:

new rules:
1. threat[41867]:Behinder 3.0 beta 9 Webshell Connect(PHP)
2. threat[25477]:WordPress LearnPress Plugin Profile Settings Stored Cross-Site Scripting Vulnerability(CVE-2021-39348)
3. threat[41866]:Malware Trojan.MSIL.Antiresys.A Botnet Network Communication
4. app:ADB

update rules:
1. threat[49014]:Mining program query DNS mine pool server domain name
2. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013)
3. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-16 17:59:08
名称: eoi.unify.allrulepatch.ips.5.6.10.26706.rule 版本:5.6.10.26706
MD5:36f198e1f17a48ed485b7843e6e84b48 大小:26.77M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26706。该升级包新增/改进的规则有:


更新规则:
1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26706. This package include changed rules:


update rules:
1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-11 00:29:01
名称: eoi.unify.allrulepatch.ips.5.6.10.26697.rule 版本:5.6.10.26697
MD5:070c0efbadf29692f3ad157d7f25d79b 大小:26.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26697。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25475]:Apache Log4j2 远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26697. This package include changed rules:

new rules:
1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-10 04:36:45
名称: eoi.unify.allrulepatch.ips.5.6.10.26681.rule 版本:5.6.10.26681
MD5:16fa86765e7e410862e36a6e8941177f 大小:26.78M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26681。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25471]:VMware vCenter Server目录遍历漏洞 (CVE-2021-22013)
2. 攻击[25472]:VMware vCenter Server服务器端请求伪造(SSRF)漏洞(CVE-2021-21993)
3. 攻击[41864]:恶意软件Trojan.Linux.Orbiteibot.A僵尸网络上线通信
4. 攻击[41865]:恶意软件Trojan.MSIL.Ratblamik.A僵尸网络上线通信
5. 攻击[25473]:泛微e-office 9任意文件上传漏洞
6. 攻击[25474]:Centreon componentTemplates.php SQL注入漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26681. This package include changed rules:

new rules:
1. threat[25471]:VMware vCenter Server Directory Traversal Vulnerability (CVE-2021-22013)
2. threat[25472]:VMware vCenter Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-21993)
3. threat[41864]:Malware Trojan.Linux.Orbiteibot.A Botnet Network Communication
4. threat[41865]:Malware Trojan.MSIL.Ratblamik.A Botnet Network Communication
5. threat[25473]:Weaver e-office 9 Arbitrary File Upload Vulnerability
6. threat[25474]:Centreon componentTemplates.php SQL Injection Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-09 17:25:16
名称: eoi.unify.allrulepatch.ips.5.6.10.26660.rule 版本:5.6.10.26660
MD5:cda0d0e442d293063d65d6a2f3a63d9c 大小:26.77M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26660。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41848]:Earthworm内网穿透工具SSH/Telnet通信
2. 攻击[41859]:恶意软件“匿影”挖矿程序DNS请求连接
3. 攻击[41860]:恶意软件ThanatosMiner挖矿程序DNS请求连接
4. 攻击[41849]:恶意软件MrbMiner挖矿程序DNS请求连接
5. 攻击[41850]:恶意软件Mykings挖矿程序DNS请求连接
6. 攻击[41852]:恶意软件Prometei挖矿程序DNS请求连接
7. 攻击[41853]:恶意软件TeamTNT挖矿程序DNS请求连接
8. 攻击[41851]:恶意软件z0Miner挖矿程序连接DNS服务器
9. 攻击[41854]:恶意软件Cleanfda挖矿程序连接DNS服务器
10. 攻击[41855]:Freakout挖矿程序连接DNS服务器
11. 攻击[41857]:恶意软件GuardMiner挖矿程序连接DNS服务器
12. 攻击[41858]:恶意软件LoggerMiner挖矿程序连接DNS服务器
13. 攻击[41861]:恶意程序DemonBot僵尸网络上线通信
14. 攻击[25470]:恶意挖矿程序ETHMiner获取挖矿任务
15. 攻击[41863]:恶意挖矿程序ETHMiner提交挖矿任务

更新规则:
1. 攻击[49040]:驱动人生下载器木马恶意域名DNS查询


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26660. This package include changed rules:


new rules:
1. threat[41848]:Earthworm Intranet Penetration Tool SSH/Telnet Communication
2. threat[41859]:Malware Blackout Mining Program DNS Request Connection
3. threat[41860]:Malware ThanatosMiner Mining Program DNS Request Connection
4. threat[41849]:Malware MrbMiner Mining Program DNS Request Connection
5. threat[41850]:Malware Mykings Mining Program DNS Request Connection
6. threat[41852]:Malware Prometei Mining Program DNS Request Connection
7. threat[41853]:Malware TeamTNT Mining Program DNS Request Connection
8. threat[41851]:Malware z0Miner mining program connects to DNS server
9. threat[41854]:Malware Cleanfda mining program connects to DNS server
10. threat[41855]:Freakout mining program connects to DNS server
11. threat[41857]:Malware GuardMiner mining program connects to DNS server
12. threat[41858]:Malware LoggerMiner mining program connects to DNS server
13. threat[41861]:Malware DemonBot Botnet Network Communication
14. threat[25470]:Malware Mining ETHMiner Obtains Mining Tasks
15. threat[41863]:Malware Mining ETHMiner Submits Mining Task

update rules:
1. threat[49040]:Driver Talent Downloader Trojan Malicious Domain Name Query


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-12-03 17:40:41
名称: eoi.unify.allrulepatch.ips.5.6.10.26613.rule 版本:5.6.10.26613
MD5:cfd2278f91facdf673b689b706923038 大小:26.75M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26613。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25463]:Hikvision Web Server 命令注入漏洞(CVE-2021-36260)
2. 攻击[25465]:Cisco UCS Director AMF 外部实体注入漏洞
3. 攻击[25464]:天擎终端安全管理系统SQL注入漏洞
4. 攻击[30783]:Schneider Electric C-Bus Toolkit PROJECT RESTORE信息泄露漏洞(CVE-2021-22720)
5. 攻击[25466]:Apache Druid LoadData 任意文件读取漏洞(CVE-2021-36749)

更新规则:
1. 攻击[23853]:Microsoft Edge Remote内存破坏漏洞(CVE-2016-3294)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26613. This package include changed rules:

new rules:
1. threat[25463]:Hikvision Web Server Command Injection Vulnerability(CVE-2021-36260)
2. threat[25465]:Cisco UCS Director AMF External Entity Injection Vulnerability
3. threat[25464]:Tianqing Terminal Security Management System SQL Injection Vulnerability
4. threat[30783]:Schneider Electric C-Bus Toolkit PROJECT RESTORE Information Disclosure Vulnerability(CVE-2021-22720)
5. threat[25466]:Apache Druid LoadData Arbitrary File Read Vulnerability (CVE-2021-36749)

update rules:
1. threat[23853]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-3294)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-26 15:45:37
名称: eoi.unify.allrulepatch.ips.5.6.10.26553.rule 版本:5.6.10.26553
MD5:fde4f9484de0995799113e10f0ee401f 大小:26.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26553。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25458]:AndroRAT隧道工具通信
2. 攻击[25459]:Microsoft Edge 内存破坏漏洞(CVE-2016-3386)
3. 攻击[25460]:Edge浏览器Chakra引擎prototype_concat类型混乱漏洞(CVE-2016-7242)
4. 攻击[25461]:Microsoft Edge Browser Chakra Engine Array.join 类型混乱漏洞(CVE-2016-7189)
5. 攻击[25462]:Microsoft Excel安全特征绕过漏洞(CVE-2021-42292)

更新规则:
1. 攻击[25403]:Jenkins Generic Webhook Trigger 插件外部实体注入漏洞(CVE-2021-21669)
2. 攻击[23961]:Microsoft Internet Explorer/Edge远程内存破坏漏洞(CVE-2016-3382)(MS16-118)
3. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
4. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)
5. 应用:Stratum Mining Protocol
6. 应用:MELSEC-Q


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26553. This package include changed rules:


new rules:
1. threat[25458]:AndroRAT Tunnel Communication
2. threat[25459]:Microsoft Edge Memory Corruption Vulnerability(CVE-2016-3386)
3. threat[25460]:Edge_Chakra__array_prototype_concat_Type_Confusion Vulnerability(CVE-2016-7242)
4. threat[25461]:Microsoft Edge Browser Chakra Engine Array.join Type Confusion(CVE-2016-7189)
5. threat[25462]:Microsoft Excel Security Feature Bypass Vulnerability(CVE-2021-42292)

update rules:
1. threat[25403]:Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability(CVE-2021-21669)
2. threat[23961]:Microsoft Internet Explorer/Edge Remote Memory Corruption Vulnerability(CVE-2016-3382)(MS16-118)
3. threat[49014]:Mining program query DNS mine pool server domain name
4. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)
5. app:Stratum Mining Protocol
6. app:MELSEC-Q


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-19 13:40:14
名称: eoi.unify.allrulepatch.ips.5.6.10.26523.rule 版本:5.6.10.26523
MD5:c941f7f359a6dc1111596ced4f7ba7d9 大小:26.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26523。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25455]:Dell EMC VMAX目录遍历漏洞(CVE-2018-1215)
2. 攻击[30782]:Microsoft Internet Explorer和Edge信息泄露漏洞(CVE-2016-7195)
3. 攻击[25457]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7283) (MS16-144)
4. 攻击[25446]:Nagios XI Bulk Modification Tool bulkmodifications.inc.php SQL注入漏洞(CVE-2021-37350)

更新规则:
1. 攻击[25105]:Apache SkyWalking GraphQL 协议 SQL注入漏洞(CVE-2020-9483)
2. 攻击[22796]:Apache Struts远程代码执行漏洞 (CVE-2013-2251)
3. 攻击[23991]:Fastjson远程代码执行漏洞
4. 攻击[23904]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7201)(MS16-129)
5. 攻击[23875]:IE vb脚本 VbsStrComp类型混乱漏洞(CVE-2016-3385)
6. 攻击[23888]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7190)(MS16-119)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26523. This package include changed rules:


new rules:
1. threat[25455]:Dell EMC VMAX Directory Traversal Vulnerability(CVE-2018-1215)
2. threat[30782]:Microsoft Internet Explorer and Edge Information Disclosure Vulnerability(CVE-2016-7195)
3. threat[25457]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-7283) (MS16-144)
4. threat[25446]:Nagios XI Bulk Modification Tool bulkmodifications.inc.php SQL Injection Vulnerability(CVE-2021-37350)
update rules:
1. threat[25105]:Apache SkyWalking GraphQL Protocol SQL Injection Vulnerability(CVE-2020-9483)
2. threat[22796]:Apache Struts Remote Code Execution(CVE-2013-2251)
3. threat[23991]:Fastjson Remote Code Execution Vulnerability
4. threat[23904]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7201)(MS16-129)
5. threat[23875]:IE_vbscript_VbsStrComp_Type_Confusion Vulnerability(CVE-2016-3385)
6. threat[23888]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2016-7190)(MS16-119)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-12 09:22:18
名称: eoi.unify.allrulepatch.ips.5.6.10.26476.rule 版本:5.6.10.26476
MD5:d5d26d64d0950594350c4d027b2b65b7 大小:26.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26476。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25450]:GitLab远程命令执行漏洞(CVE-2021-22205)
2. 攻击[25451]:Adobe Acrobat DC SMask越界写漏洞(CVE-2021-39843)
3. 攻击[25452]:Delta Industrial Automation DIAEnergie Handler_CFG.aspx SQL注入漏洞(CVE-2021-32983)
4. 攻击[25453]:Quest NetVault Backup 认证绕过漏洞(CVE-2018-1163)
5. 攻击[25454]:Google Golang Get命令注入漏洞(CVE-2018-7187)

更新规则:
1. 攻击[41473]:HTTP/2 HEADERS和CONTINUATION帧连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26476. This package include changed rules:

new rules:
1. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205)
2. threat[25451]:Adobe Acrobat DC SMask Out of Bounds Write Vulnerability(CVE-2021-39843)
3. threat[25452]:Delta Industrial Automation DIAEnergie Handler_CFG.aspx SQL Injection Vulnerability(CVE-2021-32983)
4. threat[25453]:Quest NetVault Backup Authentication Bypass Vulnerability(CVE-2018-1163)
5. threat[25454]:Google Golang Get Command Injection Vulnerability(CVE-2018-7187)

update rules:
1. threat[41473]:HTTP/2 HEADERS and CONTINUATION connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-11-05 10:14:29
名称: eoi.unify.allrulepatch.ips.5.6.10.26440.rule 版本:5.6.10.26440
MD5:46bcbf64e6df781ac4f7599ed628266d 大小:26.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26440。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25443]:Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-40487)
2. 攻击[25444]:Flarum存储型跨站脚本漏洞(CVE-2021-32671)
3. 攻击[25445]:Flarum反射型跨站脚本漏洞(CVE-2021-32671)
4. 攻击[25447]:Nagios XI Manage My Dashboards Page存储型跨站脚本漏洞(CVE-2021-38156)
5. 攻击[25448]:Advantech R-SeeNet 反射型跨站脚本漏洞(CVE-2021-21799)
6. 攻击[25449]:XXL-JOB(REST接口)未授权远程执行漏洞

更新规则:
1. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)
2. 攻击[25442]:Schneider Electric C-Bus Toolkit 文件上传漏洞(CVE-2021-22719)
3. 应用:MODBUS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26440. This package include changed rules:

new rules:
1. threat[25443]:Microsoft SharePoint Server Remote Code Execution Vulnerability(CVE-2021-40487)
2. threat[25444]:Flarum Stored Core Cross-Site Scripting Vulnerability(CVE-2021-32671)
3. threat[25445]:Flarum Reflected Core Cross-Site Scripting Vulnerability(CVE-2021-32671)
4. threat[25447]:Nagios XI Manage My Dashboards Page Stored Cross-Site Scripting Vulnerability(CVE-2021-38156)
5. threat[25448]:Advantech R-SeeNet Reflected Cross-Site Scripting Vulnerability(CVE-2021-21799)
6. threat[25449]:XXL-JOB (REST API) Unauthorized Remote Code Execution Vulnerability

update rules:
1. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)
2. threat[25442]:Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Vulnerability(CVE-2021-22719)
3. app:MODBUS


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-29 09:31:15
名称: eoi.unify.allrulepatch.ips.5.6.10.26408.rule 版本:5.6.10.26408
MD5:22aefd96c7d18a80b64915ee4733fd9a 大小:26.70M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26408。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25435]:Apache HTTP Server 目录遍历漏洞(CVE-2021-41773)(CVE-2021-42013)
2. 攻击[25436]:Adobe Acrobat Reader DC EScript.api Thermometer Object释放后重用漏洞(CVE-2021-28640)
3. 攻击[25437]:WordPress Automattic WooCommerce Blocks插件SQL注入漏洞(CVE-2021-32789)
4. 攻击[25438]:Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS释放后重用漏洞(CVE-2021-28639)
5. 攻击[25439]:Eaton IPM removeBackground任意文件删除漏洞(CVE-2021-23278)
6. 攻击[25440]:Eaton IPM removeFirmware任意文件删除漏洞(CVE-2021-23278)
7. 攻击[25441]:Schneider Electric C-Bus Toolkit 目录遍历漏洞(CVE-2021-22717)
8. 攻击[25442]:Schneider Electric C-Bus Toolkit 文件上传漏洞(CVE-2021-22719)

更新规则:
1. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
2. 攻击[10139]:Linux Kernel SNMP NAT Helper远程拒绝服务攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26408. This package include changed rules:

new rules:
1. threat[25435]:Apache HTTP Server Directory Traversal Vulnerability(CVE-2021-41773)(CVE-2021-42013)
2. threat[25436]:Adobe Acrobat Reader DC EScript.api Thermometer Object Use After Free Vulnerability(CVE-2021-28640)
3. threat[25437]:WordPress Automattic WooCommerce Blocks Plugin SQL Injection Vulnerability(CVE-2021-32789)
4. threat[25438]:Adobe Acrobat Reader DC Window Procedure WM_SETFOCUS Use After Free Vulnerability(CVE-2021-28639)
5. threat[25439]:Eaton IPM removeBackground Arbitrary File Deletion Vulnerability(CVE-2021-23278)
6. threat[25440]:Eaton IPM removeFirmware Arbitrary File Deletion Vulnerability(CVE-2021-23278)
7. threat[25441]:Schneider Electric C-Bus Toolkit ACCESS SAVE Command Directory Traversal Vulnerability(CVE-2021-22717)
8. threat[25442]:Schneider Electric C-Bus Toolkit FILE UPLOAD Unrestricted File Upload Vulnerability(CVE-2021-22719)

update rules:
1. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704)
2. threat[10139]:Linux Kernel SNMP NAT Helper Remote Denial of Service


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-22 09:10:55
名称: eoi.unify.allrulepatch.ips.5.6.10.26362.rule 版本:5.6.10.26362
MD5:241d68ee63b31ef36c8bf416db2f2c23 大小:26.67M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26362。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25428]:Microsoft Windows Print Spooler远程代码执行漏洞(CVE-2021-34527)
2. 攻击[25429]:Nagios XI Switch Wizard Switch.inc.php命令注入漏洞(CVE-2021-37344)
3. 攻击[25430]:Netgear ProSAFE NMS300 MibController realName 目录遍历漏洞(CVE-2021-27276)
4. 攻击[25431]:Oracle Business Intelligence AMF反序列化漏洞(CVE-2021-2456)
5. 攻击[30780]:Oracle Business Intelligence XML外部实体注入漏洞(CVE-2021-2401)
6. 攻击[25432]:Atlassian JIRA Data Center不安全反序列化漏洞(CVE-2020-36239)
7. 攻击[25433]:Nagios Log Server Audit Log And Alert History 反射型跨站脚本漏洞(CVE-2021-35478)

更新规则:
1. 攻击[50593]:Redis认证失败
2. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
3. 攻击[25427]:Advantech R-SeeNet跨站脚本漏洞(CVE-2021-21800)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26362. This package include changed rules:

new rules:
1. threat[25428]:Microsoft Windows Print Spooler Code Execution Vulnerability(CVE-2021-34527)
2. threat[25429]:Nagios XI Switch Wizard Switch.inc.php Command Injection Vulnerability(CVE-2021-37344)
3. threat[25430]:Netgear ProSAFE NMS300 MibController realName Directory Traversal Vulnerability(CVE-2021-27276)
4. threat[25431]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization Vulnerability(CVE-2021-2456)
5. threat[30780]:Oracle Business Intelligence Publisher XDO XML External Entity Injection Vulnerability(CVE-2021-2401)
6. threat[25432]:Atlassian JIRA Data Center Insecure Deserialization Vulnerability(CVE-2020-36239)
7. threat[25433]:Nagios Log Server Audit Log And Alert History Reflected Cross-Site Scripting Vulnerability(CVE-2021-35478)

update rules:
1. threat[50593]:Redis Authenticated Failed
2. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704)
3. threat[25427]:Advantech R-SeeNet Cross-Site Scripting Vulnerability(CVE-2021-21800)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-14 19:10:38
名称: eoi.unify.allrulepatch.ips.5.6.10.26316.rule 版本:5.6.10.26316
MD5:4c18e4d8f6e54de26dce93a8fa2910a6 大小:26.67M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26316。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25426]:Advantech R-SeeNet 命令注入漏洞(CVE-2021-21805)
2. 攻击[25427]:Advantech R-SeeNet跨站脚本漏洞(CVE-2021-21800)

更新规则:
1. 攻击[25425]:Microsoft MSHTML 远程代码执行漏洞(CVE-2021-40444)
2. 攻击[25424]:Netgear ProSAFE NMS300命令注入漏洞(CVE-2021-27273)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26316. This package include changed rules:

new rules:
1. threat[25426]:Advantech R-SeeNet Command Injection Vulnerability(CVE-2021-21805)
2. threat[25427]:Advantech R-SeeNet Cross-Site Scripting Vulnerability(CVE-2021-21800)

update rules:
1. threat[25425]:Microsoft MSHTML Remote Code Execution Vulnerability(CVE-2021-40444)
2. threat[25424]:Netgear ProSAFE NMS300 Command Injection Vulnerability(CVE-2021-27273)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-10-08 10:12:50
名称: eoi.unify.allrulepatch.ips.5.6.10.26306.rule 版本:5.6.10.26306
MD5:07e8035dc72fe807ee43edca8e507d2a 大小:26.66M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26306。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25422]:Microsoft Visual Studio Code 扩展命令注入漏洞(CVE-2021-28472)
2. 攻击[25424]:Netgear ProSAFE NMS300命令注入漏洞(CVE-2021-27273)
3. 攻击[25423]:Adobe Acrobat and Acrobat Reader DC AcroForm addField释放后重用漏洞(CVE-2021-28635)
4. 攻击[25425]:Microsoft MSHTML 远程代码执行漏洞(CVE-2021-40444)

更新规则:
1. 攻击[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php系统命令注入漏洞(CVE-2021-25298)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26306. This package include changed rules:

new rules:
1. threat[25422]:Microsoft Visual Studio Code Extension Command Injection Vulnerability(CVE-2021-28472)
2. threat[25424]:Netgear ProSAFE NMS300 Command Injection Vulnerability(CVE-2021-27273)
3. threat[25423]:Adobe Acrobat and Acrobat Reader DC AcroForm addField Use After Free Vulnerability(CVE-2021-28635)
4. threat[25425]:Microsoft MSHTML Remote Code Execution Vulnerability(CVE-2021-40444)

update rules:
1. threat[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php OS Command Injection Vulnerability(CVE-2021-25298)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-30 16:17:44
名称: eoi.unify.allrulepatch.ips.5.6.10.26278.rule 版本:5.6.10.26278
MD5:e82ce9d41fd1a69f40a8e2b6a4d96104 大小:26.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26278。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25416]:phpMyAdmin跨站点请求伪造漏洞(CVE-2019-12922)
2. 攻击[25415]:Nginx越界读取缓存漏洞(CVE-2017-7529)
3. 攻击[25417]:Apache Struts OGNL 远程代码执行漏洞
4. 攻击[25418]:Python PIL/Pillow远程命令执行漏洞(Ghostscript)(CVE-2018-16509)
5. 攻击[25420]:phpMyAdmin lint.php本地文件包含漏洞(CVE-2018-12613)
6. 攻击[25419]:Advantech iView getPSInventoryInfo SQL注入漏洞(CVE-2021-32932)
7. 攻击[25421]:Advantech R-SeeNet device_graph_page.php跨站脚本漏洞(CVE-2021-21801)

更新规则:
1. 攻击[24497]:Python PIL 远程命令执行漏洞(CVE-2017-8291)
2. 攻击[24849]:通达OA任意文件上传漏洞
3. 攻击[24794]:通达OA任意文件包含漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26278. This package include changed rules:

new rules:
1. threat[25416]:phpMyAdmin Cross Site Request Forgery Vulnerability(CVE-2019-12922)
2. threat[25415]:Nginx Out-of-bounds Read Cache Vulnerability(CVE-2017-7529)
3. threat[25417]:Apache Struts OGNL Remote Code Execution Vulnerability
4. threat[25418]:Python PIL/Pillow Remote Code Execution Vulnerability(Ghostscript)(CVE-2018-16509)
5. threat[25420]:phpMyAdmin lint.php Local File Inclusion Vulnerability(CVE-2018-12613)
6. threat[25419]:Advantech iView getPSInventoryInfo SQL Injection Vulnerability(CVE-2021-32932)
7. threat[25421]:Advantech R-SeeNet device_graph_page.php Cross-Site Scripting Vulnerability(CVE-2021-21801)

update rules:
1. threat[24497]:Python PIL Remote Command Execution Vulnerability (CVE-2017-8291)
2. threat[24849]:TongDa OA arbitrary file upload vulnerability
3. threat[24794]:Tongda OA Arbitrary File Contains Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-23 18:36:42
名称: eoi.unify.allrulepatch.ips.5.6.10.26245.rule 版本:5.6.10.26245
MD5:686edf11d5d5d25289f9114500f5f568 大小:26.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26245。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25410]:Apache ActiveMQ 反序列化漏洞(CVE-2015-5254)
2. 攻击[25411]:Weblogic 二次序列化漏洞(CVE-2021-2135)
3. 攻击[25412]:Jenkins Extra Columns 插件存储型跨站脚本漏洞(CVE-2021-21630)
4. 攻击[25413]:Apache Tomcat Session远程代码执行漏洞(CVE-2020-9484)
5. 攻击[25414]:Jenkins Scriptler 插件存储型跨站点脚本漏洞(CVE-2021-21667)
6. 应用:达梦数据库

更新规则:
1. 攻击[25409]:Zoho ManageEngine ServiceDesk Plus远程命令执行漏洞(CVE-2021-20081)
2. 攻击[41843]:Zgrab 扫描攻击探测
3. 攻击[25145]:Weblogic Server远程代码执行漏洞(CVE-2021-2109)
4. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26245. This package include changed rules:


new rules:
1. threat[25410]:Apache ActiveMQ Deserialization Vulnerability (CVE-2015-5254)
2. threat[25411]:Weblogic Secondary Serialization Vulnerability(CVE-2021-2135)
3. threat[25412]:Jenkins Extra Columns Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21630)
4. threat[25413]:Apache Tomcat Session Remote Code Execution Vulnerability(CVE-2020-9484)
5. threat[25414]:Jenkins Scriptler Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21667)
6. app:add

update rules:
1. threat[25409]:Zoho ManageEngine ServiceDesk Plus Custom Schedules Arbitrary Command Execution Vulnerability(CVE-2021-20081)
2. threat[41843]:Zgrab scan attack detection
3. threat[25145]:Weblogic Server Remote Code Execution Vulnerability(CVE-2021-2109)
4. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-16 17:19:42
名称: eoi.unify.allrulepatch.ips.5.6.10.26200.rule 版本:5.6.10.26200
MD5:a2d583e2c6bcac093b792b7e1760cf26 大小:26.62M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26200。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25404]:Zoho ManageEngine Applications Manager跨站脚本漏洞(CVE-2021-31813)
2. 攻击[41843]:Zgrab 扫描攻击探测
3. 攻击[25406]:Spring 框架反射型文件下载漏洞(CVE-2020-5421)
4. 攻击[25407]:Oracle Weblogic WLS组件远程代码执行漏洞(CVE-2018-3191)
5. 攻击[25408]:Oracle Weblogic远程代码执行漏洞(CVE-2018-3245)
6. 攻击[25409]:Zoho ManageEngine ServiceDesk Plus远程命令执行漏洞(CVE-2021-20081)

更新规则:
1. 攻击[24851]:Spring Security OAuth 远程代码执行漏洞(CVE-2016-4977)
2. 攻击[41842]:Mozi 僵尸网络通信
3. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)
4. 攻击[23783]:nginx文件类型错误解析漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26200. This package include changed rules:

new rules:
1. threat[25404]:Zoho ManageEngine Applications Manager UserConfigurationAction Cross-Site Scripting(CVE-2021-31813)
2. threat[41843]:Zgrab scan attack detection
3. threat[25406]:Spring Framework Reflective File Download Vulnerability(CVE-2020-5421)
4. threat[25407]:Oracle Weblogic WLS Core Components Remote Code Execution Vulnerability(CVE-2018-3191)
5. threat[25408]:Oracle Weblogic Remote Code Execution Vulnerability(CVE-2018-3245)
6. threat[25409]:Zoho ManageEngine ServiceDesk Plus Custom Schedules Arbitrary Command Execution Vulnerability(CVE-2021-20081)

update rules:
1. threat[24851]:Spring Security OAuth remote code execution vulnerability (CVE-2016-4977)
2. threat[41842]:Mozi Botnet Communication
3. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)
4. threat[23783]:nginx Incorrect File Type Parse Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-10 09:24:27
名称: eoi.unify.allrulepatch.ips.5.6.10.26154.rule 版本:5.6.10.26154
MD5:22d76111cc3e4452b6a08967f63c7deb 大小:26.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26154。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25400]:Jenkins Config File Provider 组件外部实体注入漏洞(CVE-2021-21642)
2. 攻击[25401]:SolarWinds Network Performance Monitor反序列化漏洞(CVE-2021-31474)
3. 攻击[25402]:Zoho ManageEngine ADSelfService Plus命令注入漏洞(CVE-2021-28958)
4. 攻击[25403]:Jenkins Generic Webhook Trigger 插件外部实体注入漏洞(CVE-2021-21669)
5. 攻击[25404]:Zoho ManageEngine Applications Manager跨站脚本漏洞(CVE-2021-31813)
6. 攻击[25405]:Atlassian Confluence远程代码执行漏洞(CVE-2021-26084)
7. 应用:OPC DA
8. 应用:OPC AE

更新规则:
1. 攻击[24276]:Apache HTTP Server远程安全限制绕过漏洞(CVE-2017-15715)
2. 攻击[66200]:Microsoft Windows 远程桌面代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26154. This package include changed rules:

new rules:
1. threat[25400]:Jenkins Config File Provider Plugin External Entity Injection Vulnerability(CVE-2021-21642)
2. threat[25401]:SolarWinds Network Performance Monitor FromJson Insecure Deserialization(CVE-2021-31474)
3. threat[25402]:Zoho ManageEngine ADSelfService Plus Password Command Injection(CVE-2021-28958)
4. threat[25403]:Jenkins Generic Webhook Trigger Plugin External Entity Injection Vulnerability(CVE-2021-21669)
5. threat[25404]:Zoho ManageEngine Applications Manager UserConfigurationAction Cross-Site Scripting(CVE-2021-31813)
6. threat[25405]:Atlassian Confluence Remote Code Execution Vulnerability(CVE-2021-26084)
7. app:OPC DA
8. app:OPC AE

update rules:
1. threat[24276]:Apache HTTP Server Remote Security Limit Bypass Vulnerability (CVE-2017-15715)
2. threat[66200]:Microsoft Windows Remote Desktop Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-09-02 20:31:12
名称: eoi.unify.allrulepatch.ips.5.6.10.26127.rule 版本:5.6.10.26127
MD5:41446e62ba65e121bf5686a81221f9f6 大小:26.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26127。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25395]:JBoss Application Server EJBInvokerServlet 远程代码执行漏洞(CVE-2013-4810)
2. 攻击[25396]:JBoss Application Server JMXInvokerServlet 反序列化漏洞(CVE-2015-7501)
3. 攻击[25397]:Adobe ColdFusion 反序列化漏洞(CVE-2017-3066)
4. 攻击[41842]:WorkMiner 僵尸网络通信

更新规则:
1. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635)
2. 攻击[24109]:Apache Solr/LuceneXML实体扩展漏洞(XXE)(CVE-2017-12629)
3. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193)
4. 攻击[22038]:HTTPDX h_handlepeer() Function缓冲区溢出漏洞
5. 攻击[30779]:Netgear ProSAFE NMS300 ConfigFileController 任意文件读取(CVE-2021-27275)
6. 攻击[25391]:Netgear ProSAFE NMS300M FileUploadController 任意文件上传(CVE-2021-27274)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26127. This package include changed rules:

new rules:
1. threat[25395]:Boss Application Server EJBInvokerServlet Remote Code Execution Vulnerability(CVE-2013-4810)
2. threat[25396]:JBoss Application Server JMXInvokerServlet Deserialization Vulnerability(CVE-2015-7501)
3. threat[25397]:Adobe ColdFusion Deserialization Vulnerability(CVE-2017-3066)
4. threat[41842]:WorkMiner Botnet Communication

update rules:
1. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635)
2. threat[24109]:Apache Solr/LuceneXML Entity Extension Vulnerability (XXE) (CVE-2017-12629)
3. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193)
4. threat[22038]:HTTPDX h_handlepeer() Function Buffer Overflow Vulnerability
5. threat[30779]:Netgear ProSAFE NMS300 ConfigFileController getFileContext Arbitrary File Read(CVE-2021-27275)
6. threat[25391]:Netgear ProSAFE NMS300M FileUploadController Unrestricted File Upload(CVE-2021-27274)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-27 15:31:27
名称: eoi.unify.allrulepatch.ips.5.6.10.26071.rule 版本:5.6.10.26071
MD5:724ca482bdf0c26269ccfd58ca315cb5 大小:26.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26071。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10529]:OpenLDAP slapd Search断言失败拒绝服务漏洞(CVE-2021-27212)
2. 攻击[25384]:Schneider Electric C-Bus Toolkit 目录遍历漏洞(CVE-2021-22718)
3. 攻击[25385]:Ruby Net::FTP 命令注入漏洞(CVE-2017-17405)
4. 攻击[25383]:Apache OFBiz任意文件上传漏洞(CVE-2021-37608)
5. 攻击[25388]:VMware vCenter Server 远程代码执行漏洞(CVE-2021-21985)
6. 攻击[25386]:Nagios XI email地址存储型跨站脚本漏洞
7. 攻击[25387]:Nagios XI Custom-includes Manage.php目录遍历(CVE-2021-3277)
8. 攻击[30779]:Netgear ProSAFE NMS300 ConfigFileController 任意文件读取(CVE-2021-27275)
9. 攻击[25390]:Netgear ProSAFE NMS300 FileUploadUtils目录遍历
10. 攻击[25391]:Netgear ProSAFE NMS300M FileUploadController 无限制文件上传(CVE-2021-27274)
11. 攻击[25392]:Apache Spark未授权远程代码执行漏洞(REST方式)
12. 攻击[25393]:Fortinet FortiWeb 远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26071. This package include changed rules:

new rules:
1. threat[10529]:OpenLDAP slapd Search Assertion Failure Denial of Service Vulnerability(CVE-2021-27212)
2. threat[25384]:Schneider Electric C-Bus Toolkit Directory Traversal(CVE-2021-22718)
3. threat[25385]:Ruby Net::FTP Command Injection Vulnerability(CVE-2017-17405)
4. threat[25383]:Apache OFBiz Arbitrary File Upload Vulnerability(CVE-2021-37608)
5. threat[25388]:VMware vCenter Server Remote Code Execution Vulnerability(CVE-2021-21985)
6. threat[25386]:Nagios XI Account Email Address Stored Cross-Site Scripting
7. threat[25387]:Nagios XI Custom-includes Manage.php Rename_file Directory Traversal(CVE-2021-3277)
8. threat[30779]:Netgear ProSAFE NMS300 ConfigFileController getFileContext Arbitrary File Read(CVE-2021-27275)
9. threat[25390]:Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal
10. threat[25391]:Netgear ProSAFE NMS300M FileUploadController Unrestricted File Upload(CVE-2021-27274)
11. threat[25392]:Apache Spark Unauthorized Remote Code Execution Vulnerability (REST)
12. threat[25393]:Fortinet FortiWeb OS Command Injection Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-25 16:11:32
名称: eoi.unify.allrulepatch.ips.5.6.10.26038.rule 版本:5.6.10.26038
MD5:61a2325713bf1c73b75436f4da6b5dbb 大小:26.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26038。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25379]:Zoho ManageEngine Applications Manager Displayname 存储型跨站脚本漏洞
2. 攻击[25381]:Zoho ManageEngine Applications Manager URL monitor SQL注入漏洞
3. 攻击[25382]:OpenEMR phpGACL edit_group.php SQL注入漏洞(CVE-2020-13568)

更新规则:
1. 攻击[25378]:Jenkins 多个插件外部实体注入漏洞(CVE-2021-21659)(CVE-2021-21658)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26038. This package include changed rules:

new rules:
1. threat[25379]:Zoho ManageEngine Applications Manager Displayname Stored Cross-Site Scripting Vulnerability
2. threat[25381]:Zoho ManageEngine Applications Manager URL monitor SQL Injection Vulnerability
3. threat[25382]:OpenEMR phpGACL edit_group.php SQL Injection Vulnerability(CVE-2020-13568)

update rules:
1. threat[25378]:Jenkins Multiple Plugins External Entity Injection Vulnerability(CVE-2021-21659)(CVE-2021-21658)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-12 18:18:04
名称: eoi.unify.allrulepatch.ips.5.6.10.26005.rule 版本:5.6.10.26005
MD5:e4a8d5b25198363bcbaa99a511e73309 大小:26.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.26005。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25374]:ThinkPHP 2.x/3.0 远程代码执行漏洞
2. 攻击[25375]:SEO Panel反射型跨站脚本漏洞(CVE-2021-3002)
3. 攻击[25376]:TamronOS IPTV系统任意命令执行漏洞
4. 攻击[25377]:Gitlab服务器端请求伪造(SSRF)漏洞(CVE-2021-22214)
5. 攻击[25371]:Jenkins Active Choices 组件存储型跨站脚本漏洞(CVE-2021-21616)
6. 攻击[25372]:Jenkins Claim组件存储型跨站脚本漏洞(CVE-2021-21619)

更新规则:
1. 攻击[41702]:Nmap扫描攻击探测
2. 攻击[41060]:木马后门程序PHP一句话木马


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.26005. This package include changed rules:

new rules:
1. threat[25374]:ThinkPHP 2.x/3.0 Remote Code Execution Vulnerability
2. threat[25375]:SEO Panel Reflected Cross-Site Scripting Vulnerability(CVE-2021-3002)
3. threat[25376]:TamronOS IPTV System Arbitrary Command Execution Vulnerability
4. threat[25377]:Gitlab Server-Side Request Forgery(SSRF) Vulnerability(CVE-2021-22214)
5. threat[25371]:Jenkins Active Choices Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21616)
6. threat[25372]:Jenkins Claim Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21619)

update rules:
1. threat[41702]:Nmap scan attack detection
2. threat[41060]:Trojan/Backdoor General PHP trojan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-08-05 19:55:16
名称: eoi.unify.allrulepatch.ips.5.6.10.25946.rule 版本:5.6.10.25946
MD5:923eca2519f6b7b5a44a90816b9e0fe9 大小:26.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25946。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25363]:Netgate pfSense services_wol_edit.php 存储型跨站脚本漏洞(CVE-2021-27933)
2. 攻击[25364]:Cisco HyperFlex HX Auth远程代码执行漏洞(CVE-2021-1497)
3. 攻击[25366]:GitLab Graphql信息泄露漏洞(CVE-2020-26413)
4. 攻击[25367]:Citrix XenMobile 任意文件读取漏洞(CVE-2020-8209)
5. 攻击[25370]:Apache Pulsar JSON Web Token 认证绕过漏洞(CVE-2021-22160)
6. 攻击[25368]:IceWarp WebClient 跨站脚本漏洞(CVE-2020-25925)
7. 攻击[25369]:IceWarp WebClient basic 远程命令执行漏洞
8. 攻击[25365]:Cisco HyperFlex HX storfs-asup远程代码执行漏洞(CVE-2021-1498)

更新规则:
1. 攻击[63144]:Microsoft Windows注册表写入尝试
2. 攻击[63143]:Microsoft Windows注册表读取尝试


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25946. This package include changed rules:

new rules:
1. threat[25363]:Netgate pfSense services_wol_edit.php Stored Cross-Site Scripting Vulnerability(CVE-2021-27933)
2. threat[25364]:Cisco HyperFlex HX Auth Remote Command Execution Vulnerability(CVE-2021-1497)
3. threat[25366]:GitLab Graphql Information Disclosure Vulnerability(CVE-2020-26413)
4. threat[25367]:Citrix XenMobile Arbitrary File Read Vulnerability(CVE-2020-8209)
5. threat[25370]:Apache Pulsar JSON Web Token Authentication Bypass Vulnerability(CVE-2021-22160)
6. threat[25368]:IceWarp WebClient Cross Site Scripting Vulnerability(CVE-2020-25925)
7. threat[25369]:IceWarp WebClient basic Remote Command Execution Vulnerability
8. threat[25365]:Cisco HyperFlex HX storfs-asup Remote Command Execution Vulnerability(CVE-2021-1498)

update rules:
1. threat[63144]:Microsoft Windows Registry Write Attempt
2. threat[63143]:Microsoft Windows Registry Read Attempt


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-29 17:44:21
名称: eoi.unify.allrulepatch.ips.5.6.10.25909.rule 版本:5.6.10.25909
MD5:2b21ddb476221f42436d39147e76f8cf 大小:26.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25909。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25354]:phpMyadmin Scripts/setup.php反序列化漏洞
2. 攻击[25355]:Siemens SINEC NMS目录遍历漏洞(CVE-2020-25237)
3. 攻击[25356]:Adobe ColdFusion管理控制台目录遍历漏洞(CVE-2010-2861 )
4. 攻击[25357]:VMware vRealize Operations任意文件写入漏洞(CVE-2021-21983)
5. 攻击[25358]:WordPress 外部实体注入漏洞(CVE-2021-29447)
6. 攻击[25353]:Zoho ManageEngine应用管理器存储型跨站点脚本漏洞
7. 攻击[25359]:Jenkins Credentials Plugin 反射型跨站脚本漏洞(CVE-2021-21648)
8. 攻击[25361]:Apache Dubbo YAML不安全反序列化漏洞(CVE-2021-30180)
9. 攻击[25362]:Apache Dubbo Script Routing 远程代码执行漏洞(CVE-2021-30181)
10. 攻击[25360]:Jenkins Dashboard View Plugin 存储型跨站脚本漏洞(CVE-2021-21649)

更新规则:
1. 攻击[25122]:XStream任意文件删除漏洞(CVE-2020-26259)
2. 攻击[25336]:Microsoft Internet Explorer 内存破坏漏洞(CVE-2021-26411)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25909. This package include changed rules:

new rules:
1. threat[25354]:phpMyadmin Scripts/setup.php Deserialization Vulnerability
2. threat[25355]:Siemens SINEC NMS Directory Traversal Vulnerability(CVE-2020-25237)
3. threat[25356]:Adobe ColdFusion Administrator Console Directory Traversal Vulnerability(CVE-2010-2861 )
4. threat[25357]:VMware vRealize Operations Arbitrary File Write Vulnerability(CVE-2021-21983)
5. threat[25358]:WordPress External Entity Injection Vulnerability(CVE-2021-29447)
6. threat[25353]:Zoho ManageEngine Applications Manager Program Stored Cross-Site Scripting Vulnerability
7. threat[25359]:Jenkins Credentials Plugin Reflected Cross-Site Scripting Vulnerability(CVE-2021-21648)
8. threat[25361]:Apache Dubbo Unsafe YAML Unmarshalling Vulnerability(CVE-2021-30180)
9. threat[25362]:Apache Dubbo Script Routing Remote Code Execution Vulnerability(CVE-2021-30181)
10. threat[25360]:Jenkins Dashboard View Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21649)

update rules:
1. threat[25122]:XStream Arbitrary File Deletion Vulnerability (CVE-2020-26259)
2. threat[25336]:Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2021-26411)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-22 17:53:38
名称: eoi.unify.allrulepatch.ips.5.6.10.25836.rule 版本:5.6.10.25836
MD5:83325c77d948eb4a148cb2c7b463a666 大小:26.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25836。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25347]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2020-10204)
2. 攻击[25352]:Struts2远程命令执行漏洞(CVE-2017-12611)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25836. This package include changed rules:

new rules:
1. threat[25347]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2020-10204)
2. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-15 17:43:27
名称: eoi.unify.allrulepatch.ips.5.6.10.25814.rule 版本:5.6.10.25814
MD5:0357629b4e31e9f19694838793f019ef 大小:26.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25814。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30778]:Oracle E-Business电子商务套件iStore跨站脚本注入漏洞(CVE-2021-2182)
2. 攻击[25341]:Saltstack SaltStack Salt 目录遍历漏洞(CVE-2021-25282)
3. 攻击[25342]:Gitea 1.4.0 目录穿越漏洞
4. 攻击[25343]:YAPI Mock功能远程代码执行漏洞
5. 攻击[25340]:Apache Dubbo反序列化漏洞(CVE-2021-25641)
6. 攻击[25339]:Websvn 2.6.0 - 远程代码执行漏洞(CVE-2021-32305)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25814. This package include changed rules:

new rules:
1. threat[30778]:Oracle E-Business Suite iStore Cross-Site Scripting Vulnerability(CVE-2021-2182)
2. threat[25341]:Saltstack SaltStack Salt Directory Traversal Vulnerability(CVE-2021-25282)
3. threat[25342]:Gitea 1.4.0 Directory Traversal Vulnerability
4. threat[25343]:YAPI Mock Script Remote Code Execution Vulnerability
5. threat[25340]:Apache Dubbo Unsafe Deserialization Vulnerability(CVE-2021-25641)
6. threat[25339]:Websvn 2.6.0 - Remote Code Execution Vulnerability(CVE-2021-32305)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-13 10:19:32
名称: eoi.unify.allrulepatch.ips.5.6.10.25788.rule 版本:5.6.10.25788
MD5:f6b218299dea52e8920ecca5eee54ff4 大小:26.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25788。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25335]:Apache Airflow 1.10.10 远程代码执行漏洞(CVE-2020-11978)
2. 攻击[25337]:VMware vCenter Server Tar 目录遍历漏洞(CVE-2021-21972)
3. 攻击[25338]:Umbraco CMS 存储型跨站脚本漏洞(CVE-2020-5810)

更新规则:
1. 攻击[25326]:Microsoft Windows Print Spooler权限提升漏洞(CVE-2021-1675,CVE-2021-34527)
2. 攻击[21374]:Apache Struts远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25788. This package include changed rules:

new rules:
1. threat[25335]:Apache Airflow 1.10.10 Remote Code Execution Vulnerability(CVE-2020-11978)
2. threat[25337]:VMware vCenter Server Tar Directory Traversal Vulnerabilty(CVE-2021-21972)
3. threat[25338]:Umbraco CMS Stored Cross-Site Scripting(CVE-2020-5810)

update rules:
1. threat[25326]:Microsoft Windows Print Spooler Privilege Escalation Vulnerability(CVE-2021-1675,CVE-2021-34527)
2. threat[21374]:Apache Struts Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-06 15:38:18
名称: eoi.unify.allrulepatch.ips.5.6.10.25756.rule 版本:5.6.10.25756
MD5:91c3107978775fb6f35a7702f0b35442 大小:26.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25753。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25326]:Microsoft Windows Print Spooler权限提升漏洞(CVE-2021-1675)
2. 攻击[25327]:OpenEMR Usergroup_admin.php存储型跨站脚本漏洞
3. 攻击[25328]:Oracle商务组件Common Applications Calendar跨站脚本漏洞(CVE-2021-2114)
4. 攻击[25330]:OpenEMR patient_report.php 存储型跨站脚本漏洞(CVE-2021-25921)
5. 攻击[25331]:phpGACL acl_admin.php反射型跨站脚本漏洞(CVE-2020-13562)
6. 攻击[25332]:AMD Gaming Evolved产品plays.tv远程命令执行漏洞(CVE-2018-6546)
7. 攻击[25333]:Microsoft Scripting Engine内存破坏漏洞(CVE-2021-31959)
8. 攻击[25329]:Netgear ProSAFE NMS300 SettingConfigController 命令注入漏洞(CVE-2021-27273)
9. 攻击[25325]:Netgear ProSAFE NMS300 ReportTemplateController 任意文件删除漏洞(CVE-2021-27272)

更新规则:
1. 攻击[24840]:jboss反序列化漏洞(CVE-2017-7504)
2. 攻击[25283]:Tenda USAC15 addWifiMacFilter缓冲区溢出(CVE-2018-18731)
3. 攻击[41768]:哥斯拉Godzilla Webshell PHP脚本上传
4. 攻击[25236]:致远OA远程命令执行漏洞 - post请求
5. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25753. This package include changed rules:

new rules:
1. threat[25326]:Microsoft Windows Print Spooler Privilege Escalation Vulnerability(CVE-2021-1675)
2. threat[25327]:OpenEMR Usergroup_admin.php Stored Cross-Site Scripting
3. threat[25328]:Oracle E-Business Suite Common Applications Calendar Cross-Site Scripting Vulnerability(CVE-2021-2114)
4. threat[25330]:OpenEMR patient_report.php Stored Cross-Site Scripting Vulnerability(CVE-2021-25921)
5. threat[25331]:phpGACL acl_admin.php Reflected Cross-Site Scripting Vulnerability(CVE-2020-13562)
6. threat[25332]:AMD Gaming Evolved plays.tv Remote Command Execution Vulnerability(CVE-2018-6546)
7. threat[25333]:Microsoft Scripting Engine Memory Corruption Vulnerability(CVE-2021-31959)
8. threat[25329]:Netgear ProSAFE NMS300 SettingConfigController Command Injection Vulnerability(CVE-2021-27273)
9. threat[25325]:Netgear ProSAFE NMS300 ReportTemplateController Arbitrary File Deletion Vulnerability(CVE-2021-27272)

update rules:
1. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504)
2. threat[25283]:Tenda USAC15 addWifiMacFilter Buffer Overflow Vulnerability(CVE-2018-18731)
3. threat[41768]:Godzilla Webshell PHP Scripts Upload
4. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request
5. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-07-02 15:22:32
名称: eoi.unify.allrulepatch.ips.5.6.10.25687.rule 版本:5.6.10.25687
MD5:ff7646e0736e4ce4a762c027eb0be3b1 大小:26.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25687。该升级包新增/改进的规则有:

更新规则:
1. 攻击[29001]:Web服务远程SQL注入攻击可疑行为(startracker)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25687. This package include changed rules:

update rules:
1. threat[29001]:Web Service Remote SQL Injection Suspicious Behavior(startracker)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-06-22 15:47:26
名称: eoi.unify.allrulepatch.ips.5.6.10.25623.rule 版本:5.6.10.25623
MD5:0ec270485d4750f8c37a9a22c2a01703 大小:26.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25623。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25311]:伊顿智能电源管理器任意文件删除漏洞(CVE-2021-23279)
2. 攻击[25312]:用友NC6.5 bsh.servlet.BshServlet 远程命令执行漏洞
3. 攻击[25313]:Microsoft Exchange 服务器端请求伪造(SSRF)漏洞(CVE-2021-26855)
4. 攻击[25314]:Jenkins参数插件存储型跨站点脚本漏洞(CVE-2021-21622)
5. 攻击[25317]:Foxit Reader and PhantomPDF Field Format Event 释放后重用漏洞(CVE-2020-13560)
6. 攻击[25319]:OpenEMR Backup.php命令注入漏洞(CVE-2020-36243)
7. 攻击[25320]:PHP 8.1.0-dev 后门远程命令执行漏洞
8. 攻击[25315]:F5 BIG-IP 认证绕过漏洞(CVE-2021-22986)

更新规则:
1. 攻击[24567]:泛微e-cology/用友NC OA系统BeanShell远程代码执行漏洞
2. 攻击[25314]:Jenkins Artifact Repository参数插件存储型跨站点脚本漏洞(CVE-2021-21622)
3. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞(CVE-2020-17144)
4. 攻击[24539]:Drupal Core远程代码执行漏洞(CVE-2019-6339)
5. 应用:向日葵远控


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25623. This package include changed rules:

new rules:
1. threat[25311]:Eaton Intelligent Power Management Arbitrary File Deletion Vulnerability(CVE-2021-23279)
2. threat[25312]:Yonyou NC6.5 bsh.servlet.BshServlet Remote Command Execution Vulnerability
3. threat[25313]:Microsoft Exchange Server Side Request Forgery(SSRF) Vulnerability(CVE-2021-26855)
4. threat[25314]:Jenkins Parameter Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21622)
5. threat[25317]:Foxit Reader and PhantomPDF Field Format Event Use After Free(CVE-2020-13560)
6. threat[25319]:OpenEMR Backup.php Command Injection Vulnerability(CVE-2020-36243)
7. threat[25320]:PHP 8.1.0-dev Backdoor Remote Command Execution Vulnerability
8. threat[25315]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2021-22986)

update rules:
1. threat[24567]:Weaver e-cology/Yonyou NC OA System BeanShell Remote Code Execution Vulnerability
2. threat[25314]:Jenkins Artifact Repository Parameter Plugin Stored Cross Site Scripting Vulnerability(CVE-2021-21622)
3. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144)
4. threat[24539]:Drupal Core Remote Code Execution Vulnerability(CVE-2019-6339)
5. app:sunlogin


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-06-10 17:37:16
名称: eoi.unify.allrulepatch.ips.5.6.10.25571.rule 版本:5.6.10.25571
MD5:7611a93a9a3ad48db4686a98112e685b 大小:26.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25571。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25310]:Apache Druid JDBC连接属性远程代码执行漏洞(CVE-2021-26919)
2. 攻击[30776]:Apache Tapestry 信息泄漏漏洞(CVE-2021-27850)
3. 攻击[41821]:ABPTTS隧道工具通信

更新规则:
1. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播
2. 攻击[25206]:Advantech iView 目录遍历漏洞(CVE-2020-16245)
3. 攻击[25308]:H3C IMC智能管理中心远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25571. This package include changed rules:

new rules:
1. threat[25310]:Apache Druid JDBC connection properties Remote Code Execution Vulnerability(CVE-2021-26919)
2. threat[30776]:Apache Tapestry Information Disclosure Vulnerablity(CVE-2021-27850)
3. threat[41821]:ABPTTS Tunnel Communication

update rules:
1. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread
2. threat[25206]:Advantech iView Directory Traversal Vulnerability(CVE-2020-16245)
3. threat[25308]:H3C IMC Intelligent Management Center Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-06-03 16:45:54
名称: eoi.unify.allrulepatch.ips.5.6.10.25537.rule 版本:5.6.10.25537
MD5:1e846a995d3dbf22d595b1348e28ba86 大小:26.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25537。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25301]:WordPress Plugin Stop Spammers 'log' 反射型跨站脚本漏洞(CVE-2021-24245)
2. 攻击[25303]:Apache Cocoon XML外部实体注入漏洞(CVE-2020-11991)
3. 攻击[25300]:CMS Made Simple Smarty 服务端模板注入漏洞(CVE-2021-26120)
4. 攻击[25304]:Tenda USAC15 WriteFacMac远程代码执行漏洞(CVE-2018-16334)
5. 攻击[25306]:Microsoft Visual Studio Code Maven For Java Extension远程代码执行漏洞(CVE-2021-27084)
6. 攻击[41820]:HTTP CRLF注入攻击
7. 攻击[25307]:FreePBX 1314文件名命令注入漏洞

更新规则:
1. 攻击[23817]:wget下载重定向任意文件写入漏洞(CVE-2016-4971)
2. 攻击[24173]:Magento 2.0.6反序列化远程代码执行漏洞(CVE-2016-4010)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25537. This package include changed rules:

new rules:
1. threat[25301]:WordPress Plugin Stop Spammers 'log' Reflected Cross-site Scripting Vulnerability(CVE-2021-24245)
2. threat[25303]:Apache Cocoon XML External Entity Injection Vulnerability (CVE-2020-11991)
3. threat[25300]:CMS Made Simple Smarty Serverside Template Injection Vulnerability(CVE-2021-26120)
4. threat[25304]:Tenda USAC15 WriteFacMac Remote Code Execution Vulnerability(CVE-2018-16334)
5. threat[25306]:Microsoft Visual Studio Code Maven For Java Extension Remote Code Execution Vulnerability(CVE-2021-27084)
6. threat[41820]:HTTP CRLF Injection Attack
7. threat[25307]:Freepbx 1314 Filename Command Injection Vulnerability

update rules:
1. threat[23817]:wget Download Redirection Arbitrary Files Written Vulnerability(CVE-2016-4971)
2. threat[24173]:Magento 2.0.6 Unserialize Remote Code Execution Vulnerability(CVE-2016-4010)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-27 18:44:31
名称: eoi.unify.allrulepatch.ips.5.6.10.25506.rule 版本:5.6.10.25506
MD5:bcac790a6a3e4bc439cae034c261d9e0 大小:26.42M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25506。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25294]:Advantech iView ZTPConfigTable SQL注入漏洞(CVE-2021-22654)
2. 攻击[25295]:Jenkins Repository Connector Plugin 存储型跨站脚本漏洞(CVE-2021-21618)
3. 攻击[25296]:Apache Superset Markdown Component存储型XSS漏洞(CVE-2021-27907)
4. 攻击[25297]:Microsoft SharePoint远程代码执行漏洞(CVE-2021-31181)
5. 攻击[25298]:金山V8 终端安全系统任意文件读取漏洞
6. 攻击[25299]:XStream反序列化远程代码执行漏洞(CVE-2021-29505)

更新规则:
1. 攻击[25292]:Adobe Magento DownloadCss跨站脚本漏洞(CVE-2021-21029)
2. 攻击[25294]:Advantech iView ZTPConfigTable SQL注入漏洞(CVE-2021-22654)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25506. This package include changed rules:

new rules:
1. threat[25294]:Advantech iView ZTPConfigTable SQL Injection(CVE-2021-22654)
2. threat[25295]:Jenkins Repository Connector Plugin Stored Cross-Site Scripting Vulnerability(CVE-2021-21618)
3. threat[25296]:Apache Superset Markdown Component Stored Cross Site Scripting Vulnerability(CVE-2021-27907)
4. threat[25297]:Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2021-31181)
5. threat[25298]:Kingsoft V8 Terminal Security System Arbitrary File Read Vulnerability
6. threat[25299]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-29505)

update rules:
1. threat[25292]:Adobe Magento DownloadCss Cross Site Scripting Vulnerability(CVE-2021-21029)
2. threat[25294]:Advantech iView ZTPConfigTable SQL Injection Vulnerability(CVE-2021-22654)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-21 09:27:05
名称: eoi.unify.allrulepatch.ips.5.6.10.25483.rule 版本:5.6.10.25483
MD5:12df24f96e2b57a7399a6d666b446bf2 大小:26.40M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25483。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25293]:ExifTool远程代码执行漏洞(CVE-2021-22204)
2. 攻击[25291]:Microsoft IIS HTTP协议栈远程代码执行漏洞(CVE-2021-31166)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25483. This package include changed rules:

new rules:
1. threat[25293]:ExifTool Remote Code Execution Vulnerability(CVE-2021-22204)
2. threat[25291]:Microsoft IIS HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2021-31166)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-17 22:39:08
名称: eoi.unify.allrulepatch.ips.5.6.10.25433.rule 版本:5.6.10.25433
MD5:7b983d80c786bc96db925768e9e6c9c5 大小:26.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25433。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25277]:Linksys远程代码执行漏洞(CNVD-2014-01260)
2. 攻击[25275]:HUAWEI HG532e 命令注入漏洞(CVE-2017-17215)
3. 攻击[25282]:Tenda USAC15 SetSambaCfg命令注入漏洞(CVE-2018-18728)
4. 攻击[25280]:Tenda AC15 Cookie远程代码执行漏洞(CVE-2018-5767)
5. 攻击[10521]:Tenda USAC15 setMacFilterCfg远程代码执行(CVE-2018-18708)
6. 攻击[25283]:Tenda USAC15 addWifiMacFilter缓冲区溢出(CVE-2018-18731)
7. 攻击[25278]: Linksys wap54gv3远程代码执行漏洞
8. 攻击[25279]:Tenda USAC9 setUsbUnload远程命令注入漏洞(CVE-2018-14558、CVE-2020-10987)
9. 攻击[25286]:VMware View Planner logupload 目录遍历漏洞(CVE-2021-21978)

更新规则:
1. 攻击[10520]:OpenSSL服务重协商处理空指针引用漏洞(CVE-2021-3449)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25433. This package include changed rules:


new rules:
1. threat[25277]:Linksys Remote Code Execution Vulnerability(CNVD-2014-01260)
2. threat[25275]:HUAWEI HG532e Command Injection Vulnerability
3. threat[25282]:Tenda USAC15 SetSambaCfg Command Injection Vulnerability
4. threat[25280]:Tenda AC15 Cookie Remote Code Execution Vulnerability
5. threat[10521]:Tenda USAC15 setMacFilterCfg Remote Code Execution Vulnerability
6. threat[25283]:Tenda USAC15 addWifiMacFilter Buffer Overflow Vulnerability
7. threat[25278]:Linksys wap54gv3 Remote Code Execution Vulnerability
8. threat[25279]:Tenda USAC9 setUsbUnload Remote Command Injection Vulnerability
9. threat[25286]:VMware View Planner logupload Directory Traversal Vulnerability(CVE-2021-21978)

update rules:
1. threat[10520]:OpenSSL Server Renegotiation Handling NULL Pointer Dereference Vulnerability(CVE-2021-3449)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-13 17:01:07
名称: eoi.unify.allrulepatch.ips.5.6.10.25418.rule 版本:5.6.10.25418
MD5:48bdc63c84e66a6748fee4511269c6ce 大小:26.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25418。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41818]:DarkSide勒索软件与C2服务器通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25418. This package include changed rules:

new rules:
1. threat[41818]:Ransomware DarkSide Communication with C2 Server


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-11 16:35:58
名称: eoi.unify.allrulepatch.ips.5.6.10.25365.rule 版本:5.6.10.25365
MD5:beb0a731a94224c6f1b4d6d3c8b9ee0b 大小:26.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25365。该升级包新增/改进的规则有:

新增规则:
1. 攻击[50605]:Weblogic T3协议连接
2. 攻击[10520]:OpenSSL服务重协商处理空指针引用漏洞(CVE-2021-3449)
3. 攻击[50606]:Weblogic GIOP/IIOP协议连接

更新规则:
1. 攻击[25272]:D-Link DIR645敏感信息泄露漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25365. This package include changed rules:

new rules:
1. threat[50605]:Weblogic T3 Protocol Connection
2. threat[10520]:OpenSSL Server Renegotiation Handling NULL Pointer Dereference Vulnerability(CVE-2021-3449)
3. threat[50606]:Weblogic GIOP/IIOP Protocol Connection

update rules:
1. threat[25272]:D-Link DIR645 Sensitive Information Disclosure Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-05-07 16:51:45
名称: eoi.unify.allrulepatch.ips.5.6.10.25343.rule 版本:5.6.10.25343
MD5:04274d322f426c6a275dec302b914073 大小:26.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25343。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25268]:电信网关配置管理系统默认弱口令登录
2. 攻击[41816]:Reverse DNS Shell隧道通信
3. 攻击[41817]:Cobalt Strike渗透攻击工具EXE感染程序传播
4. 攻击[25270]:NETGEAR WND930远程代码执行漏洞
5. 攻击[25271]:NETGEAR WND930 mfgwrite.php远程代码执行漏洞
6. 攻击[25272]:D-Link DIR645敏感信息泄露漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25343. This package include changed rules:

new rules:
1. threat[25268]:Telecom Gateway Configuration Management System default weak password login
2. threat[41816]:Reverse DNS Shell Tunnel Communication
3. threat[41817]:Penetration Test Tool Cobalt Strike EXE Infection Program Spread
4. threat[25270]:NETGEAR WND930 Remote Code Execution Vulnerability
5. threat[25271]:NETGEAR WND930 mfgwrite.php Remote Code Execution Vulnerability
6. threat[25272]:D-Link DIR645 Sensitive Information Disclosure Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-30 13:14:48
名称: eoi.unify.allrulepatch.ips.5.6.10.25307.rule 版本:5.6.10.25307
MD5:91364415d5798ba2bffcf3a4a06288c1 大小:26.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25307。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25263]:亿邮电子邮件系统远程命令执行漏洞
2. 攻击[25264]:Google Chrome远程代码执行漏洞(CVE-2021-21220)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25307. This package include changed rules:

new rules:
1. threat[25263]:eyou Email System Remote Command Execution Vulnerability
2. threat[25264]:Google Chrome Remote Code Execution Vulnerability(CVE-2021-21220)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-20 19:43:55
名称: eoi.unify.allrulepatch.ips.5.6.10.25296.rule 版本:5.6.10.25296
MD5:51a069d2b5cda834d30d9864bbf14a2b 大小:26.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25296。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25262]:泛微OA9任意文件上传漏洞
2. 攻击[25260]:哥斯拉Godzilla ASP_AES_BASE64 Webshell 连接
3. 攻击[25261]:哥斯拉Godzilla ASP_AES_RAW Webshell 连接




注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25296. This package include changed rules:

new rules:
1. threat[25262]:Weaver OA9 Arbitrary File Upload Vulnerability
2. threat[25260]:Godzilla ASP_AES_BASE64 Webshell Connect
3. threat[25261]:Godzilla ASP_AES_RAW Webshell Connect



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-18 22:30:09
名称: eoi.unify.allrulepatch.ips.5.6.10.25280.rule 版本:5.6.10.25280
MD5:30419566e5224baf951100b7634233b9 大小:26.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25280。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25253]:锐捷NBR路由器EWEB网管系统远程命令执行漏洞(CNVD-2021-09650)
2. 攻击[25255]:联软IT运维安全管理系统任意文件上传漏洞
3. 攻击[25256]:哥斯拉Godzilla JAVA_AES_RAW Webshell 连接
4. 攻击[25257]:冰蝎 3.0 beta 3 Webshell 连接(PHP)
5. 攻击[25258]:TongWeb隐藏控制接口



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25280. This package include changed rules:

new rules:
1. threat[25253]:Ruijie NBR Routers EWEB Remote Command Execution Vulnerability(CNVD-2021-09650)
2. threat[25255]:Leagsoft IT Security Management System Arbitrary File Upload Vulnerability
3. threat[25256]:Godzilla JAVA_AES_RAW Webshell Connect
4. threat[25257]:Behinder 3.0 beta 3 Webshell Connect(PHP)
5. threat[25258]:TongWeb Hidden Control Interface



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-15 22:05:34
名称: eoi.unify.allrulepatch.ips.5.6.10.25263.rule 版本:5.6.10.25263
MD5:28f2527d54df66ed18dacd54b978bcb6 大小:26.34M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25263。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25251]:Jira SSRF 跳转漏洞(CVE-2017-9506)
2. 攻击[25252]:哥斯拉Godzilla JAVA_AES_BASE64 Webshell 连接
3. 攻击[41814]:敏感脚本文件上传

更新规则:
1. 攻击[25236]:致远OA远程命令执行漏洞 - post请求
2. 攻击[41700]:Sqlmap扫描攻击探测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25263. This package include changed rules:

new rules:
1. threat[25251]:Jira SSRF Vulnerability(CVE-2017-9506)
2. threat[25252]:Godzilla JAVA_AES_BASE64 Webshell Connect
3. threat[41814]:Upload of sensitive script files

update rules:
1. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request
2. threat[41700]:Sqlmap scan attack detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-14 23:21:51
名称: eoi.unify.allrulepatch.ips.5.6.10.25241.rule 版本:5.6.10.25241
MD5:53e1ca164205dbaf619fb18bc8cc86f4 大小:26.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25241。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25242]:三星路由器远程命令执行漏洞
2. 攻击[25243]:ShopXO任意文件读取漏洞
3. 攻击[25245]:金山终端安全系统V8/V9任意文件上传漏洞
4. 攻击[25246]:银澎云计算 好视通视频会议系统 任意文件下载漏洞
5. 攻击[25247]:银澎云计算 好视通视频会议系统 任意文件下载漏洞
6. 攻击[25248]:爱快路由任意文件读取漏洞
7. 攻击[30771]:海康威视流媒体管理服务器任意文件读取(CNVD-2021-14544)
8. 攻击[25249]:禅道 8.2.6 SQL注入漏洞
9. 攻击[25250]:锐捷Smartweb管理系统信息泄露漏洞

更新规则:
1. 攻击[68654]:可疑Webshell脚本文件上传行为
2. 攻击[41700]:Sqlmap扫描攻击探测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25241. This package include changed rules:

new rules:
1. threat[25242]:Samsung WLAN AP Remote Command Execution Vulnerability
2. threat[25243]:ShopXO Arbitrarily File Read Vulnerability
3. threat[25245]:Kingsoft Terminal Security System V8/V9 File Upload Vulnerability
4. threat[25246]:Yinpeng cloud computing FastMeeting Arbitary file download vulnerability
5. threat[25247]:Yonyou ERP-NC directory traversal vulnerability
6. threat[25248]:iKuai Router Arbitrarily File Read Vulnerability
7. threat[30771]:Hikvision Streaming Media Management Server Arbitrary File Reading (CNVD-2021-14544)
8. threat[25249]:Zentao 8.2.6 SQL Injection Vulnerability
9. threat[25250]:Ruijie SmartWeb Management System Information Leak Vulnerability

update rules:
1. threat[68654]:Suspicious Webshell Script Files Upload Behavior
2. threat[41700]:Sqlmap scan attack detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-14 17:23:31
名称: eoi.unify.allrulepatch.ips.5.6.10.25209.rule 版本:5.6.10.25209
MD5:6b4fc77770e6bd21e4b65eb34eba1697 大小:26.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25209。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25239]:用友NC6.5 未授权反序列化漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25209. This package include changed rules:

new rules:
1. threat[25239]:Yonyou NC6.5 Unauthorized Deserialization Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-11 00:11:16
名称: eoi.unify.allrulepatch.ips.5.6.10.25201.rule 版本:5.6.10.25201
MD5:d40d26d1ad0cb1bcdc068cdd8979cbc6 大小:26.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25201。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25235]:Apache OFBiz RMI 反序列化漏洞(CVE-2021-26295)
2. 攻击[25236]:致远OA远程命令执行漏洞 - post请求

更新规则:
1. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25201. This package include changed rules:

new rules:
1. threat[25235]:Apache OFBiz RMI Deserialization Vulnerability(CVE-2021-26295)
2. threat[25236]:Seeyon OA Remote Command Execution Vulnerability - post request

update rules:
1. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-09 23:05:32
名称: eoi.unify.allrulepatch.ips.5.6.10.25193.rule 版本:5.6.10.25193
MD5:e9ef27f2cc838e8faa7c637617718584 大小:26.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25193。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25220]:Nagios XI 5.7.5 HTTP Request Windowswmi.inc.ph系统命令注入漏洞(CVE-2021-25296)
2. 攻击[25221]:Nagios XI 5.7.5 HTTP Request switch.inc.php 系统命令注入漏洞(CVE-2021-25297)
3. 攻击[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php系统命令注入漏洞(CVE-2021-25298)
4. 攻击[25223]:Nagios XI 5.7.5 sshterm.php跨站脚本漏洞(CVE-2021-25299)
5. 攻击[25224]:QuarkMail远程命令执行漏洞
6. 攻击[25225]:Nagios XI 5.5.10 跨站脚本漏洞
7. 攻击[25226]:帆软报表Remote Command Execution漏洞
8. 攻击[25228]:Vanderbilt IP Camera 远程凭据泄露漏洞
9. 攻击[25229]:帆软 V9getshell FineReport - 任意文件上传
10. 攻击[25231]:和信创天云桌面文件上传漏洞
11. 攻击[25232]:Zabbix 2.2 - 3.0.3 远程代码执行漏洞
12. 攻击[25233]:泛微OA任意文件上传漏洞

更新规则:
1. 攻击[25078]:禅道项目管理系统远程文件包含漏洞
2. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25193. This package include changed rules:

new rules:
1. threat[25220]:Nagios XI 5.7.5 HTTP Request Windowswmi.inc.php OS Command Injection Vulnerability(CVE-2021-25296)
2. threat[25221]:Nagios XI 5.7.5 HTTP Request switch.inc.php OS Command Injection Vulnerability(CVE-2021-25297)
3. threat[25222]:Nagios XI 5.7.5 HTTP Request cloud-vm.inc.php OS Command Injection Vulnerability(CVE-2021-25298)
4. threat[25223]:Nagios XI 5.7.5 sshterm.php Cross Site Scripting Vulnerability(CVE-2021-25299)
5. threat[25224]:QuarkMail Remote Command Execution Vulnerability
6. threat[25225]:Nagios XI 5.5.10 XSS vulnerability
7. threat[25226]:Fine Report Remote Command Execution Vulnerability
8. threat[25228]:Vanderbilt IP Camera Remote Credential Vulnerability
9. threat[25229]:FineReport V9 getshell - Arbitrary File Upload
10. threat[25231]:Hexinchuang Tianyun Desktop File Upload Vulnerability
11. threat[25232]:Zabbix 2.2-3.0.3 Remote Code Execution Vulnerability
12. threat[25233]:Weaver OA Arbitrary File Upload

update rules:
1. threat[25078]:Zentao PMS Remote File Inclusion Vulnerability
2. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-09 02:21:13
名称: eoi.unify.allrulepatch.ips.5.6.10.25157.rule 版本:5.6.10.25157
MD5:d2046707321568f004ab3abdf363401e 大小:26.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25157。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25214]:泛微OA系统keywordid SQL注入漏洞
2. 攻击[25215]:Zabbix远程代码执行漏洞(CVE-2020-11800)
3. 攻击[25217]:泛微OA sysinterface/codeEdit.jsp任意文件上传漏洞
4. 攻击[25218]:JBoss 5.x和6.x 反序列化漏洞(CVE-2017-12149)
5. 攻击[25219]:GitLab 12.9.0 任意文件读取漏洞(CVE-2020-10977)

更新规则:
1. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25157. This package include changed rules:

new rules:
1. threat[25214]:Weaver OA system keywordid SQL injection vulnerability
2. threat[25215]:Zabbix Remote Code Execution Vulnerability(CVE-2020-11800)
3. threat[25217]:Weaver OA sysinterface/codeEdit.jsp Arbitrary File Upload Vulnerability
4. threat[25218]:JBoss 5.x and 6.x Deserialization Vulnerabilities (CVE-2017-12149)
5. threat[25219]:GitLab 12.9.0 Read Arbitrary Files Vulnerability(CVE-2020-10977)

update rules:
1. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-07 19:09:51
名称: eoi.unify.allrulepatch.ips.5.6.10.25113.rule 版本:5.6.10.25113
MD5:7bddc28dbadf89bc8fa032e1fe9a803d 大小:26.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.25113。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25205]:趋势科技InterScan Web安全网关DecryptPasswd缓冲区溢出漏洞(CVE-2020-28578)
2. 攻击[25203]:DLink 远程代码执行漏洞 - 任意文件上传(CVE-2021-27249)
3. 攻击[25206]:Advantech iView 目录遍历漏洞(CVE-2020-16245)
4. 攻击[25208]:Apache ActiveMQ任意代码执行漏洞(CVE-2020-11998)
5. 攻击[25211]:Adobe Acrobat Reader DC堆缓冲区溢出漏洞(CVE-2021-21017)
6. 攻击[25212]:Apache ActiveMQ message.jsp跨站脚本XSS漏洞(CVE-2020-13947)
7. 攻击[25210]:趋势科技 InterScan Web Security Virtual Appliance ManageVLANSettings 命令注入漏洞 (CWE-2020-28581)
8. 攻击[25209]:趋势科技 InterScan Web Security Virtual Appliance Password 字段命令注入漏洞 (CVE-2020-8466)
9. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)

更新规则:
1. 攻击[25207]:Advantech WebAccess/NMS 任意文件上传漏洞(CVE-2020-10621)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.25113. This package include changed rules:

new rules:
1. threat[25205]:Trend Micro InterScan Web Security Virtual Appliance DecryptPasswd Buffer Overflow Vulnerability (CVE-2020-28578)
2. threat[25203]:DLink Remote Code Execution - Arbitrary File Upload(CVE-2021-27249)
3. threat[25206]:Advantech iView Directory Traversal Vulnerability(CVE-2020-16245)
4. threat[25208]:Apache ActiveMQ Remote Code Execution Vulnerability(CVE-2020-11998)
5. threat[25211]:Adobe Acrobat Reader DC Heap Buffer Overflow Vulnerability(CVE-2021-21017)
6. threat[25212]:Apache ActiveMQ message.jsp Cross-Site Scripting Vulnerability(CVE-2020-13947)
7. threat[25210]:Trend Micro InterScan Web Security Virtual Appliance ManageVLANSettings Command Injections Vulnerability (CWE-2020-28581)
8. threat[25209]:Trend Micro InterScan Web Security Virtual Appliance Password Command Injection Vulnerability (CVE-2020-8466)
9. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)

update rules:
1. threat[25207]:Advantech WebAccess/NMS Arbitrary File Upload Vulnerability(CVE-2020-10621)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-04-01 17:42:59
名称: eoi.unify.allrulepatch.ips.5.6.10.24993.rule 版本:5.6.10.24993
MD5:7118e4108507f27ef13377363de50238 大小:26.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24993。该升级包新增/改进的规则有:


更新规则:
1. 攻击[41781]:FRP内网穿透工具通信
2. 攻击[21906]:VSFTPD v2.3.4后门命令执行
3. 攻击[68654]:可疑Webshell脚本文件上传行为
4. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞
5. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24993. This package include changed rules:


update rules:
1. threat[41781]:Communication of FRP Intranet Penetration Tool
2. threat[21906]:VSFTPD v2.3.4 Backdoor Command Execution
3. threat[68654]:Suspicious Webshell Script Files Upload Behavior
4. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability
5. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-03-25 23:09:31
名称: eoi.unify.allrulepatch.ips.5.6.10.24933.rule 版本:5.6.10.24933
MD5:261464cde2c40a3b1dc7a6df73a505b1 大小:26.25M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24933。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25183]:Cisco Security Manager AuthTokenServlet 反序列化漏洞(CVE-2020-27131)
2. 攻击[25184]:Foxit Reader and PhantomPDF Choice Field 释放后重用漏洞(CVE-2020-13557)
3. 攻击[10515]:libVNC LibVNCServer 拒绝服务漏洞(CVE-2020-25708)
4. 攻击[25187]:Joomla! CMS mod_breadcrumbs Title 存储型跨站脚本漏洞(CVE-2021-23124)
5. 攻击[25188]:Joomla CMS mod_random_image link 存储型跨站脚本漏洞(CVE-2020-15696)
6. 攻击[25186]:Joomla JCK Editor 6.4.4 - parent SQL注入漏洞(CVE-2018-17254)
7. 攻击[25189]:SolarWinds Orion Platform身份验证绕过漏洞(CVE-2020-10148)
8. 攻击[25190]:Nagios XI autodiscovery_component_update_cron命令注入漏洞(CVE-2020-28648)
9. 攻击[25191]:XStream反序列化远程代码执行漏洞(CVE-2021-21344)
10. 攻击[25192]:Microsoft Exchange New-TransportRule远程代码执行漏洞(CVE-2020-17132)
11. 攻击[25193]:XStream反序列化远程代码执行漏洞(CVE-2021-21345)
12. 攻击[25194]:XStream反序列化远程代码执行漏洞(CVE-2021-21346)
13. 攻击[25195]:Nagios XI Deploy Dashboards 存储型跨站脚本漏洞(CVE-2020-27989)
14. 攻击[25198]:XStream反序列化远程代码执行漏洞(CVE-2021-21351)
15. 攻击[41806]:Agent Tesla窃密软件通信
16. 攻击[25199]:Apache Solr任意文件读取漏洞
17. 攻击[25200]:趋势科技InterScan Web安全网关MailNotification缓冲区溢出漏洞

更新规则:
1. 攻击[25083]:Online Examination System 1.0 - 存储型跨站脚本漏洞
2. 攻击[25177]:NEC ExpressCluster ApplyConfig XML外部实体注入漏洞(CVE-2020-17408)
3. 攻击[50603]:Web服务登录请求


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24933. This package include changed rules:

new rules:
1. threat[25183]:Cisco Security Manager AuthTokenServlet Insecure Deserialization Vulnerability(CVE-2020-27131)
2. threat[25184]:Foxit Reader and PhantomPDF Choice Field Use After Free Vulnerability(CVE-2020-13557)
3. threat[10515]:libVNC LibVNCServer Divide by Zero Denial of Service Vulnerability(CVE-2020-25708)
4. threat[25187]:Joomla! CMS mod_breadcrumbs Title Stored Cross-Site Scripting Vulnerability(CVE-2021-23124)
5. threat[25188]:Joomla CMS mod_random_image link Stored Cross-Site Scripting Vulnerability(CVE-2020-15696)
6. threat[25186]:Joomla JCK Editor 6.4.4 - parent SQL Injection Vulnerability(CVE-2018-17254)
7. threat[25189]:SolarWinds Orion Platform Authentication Bypass Vulnerability(CVE-2020-10148)
8. threat[25190]:Nagios XI autodiscovery_component_update_cron Command Injection Vulnerability(CVE-2020-28648)
9. threat[25191]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21344)
10. threat[25192]:Microsoft Exchange New-TransportRule Remote Code Execution Vulnerability(CVE-2020-17132)
11. threat[25193]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21345)
12. threat[25194]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21346)
13. threat[25195]:Nagios XI Deploy Dashboards Stored Cross-Site Scripting Vulnerability(CVE-2020-27989)
14. threat[25198]:XStream Deserializable Remote Code Execution Vulnerability(CVE-2021-21351)
15. threat[41806]:Agent Tesla Stealing Software Communication
16. threat[25199]:Apache Solr Arbitrarily File Read Vulnerability
17. threat[25200]:Trend Micro InterScan Web Security Virtual Appliance MailNotification Buffer Overflow Vulnerability

update rules:
1. threat[25083]:Online Examination System 1.0 - Stored Cross Site Scripting Vulnerability
2. threat[25177]:NEC ExpressCluster ApplyConfig XML External Entity Injection Vulnerability(CVE-2020-17408)
3. threat[50603]:Web Service Login Request


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-03-19 10:06:20
名称: eoi.unify.allrulepatch.ips.5.6.10.24806.rule 版本:5.6.10.24806
MD5:876c7fd9bd5bb196d32c948e4132220c 大小:26.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24806。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25181]:Tunna http隧道内网代理连接
2. 攻击[25182]:nps http内网代理连接

更新规则:
1. 攻击[41805]:Chisel 内网通信工具特征


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24806. This package include changed rules:

new rules:
1. threat[25181]:Tunna http tunnel proxy connection
2. threat[25182]:nps http proxy connection

update rules:
1. threat[41805]:Chisel Intranet Communication Tool Features


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-03-11 17:51:41
名称: eoi.unify.allrulepatch.ips.5.6.10.24768.rule 版本:5.6.10.24768
MD5:2f1459f5658d86fa04dd70c9cdaa9179 大小:26.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24768。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25177]:NEC ExpressCluster ApplyConfig XML外部实体注入漏洞(CVE-2020-17408)
2. 攻击[25179]:Twitter TwitterServer HistogramQueryHandler XSS 漏洞 (CVE-2020-35774)
3. 攻击[25180]:Webmin Package Updates update.cgi 命令注入漏洞 (CVE-2020-35606)

更新规则:
1. 攻击[41802]:Nemty勒索病毒URI特征


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24768. This package include changed rules:

new rules:
1. threat[25177]:NEC ExpressCluster ApplyConfig XML External Entity Injection Vulnerability(CVE-2020-17408)
2. threat[25179]:Twitter TwitterServer HistogramQueryHandler Cross-Site Scripting Vulnerability (CVE-2020-35774)
3. threat[25180]:Webmin Package Updates update.cgi Command Injection Vulnerability (CVE-2020-35606)

update rules:
1. threat[41802]:Nemty ransomware URI characteristics


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-03-04 17:33:14
名称: eoi.unify.allrulepatch.ips.5.6.10.24719.rule 版本:5.6.10.24719
MD5:bed33cfccd9ffc2414c5dec6a58ed3be 大小:26.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24719。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41802]:Nemty勒索病毒URI特征
2. 攻击[41803]:Nemty勒索病毒DNS特征

更新规则:
1. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24719. This package include changed rules:

new rules:
1. threat[41802]:Nemty ransomware URI characteristics
2. threat[41803]:Nemty Ransomware DNS Features

update rules:
1. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-02-25 17:58:56
名称: eoi.unify.allrulepatch.ips.5.6.10.24659.rule 版本:5.6.10.24659
MD5:51b22a33d6e7f89ca2b963f505773138 大小:26.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24659。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41801]:磊科NR286-GE路由器telnet服务暴露
2. 攻击[25173]:NUUO NVRmini 2 远程代码执行漏洞(CVE-2016-5674)
3. 攻击[25174]:NUUO NVRsolo 远程代码执行漏洞(CVE-2016-5675)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24659. This package include changed rules:

new rules:
1. threat[41801]:Netcore NR286-GE Router telnet Service Exposure
2. threat[25173]:NUUO NVRmini 2 Remote Code Execution Vulnerability(CVE-2016-5674)
3. threat[25174]:NUUO NVRsolo Remote Code Execution Vulnerability(CVE-2016-5675)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-02-19 20:49:18
名称: eoi.unify.allrulepatch.ips.5.6.10.24649.rule 版本:5.6.10.24649
MD5:1b76fd60fe80b808e0ec7bddd3c579ab 大小:26.20M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24649。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25171]:WordPress 5.0.0 - Image远程代码执行漏洞(CVE-2019-89242)
2. 攻击[25172]:Zeroshell cgi-bin/kerbynet远程代码执行漏洞(CVE-2009-0545/CVE-2019-12725/CVE-2020-29390)
3. 攻击[41800]:艾泰进取1200W无线路由器默认telnet服务暴露
4. 攻击[25175]:Mi Casa Verde VeraLite 目录遍历漏洞 (CVE-2013-4861)
5. 攻击[25176]:艾泰进取1200W无线路由器/goform/formTraceRoute远程命令执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24649. This package include changed rules:

new rules:
1. threat[25171]:WordPress 5.0.0 - Image Remote Code Execution Vulnerability(CVE-2019-89242)
2. threat[25172]:Zeroshell cgi-bin/kerbynet Remote Code Execution Vulnerability(CVE-2009-0545/CVE-2019-12725/CVE-2020-29390)
3. threat[41800]:UTT 1200W Wireless Router telnet Service Exposure
4. threat[25175]:Mi Casa Verde VeraLite Directory Traversal Vulnerability (CVE-2013-4861)
5. threat[25176]:UTT 1200W Wireless Router /goform/formTraceRoute Remote Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-02-11 22:53:35
名称: eoi.unify.allrulepatch.ips.5.6.10.24629.rule 版本:5.6.10.24629
MD5:f0e4b4657dd389c086c436af502d1240 大小:26.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24629。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25158]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36183)
2. 攻击[25159]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36184/CVE-2020-36186)
3. 攻击[25160]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36185/CVE-2020-36187)
4. 攻击[25161]:Nagios Log Server Create_Snapshot 存储性跨站脚本漏洞
5. 攻击[25162]:Nagios Log Server Mail Settings 存储性跨站脚本漏洞
6. 攻击[41799]:恶意程序windows/njRAT_a网络通信
7. 攻击[25164]:Ctek SkyRouter cfg_ethping.cgi任意命令执行漏洞(CVE-2011-5010)
8. 攻击[25165]:Linksys WRT110 远程命令执行漏洞(CVE-2013-3568)
9. 攻击[25166]:AirLink101 SkyIPCam1620W远程命令执行漏洞(CVE-2015-2280)
10. 攻击[25163]:Jumpserver v2.6.1 远程命令执行漏洞
11. 攻击[25167]:Quick.CMS 6.7 - 远程代码执行漏洞(CVE-2020-35754)
12. 攻击[25168]:Linksys WAG54G2 远程命令执行漏洞(CVE-2009-5157)
13. 攻击[25169]:LINK-NET LW-N605R远程代码执行漏洞(CVE-2018-16752)

更新规则:
1. 攻击[25128]:Ruijie 路由器Shell注入 - 获取文件
2. 攻击[25153]:Ruijie 路由器Shell注入 - 文件写入
3. 攻击[25154]:Ruijie 路由器Shell注入 - 命令注入
4. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞(CVE-2020-17144)
5. 攻击[25151]:IBM QRadar SIEM RemoteJavaScript 不安全的反序列化漏洞 (CVE-2020-4280)
6. 攻击[25156]:Microsoft Exchange Server ExportExhangeCertificate任意文件写入漏洞(CVE-2020-17083)
7. 攻击[41775]:冰蝎 Webshell 连接(PHP)
8. 攻击[24553]:冰蝎 Webshell 连接(JSP)
9. 攻击[41776]:.冰蝎 Webshell 连接(ASP)
10. 攻击[25090]:Nagios XI CCM admin_views.inc.php任意文件覆盖漏洞
11. 攻击[24535]:Jackson-databind远程代码执行漏洞(CVE-2019-12384/CVE-2020-36189)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24629. This package include changed rules:

new rules:
1. threat[25158]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36183)
2. threat[25159]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36184/CVE-2020-36186)
3. threat[25160]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36185/CVE-2020-36187)
4. threat[25161]:Nagios Log Server Create_Snapshot Stored Cross-Site Scripting Vulnerability
5. threat[25162]:Nagios Log Server Mail Settings Stored Cross-Site Scripting Vulnerability
6. threat[41799]:Malicious program windows/njRAT_a network communication
7. threat[25164]:Ctek SkyRouter cfg_ethping.cgi Remote Command Execution Vulnerability(CVE-2011-5010)
8. threat[25165]:Linksys WRT110 Remote Command Execution Vulnerability(CVE-2013-3568)
9. threat[25166]:AirLink101 SkyIPCam1620W Remote Command Execution Vulnerability(CVE-2015-2280)
10. threat[25163]:Jumpserver v2.6.1 Remote Command Execution Vulnerability
11. threat[25167]:Quick.CMS 6.7 - Remote Code Execution Vulnerability(CVE-2020-35754)
12. threat[25168]:Linksys WAG54G2 Remote Command Execution Vulnerability(CVE-2009-5157)
13. threat[25169]:LINK-NET LW-N605R Remote Code Execution Vulnerability(CVE-2018-16752)

update rules:
1. threat[25128]:Ruijie Router shell injection - Getfile
2. threat[25153]:Ruijie Router shell injection - WriteIn
3. threat[25154]:Ruijie Router shell injection - Command Injection
4. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144)
5. threat[25151]:IBM QRadar SIEM RemoteJavaScript Insecure Deserialization Vulnerability (CVE-2020-4280)
6. threat[25156]:Microsoft Exchange Server ExportExhangeCertificate Arbitrary File Write Vulnerability (CVE-2020-17083)
7. threat[41775]:Behinder Webshell Connect(PHP)
8. threat[24553]:Behinder Webshell Connect(JSP)
9. threat[41776]:.Behinder Webshell Connect(ASP)
10. threat[25090]:Nagios XI CCM admin_views.inc.php Arbitrary File Overwrite Vulnerability
11. threat[24535]:Jackson-databind Remote Code Execution Vulnerability(CVE-2019-12384/CVE-2020-36189)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-02-04 19:53:41
名称: eoi.unify.allrulepatch.ips.5.6.10.24551.rule 版本:5.6.10.24551
MD5:db13975f4c0435f5fc83d690746a1509 大小:26.17M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24551。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25148]:FasterXML jackson-databind远程代码执行漏洞(CVE-2020-36179/CVE-2020-36180/CVE-2020-36181/CVE-2020-36182)
2. 攻击[25146]:Nagios XI 5.7.5 - 存储型跨站脚本漏洞
3. 攻击[25147]:Trend Micro InterScan Messaging PolicyWSAction 外部实体注入漏洞(CVE-2020-27017)
4. 攻击[25155]:Zoho ManageEngine应用程序管理器showMonitorGroupView SQL注入漏洞
5. 攻击[25128]:Ruijie 路由器Shell注入 - 获取文件
6. 攻击[25153]:Ruijie 路由器Shell注入 - 文件写入
7. 攻击[25154]:Ruijie 路由器Shell注入 - 命令注入
8. 攻击[25149]:ImageMagick身份验证命令注入漏洞
9. 攻击[25150]:Microsoft Exchange Server EWS UserConfiguration 不安全的反序列化漏洞(CVE-2020-17144)
10. 攻击[25151]:IBM QRadar SIEM RemoteJavaScript 不安全的反序列化漏洞 (CVE-2020-4280)
11. 攻击[25156]:Microsoft Exchange Server ExportExhangeCertificate任意文件写入漏洞(CVE-2020-17083)
12. 攻击[25157]:PEAR Archive Tar PHAR协议处理反序列化代码执行漏洞
13. 攻击[25145]:Weblogic Server远程代码执行漏洞(CVE-2021-2109)

更新规则:
1. 攻击[24736]:NETGEAR DGN2200 10.0.0.50 授权命令执行漏洞(CVE-2017-6334)
2. 攻击[24772]:ASUS RT-N10+/RT56U 无线路由器代码执行漏洞(CVE-2013-5948)
3. 攻击[24445]:WordPress插件DZS-VideoGallery - 跨站点脚本攻击漏洞(CVE-2014-9094)
4. 攻击[23320]:Fritz!Box Webcm 未认证命令注入漏洞(CVE-2014-9727)
5. 攻击[24735]:NETGEAR DGN2200v1/v2/v3/v4 授权命令注入漏洞(CVE-2017-6077)
6. 攻击[24634]:Zyxel EMG2926家庭路由器命令注入漏洞(CVE-2017-6884)
7. 攻击[22702]:DLink DIR-645 / DIR-815 diagnostic.php 命令注入漏洞
8. 攻击[24745]:Linear eMerge E3访问控制器命令注入(CVE-2019-7256)
9. 攻击[22799]:D-Link Devices UPnP SOAP命令注入
10. 攻击[23733]:D-Link DCS-930L Authenticated 远程命令执行漏洞
11. 攻击[24743]:Netis WF2419 V1.2.31805/V2.2.36123授权命令注入漏洞(CVE-2019-19356)
12. 攻击[24701]:Xfinity Gateway 命令注入漏洞
13. 攻击[50603]:Web服务登录请求


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24551. This package include changed rules:

new rules:
1. threat[25148]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-36179/CVE-2020-36180/CVE-2020-36181/CVE-2020-36182)
2. threat[25146]:Nagios XI 5.7.5 - Persistent Cross-Site Scripting Vulnerability
3. threat[25147]:Trend Micro InterScan Messaging PolicyWSAction External Entity Injection Vulnerability(CVE-2020-27017)
4. threat[25155]:Zoho ManageEngine Applications Manager showMonitorGroupView SQL Injection Vulnerability
5. threat[25128]:Ruijie Router shell injection - Getfile
6. threat[25153]:Ruijie Router shell injection - WriteIn
7. threat[25154]:Ruijie Router shell injection - Command Injection
8. threat[25149]:ImageMagick Authenticate Command Injection Vulnerability
9. threat[25150]:Microsoft Exchange Server EWS UserConfiguration Insecure Deserialization Vulnerability (CVE-2020-17144)
10. threat[25151]:IBM QRadar SIEM RemoteJavaScript Insecure Deserialization Vulnerability (CVE-2020-4280)
11. threat[25156]:Microsoft Exchange Server ExportExhangeCertificate Arbitrary File Write Vulnerability (CVE-2020-17083)
12. threat[25157]:PEAR Archive Tar PHAR Protocol Handling Deserialization Code Execution Vulnerability
13. threat[25145]:Weblogic Server Remote Code Execution Vulnerability(CVE-2021-2109)

update rules:
1. threat[24736]:NETGEAR DGN2200 10.0.0.50 Authorized Command Execution Vulnerability (CVE-2017-6334)
2. threat[24772]:ASUS RT-N10+/RT56U Command Execution Vulnerability(CVE-2013-5948)
3. threat[24445]:WordPress Plugin DZS-VideoGallery - Cross-Site Scripting Vulnerability(CVE-2014-9094)
4. threat[23320]:Fritz!Box Webcm Unauthenticated Command Injection(CVE-2014-9727)
5. threat[24735]:NETGEAR DGN2200v1 / v2 / v3 / v4 Authorized Command Injection Vulnerability (CVE-2017-6077)
6. threat[24634]:Zyxel EMG2926 Router Command Injection Vulnerability(CVE-2017-6884)
7. threat[22702]:DLink DIR-645 / DIR-815 diagnostic.php Command Execution
8. threat[24745]:Linear eMerge E3 Access Controller Command Injection(CVE-2019-7256)
9. threat[22799]:D-Link Devices UPnP SOAP Command Execution
10. threat[23733]:D-Link DCS-930L Authenticated Remote Command Execution Vulnerability
11. threat[24743]:Netis WF2419 V1.2.31805/V2.2.36123 Authorized Command Injection Vulnerability (CVE-2019-19356)
12. threat[24701]:Xfinity Gateway command injection vulnerability
13. threat[50603]:Web Service Login Request


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-01-29 19:45:32
名称: eoi.unify.allrulepatch.ips.5.6.10.24451.rule 版本:5.6.10.24451
MD5:c3ce288d3d812c5ea8a03d9883ddea0c 大小:26.16M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24451。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25137]:Anchor CMS 0.12.7 - 'markdown' 存储型跨站脚本漏洞
2. 攻击[25138]:Arcserve D2D getNews外部实体注入漏洞(CVE-2020-27858)
3. 攻击[30767]:Adobe Acrobat/Reader 信息泄露漏洞(CVE-2020-29075)
4. 攻击[25139]:Microsoft SharePoint Server远程代码执行漏洞(CVE-2021-1707)
5. 攻击[25140]:Apache CXF跨站脚本执行漏洞(CVE-2020-13954)
6. 攻击[25141]:Apache Solr远程代码执行漏洞(CVE-2020-13957)
7. 攻击[25142]:飞鱼星VM2100网关远程命令执行漏洞
8. 攻击[25143]:Fatek Automation PLC WinProladder SPF堆栈缓冲区溢出(CVE-2020-16234)
9. 攻击[25144]:FasterXML jackson-databind远程代码执行漏洞(CVE-2019-14361/CVE-2019-14439)

更新规则:
1. 攻击[10405]:ISC BIND named拒绝服务漏洞(CVE-2015-5477)
2. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)
3. 攻击[23881]:Apache Jetspeed跨站脚本漏洞(CVE-2016-0712)
4. 攻击[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet任意文件上传(CVE-2018-1306)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24451. This package include changed rules:

new rules:
1. threat[25137]:Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting Vulnerability
2. threat[25138]:Arcserve D2D getNews External Entity Injection Vulnerability(CVE-2020-27858)
3. threat[30767]:Adobe Acrobat and Acrobat Reader Information Disclosure Vulnerability(CVE-2020-29075)
4. threat[25139]:Microsoft SharePoint Server Remote Code Execution Vulnerability(CVE-2021-1707)
5. threat[25140]:Apache CXF Cross-Site Scripting Vulnerability(CVE-2020-13954)
6. threat[25141]:Apache Solr Remote Code Execution Vulnerability(CVE-2020-13957)
7. threat[25142]:Adslr Gateway VM2100 Remote Command Execution Vulnerability
8. threat[25143]:Fatek Automation PLC WinProladder SPF Stack Buffer Overflow(CVE-2020-16234)
9. threat[25144]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2019-14361/CVE-2019-14439)

update rules:
1. threat[10405]:ISC BIND named Denial of Service Vulnerability(CVE-2015-5477)
2. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)
3. threat[23881]:Apache Jetspeed Portal URI Path XSS(CVE-2016-0712)
4. threat[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet Arbitrary File Upload(CVE-2018-1306)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-01-21 17:53:05
名称: eoi.unify.allrulepatch.ips.5.6.10.24359.rule 版本:5.6.10.24359
MD5:d21c9f28ebfb91251c8fe2a873bd3ba2 大小:26.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24359。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25134]:JavaMelody XXE漏洞 (CVE-2018-15531)
2. 攻击[25135]:艾泰upnp命令注入漏洞
3. 攻击[25136]:艾泰 http formDiagnose命令注入漏洞
4. 攻击[30766]:飞鱼星网关tftp敏感信息泄露漏洞
5. 攻击[50603]:Web服务登录请求

更新规则:
1. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
2. 攻击[50591]:RDP远程桌面服务登录成功
3. 攻击[41785]:SolarWinds Orion后门SUNBURST上线


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24359. This package include changed rules:

new rules:
1. threat[25134]:JavaMelody XXE Vulnerability (CVE-2018-15531)
2. threat[25135]:UTT upnp Command Injection Vulnerability
3. threat[25136]:Aitai http formDiagnose Command Injection Vulnerability
4. threat[30766]:Adslr Gateway tftp Information Disclosure Vulnerability
5. threat[50603]:Web Service Login Request

update rules:
1. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
2. threat[50591]:RDP Remote Desktop Protocol Service Login
3. threat[41785]:SolarWinds Orion Backdoor SUNBURST Online


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-01-15 19:34:47
名称: eoi.unify.allrulepatch.ips.5.6.10.24311.rule 版本:5.6.10.24311
MD5:3d941bbf77f60c335bb995fb66816db9 大小:26.16M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24311。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25130]:WordPress Plugin Adning Advertising 1.5.5 - 任意文件上传漏洞
2. 攻击[25131]:Advanced Comment System 1.0 - 'ACS_path'路径遍历漏洞(CVE-2020-35598)
3. 攻击[25132]:Apache Flink目录遍历漏洞 (CVE-2020-17518)
4. 攻击[25133]:Apache Flink jobmanager/logs目录遍历漏洞(CVE-2020-17519)

更新规则:
1. 攻击[23695]:Apache Struts2 多个安全漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24311. This package include changed rules:

new rules:
1. threat[25130]:WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Vulnerability
2. threat[25131]:Advanced Comment System 1.0 - 'ACS_path' Path Traversal Vulnerability(CVE-2020-35598)
3. threat[25132]:Apache Flink Upload Path Traversal Vulnerability(CVE-2020-17518)
4. threat[25133]:Apache Flink jobmanager/logs Path Traversal Vulnerability(CVE-2020-17519)

update rules:
1. threat[23695]:Apache Struts2 Multiple Security Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2021-01-07 17:02:42
名称: eoi.unify.allrulepatch.ips.5.6.10.24277.rule 版本:5.6.10.24277
MD5:6c1cfef217745b9788ec9902be8a120f 大小:26.17M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24277。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41785]:SolarWinds Orion后门SUNBURST上线
2. 攻击[41786]:SolarWinds Orion后门SUNBURST通信
3. 攻击[41787]:SolarWinds Orion后门SUNBURST_CS.BEACON通信
4. 攻击[41788]:SolarWinds Orion后门SUNBURST POST通信
5. 攻击[30765]:Atlassian Jira Server and Data Center ViewUserHover.jspa 信息泄露漏洞(CVE-2020-14181)
6. 攻击[25129]:Apache Unomi 远程代码执行漏洞(CVE-2020-13942)
7. 攻击[41797]:ikuai路由器固件 - 任意文件删除漏洞
8. 攻击[41798]:ikuai路由器固件 - 任意文件命名漏洞

更新规则:
1. 攻击[25128]:Ruijie 路由器newcli.php远程代码执行漏洞
2. 攻击[41781]:FRP内网穿透工具SSH通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24277. This package include changed rules:

new rules:
1. threat[41785]:SolarWinds Orion Backdoor SUNBURST Online
2. threat[41786]:SolarWinds Orion Backdoor SUNBURST Communication
3. threat[41787]:SolarWinds Orion Backdoor SUNBURST_CS.BEACON Communication
4. threat[41788]:SolarWinds Orion Backdoor SUNBURST POST Communication
5. threat[30765]:Atlassian Jira Server and Data Center ViewUserHover.jspa Information Disclosure Vulnerability(CVE-2020-14181)
6. threat[25129]:Apache Unomi Remote Code Execution Vulnerability(CVE-2020-13942)
7. threat[41797]:Arbitrary file deletion vulnerability in Ikuai router
8. threat[41798]:Arbitrary file renaming vulnerability in Ikuai router

update rules:
1. threat[25128]:Ruijie Router newcli.php RCE Vulnerability
2. threat[41781]:SSH Communication of FRP Intranet Penetration Tool


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-31 20:29:40
名称: eoi.unify.allrulepatch.ips.5.6.10.24232.rule 版本:5.6.10.24232
MD5:c9dd7032454e7d293f021284a3d4389e 大小:26.14M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24232。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25122]:XStream任意文件删除漏洞(CVE-2020-26259)
2. 攻击[25123]:XStream服务器端请求伪造(SSRF)漏洞(CVE-2020-26258)
3. 攻击[25124]:PHPJabbers Appointment Scheduler 2.3 - 反射型跨站脚本漏洞(CVE-2020-35416)
4. 攻击[25125]:WECON LeviStudioU HFT文件解析堆栈缓冲区溢出漏洞(CVE-2020-16243)
5. 攻击[25126]:Nagios XI ajaxhelper.php cmdsubsys命令注入漏洞(CVE-2020-15901)
6. 攻击[10512]:Windows网络文件系统RPCSEC_GSS拒绝服务漏洞(CVE-2020-17047)
7. 攻击[41784]:艾泰路由器web服务弱口令密码登录漏洞
8. 攻击[25128]:Ruijie 路由器newcli.php远程代码执行漏洞
9. 攻击[25127]:Jenkins 2.251 跨站脚本漏洞(CVE-2020-2231)

更新规则:
1. 攻击[23283]:vtiger CRM validateSession() 身份验证绕过漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24232. This package include changed rules:

new rules:
1. threat[25122]:XStream Arbitrary File Deletion Vulnerability (CVE-2020-26259)
2. threat[25123]:XStream Server-Side Request Forgery(SSRF) Vulnerability(CVE-2020-26258)
3. threat[25124]:PHPJabbers Appointment Scheduler 2.3 - Reflected XSS Vulnerability(CVE-2020-35416)
4. threat[25125]:WECON LeviStudioU HFT File Parsing Stack Buffer Overflow Vulnerability(CVE-2020-16243)
5. threat[25126]:Nagios XI ajaxhelper.php Cmdsubsys command injection vulnerability(CVE-2020-15901)
6. threat[10512]:Windows Network file system RPCSEC_GSS denial of service vulnerability(CVE-2020-17047)
7. threat[41784]:Aitai router web service weak password password login vulnerability
8. threat[25128]:Ruijie Router newcli.php RCE Vulnerability
9. threat[25127]:Jenkins 2.251 Cross Site Scripting Vulnerability(CVE-2020-2231)

update rules:
1. threat[23283]:vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-24 20:53:08
名称: eoi.unify.allrulepatch.ips.5.6.10.24189.rule 版本:5.6.10.24189
MD5:ded6d809808a413355f63a3805beb684 大小:26.13M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24189。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25121]:SaltStack Salt API SSH客户端命令注入漏洞 (CVE-2020-16846)
2. 攻击[25110]:Advantech R-SeeNet device_position device_id SQL注入漏洞(CVE-2020-25157)

更新规则:
1. 攻击[41781]:FRP内网穿透工具SSH通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24189. This package include changed rules:

new rules:
1. threat[25121]:SaltStack Salt API SSH Client Command Injection Vunlerability (CVE-2020-16846)
2. threat[25110]:Advantech R-SeeNet device_position device_id SQL Injection Vulnerability(CVE-2020-25157)

update rules:
1. threat[41781]:SSH Communication of FRP Intranet Penetration Tool


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-17 17:12:21
名称: eoi.unify.allrulepatch.ips.5.6.10.24166.rule 版本:5.6.10.24166
MD5:ca92f4942b66eec6e04ecd1beebdeae9 大小:26.13M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24166。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41782]:FRP内网穿透工具 - 通过域名访问
2. 攻击[41783]:FRP内网穿透工具 - 转发DNS查询请求
3. 攻击[25104]:Adobe Acrobat Reader DC内存释放后重用漏洞(CVE-2020-24437)
4. 攻击[25105]:Apache SkyWalking GraphQL 协议 SQL注入漏洞(CVE-2020-9483)
5. 攻击[25107]:Adobe Acrobat Reader DC FDF对象释放后重用漏洞(CVE-2020-24430)
6. 攻击[25106]:Zoho ManageEngine Applications Manager RulesConstructor.jsp SQL注入漏洞(CVE-2020-16267)
7. 攻击[25109]:Adobe Acrobat Pro DC Javascript越界读取漏洞(CVE-2020-24435)
8. 攻击[25108]:Zoho ManageEngine Applications Manager MyPage.do SQL注入漏洞(CVE-2020-27995)
9. 攻击[25113]:Apache Tapestry ContextAssetRequestHandler信息泄露漏洞(CVE-2020-13953)
10. 攻击[25114]:Artica Proxy fw.login.php apikey SQL注入漏洞(CVE-2020-17506)
11. 攻击[25117]:Adobe ColdFusion CKEditor upload.cfm 文件上传漏洞(CVE-2018-15961)
12. 攻击[25112]:Zoho ManageEngine Applications Manager Buffer.jsp resourceid SQL注入漏洞(CVE-2020-15927)
13. 攻击[25118]:Atlassian Crowd远程代码执行漏洞(CVE-2019-11580)
14. 攻击[25119]:Struts2远程代码执行漏洞(S2-061)(CVE-2020-17530)
15. 攻击[25116]:Confluence路径穿越漏洞(CVE-2019-3398)

更新规则:
1. 攻击[25102]:Apache SkyWalking SQL注入漏洞(CVE-2020-13921)
2. 攻击[41781]:FRP内网穿透工具SSH通信
3. 攻击[25063]:Artica Proxy cyrus.php 命令注入(CVE-2020-17505)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24166. This package include changed rules:

new rules:
1. threat[41782]:FRP intranet penetration tool - Access via domain name
2. threat[41783]:FRP intranet penetration tool - forward DNS query request
3. threat[25104]:Adobe Acrobat and Reader form Field Format Use After Free Vulnerability(CVE-2020-24437)
4. threat[25105]:Apache SkyWalking GraphQL Protocol SQL Injection Vulnerability(CVE-2020-9483)
5. threat[25107]:Adobe Acrobat Pro DC FDF Object Use After Free Vulnerability(CVE-2020-24430)
6. threat[25106]:Zoho ManageEngine Applications Manager RulesConstructor.jsp SQL Injection Vulnerability(CVE-2020-16267)
7. threat[25109]:Adobe Acrobat Pro DC Javascript Out of Bounds Read Vulnerability(CVE-2020-24435)
8. threat[25108]:Zoho ManageEngine Applications Manager MyPage.do SQL Injection Vulnerability(CVE-2020-27995)
9. threat[25113]:Apache Tapestry ContextAssetRequestHandler Information Disclosure Vulnerability(CVE-2020-13953)
10. threat[25114]:Artica Proxy fw.login.php apikey SQL Injection Vulnerability(CVE-2020-17506)
11. threat[25117]:Adobe ColdFusion CKEditor upload.cfm Unrestricted File Upload Vulnerability(CVE-2018-15961)
12. threat[25112]:Zoho ManageEngine Applications Manager Buffer.jsp resourceid SQL Injection Vulnerability(CVE-2020-15927)
13. threat[25118]:Atlassian Crowd Remote Code Execution Vulnerability(CVE-2019-11580)
14. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061)(CVE-2020-17530)
15. threat[25116]:Confluence Path Traversal Vulnerability(CVE-2019-3398)

update rules:
1. threat[25102]:Apache SkyWalking SQL Injection Vulnerability(CVE-2020-13921)
2. threat[41781]:SSH Communication of FRP Intranet Penetration Tool
3. threat[25063]:Artica Proxy cyrus.php Command Injection(CVE-2020-17505)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-11 14:11:34
名称: eoi.unify.allrulepatch.ips.5.6.10.24042.rule 版本:5.6.10.24042
MD5:aa8040abd785ca3a1876a6b801c76eda 大小:26.10M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.24042。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25102]:Apache SkyWalking SQL注入漏洞(CVE-2020-13921)
2. 攻击[25103]:医疗中心管理系统 1.0-SQL注入漏洞
3. 攻击[41781]:FRP内网穿透工具SSH通信
4. 攻击[50602]:Burp Suite Web攻击工具启动
5. 攻击[41780]:DNSLog查询请求
6. 攻击[25101]:Microsoft SharePoint远程代码执行漏洞(CVE-2020-16952)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.24042. This package include changed rules:

new rules:
1. threat[25102]:Apache SkyWalking SQL Injection Vulnerability(CVE-2020-13921)
2. threat[25103]:Medical Center Portal Management System 1.0 - SQL Injection Vulnerability
3. threat[41781]:SSH Communication of FRP Intranet Penetration Tool
4. threat[50602]:Burp Suite Web Attack Tool Startup
5. threat[41780]:DNSLog Query Request
6. threat[25101]:Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2020-16952)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-12-04 18:02:21
名称: eoi.unify.allrulepatch.ips.5.6.10.23995.rule 版本:5.6.10.23995
MD5:f943eaa85cb4fa656b35887b082727a7 大小:26.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23995。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25096]:TestBox CFML Test Framework 4.1.0 - 目录穿越漏洞
2. 攻击[25097]:Apache Airflow 跨站脚本漏洞(CVE-2020-13944)
3. 攻击[25098]:AppWeb认证绕过漏洞(CVE-2018-8715)
4. 攻击[25099]:用友ERP-NC系统/NCFindWeb文件包含漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23995. This package include changed rules:

new rules:
1. threat[25096]:TestBox CFML Test Framework 4.1.0 - Directory Traversal Vulnerability
2. threat[25097]:Apache Airflow Cross Site Scripting Vulnerability(CVE-2020-13944)
3. threat[25098]:AppWeb Authentication Bypass vulnerability (CVE-2018-8715)
4. threat[25099]:Yonyou ERP-NC System/NCFindWeb File Inclusion Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-11-26 16:40:59
名称: eoi.unify.allrulepatch.ips.5.6.10.23968.rule 版本:5.6.10.23968
MD5:08d81183870cef449fa6643c50b6fd59 大小:26.09M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23968。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25088]:Nagios XI mibs.php 命令注入漏洞(CVE-2020-5791)
2. 攻击[25092]:ShoreTel Conferencing 19.46.1802.0 - 反射型跨站脚本攻击(CVE-2020-28351)
3. 攻击[25093]:WordPress文件管理器 connector.minimal.php 访问控制漏洞(CVE-2020-25213)
4. 攻击[25094]:Windows NFS网络文件系统远程代码执行漏洞(CVE-2020-17051)
5. 攻击[25095]:Windows NFS网络文件系统信息泄露漏洞(CVE-2020-17056)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23968. This package include changed rules:

new rules:
1. threat[25088]:Nagios XI mibs.php Command Injection Vulnerability(CVE-2020-5791)
2. threat[25092]:ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting Vulnerability(CVE-2020-28351)
3. threat[25093]:WordPress File Manager connector.minimal.php Improper Access Control Vulnerability (CVE-2020-25213)
4. threat[25094]:Windows Network File System Remote Code Execution Vulnerability(CVE-2020-17051)
5. threat[25095]:Windows Network File System Information Disclosure Vulnerability(CVE-2020-17056)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-11-20 01:59:33
名称: eoi.unify.allrulepatch.ips.5.6.10.23938.rule 版本:5.6.10.23938
MD5:d8e66787efc66b25f7c9df638c70615c 大小:26.09M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23938。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25086]:Processwire CMS 2.4.0本地文件包含漏洞
2. 攻击[25087]:Microsoft Malware Protection Engine远程代码执行漏洞(CVE-2017-8558)
3. 攻击[30760]:Microsoft图形设备接口(GDI)信息泄露漏洞(CVE-2019-1010)
4. 攻击[25089]:Ruckus IoT Controller Web UI 身份验证绕过漏洞
5. 攻击[25091]:Adobe Acrobat Reader ESObject释放后重用漏洞(CVE-2020-9715)
6. 攻击[25090]:Nagios XI CCM admin_views.inc.php任意文件覆盖漏洞

更新规则:
1. 攻击[24854]:Jenkins远程命令执行漏洞(CVE-2018-1000861)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23938. This package include changed rules:

new rules:
1. threat[25086]:Processwire CMS 2.4.0 - 'download' Local File Inclusion Vulnerability
2. threat[25087]:Microsoft Malware Protection Engine Remote Code Execution Vulnerability(CVE-2017-8558)
3. threat[30760]:Microsoft Graphics Device Interface Information Disclosure Vulnerability(CVE-2019-1010)
4. threat[25089]:Ruckus IoT Controller Web UI Authentication Bypass Vulnerability
5. threat[25091]:Adobe Acrobat Reader ESObject Use After Free Vulnerability(CVE-2020-9715)
6. threat[25090]:Nagios XI CCM admin_views.inc.php Arbitrary File Overwrite Vulnerability

update rules:
1. threat[24854]:Jenkins Remote Command Execution Vulnerability(CVE-2018-1000861)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-11-12 17:45:05
名称: eoi.unify.allrulepatch.ips.5.6.10.23901.rule 版本:5.6.10.23901
MD5:91e99fc457e36ec2769139d913c491df 大小:26.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23901。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25083]:Online Examination System 1.0 - 存储型跨站脚本漏洞
2. 攻击[25084]:Elasticsearch未授权访问漏洞
3. 攻击[25085]:Monitor 1.7.6m - 权限绕过漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23901. This package include changed rules:

new rules:
1. threat[25083]:Online Examination System 1.0 - Stored Cross Site Scripting Vulnerability
2. threat[25084]:Elasticsearch Unauthorized Access Vulnerability
3. threat[25085]:Monitorr 1.7.6m - Authorization Bypass Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-11-06 17:21:23
名称: eoi.unify.allrulepatch.ips.5.6.10.23834.rule 版本:5.6.10.23834
MD5:aaeb9cafdc1cd56bd048ff732937cd52 大小:26.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23834。该升级包新增/改进的规则有:

更新规则:
1. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23834. This package include changed rules:

update rules:
1. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-31 10:00:16
名称: eoi.unify.allrulepatch.ips.5.6.10.23813.rule 版本:5.6.10.23813
MD5:55425ea1a2aa4b5581c7a8985714b218 大小:26.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23813。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25080]:Gym Management System 1.0 - 身份验证绕过漏洞
2. 攻击[25077]:HooToo TripMate Titan HT-TM05 远程命令执行漏洞(CVE-2018-20841)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23813. This package include changed rules:


new rules:
1. threat[25080]:Gym Management System 1.0 - Authentication Bypass Vulnerability
2. threat[25077]:HooToo TripMate Titan HT-TM05 Remote Code Execution Vulnerability(CVE-2018-20841)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-29 16:34:13
名称: eoi.unify.allrulepatch.ips.5.6.10.23802.rule 版本:5.6.10.23802
MD5:65cb18ce248ce806640e5d72a3210ac4 大小:26.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23802。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25078]:禅道项目管理系统远程文件包含漏洞
2. 攻击[25079]:Oracle WebLogic Server远程代码执行漏洞(CVE-2020-14882)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23802. This package include changed rules:

new rules:
1. threat[25078]:Zentao PMS Remote File Inclusion Vulnerability
2. threat[25079]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2020-14882)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-27 10:37:50
名称: eoi.unify.allrulepatch.ips.5.6.10.23787.rule 版本:5.6.10.23787
MD5:e7659c8bfc73f86671e62791281c757e 大小:26.12M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23787。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30758]:Way-Board远程文件泄露漏洞(CVE-2001-0214)
2. 攻击[25074]:Cacti Group Cacti color.php SQL注入漏洞
3. 攻击[25075]:访客管理系统(CVMS)1.0-认证绕过漏洞
4. 攻击[25076]:Wireless IP Camera (P2P) WIFICAM远程代码执行漏洞(CVE-2017-8225)

更新规则:
1. 攻击[24300]:GPON Home Gateway 远程命令执行漏洞(CVE-2018-10561/CVE-2018-10562)
2. 攻击[30759]:Zoho ManageEngine Applications Manager UploadAction任意文件上传漏洞 (CVE-2020-14008)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23787. This package include changed rules:

new rules:
1. threat[30758]:Way-Board Remote File Disclosure Vulnerability(CVE-2001-0214)
2. threat[25074]:Cacti Group Cacti color.php SQL Injection Vulnerability
3. threat[25075]:Company Visitor Management System (CVMS) 1.0 - Authentication Bypass Vulnerability
4. threat[25076]:Wireless IP Camera (P2P) WIFICAM Remote Code Execution Vulnerability(CVE-2017-8225)

update rules:
1. threat[24300]:Remote command execution vulnerability of GPON Home Gateway (cve-2018-10561/cve-2018-10562)
2. threat[30759]:Zoho ManageEngine Applications Manager UploadAction Arbitrary File Upload Vulnerability (CVE-2020-14008)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-23 15:33:02
名称: eoi.unify.allrulepatch.ips.5.6.10.23760.rule 版本:5.6.10.23760
MD5:a16327190b4ca9c7573cb6be7a6f8133 大小:26.06M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23760。该升级包新增/改进的规则有:

更新规则:
1. 攻击[25040]:fastadmin前台目录穿越漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23760. This package include changed rules:

update rules:
1. threat[25040]:Fastadmin front-end directory traversal vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-16 22:34:45
名称: eoi.unify.allrulepatch.ips.5.6.10.23691.rule 版本:5.6.10.23691
MD5:3e84345b6863259cb43f8f6e712e5424 大小:26.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23691。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25064]:BigTree CMS 4.4.10 SQL注入漏洞
2. 攻击[25066]:Bigviktor bot 网络C&C通信
3. 攻击[25067]:Flatpress Add Blog 1.0.3- 存储型跨站脚本漏洞
4. 攻击[25068]:Cisco UCS Director saveStaticConfig目录遍历漏洞(CVE-2020-3248)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23691. This package include changed rules:

new rules:
1. threat[25064]:BigTree CMS 4.4.10 SQL Injection Vulnerability
2. threat[25066]:Bigviktor bot Network C&C Connection
3. threat[25067]:Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting Vulnerability
4. threat[25068]:Cisco UCS Director saveStaticConfig Directory Traversal Vulnerability(CVE-2020-3248)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-10-09 15:47:27
名称: eoi.unify.allrulepatch.ips.5.6.10.23620.rule 版本:5.6.10.23620
MD5:c735e546cb0deba40275b6c8ab27dfc7 大小:26.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23620。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25044]:WebSphere Application Server XXE漏洞(CVE-2020-4634)
2. 攻击[25045]:研华WebAccess NMS ConfigRestoreAction 任意文件上传漏洞(CVE-2020-10621)

更新规则:
1. 攻击[25040]:fastadmin前台目录穿越漏洞
2. 攻击[25041]:fastadmin前台getshell漏洞-上传shell


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23620. This package include changed rules:

new rules:
1. threat[25044]:WebSphere Application Server XXE Vulnerability(CVE-2020-4634)
2. threat[25045]:Advantech WebAccess NMS ConfigRestoreAction Arbitrary File Upload Vulnerability(CVE-2020-10621)

update rules:
1. threat[25040]:Fastadmin front-end directory traversal vulnerability
2. threat[25041]:Fastadmin front-end getshell vulnerability - upload shell


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-23 19:40:20
名称: eoi.unify.allrulepatch.ips.5.6.10.23606.rule 版本:5.6.10.23606
MD5:d5995a821e2bfd8e611dd481943185b6 大小:26.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23606。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25039]:Nagios XI account main.php存储型跨站脚本漏洞(CVE-2020-10821)
2. 攻击[50593]:Redis认证失败
3. 攻击[25040]:fastadmin前台目录穿越漏洞
4. 攻击[25041]:fastadmin前台getshell漏洞 - 上传shell
5. 攻击[25042]:Fastadmin前台登录成功
6. 攻击[41774]:Fastadmin后台登录成功

更新规则:
1. 攻击[50592]:mysql登录用户读取本地文件
2. 攻击[41543]:木马后门程序ASP一句话木马


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23606. This package include changed rules:

new rules:
1. threat[25039]:Nagios XI account main.php Stored Cross-Site Scripting Vulnerability(CVE-2020-10821)
2. threat[50593]:Redis Authenticated Failed
3. threat[25040]:Fastadmin front-end directory traversal vulnerability
4. threat[25041]:Fastadmin front-end getshell vulnerability - upload shell
5. threat[25042]:Fastadmin foreground login succeeded
6. threat[41774]:Fastadmin background login succeeded

update rules:
1. threat[50592]:Mysql Login User Reads Local Files
2. threat[41543]:Trojan/Backdoor General ASP trojan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-23 10:19:12
名称: eoi.unify.allrulepatch.ips.5.6.10.23586.rule 版本:5.6.10.23586
MD5:f681696ecaab26a83486c1da043c3a54 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23586。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25038]:rConfig 未授权远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23586. This package include changed rules:

new rules:
1. threat[25038]:rConfig Unauthenticated Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-21 21:07:11
名称: eoi.unify.allrulepatch.ips.5.6.10.23576.rule 版本:5.6.10.23576
MD5:ef1e8e417aeee034c76e7d3a80444c80 大小:26.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23576。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25032]:ThinkAdmin 6 - 任意文件读取漏洞(CVE-2020-25540)
2. 攻击[25037]:PHP Yii 框架反序列化漏洞(CVE-2020-15148)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23576. This package include changed rules:

new rules:
1. threat[25032]:ThinkAdmin 6 - Arbitrarily File Read Vulnerability(CVE-2020-25540)
2. threat[25037]:PHP Yii Framework Deserialization Vulnerability(CVE-2020-15148)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-20 17:14:23
名称: eoi.unify.allrulepatch.ips.5.6.10.23569.rule 版本:5.6.10.23569
MD5:1fd225828d2592243cb5fca6cb4fdb3d 大小:26.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23569。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25035]:Coremail XT5 远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23569. This package include changed rules:

new rules:
1. threat[25035]:Coremail XT5 Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-18 18:48:45
名称: eoi.unify.allrulepatch.ips.5.6.10.23542.rule 版本:5.6.10.23542
MD5:169120fb98bece2ee85dc8a282aee207 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23542。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25031]:Netlogon 特权提升漏洞(CVE-2020-1472

更新规则:
1. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23542. This package include changed rules:


new rules:
1. threat[25031]:Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)

update rules:
1. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-15 21:21:29
名称: eoi.unify.allrulepatch.ips.5.6.10.23523.rule 版本:5.6.10.23523
MD5:09b934e5b144cc1a8dda116aef76b78a 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23523。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25029]:通达OA v11.7后台SQL注入漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23523. This package include changed rules:

new rules:
1. threat[25029]:Office Anywhere OA v11.7 SQL injection Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-14 18:27:39
名称: eoi.unify.allrulepatch.ips.5.6.10.23519.rule 版本:5.6.10.23519
MD5:d0b99a3d9bafdf8a35d822fdbccd32e0 大小:26.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23519。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25024]:联软科技网络准入控制系统任意文件上传漏洞
2. 攻击[25025]:泛微E-cology OA getdata.jsp SQL注入漏洞
3. 攻击[25026]:网瑞达资源访问控制系统命令执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23519. This package include changed rules:

new rules:
1. threat[25024]:Leagsoft UniNAC Arbitrary File Upload Vulnerability
2. threat[25025]:Weaver E-cology OA getdata.jsp SQL Injection Vulnerability
3. threat[25026]:WRDTech WebVPN Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-13 17:34:40
名称: eoi.unify.allrulepatch.ips.5.6.10.23511.rule 版本:5.6.10.23511
MD5:02cde29e644cd4fe6bc0f471de42a0e9 大小:26.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23511。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25023]:泛微云桥任意文件读取漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23511. This package include changed rules:

new rules:
1. threat[25023]:Weaver E-bridge Arbitrary File Reading vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-13 09:02:10
名称: eoi.unify.allrulepatch.ips.5.6.10.23507.rule 版本:5.6.10.23507
MD5:a65bfb7822ad1f03db7747acb24511f8 大小:26.01M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23507。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25018]:Weblogic UniversalExtractor 反序列化漏洞(CVE-2020-14645)
2. 攻击[30752]:Tailor 管理系统-'id'SQL注入漏洞
3. 攻击[25019]:Mara CMS 7.5 - 反射型跨站脚本漏洞(CVE-2020-24223)
4. 攻击[25021]:Apache DolphinScheduler远程代码执行漏洞(CVE-2020-11974)
5. 攻击[25022]:用友GRP-u8系统远程命令执行漏洞
6. 应用:HTTP2



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23507. This package include changed rules:

new rules:
1. threat[25018]:Weblogic UniversalExtractor Deserialization Vulnerability(CVE-2020-14645)
2. threat[30752]:Tailor Management System - 'id' SQL Injection Vulnerability
3. threat[25019]:Mara CMS 7.5 - Reflective Cross-Site Scripting Vulnerability(CVE-2020-24223)
4. threat[25021]:Apache DolphinScheduler Remote Code Execution Vulnerability(CVE-2020-11974)
5. threat[25022]:Yonyou GRP-u8 Remote Command Execution Vulnerability
6. app:HTTP2



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-12 10:32:55
名称: eoi.unify.allrulepatch.ips.5.6.10.23476.rule 版本:5.6.10.23476
MD5:944dcae2f188a1a25f1a05570638ac2e 大小:26.01M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23476。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25015]:grocy 2.7.1- 存储型XSS漏洞
2. 攻击[25014]:BloodX CMS 1.0 - 身份验证绕过漏洞
3. 攻击[25017]:mozilo CMS 2.0-存储型XSS漏洞

更新规则:
1. 攻击[25012]:Daily Tracker System 1.0 身份验证绕过漏洞(CVE-2020-24193)
2. 攻击[25013]:Savsoft Quiz Enterprise Version 5.5 -存储型跨站脚本漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23476. This package include changed rules:

new rules:
1. threat[25015]:grocy 2.7.1 - Persistent Cross-Site Scripting Vulnerability
2. threat[25014]:BloodX CMS 1.0 - Authentication Bypass Vulnerability
3. threat[25017]:moziloCMS 2.0 - Persistent Cross-Site Scripting Vunlerability

update rules:
1. threat[25012]:Daily Tracker System 1.0 Authentication Bypass Vulnerability(CVE-2020-24193)
2. threat[25013]:Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-11 09:25:19
名称: eoi.unify.allrulepatch.ips.5.6.10.23419.rule 版本:5.6.10.23419
MD5:37b6ebbff50a90f73538619559c07b5b 大小:25.99M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23419。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25009]:Microsoft .NET Framework/SharePoint Server/Visual Studio远程代码执行漏洞(CVE-2020-1147)
2. 攻击[25010]:哥斯拉Godzilla PHP_XOR_BASE64 Webshell 连接
3. 攻击[25011]:哥斯拉Godzilla PHP_XOR_RAW Webshell 连接
4. 攻击[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel'远程执行代码漏洞
5. 攻击[25004]:ElkarBackup 1.3.3- 存储型跨站点脚本漏洞
6. 攻击[25006]:Apache Shiro 1.5.1 身份验证绕过漏洞(CVE-2020-1957)

更新规则:
1. 攻击[22933]:网络蠕虫Nimda攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23419. This package include changed rules:

new rules:
1. threat[25009]:Microsoft .NET Framework/SharePoint Server/Visual Studio Remote Code Execution(CVE-2020-1147)
2. threat[25010]:Godzilla PHP_XOR_BASE64 Webshell Connect
3. threat[25011]:Godzilla PHP_XOR_RAW Webshell Connect
4. threat[25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability
5. threat[25004]:ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Vulnerability
6. threat[25006]:Apache Shiro Authentication Bypass Vulnerability (CVE-2020-1957)

update rules:
1. threat[22933]:Network Worm Nimda Attack


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-09-03 16:51:04
名称: eoi.unify.allrulepatch.ips.5.6.10.23384.rule 版本:5.6.10.23384
MD5:3de5793f57d3074e156eb09ab3e44da6 大小:25.97M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23384。该升级包新增/改进的规则有:


新增规则:
1. 攻击[25003]:Fuel CMS 1.4.7 - 'col' SQL注入漏洞
2. 攻击[30749]:锐捷网络交换机eWeb S29_RGOS 11.4目录遍历漏洞
3. 攻击[25000]:Seowon SlC 130路由器远程执行代码漏洞
4. 攻击[41771]:远程控制木马大灰狼受控端上线
5. 攻击[24999]:Spring Boot Actuator未授权访问
6. 攻击[41770]:恶意代码利用ADB调试接口传播
7. 攻击[25005]:宝塔面板phpMyAdmin未授权访问漏洞

更新规则:
1. 攻击[24553]:冰蝎 Webshell 连接
2. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23384. This package include changed rules:


new rules:
1. threat[25003]:Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) Vulnerability
2. threat[30749]:Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal Vulnerability
3. threat[25000]:Seowon SlC 130 Router Remote Code Execution Vulnerability
4. threat[41771]:Remote Control Trojan DaHuiLang Client Startup
5. threat[24999]:Spring Boot Actuator Unauthorized Access
6. threat[41770]:Malicious code spreads using ADB debugging interface
7. threat[25005]:BaoTa Panel phpMyAdmin Unauthorized Access Vulnerability

update rules:
1. threat[24553]:Behinder Webshell Connect
2. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-27 19:32:26
名称: eoi.unify.allrulepatch.ips.5.6.10.23321.rule 版本:5.6.10.23321
MD5:2ac50963d63b7f3b34abeb4377e2be29 大小:25.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23321。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24997]:通达OA 11.6 任意文件删除漏洞
2. 攻击[24998]:通达OA 11.6 任意文件上传漏洞
3. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传
4. 攻击[41767]:哥斯拉Godzilla Webshell ASPX脚本上传
5. 攻击[41768]:哥斯拉Godzilla Webshell PHP脚本上传



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23321. This package include changed rules:

new rules:
1. threat[24997]:Office Anywhere OA 11.6 Arbitrary File Deletion Vulnerability
2. threat[24998]:Office Anywhere OA 11.6 Arbitrary File Upload Vulnerability
3. threat[41766]:Godzilla Webshell JSP Scripts Upload
4. threat[41767]:Godzilla Webshell ASPX Scripts Upload
5. threat[41768]:Godzilla Webshell PHP Scripts Upload



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-19 18:42:39
名称: eoi.unify.allrulepatch.ips.5.6.10.23275.rule 版本:5.6.10.23275
MD5:b22c0ad9e1cc0c11341812cbc31cfa11 大小:25.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23275。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24993]:通达OA前台SQL注入漏洞
2. 攻击[24994]:通达OA 2015-2017版本任意文件上传漏洞
3. 攻击[24995]:通达OA任意文件删除漏洞

更新规则:
1. 攻击[24553]:冰蝎 Webshell 连接
2. 攻击[41699]:冰蝎加密JSP Webshell文件上传
3. 攻击[41697]:冰蝎加密ASP Webshell文件上传
4. 攻击[41696]:冰蝎加密PHP Webshell文件上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23275. This package include changed rules:

new rules:
1. threat[24993]:TongDa OA FrontEnd injection vulnerability
2. threat[24994]:Tongda OA 2015-2017 version arbitrary file upload vulnerability
3. threat[24995]:Tongda OA Arbitrary deletion Vulnerability

update rules:
1. threat[24553]:Behinder Webshell Connect
2. threat[41699]:Behinder Encrypted JSP Webshell File Upload
3. threat[41697]:Behinder Encrypted ASP Webshell File Upload
4. threat[41696]:Behinder Encrypted PHP Webshell File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-17 22:08:44
名称: eoi.unify.allrulepatch.ips.5.6.10.23223.rule 版本:5.6.10.23223
MD5:9a2d5d7446fa678c8fb5b53762f078b2 大小:25.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23223。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24983]:Oracle E-Business Suite Advanced Outbound Telephony Calendar跨站脚本漏洞(CVE-2020-2852)
2. 攻击[24984]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2871)
3. 攻击[24986]:Cisco Unified Contact Center Express RMI 不安全的反序列化漏洞(CVE-2020-3280)
4. 攻击[24987]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2854)
5. 攻击[24988]:Oracle E-Business Suite Advanced Outbound Telephony 跨站脚本漏洞(CVE-2020-2856)
6. 攻击[24989]:Apache Kylin REST API migrateCube命令注入漏洞(CVE-2020-1956)
7. 攻击[24990]:Apache Spark未授权远程代码执行漏洞(CVE-2020-9480)
8. 应用:egd
9. 应用:eyou
10. 应用:postgres field

更新规则:
1. 攻击[66229]:ISC BIND内存泄露漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23223. This package include changed rules:

new rules:
1. threat[24983]:Oracle E-Business Suite Advanced Outbound Telephony Calendar Cross-Site Scripting Vulnerability(CVE-2020-2852)
2. threat[24984]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2871)
3. threat[24986]:Cisco Unified Contact Center Express RMI Insecure Deserialization Vulnerability(CVE-2020-3280)
4. threat[24987]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2854)
5. threat[24988]:Oracle E-Business Suite Advanced Outbound Telephony Cross-Site Scripting Vulnerability(CVE-2020-2856)
6. threat[24989]:Apache Kylin REST API migrateCube Command Injection Vulnerability(CVE-2020-1956)
7. threat[24990]:Apache Spark Unauthorized Remote Code Execution Vulnerability(CVE-2020-9480)
8. app:egd
9. app:eyou
10. app:postgres field

update rules:
1. threat[66229]:ISC BIND Internal Memory Disclosure Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-14 10:54:25
名称: eoi.unify.allrulepatch.ips.5.6.10.23150.rule 版本:5.6.10.23150
MD5:34c9b692ef0035598f43ae88de8ad447 大小:25.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23150。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24979]:禅道Pro远程代码执行漏洞(CVE-2020-7361)
2. 攻击[24980]:WebSphere远程代码执行漏洞(CVE-2020-4450)
3. 攻击[24981]:WebSphere远程代码执行漏洞(CVE-2020-4534)
4. 攻击[24982]:研华WebAccess SCADA IOCTL 10001 BwPSLink.exe任意文件删除漏洞

更新规则:
1. 攻击[24863]:SaltStack目录遍历漏洞(CVE-2020-11652)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23150. This package include changed rules:

new rules:
1. threat[24979]:ZenTao Pro Remote Code Execution Vulnerability(CVE-2020-7361)
2. threat[24980]:WebSphere Remote Code Execution Vulnerability(CVE-2020-4450)
3. threat[24981]:WebSphere Remote Code Execution Vulnerability(CVE-2020-4534)
4. threat[24982]:Advantech WebAccess SCADA IOCTL 10001 BwPSLink.exe Arbitrary File Delete Vulnerability

update rules:
1. threat[24863]:SaltStack Directory Traversal Vulnerability(CVE-2020-11652)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-08-07 16:11:33
名称: eoi.unify.allrulepatch.ips.5.6.10.23127.rule 版本:5.6.10.23127
MD5:a80f8e76a83cf07a98f9359bf07419ff 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23127。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24974]:泛微网络E-office OA管理系统任意文件读取漏洞
2. 攻击[24975]:Foxit Reader和PhantomPDF释放后重用漏洞(CVE-2020-8845)
3. 攻击[24976]:Microsoft Windows SMBv1 NT_TRANSACT_IOCTL远程执行代码(CVE-2020-1301)
4. 攻击[24977]:Microsoft Windows CAB文件分析目录遍历漏洞(CVE-2020-1300)
5. 攻击[24978]:Microsoft Windows SMBv3压缩信息披露(CVE-2020-1206)

更新规则:
1. 攻击[50519]:远程控制工具NetWire连接
2. 攻击[24101]:Apache Tomcat 远程代码执行漏洞(CVE-2017-12615)(CVE-2017-12617)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23127. This package include changed rules:

new rules:
1. threat[24974]:Weaver Network E-office OA Management System Arbitrary File Download Vulnerability
2. threat[24975]:Foxit Reader and PhantomPDF Use After Free Vulnerability(CVE-2020-8845)
3. threat[24976]:Microsoft Windows SMBv1 NT_TRANSACT_IOCTL Remote Code Execution(CVE-2020-1301)
4. threat[24977]:Microsoft Windows CAB File Parsing Directory Traversal Vulnerability(CVE-2020-1300)
5. threat[24978]:Microsoft Windows SMBv3 Compression Information Disclosure(CVE-2020-1206)

update rules:
1. threat[50519]:Remote Control tool NetWire
2. threat[24101]:Apache Tomcat Remote Code Execution Vulnerability(CVE-2017-12615)(CVE-2017-12617)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-30 17:46:04
名称: eoi.unify.allrulepatch.ips.5.6.10.23076.rule 版本:5.6.10.23076
MD5:1920901701df2f2b2364ef4eb6496394 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23076。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24970]:用友致远A8协同管理软件任意文件读取漏洞
2. 攻击[24971]:禅道项目管理系统11.6任意文件读取漏洞
3. 攻击[24972]:禅道项目管理系统11.6 SQL注入漏洞
4. 攻击[24973]:禅道项目管理系统11.6 文件上传漏洞
5. 攻击[24969]:ThinkPHP 6.0任意文件创建上传漏洞
6. 攻击[24965]:laravel框架序列化远程代码执行漏洞(CVE-2019-9081)
7. 攻击[41764]:nginx服务器后门连接尝试
8. 应用:sinec-h1
9. 应用:hart-ip
10. 应用:gryphon

更新规则:
1. 攻击[41588]:PHP Webshell脚本上传
2. 攻击[24962]:Microsoft Windows DNS服务器整数溢出(CVE-2020-1350)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23076. This package include changed rules:

new rules:
1. threat[24970]:Seeyon A8 collaborative management software Arbitrary file reading vulnerability
2. threat[24971]:Zentao PMS 11.6 Arbitrary File Read Vulnerability
3. threat[24972]:Zentao PMS 11.6 SQL Injection Vulnerability
4. threat[24973]:Zentao PMS 11.6 File Upload Vulnerability
5. threat[24969]:ThinkPHP 6.0 Arbitrary File Creation and Upload Vulnerability
6. threat[24965]:Laravel framework serialization remote code execution vulnerability (CVE-2019-9081)
7. threat[41764]:nginx Server Backdoor Connection Attempt
8. app:sinec-h1
9. app:hart-ip
10. app:gryphon

update rules:
1. threat[41588]:PHP Webshell Script Upload
2. threat[24962]:Microsoft Windows DNS Server Integer Overflow Vulnerability(CVE-2020-1350)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-23 19:04:17
名称: eoi.unify.allrulepatch.ips.5.6.10.23040.rule 版本:5.6.10.23040
MD5:81a20156c4aa4e9cfb057e4ba0592b1e 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.23040。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24936]:Microsoft Edge Chakra脚本引擎远程内存破坏漏洞(CVE-2019-0568)
2. 攻击[24958]:EFS Easy File Sharing Web Server 缓冲区错误漏洞(CVE-2018-9059)
3. 攻击[24938]:DNN DNNarticle Module 配置文件泄露漏洞(CVE-2018-9126)
4. 攻击[24939]:Microsoft SharePoint Server远程代码执行漏洞(CVE-2019-0604)
5. 攻击[24941]:Nagios XI Chained 远程代码执行漏洞(CVE-2018-8735)
6. 攻击[24942]:Roland Gruber Softwareentwicklung LDAP Account Manager 跨站脚本漏洞(CVE-2018-8763)
7. 攻击[24943]:Square 9 GlobalForms SQL注入漏洞(CVE-2018-8820)
8. 攻击[24959]:Aviosoft DVD X Player Standar 缓冲区错误漏洞(CVE-2018-9128)
9. 攻击[24945]:Microsoft Edge Chakra InlineArrayPush 类型混淆漏洞(CVE-2018-8617)
10. 攻击[24947]:Drupal avatar_uploader v7.x-1.0-beta8 目录遍历漏洞(CVE-2018-9205)
11. 攻击[24948]:Windows VBScript 引擎远程执行代码漏洞(CVE-2018-8625)
12. 攻击[24950]:LibreOffice 输入验证错误漏洞(CVE-2019-9848)
13. 攻击[24951]:Microsoft Windows和Windows Server 输入验证错误漏洞(CVE-2020-0938)
14. 攻击[30746]:Microsoft Windows Modules Installer Service 信息泄露漏洞(CVE-2020-0859)
15. 攻击[24952]:Microsoft Windows Installer 远程代码执行漏洞(CVE-2020-0814)
16. 攻击[24961]:SQL Server Reporting Services RCE漏洞(CVE-2010-0618)
17. 攻击[24954]:Microsoft Media Foundation 缓冲区错误漏洞(CVE-2020-0738)
18. 攻击[24505]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)
19. 攻击[24955]:Windows LNK快捷方式文件远程代码执行漏洞(CVE-2020-0729)
20. 攻击[30747]:Microsoft Windows Modules Installer Service信息泄露漏洞(CVE-2020-0728)
21. 攻击[24956]:Windows Installer权限提升漏洞(CVE-2020-0683)
22. 攻击[24957]:Windows Kernel Service Tracing权限提升漏洞(CVE-2020-0668)
23. 攻击[24962]:Microsoft Windows DNS服务器整数溢出(CVE-2020-1350)
24. 攻击[24964]:Zoho ManageEngine OpManager cachestart目录遍历(CVE-2020-13818)
25. 应用:人人直播


更新规则:
1. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361)
2. 攻击[50591]:RDP远程桌面服务登录成功
3. 攻击[24119]:FasterXML Jackson-databind反序列化代码执行漏洞(CVE-2017-15095)
4. 应用:百度云管家
5. 应用:华西证券


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.23040. This package include changed rules:

new rules:
1. threat[24936]:Microsoft Edge Chakra Scripting Engine Remote Memory corruption vulnerability (CVE-2019-0568
2. threat[24958]:EFS Easy File Sharing Web Server Buffer Error Vulnerability (CVE-2018-9059)
3. threat[24938]:DNN DNNarticle Module Config File Leak Vulnerability(CVE-2018-9126)
4. threat[24939]:Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2019-0604)
5. threat[24941]:Nagios XI Chained Remote Code Execution Vulnerability(CVE-2018-8735)
6. threat[24942]:Roland Gruber Softwareentwicklung LDAP Account Manager CROSS-site Scripting Vulnerability(CVE-2018-8763)
7. threat[24943]:Square 9 GlobalForms SQL Injection Vulnerability(CVE-2018-8820)
8. threat[24959]:Aviosoft DVD X Player Standar Buffer Error Vulnerability (CVE-2018-9128)
9. threat[24945]:Microsoft Edge Chakra InlineArrayPush Type Confusion Vulnerability(CVE-2018-8617)
10. threat[24947]:Drupal avatar_uploader v7.x-1.0-beta8 Directory Traversal Vulnerability(CVE-2018-9205)
11. threat[24948]:Windows VBScript Engine Remote Execution Code Vulnerability(CVE-2018-8625)
12. threat[24950]:LibreOffice input validation error vulnerability(CVE-2019-9848)
13. threat[24951]:Microsoft Windows和Windows Server Input Validation Vulnerability(CVE-2020-0938)
14. threat[30746]:Microsoft Windows Modules Installer Service Information Disclosure Vulnerability(CVE-2020-0859)
15. threat[24952]:Microsoft Windows Installer Remote Code Execution Vulnerability(CVE-2020-0814)
16. threat[24961]:SQL Server Reporting Services RCE Vulnerability (CVE-2010-0618)
17. threat[24954]:Microsoft Media Foundation Buffer Error Vulnerability(CVE-2020-0738)
18. threat[24505]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)
19. threat[24955]:Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
20. threat[30747]:Microsoft Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728)
21. threat[24956]:Windows Installer Privilege Elevation Vulnerability (CVE-2020-0683)
22. threat[24957]:Windows Kernel Service Tracing Privilege Elevation Vulnerability (CVE-2020-0668)
23. threat[24962]:Microsoft Windows DNS Server Integer Overflow Vulnerability(CVE-2020-1350)
24. threat[24964]:Zoho ManageEngine OpManager cachestart Directory Traversal(CVE-2020-13818)
25. app:renrenzhibo

update rules:
1. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361)
2. threat[50591]:RDP Remote Desktop Protocol Service Login
3. threat[24119]:FasterXML Jackson-databind Deserialization Remote Code Execution Vulnerability(CVE-2017-15095)
4. app:baiduyunguanjia
5. app:Market Quotes Stie - Huaxi Securities


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-15 22:44:15
名称: eoi.unify.allrulepatch.ips.5.6.10.22935.rule 版本:5.6.10.22935
MD5:b0fa950156140f64fdb40deefb1031ae 大小:25.27M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22935。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24935]:Microsoft Edge Chakra脚本引擎远程内存破坏漏洞(CVE-2019-0567)
2. 攻击[24930]:思科数据中心网络管理器installSwitchLicense目录遍历漏洞(CVE-2019-15980)
3. 攻击[24931]:Foxit PhantomPDF文本字段对象释放后重用漏洞(CVE-2020-8846)
4. 攻击[24932]:Cisco UCS Director isEnableRestKeyAccessCheckForUser身份验证绕过漏洞(CVE-2020-3243)
5. 攻击[41763]:Cobalt Strike渗透攻击工具Beacon DNS通信
6. 攻击[24933]:Cisco Data Center Network Manager storeFileContentInFS 目录遍历漏洞(CVE-2019-15981)
7. 攻击[24934]:Microsoft .NET Framework XPS文件解析远程代码执行漏洞(CVE-2020-0605)


更新规则:
1. 攻击[49003]:Mirai僵尸连接服务器
2. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984)
3. 攻击[50181]:HTTP协议CONNECT遂道功能(http proxy)连接访问


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22935. This package include changed rules:

new rules:
1. threat[24935]:Microsoft Edge Chakra Scripting Engine Remote Memory corruption vulnerability (CVE-2019-0567)
2. threat[24930]:Cisco Data Center Network Manager installSwitchLicense Directory Traversal Vulnerability(CVE-2019-15980)
3. threat[24931]:Foxit PhantomPDF text Field Object Use After Free Vulnerability(CVE-2020-8846)
4. threat[24932]:Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability(CVE-2020-3243)
5. threat[41763]:Penetration Test Tool Cobalt Strike Beacon DNS Communication
6. threat[24933]:Cisco Data Center Network Manager storeFileContentInFS Directory Traversal Vulnerability(CVE-2019-15981)
7. threat[24934]:Microsoft .NET Framework XPS File Parsing Remote Code Execution Vulnerability(CVE-2020-0605)

update rules:
1. threat[49003]:Mirai Botnet Connecting to the Server
2. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984)
3. threat[50181]:HTTP Protocol CONNECT Tunnel Feature (http proxy) Connection Access


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-09 18:49:50
名称: eoi.unify.allrulepatch.ips.5.6.10.22885.rule 版本:5.6.10.22885
MD5:8265b4063fca25617864851fd62559a6 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22885。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10506]:Microsoft Windows TLS Key Exchange拒绝服务漏洞(CVE-2020-1118)
2. 攻击[24928]:Zoho ManageEngine DataSecurity Plus认证绕过漏洞(CVE-2020-11532)
3. 攻击[10507]:ISC BIND TSIG 验证拒绝服务漏洞(CVE-2020-8617)
4. 攻击[41762]:Tomato路由器默认口令扫描

更新规则:
1. 攻击[24893]:Microsoft Internet Explorer Jscript JSONStringifyObject 释放后重利用漏洞(CVE-2017-11793)
2. 攻击[50453]:协议隧道工具dns2tcp连接
3. 攻击[24919]:Zoho ManageEngine DataSecurity Plus目录遍历漏洞(CVE-2020-11531)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22885. This package include changed rules:

new rules:
1. threat[10506]:Microsoft Windows TLS Key Exchange Denial of Service Vulnerability(CVE-2020-1118)
2. threat[24928]:Zoho ManageEngine DataSecurity Plus Authentication Bypass Vulnerability(CVE-2020-11532)
3. threat[10507]:ISC BIND TSIG Validation Denial of Service Vulnerability(CVE-2020-8617)
4. threat[41762]:Tomato router Default Credentials Scan

update rules:
1. threat[24893]:Microsoft Internet Explorer Jscript JSONStringifyObject Use After Free (CVE-2017-11793)
2. threat[50453]:Protocol Tunnel Tool dns2tcp Connect
3. threat[24919]:Zoho ManageEngine DataSecurity Plus Directory Traversal Vulnerability(CVE-2020-11531)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-07-02 18:19:08
名称: eoi.unify.allrulepatch.ips.5.6.10.22865.rule 版本:5.6.10.22865
MD5:acefbf8be9887dad13361174a30a18a0 大小:25.25M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22865。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30744]:帆软报表v8.0认证账号密码信息泄露漏洞
2. 攻击[24925]:Winmail邮箱管理系统viewsharenetdisk.php任意文件下载漏洞
3. 攻击[41761]:WMIC命令执行
4. 攻击[24926]:泛微ecology8 任意文件上传漏洞
5. 攻击[24927]:Apache Dubbo Provider 反序列化漏洞(CVE-2020-1948)
6. 应用:腾讯会议
7. 应用:Zoho
8. 应用:企业微信
9. 应用:WPS
10. 应用:WeLink
11. 应用:Webex Meetings
12. 应用:泛微
13. 应用:腾讯文档
14. 应用:好视通视频会议
15. 应用:飞书

更新规则:
1. 攻击[24879]:winmail邮箱管理系统任意文件下载漏洞
2. 攻击[24878]:Winmail邮件管理系统任意文件上传漏洞
3. 攻击[24255]:Web服务远程命令执行攻击
4. 攻击[24918]:Zoho ManageEngine OpManager fluidicv2 UI目录遍历漏洞(CVE-2020-12116)
5. 攻击[41718]:内网隧道工具reGeorg连接
6. 应用:Zoom


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22865. This package include changed rules:

new rules:
1. threat[30744]:FineReport v8.0 Authentication Account Password Information Disclosure Vulnerability
2. threat[24925]:Winmail Mailbox Management System viewsharenetdisk.php Abitrary Download Vulnerability
3. threat[41761]:WMIC Command Execation
4. threat[24926]:Weaver Ecology8 Arbitrary File Upload Vulnerability
5. threat[24927]:Apache Dubbo Provider Deserialization Vulnerability(CVE-2020-1948)
6. app:Tencent Meeting
7. app:Zoho
8. app:WeWork
9. app:WPS
10. app:WeLink
11. app:Webex Meetings
12. app:eteams
13. app:腾讯文档
14. app:好视通视频会议
15. app:飞书

update rules:
1. threat[24879]:winmail mailbox management system abitrary download vulnerability
2. threat[24878]:winmail mail management system arbitrary upload vulnerability
3. threat[24255]:Web Service Remote Command Execution Attack
4. threat[24918]:Zoho ManageEngine OpManager fluidicv2 UI Directory Traversal Vulnerability(CVE-2020-12116)
5. threat[41718]:Intranet tunneling tool reGeorg connection
6. app:Zoom


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-28 15:19:41
名称: eoi.unify.allrulepatch.ips.5.6.10.22840.rule 版本:5.6.10.22840
MD5:770a367ee4eda3d790205dab5e3a639b 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22840。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24921]:Advantech WebAccess SCADA BwFLApp.exe任意文件删除漏洞
2. 攻击[24922]:Advantech WebAccess SCADA BwPFile.exe任意文件删除漏洞
3. 攻击[24923]:Apache Shiro RememberMe反序列化漏洞(CVE-2016-4437)
4. 攻击[50591]:RDP远程桌面服务登录成功
5. 攻击[30743]:泛微ecology OA数据库配置信息泄露
6. 攻击[24924]:Apache Commons Configuration加载YAML文件反序列化漏洞(CVE-2020-1953)

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24858]:通达OA 任意用户远程代码执行漏洞
3. 攻击[23533]:TRS WCM任意文件上传漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22840. This package include changed rules:

new rules:
1. threat[24921]:Advantech WebAccess SCADA BwFLApp.exe Arbitrary File Deletion Vulnerability
2. threat[24922]:Advantech WebAccess SCADA BwPFile.exe Arbitrary File Deletion Vulnerability
3. threat[24923]:Apache Shiro RememberMe Deserialization Vulnerability(CVE-2016-4437)
4. threat[50591]:RDP Remote Desktop Protocol Service Login
5. threat[30743]:Weaver ecology OA Database Configuration Information Leakage Vulnerability
6. threat[24924]:Apache Commons Configuration Loading YAML Files Deserialization Vulnerability(CVE-2020-1953)

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24858]:TongDa OA Remote Code Execution Vulnerability
3. threat[23533]:TRS WCM Arbitrary File Upload Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-18 17:58:35
名称: eoi.unify.allrulepatch.ips.5.6.10.22809.rule 版本:5.6.10.22809
MD5:30463eac9481315269eb69ab9196de22 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22809。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41760]:Victor CMS 1.0 远程Shell 上传漏洞
2. 攻击[24912]:i-doit Open Source CMDB 1.14.1任意文件删除漏洞
3. 攻击[24914]:OpenMRSReference应用程序sessionLocation参数反射型跨站点脚本漏洞
4. 攻击[24915]:Oracle商业智能BIRemotingServlet AMF不安全反序列化(CVE-2020-2950)
5. 攻击[24916]:Rockwell Automation FactoryTalk RNADiagnosticsSrv反序列化漏洞(CVE-2020-6967)
6. 攻击[30742]:Adobe Acrobat及Reader 越界读取信息泄露漏洞(CVE-2020-3804)
7. 应用:KNXIP

更新规则:
1. 攻击[24895]:dotCMS CMSFilter assets 访问控制漏洞(CVE-2020-6754)
2. 攻击[24861]:Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8470)
3. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22809. This package include changed rules:


new rules:
1. threat[41760]:Victor CMS 1.0 Shell Upload
2. threat[24912]:i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion
3. threat[24914]:OpenMRS Reference Application sessionLocation Reflected Cross-Site Scripting
4. threat[24915]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization(CVE-2020-2950)
5. threat[24916]:Rockwell Automation FactoryTalk RNADiagnosticsSrv Insecure Deserialization Vulnerability(CVE-2020-6967)
6. threat[30742]:Adobe Acrobat and Reader Out of Bounds Read Information Disclosure Vulnerability(CVE-2020-3804)
7. app:KNXIP

update rules:
1. threat[24895]:dotCMS CMSFilter assets Access Control Weakness Vulnerability (CVE-2020-6754)
2. threat[24861]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8470)
3. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-11 18:19:35
名称: eoi.unify.allrulepatch.ips.5.6.10.22767.rule 版本:5.6.10.22767
MD5:b2451730d704f15d6964e9809fe6fe2b 大小:25.23M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22767。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24905]:Webtateas 2.0 任意文件读取漏洞
2. 攻击[41758]:i-doit开源CMDB 1.14.1任意文件删除
3. 攻击[24904]:HP LinuxKI 6.01-远程命令注入漏洞(CVE-2020-7209)
4. 攻击[24906]:Cisco SD-WAN Solution vManage SQL注入漏洞(CVE-2019-16012)
5. 攻击[24907]:施耐德电气 IGSS IGSSupdateservice 目录遍历漏洞(CVE-2020-7478)
6. 攻击[24908]:Mikrotik路由器监控系统1.2.3 SQL注入(CVE-2020-13118)
7. 攻击[24909]:JDWP远程命令执行

更新规则:
1. 攻击[49003]:Mirai僵尸连接服务器
2. 攻击[41381]:恶意勒索软件传输
3. 攻击[24883]:Zabbix jsrpc.php SQL注入漏洞(CVE-2016-10134)
4. 攻击[23991]:Fastjson远程代码执行漏洞
5. 攻击[24106]:Apache Tomcat远程代码执行漏洞(CVE-2017-12617)
6. 攻击[24771]:PHPStudy Backdoor 远程代码执行漏洞
7. 应用:微信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22767. This package include changed rules:

new rules:
1. threat[24905]:Webtateas version 2.0 suffers from an arbitrary file read vulnerability.
2. threat[41758]:i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion
3. threat[24904]:HP LinuxKI 6.01Remote Command Injection Vulnerability(CVE-2020-7209)
4. threat[24906]:Cisco SD-WAN Solution vManage SQL Injection Vulnerability(CVE-2019-16012)
5. threat[24907]:Schneider Electric IGSS IGSSupdateservice Directory Traversal Vulnerability(CVE-2020-7478)
6. threat[24908]:Mikrotik Router Monitoring System 1.2.3 SQL Injection(CVE-2020-13118)
7. threat[24909]:JDWP Remote Command Execution

update rules:
1. threat[49003]:Mirai Botnet Connecting to the Server
2. threat[41381]:Malicious Ransomware Transmission
3. threat[24883]:Zabbix jsrpc.php SQL injection vulnerability (CVE-2016-10134)
4. threat[23991]:Fastjson Remote Code Execution Vulnerability
5. threat[24106]:Apache Tomcat remote Code Execution Vulnerability(CVE-2017-12617)
6. threat[24771]:PHPStudy Backdoor Remote Code Execution Vulnerability
7. app:wechat


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-06-04 17:22:54
名称: eoi.unify.allrulepatch.ips.5.6.10.22729.rule 版本:5.6.10.22729
MD5:597a7d9424e3b20456c4071129ec5954 大小:25.19M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22729。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24901]:D-Link DSL-2780B DLink_1.01.14-远程DNS更改漏洞
2. 攻击[24902]:Nagios XI未经身份验证的存储的跨站点脚本漏洞(CVE-2018-15712)
3. 攻击[10505]:NTP ntpd monlist Query Reflection 拒绝服务漏洞(CVE-2013-5211)
4. 攻击[24899]:Oracle 电子商务套件人力资源SQL注入(CVE-2020-2956)(CVE-2020-2882)
5. 应用:IEC-61850-GOOSE
6. 应用:IEC-61850-SV

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞
2. 攻击[68655]:可疑Webshell后门访问控制
3. 攻击[24897]:WordPress ChopSlider 3 SQL注入漏洞(CVE-2020-11530)
4. 应用:IEC-61850-MMS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22729. This package include changed rules:

new rules:
1. threat[24901]:D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change vulnerability
2. threat[24902]:Nagios XI Unauthenticated Stored Cross-site Scripting Vulnerability(CVE-2018-15712)
3. threat[10505]:NTP ntpd monlist Query Reflection Denial of Service Vulnerability(CVE-2013-5211)
4. threat[24899]:Oracle E-Business Suite Human Resources SQL Injection (CVE-2020-2956)(CVE-2020-2882)
5. app:IEC-61850-GOOSE
6. app:IEC-61850-SV

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability
2. threat[68655]:Suspicious Webshell Backdoor Access and Control
3. threat[24897]:WordPress ChopSlider 3 SQL injection vulnerability (CVE-2020-11530)
4. app:IEC-61850-MMS


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-28 17:33:02
名称: eoi.unify.allrulepatch.ips.5.6.10.22680.rule 版本:5.6.10.22680
MD5:f341fffe06881faa846795643f129147 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22680。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229)
2. 攻击[24894]:Microsoft Edge ChakraCore类型混淆信息披露(CVE-2017-0134)
3. 攻击[24892]:Oracle WebLogic Server FileDistributionServlet信息泄露漏(CVE-2019-2625)
4. 攻击[24896]:Nagios日志服务器用户配置文件存储型跨站脚本攻击(CVE-2020-6586)
5. 攻击[41757]:网络中发现可疑DNS行为(动态随机域名)
6. 攻击[24897]:WordPress ChopSlider 3 SQL注入漏洞(CVE-2020-11530)



更新规则:
1. 应用:iec-60870-5-104


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22680. This package include changed rules:


new rules:
1. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229)
2. threat[24894]:Microsoft Edge ChakraCore Type Confusion Information Disclosure (CVE-2017-0134)
3. threat[24892]:Oracle WebLogic Server FileDistributionServlet Information Disclosure Vulnerability (CVE-2019-2625)
4. threat[24896]:Nagios Log Server User Profile Stored Cross-Site Scripting(CVE-2020-6586)
5. threat[41757]:Suspicious DNS behavior found in the network (Dynamic Random Domain Name)
6. threat[24897]:WordPress ChopSlider 3 SQL injection vulnerability (CVE-2020-11530)


update rules:
1. app:iec-60870-5-104

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-21 18:57:49
名称: eoi.unify.allrulepatch.ips.5.6.10.22638.rule 版本:5.6.10.22638
MD5:4e26224644b639a065dae79231aebfb1 大小:25.17M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22638。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24890]:Grandstream UCM6200 远程代码执行漏洞(CVE-2020-5722)
2. 攻击[24889]:Draytek Vigor远程代码执行漏洞(CVE-2020-8515)
3. 攻击[24888]:Netlink GPON路由器远程代码执行漏洞
4. 攻击[24865]:Nagios XI Two Reflected 跨站脚本攻击漏洞(CVE-2020-10819)
5. 攻击[24864]:AVTECH 视频监控设备未授权命令执行漏洞
6. 攻击[24883]:Zabbix jsrpc.php SQL注入漏洞(CVE-2016-10134)
7. 攻击[24881]:Zabbix latest.php SQL注入漏洞(CVE-2016-10134)
8. 攻击[24866]:Edimax EW-7438RPn 1.13 远程代码执行漏洞
9. 攻击[24879]:winmail邮箱管理系统任意文件下载漏洞
10. 攻击[24878]:Winmail邮件管理系统任意文件上传漏洞
11. 攻击[24877]:eYou list_userinfo.php SQL注入漏洞
12. 攻击[24876]:eYou action_help.class.php SQL注入漏洞
13. 攻击[24868]:TP-LINK Cloud Cameras NCXXX Bonjour 命令注入漏洞(CVE-2020-12109)
14. 攻击[24873]:eYou v4 邮件系统 domain_logo.php 命令执行漏洞
15. 攻击[24871]:Microsoft Windows SMB Server远程代码执行漏洞(CVE-2017-0143)(ms17-010)
16. 攻击[24872]:ELTEX NTP-RG-1402G命令注入漏洞(CVE-2020-9026)
17. 攻击[24869]:School ERP Pro 1.0任意文件读取漏洞
18. 攻击[24880]:FasterXML jackson-databind 远程代码执行漏洞(CVE-2020-11113)
19. 攻击[24870]:School ERP Pro 1.0 任意文件上传漏洞
20. 攻击[24887]:GhostScript 沙箱绕过(命令执行)漏洞(CVE-2019-6116)


更新规则:
1. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22638. This package include changed rules:

new rules:
1. threat[24890]:Grandstream UCM6200 Remote Code Execution Vulnerability (CVE-2020-5722)
2. threat[24889]:Draytek Vigor Remote Code Execution Vulnerability (CVE-2020-8515)
3. threat[24888]:Netlink GPON router remote code execution vulnerability
4. threat[24865]:Nagios XI Two Reflected Cross-Site Scripting Vulnerability(CVE-2020-10819)
5. threat[24864]:Unauthorized command execution vulnerability in AVTECH video surveillance equipment
6. threat[24883]:Zabbix jsrpc.php SQL injection vulnerability (CVE-2016-10134)
7. threat[24881]:Zabbix latest.php SQL injection vulnerability (CVE-2016-10134)
8. threat[24866]:Edimax EW-7438RPn 1.13 Remote Code Execution
9. threat[24879]:winmail mailbox management system abitrary download vulnerability
10. threat[24878]:winmail mail management system arbitrary upload vulnerability
11. threat[24877]:eYou list_userinfo.php SQL injection vulnerability
12. threat[24876]:eYou action_help.class.php SQL injection vulnerability
13. threat[24868]:TP-LINK Cloud Cameras NCXXX Bonjour Command Injection(CVE-2020-12109)
14. threat[24873]:eYou v4 mail system domain_logo.php command execution vulnerability
15. threat[24871]:Microsoft Windows SMB Server Remote Code Execution Vulnerability(CVE-2017-0143)(ms17-010)
16. threat[24872]:ELTEX NTP-RG-1402G command injection vulnerability (CVE-2020-9026)
17. threat[24869]:School ERP Pro 1.0 Arbitrary File Read
18. threat[24880]:FasterXML jackson-databind Remote Code Execution Vulnerability(CVE-2020-11113)
19. threat[24870]:School ERP Pro 1.0 arbitrary file upload vulnerability
20. threat[24887]:GhostScript Sandbox Bypass (Command Execution) Vulnerability(CVE-2019-6116)


update rules:
1. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-15 09:52:01
名称: eoi.unify.allrulepatch.ips.5.6.10.22624.rule 版本:5.6.10.22624
MD5:ef9694fde23251985603285fc2171228 大小:25.18M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22624。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24885]:Adobe LiveCycle Data Services XML外部实体注入(XXE)漏洞(CVE-2015-3269)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22624. This package include changed rules:

new rules:
1. threat[24885]:Adobe LiveCycle Data Services XML External Entity Injection(XXE) Vulnerability(CVE-2015-3269)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-10 08:46:12
名称: eoi.unify.allrulepatch.ips.5.6.10.22577.rule 版本:5.6.10.22577
MD5:9046bcc35cc9536e5b73a359c34405ef 大小:25.15M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22577。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24849]:通达OA任意文件上传漏洞
2. 攻击[24851]:Spring Security OAuth 远程代码执行漏洞(CVE-2016-4977)
3. 攻击[24850]:Jenkins CLI-RMI 反序列化远程代码执行漏洞(CVE-2015-8103)
4. 攻击[24852]:Jenkins-CI 远程代码执行漏洞(CVE-2016-9299,CVE-2017-1000353)
5. 攻击[24854]:Jenkins远程命令执行漏洞(CVE-2018-1000861)
6. 攻击[24855]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2018-16621)
7. 攻击[24856]:Sonatype Nexus Repository Manager EL表达式注入漏洞(CVE-2020-10199)
8. 攻击[24821]:WSO2 3.1.0 任意文件删除
9. 攻击[24826]:Edimax Technology EW-7438RPn-v3 Mini 1.27 远程代码执行漏洞
10. 攻击[24859]:Jenkins Script Security Plugin沙箱绕过/远程代码执行(CVE-2019-1003005)(CVE-2019-1003029)
11. 攻击[30741]:通达OA无登录获取敏感信息
12. 攻击[24857]: ElasticSearch 动态脚本任意java执行(CVE-2014-3120)
13. 攻击[24860]: Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8599)
14. 攻击[24861]: Trend Micro Apex One and OfficeScan目录遍历漏洞(CVE-2020-8470)
15. 攻击[24862]:SaltStack远程命令执行漏洞(CVE-2020-11651)
16. 攻击[24863]:SaltStack目录遍历漏洞(CVE-2020-11652)
17. 应用:eyou-mail



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22577. This package include changed rules:

new rules:
1. threat[24849]:TongDa OA arbitrary file upload vulnerability
2. threat[24851]:Spring Security OAuth remote code execution vulnerability (CVE-2016-4977)
3. threat[24850]:Jenkins CLI-RMI Java Deserialization(CVE-2015-8103)
4. threat[24852]:Jenkins-CI Remote Code Execution Vulnerability(CVE-2016-9299,CVE-2017-1000353)
5. threat[24854]:Jenkins Remote Command Execution Vulnerability(CVE-2018-1000861)
6. threat[24855]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2018-16621)
7. threat[24856]:Sonatype Nexus Repository Manager EL Expression Injection Vulnerability (CVE-2020-10199)
8. threat[24821]:WSO2 3.1.0 Arbitrary File Delete
9. threat[24826]:Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution Vulnerability
10. threat[24859]:Jenkins ACL Bypass and Metaprogramming RCE(CVE-2019-1003005)(CVE-2019-1003029)
11. threat[30741]:Access OA Without Login To Obtain Sensitive Information
12. threat[24857]:ElasticSearch Dynamic Script Arbitrary Java Execution(CVE-2014-3120)
13. threat[24860]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8599)
14. threat[24861]:Trend Micro Apex One and OfficeScan Directory Traversal Vulnerability(CVE-2020-8470)
15. threat[24862]:SaltStack Remote Command Execution Vulnerability(CVE-2020-11651)
16. threat[24863]:SaltStack Directory Traversal Vulnerability(CVE-2020-11652)
17. app:eyou-mail


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-05-07 18:34:59
名称: eoi.unify.allrulepatch.ips.5.6.10.22558.rule 版本:5.6.10.22558
MD5:c6edb090aea16322baeed7fbb688402b 大小:25.14M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22558。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24831]:Subex ROC Partner Settlement 不安全的直接对象引用漏洞(CVE-2020-9384)
2. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
3. 攻击[24833]:CentOS web面板认证系统命令注入漏洞(CVE-2018-18322)
4. 攻击[30740]:CentOS Web Panel 0.9.8.480 本地文件包含(CVE-2018-18223)
5. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞
6. 攻击[24835]:Discuz! ML远程代码执行漏洞(CVE-2019-13956)
7. 攻击[24836]:Drupal RESTWS Module 7.x PHP 远程代码执行漏洞
8. 攻击[24837]:Drupal CODER Module 远程代码执行漏洞
9. 攻击[24839]:php上传文件绕过
10. 攻击[24840]:jboss反序列化漏洞(CVE-2017-7504)
11. 攻击[24838]:Discuz!X /utility/convert/index.php远程代码执行漏洞
12. 攻击[24841]:Jboss未授权访问漏洞(CVE-2010-0738)
13. 攻击[24843]:phpcms 2008远程代码执行漏洞
14. 攻击[24844]:Dell SonicWALL Scrutinizer q参数SQL注入漏洞
15. 攻击[24845]:Oxwall1.7.0代码执行漏洞
16. 攻击[24846]:phpcms2008 代码注入漏洞


更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[24627]:dedecms sys_verifies.php远程代码执行漏洞(CVE-2018-9174)
3. 攻击[24375]:ThinkPHP5 5.0.23 远程代码执行漏洞
4. 攻击[41704]:Windows CMD命令行反向连接
5. 应用:ftp



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22558. This package include changed rules:

new rules:
1. threat[24831]:Subex ROC Partner Settlement Insecure Direct Object Reference (IDOR) Vulnerability(CVE-2020-9384)
2. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781)
3. threat[24833]:CentOS Web Panel Authenticated OS Command Injection
4. threat[30740]:CentOS Web Panel 0.9.8.480 Local File Inclusion(CVE-2018-18223)
5. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability
6. threat[24835]:Discuz! ML RCE Vulnerability (CVE-2019-13956)
7. threat[24836]:Drupal RESTWS Module 7.x PHP Remote Code Execution Vulnerability
8. threat[24837]:Drupal CODER Module Remote Command Execution Vulnerability
9. threat[24839]:php upload file bypass
10. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504)
11. threat[24838]:Discuz!X /utility/convert/index.php Remote Code Execution Vulnerability
12. threat[24841]:Jboss Unauthorized Access Vulnerability (CVE-2010-0738)
13. threat[24843]:phpcms 2008 remote code execution vulnerability
14. threat[24844]:Dell SonicWALL Scrutinizer q parameter SQL injection vulnerability
15. threat[24845]:Oxwall 1.7.0 code execution vulnerability
16. threat[24846]:phpcms2008 code injection vulnerability


update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[24627]:dedecms sys_verifies.php Remote Code Execution Vulnerability (CVE-2018-9174)
3. threat[24375]:ThinkPHP5 5.0.23 Remote Code Execution Vulnerability
4. threat[41704]:Windows CMD Command Line Reverse Connect
5. app:ftp



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-30 14:52:01
名称: eoi.unify.allrulepatch.ips.5.6.10.22459.rule 版本:5.6.10.22459
MD5:e167ea878cc313ba7791dd26cb4a525e 大小:25.08M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22459。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24824]:Oracle WebLogic Server 服务器端请求伪造(SSRF)漏洞(CVE-2014-4210)
2. 攻击[41753]:恶意程序linux/nemesis_a网络通信
3. 攻击[41755]:恶意程序Windows/Mozart网络通信
4. 攻击[24825]:Exim base64d()函数缓冲区溢出漏洞(CVE-2018-6789)
5. 攻击[24822]:Wordpress Plugin Media Library Assistant 2.81 本地文件包含

更新规则:
1. 攻击[62960]:phpLDAPadmin "functions.php"远程PHP代码注入漏洞
2. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22459. This package include changed rules:

new rules:
1. threat[24824]:Oracle WebLogic Server Server-Side Request Forgery(SSRF) Vulnerability(CVE-2014-4210)
2. threat[41753]:Malicious program linux / nemesis_a network communication
3. threat[41755]:Malicious program Windows / Mozart network communication
4. threat[24825]:Exim base64d() Function Buffer Overflow(CVE-2018-6789)
5. threat[24822]:Wordpress Plugin Media Library Assistant 2.81 Local File Inclusion

update rules:
1. threat[62960]:phpLDAPadmin PHP Code Injection Vulnerability
2. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-23 19:46:58
名称: eoi.unify.allrulepatch.ips.5.6.10.22420.rule 版本:5.6.10.22420
MD5:bd4d5af3dfd4cde4a60715fb2212832c 大小:25.07M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22420。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41739]:WannaRen勒索病毒传输通信
2. 攻击[41740]:恶意木马劫持深信服SSL VPN升级程序SangforUD.exe
3. 攻击[41741]:Cobalt Strike渗透攻击工具Beacon HTTPS通信
4. 攻击[30738]:Jinfornet Jreport 15.6 无需认证的目录遍历漏洞
5. 攻击[24812]:NVMS-9000 camera 远程代码执行漏洞
6. 攻击[24813]:Eir D1000路由器远程代码执行漏洞
7. 攻击[24814]:HPE智能管理中心ViewBatchTaskResultDetailBean语言注入漏洞(CVE-2019-5386)
8. 攻击[41742]:恶意程序Windows/VIDAR_a窃密木马网络通信
9. 攻击[24816]:rConfig Network Device Configuration Tool ajaxAddTemplate.php命令注入(CVE-2020-10221)
10. 攻击[41743]:恶意程序Windows/RevengeRAT远控木马网络通信
11. 攻击[41744]:恶意程序Windows/ParasiteStealer窃密木马网络通信
12. 攻击[41745]:恶意程序Windows/VTFLOODER远控木马网络通信
13. 攻击[41747]:恶意程序Raudotek僵尸木马上线通信
14. 攻击[41748]:恶意程序Windows/NanoCore远控木马网络通信
15. 攻击[41746]:恶意程序Dark_Nexus僵尸网络上线通信
16. 攻击[41750]:恶意程序GoBrut僵尸网络上线通信
17. 攻击[41751]:恶意程序AutoitPredator僵尸网络上线通信
18. 攻击[24817]:NagiosXI 5.6.11 address 远程代码执行漏洞
19. 攻击[24818]:Symantec Web Gateway 5.0.2.8 远程代码执行漏洞
20. 攻击[30739]:Cisco Small Business RV320和RV325信息泄露漏洞(CVE-2019-1653)
21. 攻击[24819]:Zen Load Balancer 3.10.1 目录遍历漏洞
22. 攻击[41752]:恶意程序FYHHOS僵尸网络上线通信
23. 攻击[24820]:Webtateas 2.0 任意文件读取
24. 攻击[24822]:Wordpress Plugin Media Library Assistant 2.81 本地文件包含
25. 攻击[24823]:MVPower DVR Shell未授权远程命令执行漏洞

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[24745]:Linear eMerge E3访问控制器命令注入(CVE-2019-7256)
3. 攻击[24203]:ESF pfSense system_groupmanager.php命令注入漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22420. This package include changed rules:

new rules:
1. threat[41739]:WannaRen ransomware transmission communication
2. threat[41740]:Malicious Trojan Hijacking Sangfor SSL VPN Update Program SangforUD.exe
3. threat[41741]:Penetration Test Tool Cobalt Strike Beacon HTTPS Communication
4. threat[30738]:Jinfornet Jreport 15.6 Unauthenticated Directory Traversal Vulnerability
5. threat[24812]:NVMS-9000 camera remote code execution vulnerability
6. threat[24813]:Eir D1000 router remote code execution vulnerability
7. threat[24814]:HPE Intelligent Management Center ViewBatchTaskResultDetailBean Language Injection Vulnerability(CVE-2019-5386)
8. threat[41742]:Malware Windows/VIDAR_a Stealth Trojan Network Communication
9. threat[24816]:rConfig Network Device Configuration Tool ajaxAddTemplate.php Command Injection(CVE-2020-10221)
10. threat[41743]:Malware Windows/RevengeRAT Remote Control Trojan Network Communication
11. threat[41744]:Malware Windows/ParasiteStealer Trojan Network Communication
12. threat[41745]:MalwareWindows / VTFLOODER remote control Trojan network communication
13. threat[41747]:Malware Raudotek Zombie Trojan communication
14. threat[41748]:Malware Windows / NanoCore remote control Trojan network communication
15. threat[41746]:Malware Dark_Nexus Botnet Network Communication
16. threat[41750]:Malware GoBrut Botnet Network Communication
17. threat[41751]:Malware AutoitPredator Botnet Network Communication
18. threat[24817]:NagiosXI 5.6.11 address remote code execution vulnerability
19. threat[24818]:Symantec Web Gateway 5.0.2.8 Remote Code Execution
20. threat[30739]:Cisco Small Business RV320 and RV325 Information Disclosure Vulnerability(CVE-2019-1653)
21. threat[24819]:Zen Load Balancer 3.10.1 directory traversal vulnerability
22. threat[41752]:Malware FYHHOS Botnet Network Communication
23. threat[24820]:Webtateas 2.0 Arbitrary File Read
24. threat[24822]:Wordpress Plugin Media Library Assistant 2.81 Local File Inclusion
25. threat[24823]:MVPower DVR Shell Unauthenticated Command Execution

update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[24745]:Linear eMerge E3 Access Controller Command Injection(CVE-2019-7256)
3. threat[24203]:ESF pfSense system_groupmanager.php Command Injection Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-16 17:52:57
名称: eoi.unify.allrulepatch.ips.5.6.10.22340.rule 版本:5.6.10.22340
MD5:8337c64b631c0e1de64b26a38e458ec6 大小:25.03M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22340。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24802]:WiKID 2FA企业服务器 groups.js 跨站脚本攻击(CVE-2019-17116)
2. 攻击[24768]:Centreon formMibs.php 代码注入漏洞
3. 攻击[24803]:Cisco Data Center Network Manager importTS 命令注入漏洞(CVE-2019-15979)
4. 攻击[24804]:Cisco Data Center Network Manager createLanFabric 命令注入漏洞(CVE-2019-15978)
5. 攻击[24805]:HPE IMC ForwardRedirect表达式语言注入漏洞
6. 攻击[24806]:Microsoft SharePoint Server存储型跨站脚本攻击漏洞(CVE-2020-0693)
7. 攻击[24807]:WordPress 10Web Photo Gallery Plugin存储型跨站脚本攻击漏洞(CVE-2020-9335)
8. 攻击[50586]:网络爬虫头条抓取网页信息
9. 攻击[50587]:网络爬虫Bing抓取网页信息
10. 攻击[50588]:网络爬虫Moz抓取网页信息
11. 攻击[50589]:网络爬虫神马搜索抓取网页信息
12. 攻击[24808]:OpenDreamBox 2.0.0 Plugin WebAdmin 命令注入漏洞
13. 攻击[24809]:Joomla! com_fabrik 3.9.11目录遍历漏洞
14. 攻击[24810]:Zen Load Balancer 3.10.1 命令注入漏洞(CVE-2019-7301)
15. 攻击[24811]:Apache Solr Velocity远程代码执行漏洞(CVE-2019-17558)
16. 攻击[41738]:Cobalt Strike渗透攻击工具Beacon HTTP通信

更新规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[23725]:应用服务器glassfish任意文件读取漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22340. This package include changed rules:

new rules:
1. threat[24802]:WiKID 2FA Enterprise Server groups.jsp Cross-Site Scripting(CVE-2019-17116)
2. threat[24768]:Centreon formMibs.php Command Injection Vulnerability
3. threat[24803]:Cisco Data Center Network Manager importTS Command Injection(CVE-2019-15979)
4. threat[24804]:Cisco Data Center Network Manager createLanFabric Command Injection Vulnerability (CVE-2019-15978)
5. threat[24805]:HPE IMC ForwardRedirect Expression Language Injection Vulnerability
6. threat[24806]:Microsoft SharePoint Server Stored Cross-Site Scripting Vulnerability(CVE-2020-0693)
7. threat[24807]:WordPress 10Web Photo Gallery Plugin Stored Cross-Site Scripting Vulnerability(CVE-2020-9335)
8. threat[50586]:Web Crawlers Toutiao Capture Page Information
9. threat[50587]:Web Crawlers Bing Capture Page Information
10. threat[50588]:Web Crawlers Moz Capture Page Information
11. threat[50589]:Web Crawlers Shenma Capture Page Information
12. threat[24808]:OpenDreamBox 2.0.0 Plugin WebAdmin command injection vulnerability
13. threat[24809]:Joomla! Com_fabrik 3.9.11 directory traversal vulnerability
14. threat[24810]:Zen Load Balancer 3.10.1 Command Injection Vulnerability (CVE-2019-7301)
15. threat[24811]:Apache Solr Velocity Remote Code Execution Vulnerability (CVE-2019-17558)
16. threat[41738]:Penetration Test Tool Cobalt Strike Beacon HTTP Communication

update rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[23725]:Application server Glassfish Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-09 18:01:09
名称: eoi.unify.allrulepatch.ips.5.6.10.22284.rule 版本:5.6.10.22284
MD5:da6d5801e3cd918941ad4153521f439b 大小:25.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22284。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24797]:PHPUnit 远程代码执行漏洞(CVE-2017-9841)
2. 攻击[24798]:uftpd FTP服务器PORT命令处理栈缓冲区溢出漏洞(CVE-2020-5204)
3. 攻击[24799]:WiKID Systems 2FA Enterprise Server 跨站脚本漏洞(CVE-2019-17120)
4. 攻击[24800]:FIBARO System Home Center 5.021 远程文件包含漏洞
5. 攻击[24801]:Cisco Data Center Network Manager reportTemplateUploadPolicy 路径遍历漏洞(CVE-2019-15980)

更新规则:
1. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞(CVE-2020-2555)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22284. This package include changed rules:

new rules:
1. threat[24797]:PHPUnit Remote Code Execution Vulnerability(CVE-2017-9841)
2. threat[24798]:uftpd FTP Server PORT Command Handling Stack Buffer Overflow Vulnerability(CVE-2020-5204)
3. threat[24799]:WiKID 2FA Enterprise Server Cross-Site Scripting Vulnerability(CVE-2019-17120)
4. threat[24800]:FIBARO System Home Center 5.021 Remote File Include Vulnerability
5. threat[24801]:Cisco Data Center Network Manager reportTemplateUploadPolicy Directory Traversal Vulnerability(CVE-2019-15980)

update rules:
1. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-04-03 10:59:38
名称: eoi.unify.allrulepatch.ips.5.6.10.22245.rule 版本:5.6.10.22245
MD5:58d5ca1e255e2526eaebe7af4724e270 大小:25.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22245。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24769]:Sangoma Asterisk manager.c 命令执行漏洞(CVE-2019-18610)
2. 攻击[24770]:Cisco Data Center Network Manager getLicenses SQL 注入漏洞(CVE-2019-15984)
3. 攻击[30736]:Cisco Data Center Network Manager getRestoreLog 目录遍历漏洞(CVE-2019-15980)
4. 攻击[30737]:Cisco Data Center Network Manager saveLicenseFileToServer 目录遍历漏洞(CVE-2019-15980)
5. 攻击[24767]:Oracle E-Business Suite Human Resources SQL注入漏洞(CVE-2020-2586)
6. 攻击[24771]:PHPStudy Backdoor 远程代码执行漏洞
7. 攻击[24772]:ASUS RT-N10+ 2.0.3.4代码执行漏洞
8. 攻击[24773]:Gila CMS deleteAction本地文件包含漏洞(CVE-2020-5513)
9. 攻击[24774]:Advantech WISE-PaaS RMM WechatSignin wechattokenlogin 外部实体注入漏洞(CVE-2019-18227)
10. 攻击[24775]:HPE IMC TvxlanLegendBean表达式语言注入漏洞
11. 攻击[24777]:Squid Proxy HTTP Host缓冲区溢出漏洞(CVE-2020-8450)
12. 攻击[24778]:Netlink GPON Router 1.0.11 R远程代码执行漏洞
13. 攻击[24779]:Exploit Horde Groupware Webmail Edition 5.2.22 远程代码执行漏洞(CVE-2020-8518)
14. 攻击[24780]:Exploit Phoenix Contact TC Router / TC Cloud Client 命令注入漏洞 (CVE-2020-9436)
15. 攻击[24785]:PHPMoAdmin 1.1.2 远程代码执行漏洞(CVE-2015-2208)
16. 攻击[24786]:Joomla! SQL注入漏洞(CVE-2015-7297)
17. 攻击[24784]:Western Digital MyCloud PR4100 Web管理组件安全漏洞(CVE-2017-17560
18. 攻击[24787]:Axis网络摄像头 .srv 远程代码执行漏洞 (CVE-2018-10660)
19. 攻击[24788]:Drupal OpenID外部实体注入(CVE-2012-4554)
20. 攻击[24789]:Joomla未授权创建用户漏洞(CVE-2016-8870)
21. 攻击[41736]:隐藏眼镜蛇– Joanap后门木马通信
22. 攻击[50584]:网络爬虫抓取网页信息
23. 攻击[24790]:PHPKB Multi-Language 9 授权目录遍历漏洞(CVE-2020-10387)
24. 攻击[24791]:rConfig 3.9 SQL注入漏洞(CVE-2020-10220)
25. 攻击[24792]:PHPKB Standard Multi-Language 9 远程代码执行漏洞(CVE-2020-10386)
26. 攻击[24793]:Centreon Poller 授权远程代码执行漏洞
27. 攻击[24794]:通达OA任意文件包含漏洞

更新规则:
1. 攻击[24740]:OpenSMTPD 6.6.2远程执行代码(CVE-2020-7247)
2. 攻击[23695]:Apache Struts2 多个安全漏洞
3. 攻击[24250]:Drupal核心远程代码执行漏洞
4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551
5. 攻击[22703]:phpMyAdmin preg_replace() 远程PHP代码执行


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22245. This package include changed rules:

new rules:
1. threat[24769]:Sangoma Asterisk manager.c Command Execution Vulnerability(CVE-2019-18610)
2. threat[24770]:Cisco Data Center Network Manager getLicenses SQL Injection Vulnerability(CVE-2019-15984)
3. threat[30736]:Cisco Data Center Network Manager getRestoreLog Directory Traversal Vulnerability(CVE-2019-15980)
4. threat[30737]:Cisco Data Center Network Manager saveLicenseFileToServer Directory Traversal(CVE-2019-15980)
5. threat[24767]:Oracle E-Business Suite Human Resources SQL Injection(CVE-2020-2586)
6. threat[24771]:PHPStudy Backdoor Remote Code Execution Vulnerability
7. threat[24772]:ASUS RT-N10+ 2.0.3.4 Command Execution Vulnerability
8. threat[24773]:Gila CMS deleteAction Local File InclusionVulnerability(CVE-2020-5513)
9. threat[24774]:Advantech WISE-PaaS RMM WechatSignin wechattokenlogin External Entity Injection(CVE-2019-18227)
10. threat[24775]:HPE IMC TvxlanLegendBean Expression Language Injection Vulnerability
11. threat[24777]:Squid Proxy HTTP Host Buffer Overflow Vulnerability(CVE-2020-8450)
12. threat[24778]:Netlink GPON Router 1.0.11 R Remote Code Execution Vulnerability
13. threat[24779]:Exploit Horde Groupware Webmail Edition 5.2.22 Remote Code Execution Vulnerability (CVE-2020-8518)
14. threat[24780]:Exploit Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability (CVE-2020-9436)
15. threat[24785]:PHPMoAdmin 1.1.2 Remote Code Execution Vulnerability (CVE-2015-2208))
16. threat[24786]:Joomla! SQL Injection Vulnerability(CVE-2015-7297)
17. threat[24784]:Western Digital MyCloud PR4100 Web Management Component Security Vulnerability (CVE-2017-17560)
18. threat[24787]:Axis Network Camera - .srv to parhand Remote Code Execution(CVE-2018-10660)
19. threat[24788]:Drupal OpenID External Entity Injection(CVE-2012-4554)
20. threat[24789]:Joomla no authorized to create a user vulnerability (CVE-2016-8870)
21. threat[41736]:HIDDEN COBRA – Joanap Backdoor Trojan Connection
22. threat[50584]:Web crawler crawls web page information
23. threat[24790]:PHPKB Multi-Language 9 Authorized Directory Traversal Vulnerability (CVE-2020-10387)
24. threat[24791]:rConfig 3.9 SQL Injection Vulnerability (CVE-2020-10220)
25. threat[24792]:PHPKB Standard Multi-Language 9 Remote Code Execution Vulnerability(CVE-2020-10386)
26. threat[24793]:Centreon Poller Authorizes Remote Code Execution Vulnerability
27. threat[24794]:Tongda OA Arbitrary File Contains Vulnerability

update rules:
1. threat[24740]:OpenSMTPD 6.6.2 Remote Code Execution(CVE-2020-7247)
2. threat[23695]:Apache Struts2 Multiple Security Vulnerability
3. threat[24250]:Drupal Core Remote Code Execution Vulnerability
4. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551)
5. threat[22703]:phpMyAdmin 3.5.8 and 4.0.0-RC2 -Remote Code Execution via preg_replace()


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-26 18:12:48
名称: eoi.unify.allrulepatch.ips.5.6.10.22166.rule 版本:5.6.10.22166
MD5:6ec172412c5a6f7311e314ee3161c493 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22166。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24759]:Virtual Freer 1.58 远程代码执行漏洞
2. 攻击[24761]:HomeAutomation 3.3.2 远程代码执行漏洞
3. 攻击[24762]:Voyager 1.3.0 目录遍历漏洞
4. 攻击[24760]:Apache ShardingSphere UI YAML解析远程代码执行漏洞(CVE-2020-1947)
5. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796)
6. 攻击[41735]:恶意程序恶性木马下载器“幽虫”网络通信
7. 攻击[24764]:Nagios XI 经过授权的任意文件上传漏洞
8. 攻击[24765]:Wordpress Plugin Search Meter 2.13.2 CSV 注入漏洞
9. 攻击[24766]:Sysaid 20.1.11 b26 未授权任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22166. This package include changed rules:

new rules:
1. threat[24759]:Virtual Freer 1.58 Remote Code Execution Vulnerability
2. threat[24761]:HomeAutomation 3.3.2 Remote Code Execution Vulnerability
3. threat[24762]:Voyager 1.3.0 directory traversal vulnerability
4. threat[24760]:Apache ShardingSphere UI YAML Parse Remote Code Execution Vulnerability(CVE-2020-1947)
5. threat[24763]:Microsoft SMBv3 Remote Code Execution Vulnerability(CVE-2020-0796)
6. threat[41735]:Malicious program Trojan downloader "Phantom" network communication
7. threat[24764]:Nagios XI authorized arbitrary file upload vulnerability
8. threat[24765]:Wordpress Plugin Search Meter 2.13.2 CSV injection vulnerability
9. threat[24766]:Sysaid 20.1.11 b26 Unauthorized arbitrary file upload vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-20 17:53:17
名称: eoi.unify.allrulepatch.ips.5.6.10.22154.rule 版本:5.6.10.22154
MD5:36ba9a80ff309eb6bde5598607f2963d 大小:25.45M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22154。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24763]:Microsoft SMBv3远程代码执行漏洞(CVE-2020-0796)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22154. This package include changed rules:


new rules:
1. threat[24763]:Microsoft SMBv3 Remote Code Execution Vulnerability(CVE-2020-0796)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-13 20:22:18
名称: eoi.unify.allrulepatch.ips.5.6.10.22137.rule 版本:5.6.10.22137
MD5:5d8c72a82f52d82686a15744b24160a7 大小:25.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22137。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10503]:Siemens Desigo PX 6.00 拒绝服务漏洞(CVE-2019-13927)
2. 攻击[30734]:东阳媒体DM-AP240T / W无线接入点远程配置泄漏
3. 攻击[24746]:eWON Flexy 13.0路由器身份验证绕过漏洞
4. 攻击[49039]:恶意程序LiquorBot网络通信
5. 攻击[41733]:恶意程序Oski Stealer网络通信
6. 攻击[30735]:iSee Hybrid QDVR WH-H4 1.03R / 2.0.0.P(get_jpeg)流泄漏漏洞
7. 攻击[24747]:LibreNMS Collected 命令注入漏洞(CVE-2019-10669)
8. 攻击[24748]:OctoberCMS上传保护绕过代码执行漏洞(CVE-2017-1000119)
9. 攻击[24750]:FreeSWITCH 1.10.1 命令执行漏洞
10. 攻击[41734]:Qakbot僵尸网络恶意行为通信
11. 攻击[24751]:TP-Link TL-WR849N 认证绕过漏洞(CVE-2019-19143)
12. 攻击[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB 任意代码执行漏洞
13. 攻击[24753]:Linear eMerge E3 1.00-06 目录遍历漏洞(CVE-2019-7254)
14. 攻击[24754]:UniSharp Laravel File Manager 2.0.0 任意文件读取漏洞
15. 攻击[24755]:RICOH Aficio SP 5200S HTML注入漏洞
16. 攻击[24756]:Google Chrome 80 JSCreate类型混淆漏洞(CVE-2020-6418)
17. 攻击[24757]:Oracle Coherence反序列化远程代码执行漏洞(CVE-2020-2555)
18. 攻击[24758]:ThinkCMF框架任意文件包含漏洞

更新规则:
1. 攻击[23833]:phpMyAdmin远程代码执行漏洞(CVE-2016-5734)
2. 攻击[24749]:医院管理系统4.0持久性跨站点脚本攻击漏洞(CVE-2020-5191)
3. 攻击[24741]:D-Link DIR-859未经身份验证的远程命令执行(CVE-2019-17621)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22137. This package include changed rules:

new rules:
1. threat[10503]:Siemens Desigo PX 6.00 Denial Of Service(CVE-2019-13927)
2. threat[30734]:Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure
3. threat[24746]:eWON Flexy 13.0 Router Authentication Bypass
4. threat[49039]:Malware LiquorBot Network Communication
5. threat[41733]:Malware Oski Stealer Network Communication
6. threat[30735]:iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure
7. threat[24747]:LibreNMS Collected Command Injection Vulnerability(CVE-2019-10669)
8. threat[24748]:OctoberCMS Upload Protection Bypass Code Execution Vulnerability(CVE-2017-1000119)
9. threat[24750]:FreeSWITCH 1.10.1Command Execution Vulnerability
10. threat[41734]:Qakbot Botnet Malicious Communicate Behavior
11. threat[24751]:TP-Link TL-WR849N Authentication Bypass Vulnerability(CVE-2019-19143)
12. threat[24752]:Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution Vulnerability
13. threat[24753]:Linear eMerge E3 1.00-06 Directory Traversal Vulnerability(CVE-2019-7254)
14. threat[24754]:UniSharp Laravel File Manager 2.0.0 Arbitrary File Read Vulnerability
15. threat[24755]:RICOH Aficio SP 5200S HTML Injection Vulnerability
16. threat[24756]:Google Chrome 80 JSCreate Side-effect Type Confusion Vulnerability(CVE-2020-6418)
17. threat[24757]:Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555)
18. threat[24758]:ThinkCMF Framework Arbitrary File Inclusion Vulnerability

update rules:
1. threat[23833]:phpMyAdmin Remote Code Execution Vulnerability(CVE-2016-5734)
2. threat[24749]:Hospital Management System 4.0 Persistent Cross-Site Scripting Vulnerability(CVE-2020-5191)
3. threat[24741]:D-Link DIR-859 Unauthenticated Remote Command Execution(CVE-2019-17621)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-12 17:19:18
名称: eoi.unify.allrulepatch.ips.5.6.10.22068.rule 版本:5.6.10.22068
MD5:0e1ff93ad45510014b3da1d0251b5b63 大小:25.41M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22068。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24730]:The ZyXEL P660HN-T1A v1未授权命令注入漏洞(CVE-2017-18368)
2. 攻击[24731]:The ZyXEL P660HN-T1A v2授权命令注入漏洞(CVE-2017-18370)
3. 攻击[24732]:TrueOnline Billion 5200W-T 1.02b未授权命令注入漏洞(CVE-2017-18369)
4. 攻击[24733]:The Billion 5200W-T TCLinux授权命令注入漏洞(CVE-2017-18372)
5. 攻击[24734]:Netgear Devices 3.5.5.0 之前版本未授权命令注入漏洞(CVE-2016-1555)
6. 攻击[24735]:NETGEAR DGN2200v1/v2/v3/v4 授权命令注入漏洞(CVE-2017-6077)
7. 攻击[24736]:NETGEAR DGN2200 10.0.0.50 授权命令执行漏洞(CVE-2017-6334)
8. 攻击[24737]:NUUO NVRMini2 3.9.1授权命令注入漏洞(CVE-2018-15716)
9. 攻击[24738]:Freelance Management App v1.0.0任意文件下载漏洞(CVE-2020-5505)
10. 攻击[24739]:Apache James Server 2.3.2不安全的用户创建/任意文件写入(CVE-2015-7611)
11. 攻击[24740]:OpenSMTPD 6.6.2远程执行代码(CVE-2020-7247)
12. 攻击[24742]:Liferay CE Portal 6.0.2 远程代码执行漏洞
13. 攻击[24743]:Netis WF2419 V1.2.31805,V2.2.36123授权命令注入漏洞(CVE-2019-19356)
14. 攻击[24744]:Comtrend VR-3033 授权命令执行漏洞

更新规则:
1. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22068. This package include changed rules:

new rules:
1. threat[24730]:The ZyXEL P660HN-T1A v1 Unauthorized Command Injection Vulnerability (CVE-2017-18368)
2. threat[24731]:The ZyXEL P660HN-T1A v2 Authorized Command Injection Vulnerability (CVE-2017-18370)
3. threat[24732]:TrueOnline Billion 5200W-T 1.02b Unauthorized Command Injection Vulnerability (CVE-2017-18369)
4. threat[24733]:The Billion 5200W-T TCLinux Authorized Command Injection Vulnerability (CVE-2017-18372)
5. threat[24734]:Netgear Devices Prior to 3.5.5.0 Unauthorized Command Injection Vulnerability (CVE-2016-1555)
6. threat[24735]:NETGEAR DGN2200v1 / v2 / v3 / v4 Authorized Command Injection Vulnerability (CVE-2017-6077)
7. threat[24736]:NETGEAR DGN2200 10.0.0.50 Authorized Command Execution Vulnerability (CVE-2017-6334)
8. threat[24737]:NUUO NVRMini2 3.9.1 Authorized Command Injection Vulnerability (CVE-2018-15716)
9. threat[24738]:Freelance Management App v1.0.0 Arbitrary File Download Vulnerablity(CVE-2020-5505)
10. threat[24739]:Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write(CVE-2015-7611)
11. threat[24740]:OpenSMTPD 6.6.2 Remote Code Execution(CVE-2020-7247)
12. threat[24742]:Liferay CE Portal 6.0.2 Remote Code Execution Vulnerability
13. threat[24743]:Netis WF2419 V1.2.31805, V2.2.36123 Authorized Command Injection Vulnerability (CVE-2019-19356)
14. threat[24744]:Comtrend VR-3033 Authorized Command Execution Vulnerability

update rules:
1. threat[24729]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2020-0688)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-03-05 17:33:55
名称: eoi.unify.allrulepatch.ips.5.6.10.22014.rule 版本:5.6.10.22014
MD5:cf076fc0a3981e24afe3fe6ab267530d 大小:25.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.22014。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24721]:Axis SSI 远程代码执行漏洞
2. 攻击[24720]:Microsoft Office SharePoint存储型跨站脚本攻击(CVE-2019-1070)
3. 攻击[24722]:FLIR Thermal Camera FC-S/PT 命令注入漏洞
4. 攻击[24724]:D-Link DGS-1250 头部注入漏洞
5. 攻击[30733]:LabVantage 8.3 信息泄露漏洞
6. 攻击[24725]:jackson-databind JNDI注入远程代码执行漏洞(CVE-2020-8840)
7. 攻击[24708]:Prima Access Control 2.3.35经python脚本上传漏洞(CVE-2019-9189)
8. 攻击[24709]:IBM RICOH 6400 打印机代码注入漏洞
9. 攻击[24710]:OpenEMR New.php 命令注入漏洞(CVE-2019-3968)
10. 攻击[24713]:GilaCMS 认证用户本地文件包含漏洞(CVE-2019-16679)
11. 攻击[24712]:Netcore NW710 登录权限绕过
12. 攻击[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 远程代码执行漏洞
13. 攻击[24715]:FusionPBX exec.php 文件命令执行漏洞
14. 攻击[24716]:Online Course Registration 2.0 远程代码执行漏洞
15. 攻击[24717]:EyesOfNetwork 5.3 SQL注入漏洞(CVE-2020-8656)
16. 攻击[24718]:EyesOfNetwork 5.3 远程代码执行漏洞(CVE-2020-8654)
17. 攻击[24726]:Cacti 1.2.8 任意os命令执行漏洞(CVE-2020-8813)
18. 攻击[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota 任意文件上传漏洞
19. 攻击[24728]:Avaya Aura Communication Manager 5.2 远程代码执行漏洞
20. 攻击[24729]:Microsoft Exchange Server远程代码执行漏洞(CVE-2020-0688)

更新规则:
1. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
2. 攻击[24702]:LG SuperSign CMS 2.5 远程代码执行漏洞(CVE-2018-17173)
3. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
4. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞(RCE)(CVE-2017-12629)
5. 攻击[24599]:RConfig v3.9.2未授权RCE漏洞
6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663)
7. 攻击[41604]:恶意程序windows/Ramnit_a网络通信
8. 攻击[30732]:HPE智能管理中心dbman命令信息泄露(CVE-2019-5392)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.22014. This package include changed rules:


new rules:
1. threat[24721]:Axis SSI Remote Code Execution Vulnerability
2. threat[24720]:Microsoft Office SharePoint Stored Cross-site Scripting(CVE-2019-1070)
3. threat[24722]:FLIR Thermal Camera FC-S / PT command injection vulnerability
4. threat[24724]:D-Link DGS-1250 Header Injection Vulnerability
5. threat[30733]:LabVantage 8.3 Information Disclosure
6. threat[24725]:jackson-databind JNDI Injection Remote Code Execution Vulnerability(CVE-2020-8840)
7. threat[24708]:Prima Access Control 2.3.35 Authenticated Python Script Upload Root RCE(CVE-2019-9189)
8. threat[24709]:IBM RICOH 6400 Printer Code Injection Vulnerability
9. threat[24710]:OpenEMR New.php Command Injection Vulnerability(CVE-2019-3968)
10. threat[24713]:GilaCMS Authenticated Local File Inclusion(LFI) (CVE-2019-16679)
11. threat[24712]:Netcore NW710 login permission bypass
12. threat[24714]:ASUS DSL-N12E_C1 1.1.2.3_345 remote code execution vulnerability
13. threat[24715]:FusionPBX Command exec.php Command Execution Vulnerability
14. threat[24716]:Online Course Registration 2.0 Remote Code Execution Vulnerability
15. threat[24717]:EyesOfNetwork 5.3 SQL Injection Vulnerability (CVE-2020-8656)
16. threat[24718]:EyesOfNetwork 5.3 Remote Code Execution Vulnerability (CVE-2020-8654)
17. threat[24726]:Cacti 1.2.8 Arbitrary OS Command Execution Vulnerability (CVE-2020-8813)
18. threat[24727]:Advantech WISE-PaaS RMM UpgradeMgmt upload_ota Arbitrary File Upload Vulnerability
19. threat[24728]:Avaya Aura Communication Manager 5.2 Remote Code Execution vulnerability
20. threat[24729]:Microsoft Exchange Server Remote Code Execution Vulnerability(CVE-2020-0688)

update rules:
1. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781)
2. threat[24702]:LG SuperSign CMS 2.5 Remote Code Execution Vulnerability (CVE-2018-17173)
3. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution
4. threat[24308]:Apache Solr/LuceneXML Remote Command Execution Vulnerability (RCE) (CVE-2017-12629)
5. threat[24599]:RConfig v3.9.2 unauthorized RCE vulnerability
6. threat[24654]:rConfig search.crud.php Command Injection(CVE-2019-16663)
7. threat[41604]:Malicious program windows/Ramnit_a network communication
8. threat[30732]:HPE Intelligent Management Center dbman Command Information Disclosure(CVE-2019-5392)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-27 14:04:55
名称: eoi.unify.allrulepatch.ips.5.6.10.21979.rule 版本:5.6.10.21979
MD5:dd3a7cfecd968786dc3cf4f33cb6be1b 大小:25.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21979。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24719]:Apache Tomcat AJP协议文件包含漏洞(CVE-2020-1938)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21979. This package include changed rules:

new rules:
1. threat[24719]:Apache Tomcat AJP Protocol File Inclusion Vulnerability(CVE-2020-1938)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-21 16:03:09
名称: eoi.unify.allrulepatch.ips.5.6.10.21943.rule 版本:5.6.10.21943
MD5:48a8544225615b2c5e260fce6027b45c 大小:25.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21943。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24707]:LearnDash WordPress LMS Plugin 3.1.2 - Reflective 跨站脚本攻击漏洞(CVE-2020-7108)
2. 攻击[30728]:ELOG retrieve_url信息泄露漏洞(CVE-2019-3993)
3. 攻击[24706]:HIYU BF430 TCP IP Converter - Stored 跨站脚本攻击漏洞(CVE-2020-8839)
4. 攻击[30727]:Microsoft SharePoint 信息泄漏漏洞(CVE-2019-1443)
5. 攻击[41732]:勒索软件Maktub Locker恶意加密程序下载
6. 攻击[24701]:Xfinity Gateway 命令注入漏洞
7. 攻击[24703]:戴尔KACE K1000远程执行代码漏洞
8. 攻击[24704]:Apache Dubbo反序列化漏洞(CVE-2019-17564)
9. 攻击[24705]:Pandora FMS 7.0 Authenticated 远程代码执行漏洞(CVE-2020-8947)
10. 攻击[24692]:D-Link设备远程命令执行漏洞(CVE-2019-20215)
11. 攻击[30730]:Digitus DN-16048 摄像头远程配置泄露
12. 攻击[24693]:thinkcmf-5.0.190111后台任意文件写入漏洞(CVE-2019-7580)
13. 攻击[24694]:FlameCMS 3.3.5 SQL注入漏洞(CVE-2019-16309)
14. 攻击[24695]:OKLite v1.2.25 任意文件删除漏洞(CVE-2019-16132)
15. 攻击[30731]:Lexmark Services Monitor 2.27.4.0.39 目录遍历漏洞
16. 攻击[24687]:Citrix Application Delivery Controller和网关目录遍历(CVE-2020-19781)
17. 攻击[24696]:HomeAutomation v3.3.2 CSRF 远程命令执行漏洞
18. 攻击[24698]:HomeAutomation 3.3.2 打开重定向漏洞
19. 攻击[24699]:YouPHPTube 7.7 SQL 注入漏洞(CVE-2019-18662)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21943. This package include changed rules:

new rules:
1. threat[24707]:LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vulnerability(CVE-2020-7108)
2. threat[30728]:ELOG retrieve_url Information Disclosure Vulnerability(CVE-2019-3993)
3. threat[24706]:HIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vulnerability(CVE-2020-8839)
4. threat[30727]:Microsoft SharePoint Information Disclosure Vulnerability(CVE-2019-1443)
5. threat[41732]:Ransomware Maktub Locker Downloading Malicious Encryption Program
6. threat[24701]:Xfinity Gateway command injection vulnerability
7. threat[24703]:Dell KACE K1000 Remote Code Execution Vulnerability
8. threat[24704]:Apache Dubbo Deserialization Vulnerability(CVE-2019-17564)
9. threat[24705]:APandora FMS 7.0 Authenticated Remote Code Execution Vulnerability(CVE-2020-8947)
10. threat[24692]:D-Link Devices Remote Command Execution Vulnerability(CVE-2019-20215)
11. threat[30730]:Digitus DN-16048 Camera Remote Configuration Disclosure
12. threat[24693]:thinkcmf-5.0.190111 background arbitrary file writing vulnerability (CVE-2019-7580)
13. threat[24694]:FlameCMS 3.3.5 SQL Injection Vulnerability (CVE-2019-16309)
14. threat[24695]:OKLite v1.2.25 Arbitrary File Deletion Vulnerability (CVE-2019-16132)
15. threat[30731]:Lexmark Services Monitor 2.27.4.0.39 Directory Traversal
16. threat[24687]:Citrix Application Delivery Controller and Gateway Directory Traversal(CVE-2020-19781)
17. threat[24696]:HomeAutomation v3.3.2 CSRF Remote Command Execution
18. threat[24698]:HomeAutomation 3.3.2 Open Redirect vulnerability
19. threat[24699]:YouPHPTube 7.7 SQL Injection Vulnerability(CVE-2019-18662)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-21 13:49:12
名称: eoi.unify.allrulepatch.ips.5.6.10.21917.rule 版本:5.6.10.21917
MD5:f68dc2fb7b55ce89fd50155ce7494e72 大小:25.34M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21917。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30729]:OwnCloud 8.1.8-用户名泄露漏洞
2. 攻击[41731]:雄迈摄像头固件后门漏洞通信
3. 攻击[24690]:Apache SSI注入远程代码执行漏洞
4. 攻击[24691]:Car Rental Project 1.0 文件上传漏洞(CVE-2020-5509)
5. 攻击[24689]:phpMyAdmin 4.x sql注入漏洞(CVE-2020-5504)
6. 攻击[24682]:IceWarp WebMail 11.4.4.1 XSS漏洞(CVE-2020-8512)
7. 攻击[24683]:基于REALTEK SDK的路由器(TOTOLINK和许多其他)代码执行漏洞(CVE-2019-19824)
8. 攻击[24684]:3Com OfficeConnect远程代码执行漏洞
9. 攻击[30726]:ASTPP 4.0.1 VoIP Billing - 数据库泄露漏洞
10. 攻击[24685]:Jira 8.3.4 信息披露漏洞(CVE-2019-8449)
11. 攻击[24688]:Heatmiser Netmonitor 3.03 -HTML注入漏洞

更新规则:
1. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)
2. 攻击[24678]:rConfig 3.9.3远程执行代码漏洞(CVE-2019-19509)
3. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21917. This package include changed rules:

new rules:
1. threat[30729]:OwnCloud 8.1.8 - Username Disclosure Vulnerability
2. threat[41731]:Xiongmai Camera Firmware Backdoor Communication
3. threat[24690]:Apache SSI Injection Remote Code Execution Vulnerability
4. threat[24691]:Car Rental Project 1.0 File Upload Vulnerability (CVE-2020-5509)
5. threat[24689]:phpMyAdmin 4.x SQL Injection Vulnerability (CVE-2020-5504)
6. threat[24682]:IceWarp WebMail 11.4.4.1 XSS Vulnerability (CVE-2020-8512)
7. threat[24683]:REALTEK SDK based Routers (TOTOLINK and many Other) Code Execution Vulnerability(CVE-2019-19824)
8. threat[24684]:3Com OfficeConnect Remote Code Execution
9. threat[30726]:ASTPP 4.0.1 VoIP Billing - Database Disclosure Vulnerability
10. threat[24685]:Jira 8.3.4 Information Disclosure Vulnerability (CVE-2019-8449)
11. threat[24688]:Heatmiser Netmonitor 3.03 - HTML Injection

update rules:
1. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894)
2. threat[24678]:rConfig 3.9.3 Remote Code Execution Vulnerability (CVE-2019-19509)
3. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-14 14:36:43
名称: eoi.unify.allrulepatch.ips.5.6.10.21833.rule 版本:5.6.10.21833
MD5:54d68f9cb72244af3cbbf9655462ba38 大小:25.32M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21833。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24672]:Thomson Reuters Velocity Analytics 远程代码注入漏洞(CVE-2013-5912)
2. 攻击[24673]:Apache FreeMarker模板FusionAuth远程代码执行漏洞(CVE-2020-7799)
3. 攻击[24674]:ZOHO ManageEngine ServiceDeskPlus XSS漏洞(CVE-2020-6843)
4. 攻击[24676]:Satellian 1.1.2远程代码执行漏洞(CVE-2020-7980)
5. 攻击[24675]:Adive Framework跨站脚本攻击XSS/跨站请求伪造CSRF漏洞(CVE-2020-7991)
6. 攻击[24677]:Microsoft .NET Framework 远程代码执行漏洞(CVE-2020-0646)
7. 攻击[24678]:rConfig 3.9.3远程执行代码漏洞(CVE-2019-19509)
8. 攻击[24680]:Homematic CCU2 TCL脚本解释器远程代码执行漏洞(CVE-2018-7297)

更新规则:
1. 攻击[22656]:D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21833. This package include changed rules:

new rules:
1. threat[24672]:Thomson Reuters Velocity Analytics Remote Code Injection Vulnerability(CVE-2013-5912)
2. threat[24673]:Apache FreeMarker Template FusionAuth Remote Code Execution Vulnerability(CVE-2020-7799)
3. threat[24674]:ZOHO ManageEngine ServiceDeskPlus XSS Vulnerability (CVE-2020-6843)
4. threat[24676]:Satellian 1.1.2 remote code execution vulnerability(CVE-2020-7980)
5. threat[24675]:Adive Framework Cross-site Scripting/Cross-Site Request Forgery Vulnerability(CVE-2020-7991)
6. threat[24677]:Microsoft .NET Framework Remote Code Execution Vulnerability(CVE-2020-0646)
7. threat[24678]:rConfig 3.9.3 Remote Code Execution Vulnerability (CVE-2019-19509)
8. threat[24680]:Homematic CCU2 TCL Script Interpreter Remote Code Execution Vulnerability(CVE-2018-7297)

update rules:
1. threat[22656]:D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-02-06 18:16:04
名称: eoi.unify.allrulepatch.ips.5.6.10.21799.rule 版本:5.6.10.21799
MD5:f6a6082704a93e1ace30bb091c62e106 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21799。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24667]:Citrix NetScaler SD-WAN 远程命令执行漏洞(CVE-2017-6316)
2. 攻击[24668]:Citrix ADC&NetScaler远程命令执行漏洞(CVE-2019-19781)
3. 攻击[24669]:Job Portal 1.0 任意文件上传
4. 攻击[24670]:PandoraFMS v7.0NG 远程代码执行漏洞(CVE-2019-20224)

更新规则:
1. 攻击[24201]:NetGain Systems Enterprise Manager exec jsp 命令执行漏洞(CVE-2017-16602)

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21799. This package include changed rules:


new rules:
1. threat[24667]:Citrix NetScaler SD-WAN Remote Command Execution Vulnerability(CVE-2017-6316)
2. threat[24668]:Citrix ADC & NetScaler Remote Command Execution Vulnerability (CVE-2019-19781)
3. threat[24669]:Job Portal 1.0 arbitrary file upload
4. threat[24670]:PandoraFMS v7.0NG Remote Code Execution Vulnerability (CVE-2019-20224)

update rules:
1. threat[24201]:NetGain Systems Enterprise Manager exec jsp Command Execution(CVE-2017-16602)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-30 21:49:38
名称: eoi.unify.allrulepatch.ips.5.6.10.21798.rule 版本:5.6.10.21798
MD5:432ba732b385618be1f44b28ba121d8c 大小:25.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21798。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24663]:Enigma NMS系统命令注入漏洞(CVE-2019-16072)
2. 攻击[24664]:三菱电子smartRTU和Inea ME-RTU 操作系统命令注入漏洞(CVE-2019-14931)
3. 攻击[24665]:PixelStor 5000 K:4.0.1580-20150629-远程执行代码漏洞(CVE-2020-6756)
4. 攻击[24666]:Sar2HTML 3.2.1 远程命令执行漏洞

更新规则:
1. 攻击[23766]:Dell KACE K1000文件上传漏洞
2. 攻击[66891]:PHP CGI查询字符串参数处理信息泄露及拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21798. This package include changed rules:


new rules:
1. threat[24663]:Enigma NMS OS Command Injection Vulnerability(CVE-2019-16072)
2. threat[24664]:Mitsubishi Electric smartRTU and Inea ME-RTU OS Command Injection Vulnerability(CVE-2019-14931)
3. threat[24665]:PixelStor 5000 K: 4.0.1580-20150629-Remote Code Execution Vulnerability (CVE-2020-6756)
4. threat[24666]:Sar2HTML 3.2.1 Remote Command Execution Vulnerability

update rules:
1. threat[23766]:Dell KACE K1000 File Upload Vulnerability
2. threat[66891]:PHP CGI Query String Parameter Handling Information Disclosure and DoS Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-23 20:40:10
名称: eoi.unify.allrulepatch.ips.5.6.10.21797.rule 版本:5.6.10.21797
MD5:c72d7fd39d01c2b64fcc801c666faba8 大小:25.30M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21797。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24660]:Netgear R6400远程代码执行漏洞(CVE-2016-6277)
2. 攻击[24661]:SonicWall Global Management System 任意代码执行漏洞(CVE-2018-9866)
3. 攻击[24662]:Technicolor调制解调器命令注入漏洞(CVE-2017-14127)(CVE-2019-18396)
4. 攻击[24671]:Weblogic WLS 组件 IIOP 协议远程代码执行漏洞(CVE-2020-2551)

更新规则:
1. 攻击[21374]:Apache Struts远程命令执行漏洞
2. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21797. This package include changed rules:


new rules:
1. threat[24660]:Netgear R6400 Remote Code Execution Vulnerability(CVE-2016-6277)
2. threat[24661]:SonicWall Global Management System Remote Code Execution Vulnerability(CVE-2018-9866)
3. threat[24662]:Technicolor Modem Command Injection Vulnerability(CVE-2017-14127)(CVE-2019-18396)
4. threat[24671]:Weblogic WLS component IIOP protocol remote code execution vulnerability(CVE-2020-2551)

update rules:
1. threat[21374]:Apache Struts Remote Command Execution Vulnerability
2. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-16 14:47:47
名称: eoi.unify.allrulepatch.ips.5.6.10.21731.rule 版本:5.6.10.21731
MD5:c9626fba509802b4d8d305ab4407057c 大小:25.31M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21731。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24649]:joomla 3.7 SQL注入漏洞(CVE-2017-8917)
2. 攻击[24650]:Jetty web server 远程共享缓冲区泄漏(CVE-2015-2080)
3. 攻击[24651]:LiteSpeed Technologies LiteSpeed Web Server MIME种类文件代码注入漏洞(CVE-2007-5654)
4. 攻击[24652]:mongo-express远程代码执行漏洞(CVE-2019-10758)
5. 攻击[24653]:Jenkins CI Server build-metrics XSS漏洞
6. 攻击[24654]:rConfig search.crud.php 命令注入漏洞(CVE-2019-16663)
7. 攻击[24655]:Enigma NMS 65.0.0-跨站点请求伪造漏洞(CVE-2019-16068)
8. 攻击[24656]:Spring Web Flow远程代码执行漏洞(CVE-2017-4971)
9. 攻击[24657]:Squid Proxy URN响应处理堆缓冲区溢出
10. 攻击[24658]:Karakuzu ERP Management Web 5.7.0 SQL 注入
11. 攻击[24659]:IceWarp 12.2.0 / 12.1.x 跨站脚本攻击(CVE-2019-19266)

更新规则:
1. 攻击[24526]:PHP7 zip组件整型溢出漏洞(CVE-2016-3078)
2. 攻击[20266]:Oracle 9i应用服务器无需授权访问管理目录漏洞攻击
3. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
4. 攻击[21374]:Apache Struts远程命令执行漏洞
5. 攻击[24146]:JbossAS反序列化远程命令执行漏洞(CVE-2017-12149)
6. 攻击[10412]:Apache HTTP Server畸形Range和Range-Request选项处理远程拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21731. This package include changed rules:

new rules:
1. threat[24649]:joomla 3.7 SQL Injection Vulnerability (CVE-2017-8917)
2. threat[24650]:Jetty web server remote shared buffer leak (CVE-2015-2080)
3. threat[24651]:jLiteSpeed Technologies LiteSpeed Web Server MIME Kind File Code Injection Vulnerability (CVE-2007-5654)
4. threat[24652]:mongo-express Remote Code Execution Vulnerability(CVE-2019-10758)
5. threat[24653]:Jenkins CI Server build-metrics Cross-Site Scripting
6. threat[24654]:rConfig search.crud.php Command Injection(CVE-2019-16663)
7. threat[24655]:Enigma NMS 65.0.0-Cross-Site Request Forgery Vulnerability (CVE-2019-16068)
8. threat[24656]:Spring Web Flow Remote Code Execution Vulnerability(CVE-2017-4971)
9. threat[24657]:Squid Proxy URN Response Processing Heap Buffer Overflow
10. threat[24658]:Karakuzu ERP Management Web 5.7.0 SQL Injection
11. threat[24659]:IceWarp 12.2.0 / 12.1.x Cross-Site Scripting Attack (CVE-2019-19266)

update rules:
1. threat[24526]:PHP7 zip Component Integer Overflow Vulnerability(CVE-2016-3078)
2. threat[20266]:Oracle 9i Application Server Admin Directory Unauthorized Access
3. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238)
4. threat[21374]:Apache Struts Remote Command Execution Vulnerability
5. threat[24146]:JbossAS Serialized Object Remote Code Execution Vulnerability(CVE-2017-12149)
6. threat[10412]:Apache HTTP Server Denial Of Service Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-11 11:39:57
名称: eoi.unify.allrulepatch.ips.5.6.10.21681.rule 版本:5.6.10.21681
MD5:31c9b9e24ad843a0b355a48c95d3fd97 大小:25.29M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21681。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24642]:phpMyChat-Plus 1.98 - 'pmc_username' 参数跨站脚本攻击漏洞
2. 攻击[24641]:Netgain Enterprise Manager PING操作命令注入漏洞
3. 攻击[24643]:Roxy Fileman 1.4.5 NET目录遍历漏洞
4. 攻击[24644]:NUOO NVRmini/NVRmini2/NVRTitan/Crystal/NVRSolo 远程命令执行漏洞
5. 攻击[24645]:AVTECH 视频监控设备 adcommand.cgi远程命令执行漏洞
6. 攻击[24646]:Cisco Security Manager RMI不安全反序列化漏洞(CVE-2019-12630)
7. 攻击[24647]:Apache Log4j 反序列化代码执行(CVE-2019-17571) 漏洞
8. 攻击[24648]:D-Link Routers操作系统命令注入漏洞(CVE-2015-2051)

更新规则:
1. 攻击[24613]:WiKID Systems 2FA EnterpriseSQL注入漏洞(CVE-2019-17117)
2. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞(CVE-2015-1427)
3. 攻击[24299]:D-Link DSL-2750B任意命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21681. This package include changed rules:

new rules:
1. threat[24642]:phpMyChat-Plus 1.98-'pmc_username' parameter cross-site scripting vulnerability
2. threat[24641]:NetGain Enterprise Manager Ping Command Injection Vulnerability
3. threat[24643]:Roxy Fileman 1.4.5 .NET directory traversal vulnerability
4. threat[24644]:NUOO NVRmini/NVRmini2/NVRTitan/Crystal/NVRSolo Remote Code Execution Vulnerability
5. threat[24645]:AVTECH video surveillance device adcommand.cgi remote command execution vulnerability
6. threat[24646]:Cisco Security Manager RMI Insecure Deserialization Vulnerability(CVE-2019-12630)
7. threat[24647]:Apache Log4j Deserialization Code Execution (CVE-2019-17571) Vulnerability
8. threat[24648]:D-Link Routers Operation System Command Injection Vulnerability(CVE-2015-2051)

update rules:
1. threat[24613]:WiKID Systems 2FA EnterpriseSQL Injection Vulnerability (CVE-2019-17117)
2. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427)
3. threat[24299]:D-Link DSL-2750B Arbitrary Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2020-01-03 17:59:38
名称: eoi.unify.allrulepatch.ips.5.6.10.21636.rule 版本:5.6.10.21636
MD5:fa9ee61f106ed906a6fb3c0ea81912a8 大小:25.27M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21636。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24629]:Xerox AltaLink 跨站请求伪造漏洞(CVE-2019-19832)
2. 攻击[24630]:Linksys多款路由器ttcp_ip参数远程命令执行漏洞
3. 攻击[24631]:Vacron网络视频录像设备远程命令执行漏洞
4. 攻击[41727]:Buran勒索病毒请求连接
5. 攻击[24632]:EnGenius EnShare IoT Gigabit Cloud Service远程命令执行漏洞
6. 攻击[41728]:Buran勒索病毒传输通信
7. 攻击[24633]:AVTECH 录像监控设备远程命令执行漏洞
8. 攻击[24634]:Zyxel EMG2926家庭路由器命令注入漏洞(CVE-2017-6884)
9. 攻击[24635]:AVTECH 视频监控设备未经身份验证的信息泄露漏洞
10. 攻击[41729]:木马后门程序Emotet网络
11. 攻击[24636]:AVTECH DVR设备未经身份验证的ssrf漏洞
12. 攻击[24637]:AVTECH 视频监控设备认证绕过漏洞
13. 攻击[41730]:APT组织Sednit攻击活动
14. 攻击[24638]:AVTECH 视频监控设备登录验证码绕过漏洞
15. 攻击[24639]:OPF OpenProject sortBy 跨站脚本攻击漏洞(CVE-2019-17092)
16. 攻击[24640]:YouPHPTube Encoder getImage.php命令注入漏洞(CVE-2019-5127)

更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[22656]:D-Link DIR-600 / DIR-300 非授权远程命令执行漏洞
3. 攻击[23756]:多种安防监控系统存在远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21636. This package include changed rules:

new rules:
1. threat[24629]:Xerox AltaLink Cross-Site Request Forgery Vulnerability (CVE-2019-19832)
2. threat[24630]:Linksys Routers ttcp_ip Parameter Remote Command Execution Vulnerability
3. threat[24631]:Vacron NVR Remote Command Execution Vulnerability
4. threat[41727]:Buran ransomware requests connection
5. threat[24632]:EnGenius EnShare IoT Gigabit Cloud Service Remote Command Execution Vulnerability
6. threat[41728]:Buran ransomware transmission communication
7. threat[24633]:AVTECH IP Camera/NVR/DVR Remote Command Execution Vulnerability
8. threat[24634]:Zyxel EMG2926 Router Command Injection Vulnerability(CVE-2017-6884)
9. threat[24635]:AVTECH Video Surveillance Device Unauthenticated Information Disclosure Vulnerability
10. threat[41729]:Trojan Backdoor Emotet Network
11. threat[24636]:AVTECH DVR device unauthenticated ssrf vulnerability
12. threat[24637]:AVTECH Video Surveillance Device Certification Bypass Vulnerability
13. threat[41730]:APT organizes Sednit attack
14. threat[24638]:AVTECH Video Surveillance Device Login Verification Code Bypass Vulnerability
15. threat[24639]:OPF OpenProject sortBy Cross-Site Scripting Vulnerability(CVE-2019-17092)
16. threat[24640]:YouPHPTube Encoder getImage.php Command Injection Vulnerability(CVE-2019-5127)

update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[22656]:D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
3. threat[23756]:Multiple CCTV-DVR Systems Remote Command Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-26 19:14:26
名称: eoi.unify.allrulepatch.ips.5.6.10.21583.rule 版本:5.6.10.21583
MD5:f7a74101b59093ca5036db7f64a6deec 大小:25.25M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21583。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24618]:Centova Cast 3.2.11任意文件下载漏洞
2. 攻击[24619]:Mersive Technologies Solstice Pods 操作系统命令注入漏洞(CVE-2017-12945)
3. 攻击[24620]:Verot 2.0.3 - 文件上传漏洞(CVE-2019-19576)
4. 攻击[24621]:OkayCMS 2.3.4远程执行代码漏洞(CVE-2019-16885)
5. 攻击[24622]:VBScript远程执行代码漏洞(CVE-2019-1485)
6. 攻击[24624]:WordPress CSS Hero 4.0.3跨站脚本攻击(CVE-2019-19133)
7. 攻击[30725]:数据库文件.mdb文件尝试访问下载
8. 攻击[24625]:Apache php文件后缀解析漏洞
9. 攻击[24627]:dedecms sys_verifies.php远程代码执行漏洞(CVE-2018-9174)
10. 攻击[24626]:TemaTres 3.0跨站脚本攻击(CVE-2019-14343)
11. 攻击[24628]:Advantech WISE-PaaS RMM任意文件上传漏洞(CVE-2019-13551)

更新规则:
1. 攻击[24614]:Sahi Pro 7.x / 8.x目录遍历(CVE-2018-20470)
2. 攻击[24616]:Joomla JS Support Ticket 1.1.5任意文件下载
3. 攻击[41499]:HTTP请求敏感路径访问尝试
4. 攻击[41534]:网页包含挖矿脚本代码
5. 攻击[23309]:TWiki search功能任意SHELL命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21583. This package include changed rules:

new rules:
1. threat[24618]:Centova Cast 3.2.11 Arbitrary File Download
2. threat[24619]:Mersive Technologies Solstice Pods Operating System Command Injection Vulnerability(CVE-2017-12945)
3. Verot 2.0.3-File Upload Vulnerability (CVE-2019-19576)
4. threat[24621]:OkayCMS 2.3.4 Remote Code Execution Vulnerability (CVE-2019-16885)
5. threat[24622]:VBScript Remote Code Execution Vulnerability(CVE-2019-1485)
6. threat[24624]:WordPress CSS Hero 4.0.3 Cross Site Scripting (CVE-2019-19133)
7. threat[30725]:try to access and download .mdb database file
8. threat[24625]:Apache php file suffix parsing vulnerability
9. threat[24627]:dedecms sys_verifies.php Remote Code Execution Vulnerability (CVE-2018-9174)
10. threat[24626]:TemaTres 3.0 Cross Site Scripting(CVE-2019-14343)
11. threat[24628]:Advantech WISE-PaaS RMM Arbitrary File Upload Vulnerability(CVE-2019-13551)

update rules:
1. threat[24614]:Sahi Pro 7.x / 8.x Directory Traversal(CVE-2018-20470)
2. threat[24616]:Joomla JS Support Ticket 1.1.5 Arbitrary File Download
3. threat[41499]:HTTP Request Sensitive Path Access Attempt
4. threat[41534]:Web Page Contains Mining Script Code
5. threat[23309]:TWiki Search Function Arbitrary Command Execution


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-19 17:57:50
名称: eoi.unify.allrulepatch.ips.5.6.10.21512.rule 版本:5.6.10.21512
MD5:e3fdb4b2d757ba3b87d6ff7d537ddd12 大小:25.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21512。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41726]:Lemon_Duck PowerShell 恶意软件C2服务器通信
2. 攻击[24613]:WiKID Systems 2FA EnterpriseSQL注入漏洞(CVE-2019-17117)
3. 攻击[24614]:Sahi Pro 7.x / 8.x目录遍历(CVE-2018-20470)
4. 攻击[24615]:FaceSentry访问控制系统6.4.8远程命令注入

更新规则:
1. 攻击[23811]:Apache APR_PSPrintf 内存破坏漏洞
2. 攻击[24457]:ElasticSearch远程任意代码执行漏洞(CVE-2014-3120)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21512. This package include changed rules:

new rules:
1. threat[41726]:Lemon_Duck PowerShell malware C2 server communication
2. threat[24613]:WiKID Systems 2FA EnterpriseSQL Injection Vulnerability (CVE-2019-17117)
3. threat[24614]:Sahi Pro 7.x / 8.x Directory Traversal(CVE-2018-20470)
4. threat[24615]:FaceSentry Access Control System 6.4.8 Remote Command Injection

update rules:
1. threat[23811]:Apache APR_PSPrintf Memory Corruption Vulnerability
2. threat[24457]:ElasticSearch Remote Arbitrary Code Execution Vulnerability (CVE-2014-3120)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-12 17:32:42
名称: eoi.unify.allrulepatch.ips.5.6.10.21465.rule 版本:5.6.10.21465
MD5:f800f1a9222cdb354e49d7b55d7da8b8 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21465。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41725]:MyKings僵尸网络通信

更新规则:
1. 攻击[23997]:Jackson-Databind框架json反序列化代码执行漏洞(CVE-2017-7525)
2. 攻击[60192]:SMTP服务器命令格式串漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21465. This package include changed rules:

new rules:
1. threat[41725]:MyKings Botnet Communication

update rules:
1. threat[23997]:Jackson-Databind framework json deserialization code execution vulnerability(CVE-2017-7525)
2. threat[60192]:SMTP Server Command Format String Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-12-05 18:36:25
名称: eoi.unify.allrulepatch.ips.5.6.10.21443.rule 版本:5.6.10.21443
MD5:308249bca22a641b42d623ae7046c3d6 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21443。该升级包新增/改进的规则有:


更新规则:
1. 攻击[66892]:PHP CGI查询字符串参数处理代码注入漏洞(CVE-2012-1823)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21443. This package include changed rules:


update rules:
1. threat[66892]:PHP CGI Query String Parameter Handling Code Injection Vulnerability(CVE-2012-1823)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-29 11:07:21
名称: eoi.unify.allrulepatch.ips.5.6.10.21434.rule 版本:5.6.10.21434
MD5:3f819796f14c370eb3f769390e5fe3a0 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21434。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41724]:APT组织TransparentTribe攻击活动

更新规则:
1. 攻击[24605]:HPE智能管理中心AMF3反序列化漏洞(CVE-2019-11944)
2. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
3. 攻击[23783]:nginx文件类型错误解析漏洞
4. 攻击[66892]:PHP CGI查询字符串参数处理代码注入漏洞(CVE-2012-1823)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21434. This package include changed rules:


new rules:
1. threat[41724]:APT organizes the TransparentTribe attack

update rules:
1. threat[24605]:HPE Intelligent Management Center AMF3 Externalizable Deserialization Vulnerability(CVE-2019-11944)
2. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution
3. threat[23783]:nginx Incorrect File Type Parse Vulnerability
4. threat[66892]:PHP CGI Query String Parameter Handling Code Injection Vulnerability(CVE-2012-1823)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-22 15:02:09
名称: eoi.unify.allrulepatch.ips.5.6.10.21411.rule 版本:5.6.10.21411
MD5:dfd2ea5ae7cd529b377fee17306bc6de 大小:25.24M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21411。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24602]:OpenEMR facility_admin.php跨站脚本漏洞(CVE-2019-8368)
2. 攻击[24603]:YouPHPTube远程代码执行漏洞(CVE-2019-16124)
3. 攻击[24604]:Windows NTLM认证篡改漏洞(CVE-2019-1166)
4. 攻击[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL注入漏洞
5. 攻击[24607]:OpenEMR C_Document.class.php view_action doc_id 跨站脚本攻击(CVE-2019-3964)
6. 攻击[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet SQL注入
7. 攻击[24609]:Citrix StoreFront Server 7.15-XML外部实体注入
8. 攻击[24610]:Drupal Database Abstraction API SQL注入漏洞(CVE-2014-3704)
9. 攻击[24611]:Apache Flink Dashboard 未授权访问-远程代码命令执行
10. 攻击[41723]:APT组织"黑格莎"攻击活动

更新规则:
1. 攻击[49013]:挖矿程序连接矿池服务器通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21411. This package include changed rules:

new rules:
1. threat[24602]:OpenEMR facility_admin.php Cross-Site Scripting Vulnerability(CVE-2019-8368)
2. threat[24603]:YouPHPTube Remote Code Execution Vulnerability(CVE-2019-16124)
3. threat[24604]:Windows NTLM Message Integrity Check Tampering Vulnerability(CVE-2019-1166)
4. threat[24606]:Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL Injection Vulnerability
5. threat[24607]:OpenEMR C_Document.class.php view_action doc_id Cross-Site Scripting(CVE-2019-3964)
6. threat[24608]:Zoho ManageEngine OpManager OPMDeviceDetailsServlet category SQL Injection
7. threat[24609]:Citrix StoreFront Server 7.15 - XML External Entity Injection
8. threat[24610]:Drupal Database Abstraction API SQL Injection Vulnerability(CVE-2014-3704)
9. threat[24611]:Apache Flink Dashboard Unauthorized Access - Remote Code Command Execution
10. threat[41723]:APT Ognization Higaisa Attack Behavior

update rules:
1. threat[49013]:Mining program connects mine pool server communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-14 22:09:59
名称: eoi.unify.allrulepatch.ips.5.6.10.21357.rule 版本:5.6.10.21357
MD5:4ed1bf4de75d23b97b65138c30ca0f7c 大小:25.22M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21357。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24599]:RConfig未授权RCE漏洞
2. 攻击[24598]:Apache Solr远程代码执行漏洞
3. 攻击[24600]:rConfig v3.9.2 远程代码执行漏洞
4. 攻击[24597]:Joomla 远程代码执行漏洞
5. 攻击[24601]:ThinkcmfX php代码注入漏洞

更新规则:
1. 攻击[24308]:Apache Solr/LuceneXML远程命令执行漏洞(RCE)(CVE-2017-12629)
2. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193)
3. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21357. This package include changed rules:

new rules:
1. threat[24599]:RConfig unauthorized RCE vulnerability
2. threat[24598]:Apache Solr Remote Code Execution Vulnerability
3. threat[24600]:rConfig v3.9.2 Remote Code Excution Vulnerability
4. threat[24597]:Joomla Remote Code Execution Vulnerability
5. threat[24601]:ThinkcmfX php Code Injection Vulnerability

update rules:
1. threat[24308]:Apache Solr/LuceneXML Remote Command Execution Vulnerability (RCE) (CVE-2017-12629)
2. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193)
3. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-07 18:53:34
名称: eoi.unify.allrulepatch.ips.5.6.10.21325.rule 版本:5.6.10.21325
MD5:578cae607f794639e445693ce1a31c37 大小:25.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21325。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24594]:研华WebAccess BwRPswd.exe基于堆栈的缓冲区溢出(CVE-2019-6550)
2. 攻击[24596]:php-fpm远程代码执行漏洞(CVE-2019-11043)

更新规则:
1. 攻击[62708]:IBM Rational Quality Manager后门账号漏洞
2. 应用:TeamViewer
3. 应用:TeamView


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21325. This package include changed rules:

new rules:
1. threat[24594]:Advantech WebAccess BwRPswd.exe Stack-based Buffer Overflow(CVE-2019-6550)
2. threat[24596]:php-fpm Remote Code Execution Vulnerability(CVE-2019-11043)

update rules:
1. threat[62708]:IBM Rational Quality Manager and Test Lab Manager Remote Code Execution Vulnerability
2. app:TeamViewer
3. app:teamviewer


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-11-01 11:31:59
名称: eoi.unify.allrulepatch.ips.5.6.10.21297.rule 版本:5.6.10.21297
MD5:dca33c40da10444ee04cbd382c7f26b9 大小:25.21M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21297。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24586]:Adobe Acrobat JOBOPTIONS 文件解析越界写漏洞
2. 攻击[24587]:HPE IMC CustomReportTemplateSelectBean 表达式语言注入漏洞(CVE-2019-5373)
3. 攻击[50575]:向日葵远程控制软件连接服务器
4. 攻击[24588]:HPE IMC OperatorGroupTreeSelectBean 表达式语言注入漏洞(CVE-2019-5374)
5. 攻击[24589]:Cisco IOS XE WebUI命令注入漏洞(CVE-2019-12650)
6. 攻击[24590]:Tibco JasperSoft 路径目录遍历漏洞(CVE-2018-18809)
7. 攻击[24591]:Exim string_vformat函数堆缓冲区溢出漏洞(CVE-2019-16928)
8. 攻击[24592]:Elasticsearch Kibana 远程代码执行漏洞(CVE-2019-7609)
9. 攻击[24593]:Adobe Acrobat JOBOPTIONS 文件解析越界读(CVE-2019-7110)

更新规则:
1. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞(CVE-2015-1427)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21297. This package include changed rules:


new rules:
1. threat[24586]:Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Write Vulnerability
2. threat[24587]:HPE IMC CustomReportTemplateSelectBean Expression Language Injection Vulnerability(CVE-2019-5373)
3. threat[50575]:Remote Control Tool Sunlogin Connecting Server
4. threat[24588]:HPE IMC OperatorGroupTreeSelectBean Expression Language Injection Vulnerability(CVE-2019-5374)
5. threat[24589]:Cisco IOS XE WebUI Command Injection Vulnerability(CVE-2019-12650)
6. threat[24590]:Tibco JasperSoft Path Traversal Vulnerability(CVE-2018-18809)
7. threat[24591]:Exim string_vformat Heap-based Buffer Overflow Vulnerability(CVE-2019-16928)
8. threat[24592]:Elasticsearch Kibana Remote Code Execution Vulnerability(CVE-2019-7609)
9. threat[24593]:Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Read(CVE-2019-7110)

update rules:
1. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-24 22:21:10
名称: eoi.unify.allrulepatch.ips.5.6.10.21238.rule 版本:5.6.10.21238
MD5:eda28aa8e4c74a3fc8d514bb61cad6e6 大小:24.68M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21238。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24577]:Atlassian Confluence服务器 PackageResourceManager信息泄露漏洞(CVE-2019-3394)
2. 攻击[24579]:OpenEMR ajax_download.php目录遍历漏洞(CVE-2019-14530)
3. 攻击[24578]:Zabbix认证绕过漏洞
4. 攻击[24580]:OpenEMR ajax_download.php目录遍历漏洞(CVE-2019-3967)
5. 攻击[24581]:uftpd FTP服务器compose_path目录遍历漏洞
6. 攻击[24582]:Jenkins FileParameterValue目录遍历漏洞(CVE-2019-10352)
7. 攻击[24583]:Pulse Secure diag.cgi命令注入(CVE-2019-11539)
8. 攻击[24584]:Pulse Secure Guacamol URI信息泄漏(CVE-2019-11510)
9. 攻击[10500]:Squid Proxy Digest认证拒绝服务漏洞(CVE-2019-12525)
10. 攻击[24585]:D-Link路由器未授权远程命令执行漏洞(CVE-2019-16920)
11. 应用:第一财经
12. 应用:虎扑体育
13. 应用:驱动人生
14. 应用:人人影视
15. 应用:和讯网

更新规则:
1. 攻击[24553]:冰蝎 Webshell 连接
2. 应用:I2P


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21238. This package include changed rules:

new rules:
1. threat[24577]:Atlassian Confluence Server PackageResourceManager Information Disclosure Vulnerability(CVE-2019-3394)
2. threat[24579]:OpenEMR ajax_download.php Directory Traversal Vulnerability(CVE-2019-14530)
3. threat[24578]:Zabbix Authentication Bypass Vulnerability
4. threat[24580]:OpenEMR ajax_download.php Directory Traversal Vulnerability(CVE-2019-3967)
5. threat[24581]:uftpd FTP Server compose_path Directory Traversal Vulnerability
6. threat[24582]:Jenkins FileParameterValue Directory Traversal Vulnerability(CVE-2019-10352)
7. threat[24583]:Pulse Secure diag.cgi Command Injection(CVE-2019-11539)
8. threat[24584]:Pulse Secure Guacamole URI Information Disclosure(CVE-2019-11510)
9. threat[10500]:Squid Proxy Digest Authentication Denial of Service(CVE-2019-12525)
10. threat[24585]:D-Link Routers Unauthorized Remote Command Execution Vulnerability(CVE-2019-16920)
11. app:First Finance and Economics
12. app:Tiger Sports
13. app:Driving life
14. app:RRTV
15. app:

update rules:
1. threat[24553]:Behinder Webshell Connect
2. app:I2P


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-17 21:03:57
名称: eoi.unify.allrulepatch.ips.5.6.10.21169.rule 版本:5.6.10.21169
MD5:91b3e75d19619e1750f94889f7567bc2 大小:24.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21169。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24573]:Microsoft IIS 4.0/5.0 Unicode扩展编码目录遍历漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21169. This package include changed rules:

new rules:
1. threat[24573]:Microsoft IIS 4.0/5.0 Unicode Encoding Directory Traversal Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-10 19:23:29
名称: eoi.unify.allrulepatch.ips.5.6.10.21152.rule 版本:5.6.10.21152
MD5:15269c2042d9eef8d77b04a6663a501b 大小:24.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21152。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24571]:FusionPBX 4.4.8 远程代码执行漏洞
2. 攻击[24572]:vbulletin 5.x 远程代码执行漏洞
3. 攻击[41720]:蚁剑Webshell管理工具连接控制



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21152. This package include changed rules:

new rules:
1. threat[24571]:FusionPBX 4.4.8 Remote Code Execution Vulnerability
2. threat[24572]:Vbulletin 5.x Remote Code Execution Vulnerability
3. threat[41720]:AntSword Webshell Management Tool Connection and Control



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-10-04 10:15:30
名称: eoi.unify.allrulepatch.ips.5.6.10.21135.rule 版本:5.6.10.21135
MD5:ace336a64eec6f952269753ea4ce0a8a 大小:24.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21135。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24568]:Windows NTLM认证篡改漏洞(CVE-2019-1040)
2. 攻击[24569]:Jenkins Git client插件远程命令执行漏洞(CVE-2019-10392)
3. 攻击[41718]:内网隧道工具reGeorg连接



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21135. This package include changed rules:

new rules:
1. threat[24568]:Windows NTLM Message Integrity Check Tampering Vulnerability(CVE-2019-1040)
2. threat[24569]:Jenkins Git client Plugin Remote Code Execution Vulnerability(CVE-2019-10392)
3. threat[41718]:Intranet tunneling tool reGeorg connection



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-26 15:17:50
名称: eoi.unify.allrulepatch.ips.5.6.10.21114.rule 版本:5.6.10.21114
MD5:2fe4426263aac37a15d859f748ac0b45 大小:24.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21114。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24567]:泛微e-cology OA系统远程代码执行漏洞

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21114. This package include changed rules:


new rules:
1. threat[24567]:Weaver e-cology OA System Remote Code Execution Vulnerability

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-22 11:08:35
名称: eoi.unify.allrulepatch.ips.5.6.10.21077.rule 版本:5.6.10.21077
MD5:4bfa29102a8157eaa1b1ad602ff04887 大小:24.55M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21077。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30724]:通用服务敏感信息访问

更新规则:
1. 攻击[24530]:Jira未授权服务端模板注入远程代码执行漏洞(CVE-2019-11581)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21077. This package include changed rules:

new rules:
1. threat[30724]:General Service Sensitive Infomation Access

update rules:
1. threat[24530]:Jira Unauthorized Server Template Injection Remote Code Execution Vulnerability (CVE-2019-11581)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-19 16:30:20
名称: eoi.unify.allrulepatch.ips.5.6.10.21041.rule 版本:5.6.10.21041
MD5:5bd7ff8ce3310ed405250937a8720f1e 大小:24.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21041。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24557]:Apache httpd mod_md 空指针解引用漏洞(CVE-2018-8011)
2. 攻击[24558]:HPE智能管理中心TopoMsgServlet className表达式语言注入漏洞(CVE-2019-11942)
3. 攻击[24559]:HPE智能管理中心PlatNavigationToBean URL表达式语言注入漏洞(CVE-2019-5387)
4. 攻击[24561]:XStream Library ReflectionConverter反序列化漏洞(CVE-2019-10173)
5. 攻击[41712]:OpenVAS扫描攻击探测
6. 攻击[10498]:Fastjson远程拒绝服务漏洞
7. 攻击[50573]:协议隧道工具dnscat连接
8. 攻击[24546]:Adobe ColdFusion CVE-2019-7839远程执行代码(CVE-2019-7839)

更新规则:
1. 攻击[23964]:Microsoft Edge远程信息泄露漏洞(CVE-2016-7206)(MS16-145)
2. 应用:Tor


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21041. This package include changed rules:

new rules:
1. threat[24557]:Apache httpd mod_md Null Pointer Dereference(CVE-2018-8011)
2. threat[24558]:HPE Intelligent Management Center TopoMsgServlet className Expression Language Injection Vulnerability(CVE-2019-11942)
3. threat[24559]:HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection Vulnerability(CVE-2019-5387)
4. threat[24561]:XStream Library ReflectionConverter Insecure Deserialization Vulnerability(CVE-2019-10173)
5. threat[41712]:OpenVAS scanning attack detection
6. threat[10498]:Fastjson Remote Denial of Service Vulnerability
7. threat[50573]:Protocol tunnel tool dnscat connection
8. threat[24546]:Adobe ColdFusion CVE-2019-7839 Remote Code Execution(CVE-2019-7839)

update rules:
1. threat[23964]:Microsoft Edge Information Disclosure Vulnerability(CVE-2016-7206)(MS16-145)
2. app:Tor


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-13 09:59:53
名称: eoi.unify.allrulepatch.ips.5.6.10.21006.rule 版本:5.6.10.21006
MD5:120a0b584bb2719eb5f789494d422a98 大小:24.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.21006。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24555]:HPE智能管理中心IctTableExportToCSVBean表达式语言注入(CVE-2019-5370)

更新规则:
1. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.21006. This package include changed rules:

new rules:
1. threat[24555]:HPE Intelligent Management Center IctTableExportToCSVBean Expression Language Injection(CVE-2019-5370)

update rules:
1. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-09-06 11:56:51
名称: eoi.unify.allrulepatch.ips.5.6.10.20956.rule 版本:5.6.10.20956
MD5:101b1346b189dfe5d18c45985add103f 大小:24.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20956。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10497]:slowhttptest慢速攻击
2. 攻击[24550]:Webmin(CVE-2019-15107)远程代码执行漏洞

更新规则:
1. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞
2. 攻击[23649]:Intellicom NetBiter Hostname字段缓冲区溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20956. This package include changed rules:

new rules:
1. threat[10497]:Slowhttptest slow attack
2. threat[24550]:Webmin (CVE-2019-15107) Remote Code Execution Vulnerability

update rules:
1. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability
2. threat[23649]:Intellicom Netbiter Hostname Stack Buffer Overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-30 09:26:10
名称: eoi.unify.allrulepatch.ips.5.6.10.20927.rule 版本:5.6.10.20927
MD5:82a00dc4300530890ff5a4b27a5cae9b 大小:24.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20927。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24548]:Cisco Prime Data Center Network Manager 任意文件上传漏洞

更新规则:
1. 攻击[41499]:HTTP请求敏感路径访问尝试
2. 攻击[60607]:多个厂商DNS消息解压远程拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20927. This package include changed rules:

new rules:
1. threat[24548]:Cisco Prime Data Center Network Manager fileUpload Arbitrary File Upload vulnerability

update rules:
1. threat[41499]:HTTP Request Sensitive Path Access Attempt
2. threat[60607]:Multiple Vendor DNS Message Decompression Remote Denial of Service Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-23 09:45:22
名称: eoi.unify.allrulepatch.ips.5.6.10.20907.rule 版本:5.6.10.20907
MD5:a6589d90e97f162c4aee3c3f9efbd2f5 大小:24.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20907。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24544]:Netgate pfSense 跨站脚本漏洞(CVE-2019-12347)
2. 攻击[41709]:Microsoft IIS IISADMPWD Virtual Directory 信息枚举漏洞
3. 攻击[24545]:Microsoft IIS 6.0文件解析漏洞
4. 攻击[41710]:Linux系统Shell反向连接
5. 攻击[24546]:Adobe ColdFusion CVE-2019-7839远程执行代码(CVE-2019-7839)

更新规则:
1. 攻击[30651]:Nessus漏洞扫描工具HTTP服务扫描操作
2. 攻击[41499]:HTTP请求敏感路径访问尝试


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20907. This package include changed rules:

new rules:
1. threat[24544]:Netgate pfSense Cross-Site Scripting(XSS) Vulnerability(CVE-2019-12347)
2. threat[41709]:Microsoft IIS IISADMPWD Virtual Directory Information Enumeration Vulnerability
3. threat[24545]:Microsoft IIS 6.0 File Parsing Vulnerability
4. threat[41710]:Linux Shell Reverse Connect
5. threat[24546]:Adobe ColdFusion CVE-2019-7839 Remote Code Execution(CVE-2019-7839)


update rules:
1. threat[30651]:Nessus Vulnerability Scanner HTTP Server Scan Operation
2. threat[41499]:HTTP Request Sensitive Path Access Attempt


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-15 18:04:43
名称: eoi.unify.allrulepatch.ips.5.6.10.20856.rule 版本:5.6.10.20856
MD5:e6dfc2929f4d8db4dc92ea6e4f503eb2 大小:24.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20856。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24541]:Apache Solr DataImportHandler远程代码执行漏洞(CVE-2019-0193)
2. 攻击[24539]:Drupal Core远程代码执行漏洞(CVE-2019-6339)
3. 攻击[24540]:HPE Intelligent Management Center perfSelectTask远程代码执行漏洞(CVE-2019-5385)

更新规则:
1. 攻击[49036]:APT组织索伦之眼(ProjectSauron)攻击



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20856. This package include changed rules:

new rules:
1. threat[24541]:Apache Solr DataImportHandler remote code execution vulnerability (cve-2019-0193)
2. threat[24539]:Drupal Core Remote Code Execution Vulnerability(CVE-2019-6339)
3. threat[24540]:HPE Intelligent Management Center perfSelectTask Remote Code Execution Vulnerability(CVE-2019-5385)

update rules:
1. threat[49036]:APT organization ProjectSauron attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-09 09:37:42
名称: eoi.unify.allrulepatch.ips.5.6.10.20818.rule 版本:5.6.10.20818
MD5:1dde7be41a9f7640f0c8fa6a58a40c88 大小:24.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20818。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24536]:HPE智能管理中心TopoDebugServlet不安全反序列化
2. 攻击[24537]:Firefly CMS 1.0 远程命令执行漏洞
3. 攻击[24538]:Xstream反序列化远程代码执行漏洞(CVE-2013-7285)(CVE-2019-10173)

更新规则:
1. 攻击[24392]:LAquis SCADA Web服务器acompanhamentotela PAGINA命令注入(CVE-2018-18992)
2. 攻击[68655]:可疑Webshell后门访问控制
3. 攻击[68654]:可疑Webshell脚本文件上传行为
4. 攻击[40958]:木马后门程序Chopper Webshell检测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20818. This package include changed rules:


new rules:
1. threat[24536]:HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization
2. threat[24537]:Firefly CMS 1.0 Remote Command Execution vulnerability
3. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285)(CVE-2019-10173)

update rules:
1. threat[24392]:LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection(CVE-2018-18992)
2. threat[68655]:Suspicious Webshell Backdoor Access and Control
3. threat[68654]:Suspicious Webshell Script Files Upload Behavior
4. threat[40958]:Backdoor/Trojan Chopper Webshell Detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-08-01 17:49:38
名称: eoi.unify.allrulepatch.ips.5.6.10.20765.rule 版本:5.6.10.20765
MD5:324acb3e9a1a3ce4f8f2fe4a6284d311 大小:24.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20765。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24531]:Blue Angel Software Suite 命令执行漏洞
2. 攻击[24533]:SOCA Access Control System 180612 信息泄露漏洞
3. 攻击[24534]:Electronic Arts OriginURI处理程序模板注入漏洞(CVE-2019-11354)
4. 攻击[24535]:Jackson-databind远程代码执行漏洞(CVE-2019-12384)

更新规则:
1. 攻击[23612]:Jboss JMX Java反序列化漏洞
2. 攻击[63085]:Adobe Flash Player栈溢出漏洞(CVE-2012-2035)
3. 攻击[24532]:Jenkins 远程代码执行漏洞(CVE-2019-1003000)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20765. This package include changed rules:

new rules:
1. threat[24531]:Blue Angel Software Suite Command Execution vulnerability
2. threat[24533]:SOCA Access Control System 180612 Information Disclosure vulnerability
3. threat[24534]:Electronic Arts Origin Client URI Handler Template Injection Vulnerability(CVE-2019-11354)
4. threat[24535]:Jackson-databind Remote Code Execution Vulnerability(CVE-2019-12384)

update rules:
1. threat[23612]:Jboss JMX Java Unserialization Vulnerability
2. threat[63085]:Adobe Flash Player StackOverflow Vulnerability(CVE-2012-2035)
3. threat[24532]:Jenkins Remote Code Execution Vulnerability (CVE-2019-1003000)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-25 20:04:48
名称: eoi.unify.allrulepatch.ips.5.6.10.20697.rule 版本:5.6.10.20697
MD5:6dba75adefbb21811f9bdc1f9a4f3a17 大小:24.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20697。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41704]:Windows CMD命令行反向连接
2. 攻击[24524]:Cisco Elastic Services Controller REST API认证绕过漏洞(CVE-2019-1867)
3. 攻击[24525]:HPE Intelligent Management Center AccessMgrServlet反序列化漏洞(CVE-2019-11945)
4. 攻击[41705]:木马后门程序苏拉克网络通信
5. 攻击[41706]:木马后门程序Blackshades恶意通信
6. 攻击[24526]:PHP7 zip组件整型溢出漏洞(CVE-2016-3078)

更新规则:
1. 攻击[23991]:Fastjson远程代码执行漏洞
2. 攻击[23777]:GraphicsMagick和ImageMagick远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20697. This package include changed rules:


new rules:
1. threat[41704]:Windows CMD Command Line Reverse Connect
2. threat[24524]:Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability(CVE-2019-1867)
3. threat[24525]:HPE Intelligent Management Center AccessMgrServlet Deserialization Vulnerability(CVE-2019-11945)
4. threat[41705]:Trojan/Backdoor Surak Network Communication
5. threat[41706]:Trojan/Backdoor BlackShades Malicious Communication
6. threat[24526]:PHP7 zip Component Integer Overflow Vulnerability(CVE-2016-3078)

update rules:
1. threat[23991]:Fastjson Remote Code Execution Vulnerability
2. threat[23777]:GraphicsMagick and ImageMagick Remote code execution vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-18 18:08:56
名称: eoi.unify.allrulepatch.ips.5.6.10.20655.rule 版本:5.6.10.20655
MD5:384fa57d9e18d6cde153d79e841359fd 大小:24.50M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20655。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24522]:Microsoft Office Outlook 安全绕过漏洞(CVE-2017-11774)
2. 攻击[30723]:Sahi Pro 8.x目录遍历漏洞(CVE-2019-13063)
3. 攻击[41700]:Sqlmap扫描攻击探测
4. 攻击[41701]:Sqlmap Tamper space2blank 模块扫描攻击探测
5. 攻击[41702]:Nmap扫描攻击探测
6. 攻击[41703]:DirBuster扫描攻击探测
7. 攻击[49037]:GandCrab勒索软件请求恶意域名

更新规则:
1. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
2. 攻击[41187]:Acunetix Web Vulnerability Scanner扫描探测


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20655. This package include changed rules:

new rules:
1. threat[24522]:Microsoft Office Outlook security bypass vulnerability (CVE-2017-11774)
2. threat[30723]:Sahi Pro 8.x Directory Traversal Vulnerability(CVE-2019-13063)
3. threat[41700]:Sqlmap scan attack detection
4. threat[41701]:Sqlmap Tamper space2blank module scan attack detection
5. threat[41702]:Nmap scan attack detection
6. threat[41703]:DirBuster scanning attack detection
7. threat[49037]:Ransomware GandCrab Query Malicious Domain

update rules:
1. threat[49014]:Mining program query DNS mine pool server domain name
2. threat[41187]:Acunetix Web Vulnerability Scanner Detection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-11 17:54:34
名称: eoi.unify.allrulepatch.ips.5.6.10.20624.rule 版本:5.6.10.20624
MD5:4c8ef910e875d7b8dfdd5943ab0df20d 大小:24.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20624。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24516]:BlogEngine.NET XML注入漏洞(CVE-2019-10718)
2. 攻击[24517]:Hosting Controller HC10无效指针写入漏洞(CVE-2019-12323)
3. 攻击[24518]:OMRON CX-One CX-Protocol CMessage 类型混淆漏洞
4. 攻击[24520]:Spring Security OAuth开放重定向漏洞(CVE-2019-3778)(CVE-2019-11269)
5. 攻击[49036]:APT组织索伦之眼(ProjectSauron)攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20624. This package include changed rules:

new rules:
1. threat[24516]:BlogEngine.NET XML Injection Vulnerability(CVE-2019-10718)
2. threat[24517]:Hosting Controller HC10 Remote Invalid Pointer Write Vulnerability(CVE-2019-12323)
3. threat[24518]:OMRON CX-One CX-Protocol CMessage Type Confusion vulnerability
4. threat[24520]:Spring Security OAuth Open Redirector Vulnerability(CVE-2019-3778)(CVE-2019-11269)
5. threat[49036]:APT organization ProjectSauron attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-07-04 18:31:48
名称: eoi.unify.allrulepatch.ips.5.6.10.20597.rule 版本:5.6.10.20597
MD5:842dceb9d106321ec8331c06c88ec7e6 大小:24.47M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20597。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24512]:Koha Library Software 18.1106000 重定向攻击
2. 攻击[24513]:Windows MS17-010系列漏洞扫描攻击
3. 攻击[24514]:IBM Websphere Application Server反序列化远程代码执行漏洞(CVE-2019-4279)

更新规则:
1. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
2. 攻击[22696]:Netgear DGN1000B setup.cgi 远程命令注入漏洞
3. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20597. This package include changed rules:

new rules:
1. threat[24512]:Koha Library Software 18.1106000 Open Redirection
2. threat[24513]:Windows MS17-010 Vulnerabilities Scanning
3. threat[24514]:IBM Websphere Application Server Untrusted Data Deserialization Remote Code Execution(CVE-2019-4279)

update rules:
1. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
2. threat[22696]:Netgear DGN1000B setup.cgi Remote Command Execution
3. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-26 18:48:17
名称: eoi.unify.allrulepatch.ips.5.6.10.20557.rule 版本:5.6.10.20557
MD5:6147338fd184e71a8f86cc420ff76b3a 大小:24.49M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20557。该升级包新增/改进的规则有:


更新规则:
1. 攻击[50519]:远程控制工具NetWire连接
2. 攻击[23991]:Fastjson远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20557. This package include changed rules:


update rules:
1. threat[50519]:Remote Control tool NetWire
2. threat[23991]:Fastjson Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-22 11:56:17
名称: eoi.unify.allrulepatch.ips.5.6.10.20554.rule 版本:5.6.10.20554
MD5:d287ed3fa1ea77398b2f3614c51625ad 大小:24.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20554。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10494]:Advantech WebAccess节点webvrpcs uninstallwa拒绝服务漏洞(CVE-2019-6554)
2. 攻击[24509]:LAquis SCADA Web Server relatorioindividual TAG参数代码注入漏洞
3. 攻击[24511]:Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL注入漏洞(CVE-2019-11469)

更新规则:
1. 攻击[24437]:OpenMRS webservices.rest不安全对象反序列化漏洞(CVE-2018-19276)
2. 攻击[30709]:施耐德派尔高Sarix Pro网络摄像头信息泄露漏洞
3. 攻击[24465]:confluence远程代码执行漏洞(CVE-2019-3396)
4. 攻击[41489]:后门程序Doublepulsar通信
5. 攻击[41529]:木马后门程序熊宝宝远控网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20554. This package include changed rules:

new rules:
1. threat[10494]:Advantech WebAccess Node webvrpcs uninstallwa Denial of Service Vulnerability(CVE-2019-6554)
2. threat[24509]:LAquis SCADA Web Server relatorioindividual TAG Code Injection vulnerability
3. threat[24511]:Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid SQL Injection Vulnerability(CVE-2019-11469)

update rules:
1. threat[24437]:OpenMRS webservices.rest Insecure Object Deserialization Vulnerabilities(CVE-2018-19276)
2. threat[30709]:Schneider Pelco Sarix Pro Webcam Information Disclosure Vulnerability
3. threat[24465]:Confluence remote code execution vulnerability (cve-2019-3396)
4. threat[41489]:Backdoor Doublepulsar Communication
5. threat[41529]:Trojan/Backdoor XiongBaoBao Network Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-21 18:15:28
名称: eoi.unify.allrulepatch.ips.5.6.10.20521.rule 版本:5.6.10.20521
MD5:17a7dbb9865ec543a1884c46614eac64 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20521。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24508]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 攻击[30722]:Coremail 配置信息泄漏漏洞
4. 攻击[23589]:Mongodb未授权访问漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20521. This package include changed rules:

new rules:
1. threat[24508]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. threat[30722]:Coremail Configuration Information Disclosure Vulnerability
4. threat[23589]:Mongodb Unauthorized Access Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-17 21:46:54
名称: eoi.unify.allrulepatch.ips.5.6.10.20507.rule 版本:5.6.10.20507
MD5:035acba8deb999319c3968e800f14b11 大小:24.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20507。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24504]:基于URI的SQL注入
2. 攻击[24505]:Apache Axis 1.4 远程代码执行(CVE-2019-0227)
3. 攻击[24506]:Coremail论客邮件系统信息泄露漏洞
4. 攻击[41697]:冰蝎加密ASP Webshell文件上传
5. 攻击[41698]:冰蝎加密 ASPX Webshell文件上传
6. 攻击[41699]:冰蝎加密JSP Webshell文件上传
7. 攻击[24507]:http请求uri/referer字段目录遍历

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[23597]:Redis未授权访问远程获得服务器权限漏洞
3. 攻击[50563]:Elasticsearch服务敏感路径访问
4. 攻击[68654]:可疑Webshell脚本文件上传行为


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20507. This package include changed rules:

new rules:
1. threat[24504]:URI-based SQL injection
2. threat[24505]:Apache Axis 1.4 Remote Code Execution(CVE-2019-0227)
3. threat[24506]:Coremail Mail System Information Disclosure Vulnerability
4. threat[41697]:Behinder Encrypted ASP Webshell File Upload
5. threat[41698]:Behinder Encrypted ASPX Webshell File Upload
6. threat[41699]:Behinder Encrypted JSP Webshell File Upload
7. threat[24507]:Http request uri/referer field directory traversal

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[23597]:Redis Unauthorized Access obtain Remote server permission Vulnerability
3. threat[50563]:Elasticsearch service sensitive path access
4. threat[68654]:Suspicious Webshell Script Files Upload Behavior


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-14 23:04:06
名称: eoi.unify.allrulepatch.ips.5.6.10.20483.rule 版本:5.6.10.20483
MD5:08111d35fce272f5fd54da9ed71d9e94 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20483。该升级包新增/改进的规则有:


新增规则:
1. 攻击[49034]:恶意挖矿病毒Xmrig DNS请求连接
2. 攻击[24503]:Ecshop 2.x/3.x SQL注入/任意代码执行漏洞

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24236]:Asterisk 越界写漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20483. This package include changed rules:


new rules:
1. threat[49034]:Malware Mining Virus Xmrig DNS Request Connection
2. threat[24503]:Ecshop 2.x/3.x SQL Injection/Arbitary Code Execution Vulnerability

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24236]:Asterisk out-of-bounds write vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-13 19:05:04
名称: eoi.unify.allrulepatch.ips.5.6.10.20441.rule 版本:5.6.10.20441
MD5:3aba5e2bc21389898fd2c0407553244b 大小:24.35M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20441。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24502]:反射型XSS注入攻击

更新规则:
1. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
2. 攻击[22532]:WordPress plugin Foxypress uploadify.php任意代码执行漏洞
3. 攻击[23705]:WordPress Foxypress插件uploadify.php 任意文件上传漏洞
4. 攻击[23589]:Mongodb未授权访问漏洞
5. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20441. This package include changed rules:


new rules:
1. threat[24502]:Reflective XSS injection attack

update rules:
1. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
2. threat[22532]:WordPress plugin Foxypress uploadify.php Arbitrary Code Execution Vulnerability
3. threat[23705]:WordPress Foxypress XActive uploadify.php Arbitrary File Upload Vulnerability
4. threat[23589]:Mongodb Unauthorized Access Vulnerability
5. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-06-06 15:07:10
名称: eoi.unify.allrulepatch.ips.5.6.10.20383.rule 版本:5.6.10.20383
MD5:756f3a76ddae060e40a694098b8de32e 大小:24.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20383。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24490]:D-Link DWL-2600AP Save Configuration 命令注入
2. 攻击[24491]:WordPress wp-content themes重定向
3. 攻击[24492]:施耐德电气U.Motion Builder 1.3.4命令注入漏洞(CVE-2018-7841)
4. 攻击[24493]:GAT-Ship Web模块1.30信息泄露漏洞
5. 攻击[24494]:Spring Cloud Config 2.1.x 路径遍历(CVE-2019-3799)
6. 攻击[30718]:masscan扫描工具web服务扫描
7. 攻击[24495]:Zookeeper未授权访问漏洞

更新规则:
1. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞(CVE-2019-2725)
2. 攻击[49014]:挖矿程序查询DNS矿池服务器域名
3. 攻击[24489]:微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20383. This package include changed rules:

new rules:
1. threat[24490]:D-Link DWL-2600AP Save Configuration Command Injection
2. threat[24491]:WordPress wp-content themes Open Redirection
3. threat[24492]:Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability(CVE-2018-7841)
4. threat[24493]:GAT-Ship Web Module 1.30 Information Disclosure Vulnerability
5. threat[24494]:Spring Cloud Config 2.1.x Path Traversal(CVE-2019-3799)
6. threat[30718]:Scanner masscan Scaning Web Service
7. threat[24495]:Zookeeper Unauthorized Access Vulnerability

update rules:
1. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725)
2. threat[49014]:Mining program query DNS mine pool server domain name
3. threat[24489]:Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-30 19:24:09
名称: eoi.unify.allrulepatch.ips.5.6.10.20340.rule 版本:5.6.10.20340
MD5:275fd2c2003c8f2a5aa6118223c0162a 大小:24.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20340。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24488]:SOCA访问控制系统180612跨站点脚本攻击
2. 攻击[41689]:Linux挖矿程序kworkerds下载恶意文件
3. 攻击[24489]:微软远程桌面服务远程代码执行漏洞(CVE-2019-0708)

更新规则:
1. 攻击[61534]:Webmin /Usermin信息泄露漏洞
2. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20340. This package include changed rules:

new rules:
1. threat[24488]:SOCA Access Control System 180612 Cross Site Scripting
2. threat[41689]:Linux mining program kworkerds downloads malicious files
3. threat[24489]:Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

update rules:
1. threat[61534]:Webmin Arbitrary File Disclosure Vulnerability
2. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-22 12:20:23
名称: eoi.unify.allrulepatch.ips.5.6.10.20306.rule 版本:5.6.10.20306
MD5:ac4cd90b0f3a91552ab35e681a02d67a 大小:24.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20306。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24482]:多个应用application.ini数据库配置文件泄露漏洞
2. 攻击[24483]:Cisco Webex Teams URI处理程序远程执行代码漏洞(CVE-2019-1636)
3. 攻击[41688]:恶意程序generic/VBS.SLoad网络通信
4. 攻击[24484]:Malwarebytes防恶意软件URI处理程序远程执行代码漏洞(CVE-2019-6739)
5. 攻击[24485]:Microsoft Office Word安全特性绕过(CVE-2019-0540)
6. 攻击[24486]:HTTP URL参数SQL注入尝试
7. 攻击[41684]:恶意程序generic/Drun.Downloader_a网络通信
8. 攻击[41685]:恶意程序generic/MSIL.LimeRat_a网络通信
9. 攻击[41686]:恶意程序generic/PcClient.Rat网络通信
10. 攻击[41687]:恶意程序generic/SappyCache网络通信

更新规则:
1. 攻击[24471]:WebLogic任意文件上传漏洞(CVE-2019-2618)
2. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞
3. 攻击[24438]:Apache Solr 反序列化远程代码执行漏洞(CVE-2019-0192)
4. 攻击[63682]:HTTP SQL注入尝试类型三



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20306. This package include changed rules:

new rules:
1. threat[24482]:Multiple application's application.ini Database Configuration Disclosure Vulnerability
2. threat[24483]:Cisco Webex Teams URI Handler Remote Code Execution Vulnerability(CVE-2019-1636)
3. threat[41688]:Malicious program generic/VBS.SLoad network communication
4. threat[24484]:Malwarebytes Anti-Malware URI Handler Remote Code Execution Vulnerability(CVE-2019-6739)
5. threat[24485]:Microsoft Office Word Security Feature Bypass(CVE-2019-0540)
6. threat[24486]:HTTP URL Parameters SQL Injection Attempt
7. threat[41684]:Malicious program generic/Drun.Downloader_a network communication
8. threat[41685]:Malicious program generic/MSIL.LimeRat_a network communication
9. threat[41686]:Malicious program generic/PcClient.Rat network communication
10. threat[41687]:Malicious program generic/SappyCache network communication

update rules:
1. threat[24471]:WebLogic Arbitrary File Upload Vulnerability (CVE-2019-2618)
2. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability
3. threat[24438]:Apache Solr Deserialization Remote Code Execution Vulnerability(CVE-2019-0192)
4. threat[63682]:HTTP SQL Injection Attempt Type Three



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-17 15:39:35
名称: eoi.unify.allrulepatch.ips.5.6.10.20255.rule 版本:5.6.10.20255
MD5:851b3133c7a11452f74b5178efec9453 大小:24.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20255。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24478]:Sony Smart TV Photo Sharing Plus 信息泄露漏洞(CVE-2019-11336)
2. 攻击[24479]:Wordpress Social Warfare 远程代码执行(CVE-2019-9978)
3. 攻击[24480]:Xitami Web Server 2.5 远程缓冲区溢出漏洞
4. 攻击[24481]:Oracle WebLogic Server FileDistributionServlet 信息泄露



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20255. This package include changed rules:

new rules:
1. threat[24478]:Sony Smart TV Photo Sharing Plus Information Disclosure Vulnerability(CVE-2019-11336)
2. threat[24479]:Wordpress Social Warfare Remote Code Execution(CVE-2019-9978)
3. threat[24480]:Xitami Web Server 2.5 Remote Buffer Overflow
4. threat[24481]:Oracle WebLogic Server FileDistributionServlet Information Disclosure



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-05-09 19:34:25
名称: eoi.unify.allrulepatch.ips.5.6.10.20205.rule 版本:5.6.10.20205
MD5:5f34cf08a84d457b3ade02f91642437e 大小:22.59M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20205。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24476]:Sierra Wireless AirLink ES450 ACEManager template_load.cgi信息披露(CVE-2018-4067)
2. 攻击[24477]:JioFi 4G M2S 1.0.2拒绝服务(CVE-2019-7439)

更新规则:
1. 攻击[41655]:"驱动人生"下载器木马通信
2. 攻击[41680]:APT34组织黑客攻击工具检测
3. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞(CVE-2019-2725)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20205. This package include changed rules:


new rules:
1. threat[24476]:Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure(CVE-2018-4067)
2. threat[24477]:JioFi 4G M2S 1.0.2 Denial Of Service(CVE-2019-7439)

update rules:
1. threat[41655]:"Driver Talent" Downloader Trojan Communication
2. threat[41680]:APT34 Organization Hacking Tool Detection
3. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-30 14:05:26
名称: eoi.unify.allrulepatch.ips.5.6.10.20173.rule 版本:5.6.10.20173
MD5:0a7f1e97dd2f38610a42ac666cd6f13a 大小:22.58M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20173。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24472]:WordPress _wp_attached_file wp_crop_image 目录遍历漏洞(CVE-2019-8942)
2. 攻击[41680]:APT34组织黑客攻击工具检测
3. 攻击[24474]:Oracle Business Intelligence XML Publisher 12.2.1.4.0 - XML外部实体注入漏洞(CVE-2019-2616)
4. 攻击[24471]:WebLogic任意文件上传漏洞(CVE-2019-2618)

更新规则:
1. 攻击[24431]:HPE智能管理中心iccSelectCommand表达式语言注入漏洞
2. 攻击[40328]:木马后门程序冰河木马通信
3. 攻击[60464]:HTTP服务目录遍历漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20173. This package include changed rules:


new rules:
1. threat[24472]:WordPress _wp_attached_file wp_crop_image Directory Traversal Vulnerability(CVE-2019-8942)
2. threat[41680]:APT34 Organization Hacking Tool Detection
3. threat[24474]:Oracle Business Intelligence XML Publisher 12.2.1.4.0 - XML External Entity Injection Vulnerability(CVE-2019-2616)
4. threat[24471]:WebLogic Arbitrary File Upload Vulnerability (CVE-2019-2618)


update rules:
1. threat[24431]:HPE Intelligent Management Center iccSelectCommand Expression Language Injection Vulnerability
2. threat[40328]:Backdoor/Trojan Glacier Trojan Communication
2. threat[60464]:HTTP Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-25 18:50:19
名称: eoi.unify.allrulepatch.ips.5.6.10.20147.rule 版本:5.6.10.20147
MD5:e9275340a0b44367cd49d66819d6186a 大小:68.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20147。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24470]:Weblogic blind XXE漏洞
2. 攻击[24469]:Oracle WebLogic wls9-async组件反序列化远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20147. This package include changed rules:

new rules:
1. threat[24470]:Weblogic blind XXE vulnerability
2. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-20 09:48:33
名称: eoi.unify.allrulepatch.ips.5.6.10.20109.rule 版本:5.6.10.20109
MD5:567c16a420ba30e1074bba481a137341 大小:68.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20109。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24459]:Pegasus CMS 远程命令执行漏洞
2. 攻击[24460]:metinfo 6.2.0前台SQL注入漏洞
3. 攻击[41665]:利用Jenkins RCE漏洞的ImposterMiner挖矿木马
4. 攻击[41666]:暗云木马通信
5. 攻击[41310]:Bill Gates僵尸网络通讯
6. 攻击[24461]:Loytec LGATE-902任意文件删除漏洞(CVE-2018-14916)
7. 攻击[24462]:Horde Groupware Webmail 认证任意文件注入(CVE-2019-9858)
8. 攻击[50556]:MySQL登录认证成功

更新规则:
1. 攻击[49014]:门罗币挖矿程序网络通信
2. 攻击[49013]:挖矿程序连接矿池服务器通信]
3. 攻击[49005]:暗云木马查询控制服务器域名
4. 攻击[49008]:Bill Gates僵尸网络查询控制服务器域名


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20109. This package include changed rules:


new rules:
1. threat[24459]:Pegasus CMS Remote Code Execution Vulnerability
2. threat[24460]:metinfo 6.2.0 SQL Injection Vulnerability
3. threat[41665]:ImposterMiner mining horse using Jenkins RCE vulnerability
4. threat[41666]:Dark clouds Trojan Communication with Server
5. threat[41310]:Bill Gates BotNet Communication
6. threat[24461]:Loytec LGATE-902 Arbitrary File Deletion Vulnerability(CVE-2018-14916)
7. threat[24462]:Horde Groupware Webmail Authenticated Arbitrary File Injection(CVE-2019-9858)
8. threat[50556]:MySQL login authentication succeeded

update rules:
1. threat[49014]:Monero XMR Mining Programs Communication
2. threat[49013]:挖矿程序连接矿池服务器通信
3. threat[49005]:Dark clouds Trojan Query CnC Server Domain
4. threat[49008]:Bill Gates BotNet Query CnC Server Domain Name


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-19 10:12:48
名称: eoi.unify.allrulepatch.ips.5.6.10.20043.rule 版本:5.6.10.20043
MD5:cf18442986f225b927345dc3082ea460 大小:68.51M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20043。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24452]:WordPress Ultimate Form Builder 1.0数据库泄漏
2. 攻击[24453]:TP-Link SR20 本地网络远程代码执行漏洞
3. 攻击[24454]:Masch CMStudio横幅模块8.6.1打开重定向导致网络钓鱼
4. 攻击[24456]:惠普打印机认证绕过漏洞
5. 攻击[24455]:WordPress article2pdf任意文件读取漏洞(CVE-2019-1010257)
6. 攻击[41664]:基于Linux环境的CryptoSink挖矿活动
7. 攻击[41663]:基于Windows环境的CryptoSink挖矿活动
8. 攻击[24457]:ElasticSearch远程任意代码执行漏洞(CVE-2014-3120)
9. 攻击[24458]:PhreeBooks ERP 5.2.3任意文件上传漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20043. This package include changed rules:

new rules:
1. threat[24452]:WordPress Ultimate Form Builder 1.0 Database Disclosure
2. threat[24453]:TP-Link SR20 LAN RCE Vulnerability
3. threat[24454]:Masch CMStudio Banners Modules 8.6.1 Open Redirection TO Phishing
4. threat[24456]:HP LaserJet Printer Authentication Bypass
5. threat[24455]:WordPress article2pdf File Disclosure Vulnerability(CVE-2019-1010257)
6. threat[41664]:CryptoSink mining activity based on Linux environment
7. threat[41663]:CryptoSink mining activity based on Windows environment
8. threat[24457]:ElasticSearch Remote Arbitrary Code Execution Vulnerability (CVE-2014-3120)
9. threat[24458]:PhreeBooks ERP 5.2.3 Arbitrary File Upload Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-11 20:04:54
名称: eoi.unify.allrulepatch.ips.5.6.10.20014.rule 版本:5.6.10.20014
MD5:4e385337061ce16fda8da43e702b7473 大小:69.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.20014。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24447]:JFrog Artifactory Administrator身份验证绕过(CVE-2019-9733)
2. 攻击[24448]:Ruby on Rails 路径穿越与任意文件读取(CVE-2019-5418)
3. 攻击[24449]:WordPress AND-AntiBounce 1.0.3 重定向漏洞
4. 攻击[41661]:WordPress 2.0.2 WP-Forum Plugins 1.7.8 数据库文件泄露漏洞
5. 攻击[24451]:Titan FTP Server 路径遍历漏洞(CVE-2019-10009)

更新规则:
1. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193)
2. 攻击[49019]:挖矿蠕虫WannaMine连接通信
3. 攻击[62801]:Apache HTTP Server换行内存分配拒绝服务漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.20014. This package include changed rules:

new rules:
1. threat[24447]:JFrog Artifactory Administrator Authentication Bypass(CVE-2019-9733)
2. threat[24448]:Ruby on Rails path traversal with arbitrary file read (cve-2019-5418)
3. threat[24449]:WordPress AND-AntiBounce 1.0.3 Redirection Vulnerability
4. threat[41661]:WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure Vulnerability
5. threat[24451]:Titan FTP Server Directory Traversal Vulnerability(CVE-2019-10009)

update rules:
1. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193)
2. threat[49019]:Miner Worm WannaMine Connection
3. threat[62801]:Apache HTTP Server Linefeed Memory Allocation Denial of Service Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-04-04 23:48:25
名称: eoi.unify.allrulepatch.ips.5.6.10.19989.rule 版本:5.6.10.19989
MD5:732177484b1239c272dd8eb8fca7d9a2 大小:46.54M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19989。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24437]:OpenMRS webservices.rest不安全对象反序列化漏洞(CVE-2018-19276)
2. 攻击[24438]:Apache Solr 反序列化远程代码执行漏洞(CVE-2019-0192)
3. 攻击[24439]:FreeBSD NFS 服务 NFSv4 操作码越界写(CVE-2018-17157)
4. 攻击[24440]:CMS Made Simple Showtime2 3.6.2 任意文件上传漏洞(CVE-2019-9692)
5. 攻击[24441]:HPE 智能管理中心 dbman decryptMsgAes 堆栈缓冲区溢出(CVE-2018-7114)
6. 攻击[24442]:Microsoft Windows DHCP Client 远程代码执行漏洞(CVE-2019-0726)
7. 攻击[24443]:TUTOS 1.3 - 'cmd.php' 远程代码执行(CVE-2008-0148)
8. 攻击[24444]:HPE Intelligent Management Center PrimeFaces 表达式语言注入漏洞
9. 攻击[24445]:WordPress插件DZS-VideoGallery - 跨站点脚本攻击漏洞
10. 攻击[24446]:WordPress插件DZS-VideoGallery命令注入漏洞
11. 攻击[41660]:疑似通过PostgreSQL的COPY FROM PROGRAM功能运行系统命令(CVE-2019-9193)

更新规则:
1. 攻击[49014]:门罗币挖矿程序网络通信
2. 攻击[60494]:DivX Web Player NPDIVX32.DLL ActiveX控件远程拒绝服务漏洞
3. 攻击[60560]:AOL Picture Editor YGPPicEdit.dll ActiveX控件多个缓冲区溢出漏洞
4. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
5. 攻击[24415]:Jenkins远程执行代码
6. 攻击[50049]:TELNET服务用户认证成功
7. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19989. This package include changed rules:

new rules:
1. threat[24437]:OpenMRS webservices.rest Insecure Object Deserialization Vulnerabilities(CVE-2018-19276)
2. threat[24438]:Apache Solr Deserialization Remote Code Execution Vulnerability(CVE-2019-0192)
3. threat[24439]:FreeBSD NFS Server NFSv4 Opcode Out-of-Bounds Write(CVE-2018-17157)
4. threat[24440]:CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload Vulnerability(CVE-2019-9692)
5. threat[24441]:HPE Intelligent Management Center dbman decryptMsgAes Stack Buffer Overflow(CVE-2018-7114)
6. threat[24442]:Microsoft Windows DHCP Client Remote Code Execution Vulnerability(CVE-2019-0726)
7. threat[24443]:TUTOS 1.3 - 'cmd.php' Remote Command Execution(CVE-2008-0148)
8. threat[24444]:HPE Intelligent Management Center PrimeFaces Expression Language Injection Vulnerability
9. threat[24445]:WordPress Plugin DZS-VideoGallery - Cross-Site Scripting Vulnerability
10. threat[24446]:WordPress Plugin DZS-VideoGallery Command Injection Vulnerabilities
11. threat[41660]:Suspected to run system commands via PostgreSQL's COPY FROM PROGRAM function(CVE-2019-9193)

update rules:
1. threat[49014]:Monero XMR Mining Programs Communication
2. threat[60494]:DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability
3. threat[60560]:AOL Picture Editor YGPPicEdit.dll ActiveX Control Multiple Buffer Overflow Vulnerabilities
4. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238)
5. threat[24415]:Jenkins Remote Code Execution
6. threat[50049]:TELNET Service User Authentication Success
7. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-28 22:59:29
名称: eoi.unify.allrulepatch.ips.5.6.10.19933.rule 版本:5.6.10.19933
MD5:c13c5890b3400a4162f514d399ef7b71 大小:23.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19933。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41656]:WSO PHP Webshell访问
2. 攻击[41657]:Webshell后门程序JspSpy访问控制
3. 攻击[41658]:Webshell后门程序中国菜刀访问控制

更新规则:
1. 攻击[24436]:Sparkasse - 多个持久性跨站脚本攻击Web漏洞
2. 攻击[63308]:Symantec杀毒软件Intel LANDesk Common Base Agent服务任意代码执行漏洞
3. 攻击[41644]:Webshell后门程序PHP Angel访问控制
4. 攻击[60657]:Microsoft Internet Explorer JavaScript跨域信息泄露漏洞(MS09-019)
5. 攻击[60743]:McAfee多个产品HTTP服务器头处理缓冲区溢出漏洞
6. 攻击[60279]:Microsoft Visual FoxPro FPOLE.OCX ActiveX控件缓冲区溢出漏洞
7. 攻击[60903]:Apache mod_proxy远程缓冲区溢出漏洞
8. 攻击[60767]:Java Web Start远程代码注入漏洞
9. 攻击[60345]:BrowseDialog ActiveX控件CCRPBDS6.DLL拒绝服务漏洞
10. 攻击[60825]:Mozilla Firefox IconURL任意JavaScript执行漏洞
11. 攻击[60352]:Microsoft Internet Explorer ADODB.Recordset空指针引用拒绝服务漏洞
12. 攻击[60355]:Microsoft Internet Explorer6 RDS.DataControl处理URL参数拒绝服务漏洞
13. 攻击[60726]:Mozilla Firefox CSS字母间距堆溢出漏洞
14. 攻击[60362]:Macromedia Shockwave 10 SwDir.dll ActiveX控件拒绝服务漏洞
15. 攻击[49026]:恶意程序windows/Brushaloader_a网络通信
16. 攻击[61025]:Microsoft Windows Speech组件语音识别远程命令执行漏洞(MS08-032)
17. 攻击[60368]:Microsoft MDAC "SoftwareDistribution.WebControl"ActiveX控件代码执行漏洞
18. 攻击[60413]:Microsoft Internet Explorer结构化图形控件拒绝服务漏洞
19. 攻击[60418]:Microsoft Internet Explorer DirectAnimation.DAUserData拒绝服务漏洞
20. 攻击[60464]:HTTP服务目录遍历漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19933. This package include changed rules:


new rules:
1. threat[41656]:WSO PHP Webshell Access
2. threat[41657]:Webshell Backdoor JspSpy Access and Control
3. threat[41658]:Webshell Backdoor Chinese Chopper Access and Control

update rules:
1. threat[24436]:Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities
2. threat[63308]:Symantec System Center Alert Management System Command Execution Vulnerability
3. threat[41644]:Webshell Backdoor Program PHP Angel Access and Control
4. threat[60657]:Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability(MS09-019)
5. threat[60743]:McAfee Multiple Products HTTP Server Header Processing Buffer Overflow Vulnerability
6. threat[60279]:Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability
7. threat[60903]:HTTP Response Content Length Too Long
8. threat[60767]:Sun Java Web Start System Property Tags Remote Unauthorized Access Vulnerability
9. threat[60345]:HTTP BrowseDialog ActiveX Control CCRPBDS6.DLL DoS Vulnerability
10. threat[60825]:Mozilla Firefox IconURL Arbitrary JavaScript Execution Vulnerability
11. threat[60352]:Microsoft Internet Explorer ADODB.Recordset ActiveX object DOS Vulnerability
12. threat[60355]:Microsoft Internet Explorer RDS.DataControl ActiveX object DOS Vulnerability
13. threat[60726]:Mozilla Firefox CSS Letter-Spacing HeapOverflow Vulnerability
14. threat[60362]:Macromedia Shockwave 10 SwDir.dll ActiveX Control DoS Vulnerability
15. threat[49026]:Malicious Program windows/Brushaloader_a Network Communications
16. threat[61025]:Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability
17. threat[60368]:Microsoft MDAC SoftwareDistribution.WebControl ActiveX Code execution Vulnerability
18. threat[60413]:Microsoft Internet Explorer Structured Graphics Control Denial of Service Vulnerability
19. threat[60418]:Microsoft Internet Explorer DirectAnimation.DAUserData Denial of Service Vulnerability
20. threat[60464]:HTTP Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-21 18:31:30
名称: eoi.unify.allrulepatch.ips.5.6.10.19893.rule 版本:5.6.10.19893
MD5:0dcfb85f5c51485847f7b9dcffb6ccb1 大小:23.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19893。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24431]:HPE智能管理中心iccSelectCommand表达式语言注入漏洞
2. 攻击[24432]:Nexus Repository Manager 3 远程命令执行漏洞(CVE-2019-7238)
3. 攻击[10488]:Microsoft IIS ISAPI过滤器处理错误拒绝服务攻击漏洞(CVE-2002-0072)(MS02-018)
4. 攻击[24434]:Supervisord 远程命令执行漏洞(CVE-2017-11610)
5. 攻击[24435]:Fiberhome AN5506-04-F RP2669跨站点脚本攻击漏洞(CVE-2019-9556)
6. 攻击[22583]:OPENi-CMS pluginIndex.php oi_dir 参数文件包含漏洞
7. 攻击[24436]:Sparkasse - 多个持久性跨站脚本攻击Web漏洞


更新规则:
1. 攻击[62489]:Microsoft Internet Explorer多个缓存对象区域绕过漏洞(MS02-066)
2. 攻击[20473]:Microsoft WINS服务畸形包远程缓冲区溢出攻击
3. 攻击[62725]:IDAutomation Aztec SaveBarcode ActiveX控件文件写入漏洞
4. 攻击[62801]:Apache HTTP Server换行内存分配拒绝服务漏洞
5. 攻击[21390]:McAfee产品查验管理器栈溢出漏洞
6. 攻击[63308]:Symantec杀毒软件Intel LANDesk Common Base Agent服务任意代码执行漏洞
7. 攻击[61678]:Squid Web代理缓存HTTP版本号解析拒绝服务漏洞
8. 攻击[20548]:Snort Back Orifice预处理器缓冲区溢出漏洞(CVE-2005-3252)
9. 攻击[65190]:TWiki rev参数Shell命令注入漏洞(BID-14834)
10. 攻击[65225]:AOL Instant Messenger Away消息缓冲区溢出漏洞
11. 攻击[65340]:NCTsoft NCTAudioFile2 ActiveX控件SetFormatLikeSample()方法超长参数栈溢出漏洞
12. 攻击[20344]:Microsoft IIS 5.0 WebDAV远程缓冲区溢出攻击
13. 攻击[62051]:iLife Photocast XML标题格式串漏洞
14. 攻击[22584]:Flashchat aedating4CMS.php dir[inc
15. 攻击[22812]:Microsoft Internet Explorer安装引擎存在漏洞(MS04-038)
16. 攻击[40784]:Microsoft Internet Explorer COM对象实例化内存破坏漏洞(CVE-2005-1990)
17. 攻击[60009]:Microsoft Internet Explorer HTML标签内存破坏漏洞(MS06-013)
18. 攻击[60028]:Microsoft Internet Explorer拖放处理存在漏洞(MS04-038)
19. 攻击[60029]:Microsoft Internet Explorer "Popup.Show"拖放漏洞
20. 攻击[20580]:PeerCast URI解析栈溢出漏洞(CVE-2006-1148)
21. 攻击[10140]:Oracle9iAS Web Cache远程拒绝服务攻击
22. 攻击[20820]:Microsoft IIS 5.1远程缓冲区溢出攻击(MS07-041)
23. 攻击[20709]:Sabdrimer CMS advanced1.php远程文件包含攻击
24. 攻击[20846]:Mozilla Suite/Firefox compareTo()代码执行攻击
25. 攻击[20848]:Mozilla Firefox Javascript导航器对象远程代码执行攻击
26. 攻击[20876]:Microsoft Internet Explorer Daxctle.OCX KeyFrame Method堆溢出攻击
27. 攻击[21115]:Microsoft Internet Explorer FTP Web浏览界面跨站脚本攻击
28. 攻击[21119]:网络蠕虫Lupper.A XML-RPC 传播请求变种


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19893. This package include changed rules:

new rules:
1. threat[24431]:HPE Intelligent Management Center iccSelectCommand Expression Language Injection Vulnerability
2. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238)
3. threat[10488]:Microsoft IIS URL Access Violation DoS Vulnerability(CVE-2002-0072)(MS02-018)
4. threat[24434]:Supervisord Remote Command Execution Vulnerability(CVE-2017-11610)
5. threat[24435]:Fiberhome AN5506-04-F RP2669 Cross Site Scripting vulnerability(CVE-2019-9556)
6. threat[22583]:OPENi-CMS pluginIndex.php oi_dir Parameter PHP File Include
7. threat[24436]:Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities


update rules:
1. threat[62489]:Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability(MS02-066)
2. threat[20473]:Microsoft WINS Service Malformed Packet Remote Buffer Overflow
3. threat[62725]:IDAutomation Aztec SaveBarcode ActiveX Arbitrary File Write Vulnerability
4. threat[62801]:Apache HTTP Server Linefeed Memory Allocation Denial of Service Vulnerability
5. threat[21390]:McAfee Subscription Manager Stack Buffer Overflow
6. threat[63308]:Symantec System Center Alert Management System Command Execution Vulnerability
7. threat[61678]:Squid HTTP Version Number Parsing Denial of Service
8. threat[20548]:Snort Back Orifice Pre-Processor Buffer Overflow Vulnerability(CVE-2005-3252)
9. threat[65190]:TWiki rev Parameter Shell Command Injection Vulnerability(BID-14834)
10. threat[65225]:AOL Instant Messenger Away Message Buffer Overflow Vulnerability
11. threat[65340]:NCTsoft NCTAudioFile2 ActiveX Control SetFormatLikeSample() Method Overlength Parameter Stack Buffer Overflow
12. threat[20344]:Microsoft IIS 5.0 WebDAV Remote Buffer Overflow
13. threat[62051]:iLife Photocast XML Title Format String Vulnerability
14. threat[22584]:Flashchat aedating4CMS.php dir[inc
15. threat[22812]:Microsoft Internet Explorer Install Engine SetCifFileOverflow
16. threat[40784]:Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability(CVE-2005-1990)
17. threat[60009]:Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
18. threat[60028]:Microsoft Internet Explorer AnchorClick Behavior Drag and Drop Vulnerability
19. threat[60029]:Microsoft Internet Explorer Popup.Show Drag and Drop Vulnerability
20. threat[20580]:PeerCast URI Parsing StackOverflow Vulnerability(CVE-2006-1148)
21. threat[10140]:Oracle9iAS Web Cache Remote Denial of Service
22. threat[20820]:Microsoft IIS 5.1 Remote Buffer Overflow (MS07-041)
23. threat[20709]:Sabdrimer CMS advanced1.php Remote File Inclusion
24. threat[20846]:Mozilla Suite/Firefox compareTo() Code Execution
25. threat[20848]:Mozilla Firefox Javascript Navigator Object Remote Code Execution
26. threat[20876]:Microsoft Internet Explorer Daxctle.OCX KeyFrame Method HeapOverflow
27. threat[21115]:Microsoft Internet Explorer FTP Web View XSS
28. threat[21119]:Network Worm Lupper.A XML-RPC Propogation Request Variant


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-14 18:08:05
名称: eoi.unify.allrulepatch.ips.5.6.10.19827.rule 版本:5.6.10.19827
MD5:3e856029aa58f81026e09f17280c6815 大小:23.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19827。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24426]:RavenDB 4.1.4 跨站脚本攻击
2. 攻击[41654]:Linux watchdogs挖矿病毒恶意文件下载
3. 攻击[49027]:watchdogs挖矿木马DNS通信
4. 攻击[49026]:恶意程序windows/Brushaloader_a网络通信
5. 攻击[24427]:Video Downloader 和 Video Downloader Plus 谷歌Chrome浏览器扩展程序UXSS漏洞
6. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞
7. 攻击[24429]:Windows Vista RSS Feeds Gadget 跨站点脚本漏洞(CVE-2007-3033)
8. 攻击[30716]:Chrome打开pdf文件信息泄露漏洞
9. 攻击[41655]:"驱动人生"下载器木马通信
10. 攻击[24430]:Microsoft Windows DHCP 服务代码执行(CVE-2019-0626)
11. 攻击[30717]:NTPsec ntpd process_control越界读取漏洞(CVE-2019-6444)

更新规则:
1. 攻击[21412]:Microsoft Internet Explorer WebViewFolderIcon "setSlice"整数溢出漏洞(CVE-2006-3730)
2. 攻击[61636]:Oracle BEA Weblogic Server console-help.portal XSS漏洞(CVE-2009-1975)
3. 攻击[20074]:Quiksoft EasyMail SMTP ActiveX控件远程栈缓冲区溢出漏洞
4. 攻击[62397]:Microsoft Internet Explorer语音控制对象内存破坏漏洞(CVE-2007-2222)
5. 攻击[62400]:Microsoft CAPICOM ActiveX控件远程代码执行漏洞(MS07-028)
6. 攻击[61780]:GNU Mailman附件正规化器UTF8文件名拒绝服务漏洞
7. 攻击[62776]:ebCrypt ActiveX控件任意文件覆盖及拒绝服务漏洞
8. 攻击[62788]:Microsoft Internet Explorer Sysmon拒绝服务漏洞
9. 攻击[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts拒绝服务漏洞
10. 攻击[62754]:Microsoft Internet Explorer Applet文件路径拒绝服务漏洞
11. 攻击[20310]:Sendmail 8.12 邮件头处理远程缓冲区溢出攻击
12. 攻击[62408]:Apple WebKit WebCore 远程拒绝服务漏洞
13. 攻击[62409]:Microsoft Internet Explorer浏览器弹出窗口对象类型验证漏洞(MS03-040)
14. 攻击[62051]:iLife Photocast XML标题格式串漏洞
15. 攻击[62260]:Microsoft Excel日历对象验证内存破坏漏洞
16. 攻击[62468]:Oracle 9i HTTP服务器 OWA_UTIL存储过程信息泄露漏洞
17. 攻击[62283]:Internet Explorer 6 权限和访问控制漏洞
18. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞(CVE-2019-6340)
19. 攻击[62287]:Microsoft Internet Explorer脚本操作处理器缓冲区溢出漏洞(MS06-013)
20. 攻击[24315]:Zoho ManageEngine OpManager FailOverHelperServlet跨站点脚本(CVE-2018-12998)
21. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
22. 攻击[20344]:Microsoft IIS 5.0 WebDAV远程缓冲区溢出攻击
23. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
24. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
25. 攻击[62358]:Microsoft Windows Media Player插件缓冲区溢出漏洞(MS06-006)
26. 攻击[62368]:Microsoft PowerPoint列表值解析代码执行漏洞(MS08-051)
27. 攻击[62370]:Microsoft Windows WinHlp项目缓冲区溢出漏洞(http)
28. 攻击[62372]:Microsoft Vista侧栏联系人及天气小工具远程代码执行漏洞(MS07-048)
29. 攻击[62375]:Mozilla Firefox远程任意命令执行漏洞
30. 攻击[62376]:Microsoft Internet Explorer MSXML3竞争条件内存破坏漏洞(MS08-069)
31. 攻击[62485]:CUPS处理"/.."请求时逻辑错误远程拒绝服务漏洞
32. 攻击[62377]:Microsoft Windows Media Format运行时库远程任意指令执行漏洞
33. 攻击[62395]:Microsoft Internet Explorer COM对象实例化代码执行漏洞(MS06-021)
34. 攻击[61275]:Microsoft Internet Explorer事件处理跨域安全绕过漏洞(CVE-2008-3474)
35. 攻击[61302]:Firefox JavaScript: favicons代码插入执行漏洞
36. 攻击[61372]:uTorrent Torrent文件处理远程缓冲区溢出漏洞
37. 攻击[61374]:Apple Mac OS X Terminal x-man-path URI任意命令注入漏洞
38. 攻击[61476]:Altnet Download Manager ActiveX控件缓冲区溢出漏洞
39. 攻击[61552]:Microsoft Office PowerPoint遗留文件格式漏洞(client)
40. 攻击[61555]:Microsoft PowerPoint PP7X32.DLL库多个栈溢出漏洞(MS09-017)
41. 攻击[61559]:Microsoft PowerPoint Notes容器堆溢出漏洞(MS09-017)
42. 攻击[61560]:Microsoft Office PowerPoint数据越界漏洞
43. 攻击[20418]:Microsoft PCT协议远程缓冲区溢出攻击
44. 攻击[49022]:恶意病毒程序永恒之石DNS请求连接(EternalRocks)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19827. This package include changed rules:

new rules:
1. threat[24426]:RavenDB 4.1.4 Cross Site Scripting
2. threat[41654]:Miner Linux watchdogs Downloading Malicious Programs
3. threat[49027]:Watchdogs mining trojan DNS communication
4. threat[49026]:Malicious Program windows/Brushaloader_a Network Communications
5. threat[24427]:Video Downloader and Video Downloader Plus Chrome Extension UXSS Vulnerability
6. threat[24428]:Drupal 8.6.9 REST Remote Code Execution
7. threat[24429]:Windows Vista RSS Feeds Gadget Cross Site Scripting Vulnerability(CVE-2007-3033)
8. threat[30716]:Chrome opens pdf file information disclosure Vulnerability
9. threat[41655]:"Driver Talent" Downloader Trojan Communication
10. threat[24430]:Microsoft Windows DHCP Server Code Execution(CVE-2019-0626)
11. threat[30717]:NTPsec ntpd process_control Out of Bounds Read Vulnerability(CVE-2019-6444)

update rules:
1. threat[21412]:Microsoft Internet Explorer WebViewFolderIcon setSlice Integer Overflow Vulnerability(CVE-2006-3730)
2. threat[61636]:Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting Vulnerability(CVE-2009-1975)
3. threat[20074]:Quiksoft EasyMail SMTP ActiveX Controls Remote Stack Buffer Overflow Vulnerability
4. threat[62397]:Microsoft Internet Explorer Speech Control Object Memory Corruption Vulnerability(CVE-2007-2222)
5. threat[62400]:CAPICOM.Certificates ActiveX Control Remote Code Execution
6. threat[61780]:GNU Mailman Attachment Scrubber UTF8 Filename Denial of Service Vulnerability
7. threat[62776]:EBCRYPT ActiveX Denial of Service Vulnerability
8. threat[62788]:Microsoft Internet Explorer Sysmon Denial of Service Vulnerability
9. threat[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts Denial of Service Vulnerability
10. threat[62754]:Microsoft Internet Explorer Applet File Path Denial of Service Vulnerability
11. threat[20310]:Sendmail 8.12 Mail Header Handling Remote Buffer Overflow
12. threat[62408]:Apple Webkit HTML Parsing Rowspan Denial of Service
13. threat[62409]:Microsoft Internet Explorer Browser Popup Window Object Type Validation Vulnerability(MS03-040)
14. threat[62051]:iLife Photocast XML Title Format String Vulnerability
15. threat[62260]:Microsoft Excel Calendar Object Validation Memory Corruption Vulnerability
16. threat[62468]:Oracle 9i HTTP Server OWA_UTIL Stored Procedures Information Disclosure Vulnerability
17. threat[62283]:Microsoft Internet Explorer File Upload Keystroke Hijack
18. threat[24428]:Drupal 8.6.9 REST Remote Code Execution(CVE-2019-6340)
19. threat[62287]:Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability(MS06-013)
20. threat[24315]:Zoho ManageEngine OpManager FailOverHelperServlet Cross-Site Scripting(CVE-2018-12998)
21. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
22. threat[20344]:Microsoft IIS 5.0 WebDAV Remote Buffer Overflow
23. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
24. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
25. threat[62358]:Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability(MS06-006)
26. threat[62368]:Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability(MS08-051)
27. threat[62370]:Microsoft Windows WinHlp Item Buffer Overflow Vulnerability(http)
28. threat[62372]:Windows Vista Contacts Gadget Remote Code Execution Vulnerability
29. threat[62375]:Mozilla Firefox Remote Arbitrary Commands Execution Vulnerability
30. threat[62376]:Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability(MS08-069)
31. threat[62485]:CUPS Malformed Directory Traversal HTTP Request DOS
32. threat[62377]:Microsoft Windows Media Format Runngingtime Remote Code Execution Exploition
33. threat[62395]:Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability(MS06-021)
34. threat[61275]:Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability(CVE-2008-3474)
35. threat[61302]:Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability
36. threat[61372]:uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
37. threat[61374]:Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
38. threat[61476]:Altnet Download Manager ActiveX Control Buffer Overflow Vulnerability
39. threat[61552]:Microsoft Office PowerPoint Legacy File Format Vulnerability(client)
40. threat[61555]:Microsoft Office PowerPoint Memory Corruption Vulnerability(MS09-017)
41. threat[61559]:Microsoft Office PowerPoint Heap Corruption Vulnerability
42. threat[61560]:Microsoft Office PowerPoint Data Out of Bounds Vulnerability
43. threat[20418]:Microsoft PCT Protocol Remote Buffer Overflow
44. threat[49022]:Malware Eternal Stone DNS request connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-03-07 18:28:00
名称: eoi.unify.allrulepatch.ips.5.6.10.19741.rule 版本:5.6.10.19741
MD5:0993324eb537c20e7e9d44bc73cd0e01 大小:23.52M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19741。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24400]:Dell OpenManage Network Manager 访问控制漏洞(CVE-2018-15768)
2. 攻击[24409]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8391)
3. 攻击[24410]:SuiteCRM 7.10.7 SQL注入
6. 攻击[24413]:Joomla附件模块3.2.6版 Shell上传
7. 攻击[24412]:qdPM9.1项目管理工具XSS漏洞(CVE-2019-8390)
8. 攻击[24414]:Webiness Inventory 2.3版任意文件上传(CVE-2019-8404)
9. 攻击[24415]:Jenkins远程执行代码
10. 攻击[24416]:WordPress WP-JS-External-Link-Info url重定向漏洞
11. 攻击[24417]:WinRAR ACE文件处理路径遍历漏洞(CVE-2018-20250)
12. 攻击[24418]:KindEditor编辑器文件上传漏洞
13: 攻击[24419]:Hoteldruid 2.3 - 'nsextt' XSS 注入(CVE-2019-8937)
14. 攻击[24420]:Zoho ManageEngine ServiceDesk Plus(SDP)任意文件上传(CVE-2019-8394)
15. 攻击[24421]:WordPress wp_crop_image目录遍历漏洞(CVE-2019-8943)
16. 攻击[30715]:Joomla PrayerCenter 3.0.4 数据库sql文件泄露
17. 攻击[24423]:Raisecom Technology GPON-ONU HT803G-07 命令注入漏洞
18. 攻击[24425]:Drupal Public Download Count(Pubdlcnt) Modules开放式重定向漏洞
19. 攻击[24424]:PDF Signer 3.0 模板注入漏洞

更新规则:
1. 攻击[60054]:Mozilla/Netscape/Firefox浏览器域名远程溢出漏洞
2. 攻击[62783]:Microsoft Internet Explorer AxDebugger.Document拒绝服务漏洞
3. 攻击[62807]:Apple Safari Feed拒绝服务漏洞
4. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
5. 攻击[62291]:raSMP User-Agent HTTP报文头HTML注入漏洞
6. 攻击[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper远程拒绝服务漏洞
7. 攻击[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter拒绝服务漏洞
8. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
9. 攻击[31654]:Microsoft Outlook Web Access for Exchange Server 邮件字段XSS漏洞(CVE-2008-2247)
10. 攻击[24302]:可疑XML外部实体(XXE)注入攻击尝试
11. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
12. 应用:http-methods

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19741. This package include changed rules:

new rules:
1. threat[24400]:Dell OpenManage Network Manager MySQL Improper Access Control(CVE-2018-15768)
2. threat[24409]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8391)
3. threat[24410]:SuiteCRM 7.10.7 SQL Injection
4. threat[24411]:Master IP CAM 01 3.3.4.2103 Remote Command Execution(CVE-2019-8387)
5. threat[24413]:Joomla Attachments 3.2.6 Shell Upload
6. threat[24412]:qdPM9.1 Project Management Tool XSS Vulnerability(CVE-2019-8390)
7. threat[24414]:Webiness Inventory 2.3 Arbitrary File Upload(CVE-2019-8404)
8. threat[24415]:Jenkins Remote Code Execution
9. threat[24416]:WordPress WP-JS-External-Link-Info Open Redirection Vulnerability
10. threat[24417]:WinRAR ACE File Handling Path Traversal Vulnerability(CVE-2018-20250)
11. threat[24418]:KindEditor editor file upload vulnerability
12. threat[24419]:Hoteldruid 2.3 - 'nsextt' XSS Injection(CVE-2019-8937)
13. threat[24420]:Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload(CVE-2019-8394)
14. threat[24421]:WordPress wp_crop_image Directory Traversal Vulnerability (CVE-2019-8943)
15. threat[30715]:Joomla PrayerCenter 3.0.4 Database Disclosure Vulnerability
16. threat[24423]:Raisecom Technology GPON-ONU HT803G-07 Command Injection Vulnerability
17. threat[24425]:Drupal Public Download Count(Pubdlcnt) Modules Open Redirection Vulnerability
18. threat[24424]:PDF Signer 3.0 Template Injection Vulnerability

update rules:
1. threat[60054]:Mozilla Products International Domain Name Parsing Buffer Overflow Vulnerability
2. threat[62783]:Microsoft Internet Explorer AxDebugger.Document Denial of Service Vulnerability
3. threat[62807]:Apple Safari Feed Denial of Service Vulnerability
4. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
5. threat[62291]:raSMP User-Agent Parsing Cross-Site Scripting Vulnerability
6. threat[60354]:Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object DOS Vulnerability
7. threat[60410]:Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial of Service Vulnerability
8. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
9. threat[31654]:Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability(CVE-2008-2247)
10. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt
11. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
12. app:http-methods


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-28 22:03:36
名称: eoi.unify.allrulepatch.ips.5.6.10.19662.rule 版本:5.6.10.19662
MD5:18779151a1b28eb806a4d34eccacc016 大小:23.46M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19662。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24391]:Rockwell Automation RSLinx Classic CIP Connection Path堆栈缓冲区溢出漏洞(CVE-2018-14829)
2. 攻击[24393]:LAquis SCADA Web服务器 relatorioindividual TITULO命令注入
3. 攻击[24392]:LAquis SCADA Web服务器acompanhamentotela PAGINA命令注入
4. 攻击[24403]:IBM Security QRadar SIEM身份验证绕过漏洞(CVE-2018-1418)
5. 攻击[24395]:Elasticsearch Kibana本地文件包含漏洞(CVE-2018-17246)
6. 攻击[24396]:libVNC LibVNCServer文件传输扩展堆溢出漏洞(CVE-2018-15127)
7. 攻击[24397]:libVNC LibVNCServer文件传输扩展释放后重用漏洞(CVE-2018-6307)
8. 攻击[24398]:Raisecom Technology GPON-ONU HT803G-07 命令注入(CVE-2019-7384)
9. 攻击[24401]:phpMyAdmin tbl_replace.php本地文件包含漏洞(CVE-2018-19968)
10. 攻击[24399]:ZeroMQ libzmq v2_decoder 整数溢出漏洞(CVE-2019-6250)
11. 攻击[24402]:Zoho ManageEngine OpManager XML注入漏洞(CVE-2018-18980)
12. 攻击[24404]:F3-CMS FatFreeFramework 0.0.1 数据库泄露
13. 攻击[24406]:Zoho ManageEngine OpManager DataMigrationServlet不安全的反序列化
14. 攻击[24405]:SYSTORME ISG命令注入
15. 攻击[24407]:Nuxeo NuxeoUnknownResource 表达式语言注入漏洞(CVE-2018-16341)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19662. This package include changed rules:

new rules:
1. threat[24391]:Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability(CVE-2018-14829)
2. threat[24393]:LAquis SCADA Web Server relatorioindividual TITULO Command Injection
3. threat[24392]:LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection
4. threat[24403]:IBM QRadar SIEM Authentication Bypass(CVE-2018-1418)
5. threat[24395]:Elastic Kibana Local File Inclusion Vulnerability(CVE-2018-17246)
6. threat[24396]:libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow(CVE-2018-15127)
7. threat[24397]:libVNC LibVNCServer Tight File Transfer Extension Use After Free(CVE-2018-6307)
8. threat[24398]:Raisecom Technology GPON-ONU HT803G-07 Command Injection(CVE-2019-7384)
9. threat[24401]:phpMyAdmin tbl_replace.php Local File Inclusion Vulnerability(CVE-2018-19968)
10. threat[24399]:ZeroMQ libzmq v2_decoder Integer Overflow vulnerability(CVE-2019-6250)
11. threat[24402]:Zoho ManageEngine OpManager XXE Injection Vulnerability(CVE-2018-18980)
12. threat[24404]:F3-CMS FatFreeFramework 0.0.1 Database Disclosure
13. threat[24406]:Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization
14. threat[24405]:SYSTORME ISG Command Injection
15. threat[24407]:Nuxeo NuxeoUnknownResource Expression Language Injection Vulnerability(CVE-2018-16341)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-21 18:58:05
名称: eoi.unify.allrulepatch.ips.5.6.10.19608.rule 版本:5.6.10.19608
MD5:37068bbb8b8fb006cded81d50fc847ca 大小:23.44M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19608。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41640]:恶意程序Windows/Nitol.S0P3R7_a网络通信
2. 攻击[41649]:DarkHydrus APT后门程序DNS信道通信
3. 攻击[24387]:Coppermine 1.5.46 跨站脚本攻击(cve-2018-14478)
4. 攻击[49025]:恶意挖矿程序Adylkuzz DNS请求连接
5. 攻击[49023]:恶意程序BadRabbit(坏兔子)勒索病毒DNS请求连接
6. 攻击[49024]:恶意程序CTB-Locker的比特币敲诈病毒DNS请求连接
7. 攻击[24388]:Cisco Small Business RV320/RV325 命令注入漏洞(CVE-2019-1652)
8. 攻击[24389]:NTPsec ntpd ctl_getitem 越界读取(CVE-2019-6443)
9. 攻击[24390]:Kubernetes Dashboard 认证绕过信息泄露(CVE-2018-18264)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19608. This package include changed rules:

new rules:
1. threat[41640]:Malware Windows/Nitol.S0P3R7_a Network Communication
2. threat[41649]:DarkHydrus APT Backdoor Program Communication through DNS Protocol
3. threat[24387]:Coppermine 1.5.46 Cross Site Scripting(cve-2018-14478)
4. threat[49025]:Malware Mining Adylkuzz DNS Request Connection
5. threat[49023]:Malware BadRabbit (bad rabbit) Ransomware DNS Request Connection
6. threat[49024]:Malware CTB-Locker bitcoin blackmail virus DNS Request Connection
7. threat[24388]:Cisco Small Business RV320/RV325 Command Injection Vulnerability(CVE-2019-1652)
8. threat[24389]:NTPsec ntpd ctl_getitem Out of Bounds Read(CVE-2019-6443)
9. threat[24390]:Kubernetes Dashboard Authentication Bypass Information Disclosure(CVE-2018-18264)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-14 19:30:27
名称: eoi.unify.allrulepatch.ips.5.6.10.19571.rule 版本:5.6.10.19571
MD5:2a28b810bcf41be7d35383b1573b7492 大小:23.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19571。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41648]:勒索病毒WannaCry尝试通信



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19571. This package include changed rules:

new rules:
1. threat[41648]:Ransom virus WannaCry tries to communicate



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-02-07 20:21:10
名称: eoi.unify.allrulepatch.ips.5.6.10.19567.rule 版本:5.6.10.19567
MD5:7bc2d7754ba3e3903892ffe451597a01 大小:23.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19567。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24385]:DotNetNuke事件日历1.x版本文件下载漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19567. This package include changed rules:

new rules:
1. threat[24385]:DotNetNuke Events Calendar 1.x File Download



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-31 14:31:00
名称: eoi.unify.allrulepatch.ips.5.6.10.19562.rule 版本:5.6.10.19562
MD5:86a8dc8ebc483ad76bacef4f05e4412e 大小:23.43M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19562。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24382]:HMS Netbiter WS100 3.30.5 XSS漏洞
2. 攻击[24383]:Hucart CMS CSRF漏洞
3. 攻击[41645]:Webshell后门程序Jsp File Browser访问控制
4. 攻击[41646]:零魂php一句话木马客户端上传Webshell后门程序
5. 攻击[41547]:JSP Webshell 后门访问
6. 攻击[41647]:Webshell后门程序phpspy2010访问控制
7. 攻击[24384]:Mitel Connect ONSITE和Mitel ST conferencing远程命令执行漏洞(CVE-2018-5782)
8. 攻击[24386]:doorGets CMS 7.0 任意文件下载漏洞

更新规则:
1. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞
2. 攻击[68655]:可疑Webshell后门访问控制


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19562. This package include changed rules:

new rules:
1. threat[24382]:HMS Netbiter WS100 3.30.5 Cross Site Scripting
2. threat[24383]:Hucart CMS Cross Site Request Forgery
3. threat[41645]:Webshell Backdoor Jsp File Browser Access and Control
4. threat[41646]:Zerosoul Webshell Uploader Uploading Webshell Backdoor Programs
5. threat[41547]:JSP Webshell Backdoor Access
6. threat[41647]:Webshell Backdoor phpspy2010 Access and Control
7. threat[24384]:Mitel Connect ONSITE and Mitel ST conferencing Remote Code Execution(CVE-2018-5782)
8. threat[24386]:doorGets CMS 7.0 Arbitrary File Download Vulnerability

update rules:
1. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability
2. threat[68655]:Suspicious Webshell Backdoor Access and Control


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-24 16:43:39
名称: eoi.unify.allrulepatch.ips.5.6.10.19535.rule 版本:5.6.10.19535
MD5:57d90cc2386b4764324b0ad3bd5d6502 大小:23.42M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19535。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24376]:Oracle Database Server Application Express远程安全漏洞(CVE-2018-2699)
2. 攻击[24377]:Roxy Fileman 1.4.5 目录遍历漏洞(CVE-2018-20525)
3. 攻击[24379]:Mailcleaner 远程代码执行漏洞
4. 攻击[10487]:UA-Parser正则表达式拒绝服务漏洞(CVE-2018-20164)
5. 攻击[24381]:Webgalamb Client-IP HTTP头SQL注入(CVE-2018-19510)
6. 攻击[24380]:ThinkPHP5 5.1~5.2远程代码执行漏洞

更新规则:
1. 攻击[41546]:ASP Webshell 后门访问


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19535. This package include changed rules:

new rules:
1. threat[24376]:Oracle Database Server Application Express Remote Security Vulnerability (CVE-2018-2699)
2. threat[24377]:Roxy Fileman 1.4.5 Directory Traversal Vulnerability(CVE-2018-20525)
3. threat[24379]:Mailcleaner Remote Code Execution
4. threat[10487]:UA-Parser Regular expression Denial of Service Vulnerability(CVE-2018-20164)
5. threat[24381]:Webgalamb Client-IP HTTP header SQL injection(CVE-2018-19510)
6. threat[24380]:ThinkPHP5 5.1~5.2 Remote Code Execution Vulnerability

update rules:
1. threat[41546]:ASP Webshell Backdoor Access


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-17 18:21:20
名称: eoi.unify.allrulepatch.ips.5.6.10.19516.rule 版本:5.6.10.19516
MD5:480e0c7270ce3d2a4b3b1ed2dd07d807 大小:23.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19516。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24375]:ThinkPHP5 5.0.23 远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19516. This package include changed rules:

new rules:
1. threat[24375]:ThinkPHP5 5.0.23 Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-12 21:28:08
名称: eoi.unify.allrulepatch.ips.5.6.10.19470.rule 版本:5.6.10.19470
MD5:72916a2e277972afee0cbb39bd312f98 大小:23.38M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19470。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24373]:HPE Moonshot Provisioning Manager Appliance目录遍历漏洞(CVE-2017-8977)

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24255]:Web服务远程命令执行攻击
3. 应用:优酷土豆视频


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19470. This package include changed rules:

new rules:
1. threat[24373]:HPE Moonshot Provisioning Manager Appliance Directory Traversal(CVE-2017-8977)

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24255]:Web Service Remote Command Execution Attack
3. app:Youku Tudou Vedio


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2019-01-10 19:44:16
名称: eoi.unify.allrulepatch.ips.5.6.10.19452.rule 版本:5.6.10.19452
MD5:1b378e9af7c6b24f6359eb5d47cefd8a 大小:23.39M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19452。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24371]:Xen Project XAPI Update 目录遍历漏洞(CVE-2018-14007)
2. 攻击[24372]:Micro Focus Secure Messaging Gateway enginelist.php SQL注入(CVE-2018-12464)
3. 攻击[24369]:思科自适应安全设备Webvpn XML Parser Double Free漏洞(CVE-2018-0101)
4. 攻击[24370]:Apache Tika tika-server命令注入漏洞(CVE-2018-1335)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


发布时间:2019-01-03 18:17:08
名称: eoi.unify.allrulepatch.ips.5.6.10.19418.rule 版本:5.6.10.19418
MD5:46570dea9a43bb35b1b2134b26102773 大小:23.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19418。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19418. This package include changed rules:

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-28 01:11:57
名称: eoi.unify.allrulepatch.ips.5.6.10.19388.rule 版本:5.6.10.19388
MD5:d0e98e7e0359b4ba3f2a51656c1ce82f 大小:23.37M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19388。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24362]:Zoho ManageEngine OpManager OpManagerFailoverUtil customerName SQL注入(CVE-2018-9088)
2. 攻击[24361]:Cisco Prime Infrastructure swimtemp TFTP 任意文件上传漏洞(CVE-2018-15379)
3. 攻击[24363]:Zoho ManageEngine OpManager RelationalMailServer addMailServerSettings SQL注入(CVE-2018-18949)
4. 攻击[41636]:恶意程序A-311 Death与控制服务器通信
5. 攻击[24365]:ThinkPHP 5.x远程命令执行漏洞
6. 攻击[24366]:Apache Tomcat Default Servlet 重定向漏洞(CVE-2018-11784)

更新规则:
1. 攻击[24359]:Nagios XI Cmdsubsys命令注入(CVE-2018-15709)
2. 攻击[24360]:Nagios XI Magpie cURL参数注射(CVE-2018-15708)
3. 攻击[24255]:Web服务远程命令执行攻击
4. 攻击[68612]:Webshell样本100426上传
5. 攻击[68654]:可疑Webshell脚本文件上传行为


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19388. This package include changed rules:

new rules:
1. threat[24362]:Zoho ManageEngine OpManager OpManagerFailoverUtil customerName SQL Injection(CVE-2018-9088)
2. threat[24361]:Cisco Prime Infrastructure swimtemp TFTP Arbitrary File Upload Vulnerability(CVE-2018-15379)
3. threat[24363]:Zoho ManageEngine OpManager RelationalMailServer addMailServerSettings SQL Injection(CVE-2018-18949)
4. threat[41636]:Malware A-311 Death Communicating with C&C Server
5. threat[24365]:ThinkPHP 5.x Remote Command Execution Vulnerability
6. threat[24366]:Apache Tomcat Default Servlet Open Redirect Vulnerability(CVE-2018-11784)

update rules:
1. threat[24359]:Nagios XI Cmdsubsys Command Injection(CVE-2018-15709)
2. threat[24360]:Nagios XI Magpie cURL Argument Injection(CVE-2018-15708)
3. threat[24255]:Web Service Remote Command Execution Attack
4. threat[68612]:Webshell Sample 100426 Upload
5. threat[68654]:Suspicious Webshell Script Files Upload Behavior


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-20 17:46:19
名称: eoi.unify.allrulepatch.ips.5.6.10.19348.rule 版本:5.6.10.19348
MD5:b485c081ec5b0e42af97045d2979fd4e 大小:23.36M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19348。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24350]:ACME mini_httpd任意文件读取漏洞(CVE-2018-18778)
2. 攻击[24352]:Siemens 多个产品XML外部实体注入漏洞(CVE-2017-12069)
3. 攻击[24353]:Advantech WebAccess SCADA WADashboard readFile 目录遍历(CVE-2018-15706)
4. 攻击[24354]:Advantech WebAccess SCADA WADashboard writeFile任意文件覆盖漏洞(CVE-2018-15705)
5. 攻击[24355]:Oracle GoldenGate Manager组件栈缓冲区溢出漏洞(CVE-2018-2913)
6. 攻击[24357]:Oracle Weblogic反序列化远程代码执行漏洞(CVE-2018-3252)
7. 攻击[24358]:Advantech WebAccess SCADA bwMainLeft.asp 跨站脚本攻击(CVE-2018-15707)
8. 应用:OPC UA

更新规则:
1. 攻击[24349]:Cisco Unity Express任意命令执行漏洞(CVE-2018-15381)
2. 应用:DNS协议
3. 应用:远程桌面


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19348. This package include changed rules:

new rules:
1. threat[24350]:ACME mini_httpd Arbitrary File Read vulnerability(CVE-2018-18778)
2. threat[24352]:Siemens Products XML External Entity Injection(CVE-2017-12069)
3. threat[24353]:Advantech WebAccess SCADA WADashboard readFile Directory Traversal(CVE-2018-15706)
4. threat[24354]:Advantech WebAccess SCADA WADashboard writeFile Arbitrary File Overwrite Vulnerability(CVE-2018-15705)
5. threat[24355]:Oracle GoldenGate Manager Stack Buffer Overflow Vulnerability(CVE-2018-2913)
6. threat[24357]:Oracle WebLogic Server Insecure Deserialization Remote Code Execution(CVE-2018-3252)
7. threat[24358]:Advantech WebAccess SCADA bwMainLeft.asp Cross-Site Scripting(CVE-2018-15707)
8. app:OPC UA

update rules:
1. threat[24349]:Cisco Unity Express RMI Insecure Deserialization Arbitrary Command Execution Vulnerability(CVE-2018-15381)
2. app:DNS Protocol
3. app:Remote Desktop


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-14 08:24:51
名称: eoi.unify.allrulepatch.ips.5.6.10.19287.rule 版本:5.6.10.19287
MD5:41d5f615b239efd7072690f9166f0a69 大小:23.33M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19287。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet任意文件上传(CVE-2018-1306)
2. 攻击[24336]:JBoss Application Server EJBInvokerServlet/JMXInvokerServlet远程代码执行漏洞(CVE-2013-4810)
3. 攻击[24337]:OPC Foundation UA Client Applications信息泄露漏洞(CVE-2018-12087)
4. 攻击[24338]:多款OPC产品信息泄露漏洞(CVE-2018-7559)
5. 攻击[41635]:恶意勒索病毒Satan.lucky变种通信
6. 攻击[24339]:Adobe Acrobat/Reader任意代码执行漏洞(CVE-2018-12855)
7. 攻击[24340]:ISPConfig user_settings.php任意文件包含漏洞(CVE-2018-17984)
8. 攻击[24341]:Microsoft Windows Shell 远程执行代码漏洞(CVE-2018-8495)
9. 攻击[24342]:Zoho ManageEngine OpManager认证绕过漏洞(CVE-2018-17283)
10. 攻击[24343]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2018-17283))
11. 攻击[24344]:Adobe Acrobat ImageConversion EmfPlusDrawBeziers字段导致信息泄露漏洞(CVE-2018-15946)
12. 攻击[24345]:Quest KACE IT资产管理系统run_cross_report SQL注入漏洞
13. 攻击[24346]:Zoho ManageEngine OpManager SQL注入漏洞(CVE-2018-17243)
14. 攻击[24347]:Advantech WebAccess SCADA notify2 基于堆栈的缓冲区溢出(CVE-2018-7499)
15. 应用:S7Comm

更新规则:
1. 攻击[24098]:Apache Struts2 REST插件远程代码执行漏洞(S2-052)
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 应用:mqtt


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19287. This package include changed rules:

new rules:
1. threat[24335]:Apache Pluto PortletV3AnnotatedDemo MultipartPortlet Arbitrary File Upload(CVE-2018-1306)
2. threat[24336]:JBoss Application Server EJBInvokerServlet/JMXInvokerServlet Remote Code Execution Vulnerability(CVE-2013-4810)
3. threat[24337]:OPC Foundation UA Client Applications information leakage vulnerability (CVE-2018-12087)
4. threat[24338]:Multiple OPC product information leakage vulnerabilities(CVE-2018-7559)
5. threat[41635]:Malicious Ransomware Satan Variant lucky Communication
6. threat[24339]:Adobe Acrobat/Reader Arbitrary Code Execution Vulnerability(CVE-2018-12855)
7. threat[24340]:ISPConfig user_settings.php Arbitrary File Inclusion Vulnerability(CVE-2018-17984)
8. threat[24341]:Microsoft Windows Shell Remote Code Execution Vulnerability(CVE-2018-8495)
9. threat[24342]:Zoho ManageEngine OpManager Authentication Bypass Vulnerability(CVE-2018-17283)
10. threat[24343]:Zoho ManageEngine OpManager setManaged SQL Injection Vulnerability(CVE-2018-17283)
11. threat[24344]:Adobe Acrobat ImageConversion EmfPlusDrawBeziers Information Disclosure Vulnerability(CVE-2018-15946)
12. threat[24345]:Quest KACE Systems Management run_cross_report SQL Injection Vulnerability
13. threat[24346]:Zoho ManageEngine OpManager SQL Injection Vulnerability(CVE-2018-17243)
14. threat[24347]:Advantech WebAccess SCADA notify2 Stack-based Buffer Overflow(CVE-2018-7499)
15. app:S7Comm

update rules:
1. threat[24098]:Apache Struts2 REST Plugin Remote Code Execution Vulnerability(S2-052)
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. app:


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-12-06 17:48:33
名称: eoi.unify.allrulepatch.ips.5.6.10.19201.rule 版本:5.6.10.19201
MD5:2a77a7465f5b931316f7439ed0cf8b20 大小:23.23M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19201。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[24333]:Apache Struts2 Commons FileUpload反序列远程代码执行漏洞
3. 攻击[41627]:恶意程序windows/qbot_a网络通信
4. 攻击[41475]:恶意程序windows/njRAT_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19201. This package include changed rules:


update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[24333]:Apache Struts2 Commons FileUpload Unserialization Remote Code Execution Vulnerability
3. threat[41627]:Malicious program windows/qbot_a network communication
4. threat[41475]:Malicious program windows/njRAT_a network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-30 10:53:17
名称: eoi.unify.allrulepatch.ips.5.6.10.19144.rule 版本:5.6.10.19144
MD5:0c2543ec327e969584ffd6a175230a7a 大小:23.15M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19144。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41210]:恶意程序linux/mayday_a网络通信
2. 攻击[24333]:Apache Struts2 Commons FileUpload反序列远程代码执行漏洞

更新规则:
1. 攻击[41611]:恶意程序xorddos.origin/linux_b网络通信
2. 攻击[24255]:Web服务远程命令执行攻击
3. 攻击[24207]:Oracle WebLogic Server远程代码执行漏洞(CVE-2017-10271)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19144. This package include changed rules:

new rules:
1. threat[41210]:Malicious program linux/mayday_a network communication
2. threat[24333]:Apache Struts2 Commons FileUpload Unserialization Remote Code Execution Vulnerability

update rules:
1. threat[41611]:Malware xorddos.origin/linux_b network communication
2. threat[24255]:Web Service Remote Command Execution Attack
3. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2017-10271)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-20 21:00:46
名称: eoi.unify.allrulepatch.ips.5.6.10.18935.rule 版本:5.6.10.18935
MD5:1115ce937eadc6c5cdf4db036fe78d43 大小:22.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18935。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30713]:Apache Traffic服务器ESI插件信息泄露漏洞(CVE-2018-8040)
2. 攻击[41624]:恶意程序Windows/WORM.VBNA.S0P0R0.WO_a网络通信
3. 攻击[41625]:恶意程序Windows/WORM.VBNA.S0P0R0.WO_b网络通信
4. 攻击[41627]:恶意程序windows/qbot_a网络通信
5. 攻击[41628]:恶意程序windows/swordrat_a网络通信

更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 攻击[23154]:tnftp ftp客户端任意命令执行漏洞(CVE-2014-8517)
3. 攻击[41611]:恶意程序xorddos.origin/linux_b网络通信
4. 攻击[62698]:ProFTPD后门未授权访问漏洞
5. 攻击[41475]:恶意程序windows/njRAT_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18935. This package include changed rules:

new rules:
1. threat[30713]:Apache Traffic Server ESI Plugin Information Disclosure Vulnerability(CVE-2018-8040)
2. threat[41624]:Malware Windows/WORM.VBNA.S0P0R0.WO_a Network Connection
3. threat[41625]:Malware Windows/WORM.VBNA.S0P0R0.WO_b Network Connection
4. threat[41627]:Malicious program windows/qbot_a network communication
5. threat[41628]:Malicious program windows/swordrat_a network communication

update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. threat[23154]:tnftp ftp client arbitrary command execution vulnerability (CVE-2014-8517)
3. threat[41611]:Malware xorddos.origin/linux_b network communication
4. threat[62698]:ProFTPD Backdoor Unauthorized Access Vulnerability
5. threat[41475]:Malicious program windows/njRAT_a network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-08 18:02:36
名称: eoi.unify.allrulepatch.ips.5.6.10.18860.rule 版本:5.6.10.18860
MD5:c9bef0b1e0ca6f7bad2739f7a56195e8 大小:22.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18860。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24316]:Quest KACE 系统管理 run_report命令注入
2. 攻击[24317]:LIVE555 RTSP服务器缓冲区溢出漏洞(CVE-2018-4013)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18860. This package include changed rules:

new rules:
1. threat[24316]:Quest KACE Systems Management run_report Command Injection
2. threat[24317]:LIVE555 RTSP Server Buffer Overflow Vulnerability(CVE-2018-4013)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-01 21:07:24
名称: eoi.unify.allrulepatch.ips.5.6.10.18832.rule 版本:5.6.10.18832
MD5:5bff4df34bf07a40465d43f0633b31ef 大小:22.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18832。该升级包新增/改进的规则有:


更新规则:
1. 攻击[23154]:tnftp ftp客户端任意命令执行漏洞(CVE-2014-8517)
2. 攻击[10431]:NetGear ProSafe交换机远程拒绝服务漏洞(CVE-2013-4776)
3. 攻击[62815]:Wireshark SigComp UDVM 缓冲区溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18832. This package include changed rules:


update rules:
1. threat[23154]:tnftp ftp client arbitrary command execution vulnerability (CVE-2014-8517)
2. threat[10431]:Netgear ProSafe GET filesystem Denial of Service(CVE-2013-4776)
3. threat[62815]:Wireshark SigComp UDVM Buffer Overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-25 18:09:17
名称: eoi.unify.allrulepatch.ips.5.6.10.18794.rule 版本:5.6.10.18794
MD5:b66f782742741a061746bc51a05b7f18 大小:22.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18794。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24311]:GNU C库(glibc)gethostname函数堆缓冲区溢出 - Wordpress XML-RPC
2. 攻击[24312]:Microsoft Windows Shell命令注入(CVE-2012-0175)
3. 攻击[24313]:Cgit路径参数目录遍历信息披露(CVE-2018-14912)
4. 攻击[24314]:Microsoft Windows Shell SettingContentms远程执行代码(CVE-2018-8414)

更新规则:
1. 攻击[65502]:Microsoft Internet Explorer HTML对象处理内存损坏漏洞
2. 攻击[23381]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2015-0053)(MS15-009)
3. 攻击[23359]:ElasticSearch Groovy远程代码执行漏洞(CVE-2015-1427)
4. 攻击[62920]:Microsoft Host Integration Server拒绝服务漏洞
5. 攻击[63352]:Microsoft .NET Framework Open Data Protocol "Replace()"拒绝服务漏洞(MS13-007)
6. 攻击[10412]:Apache HTTP Server畸形Range和Range-Request选项处理远程拒绝服务漏洞
7. 攻击[67726]:Microsoft IE HTML渲染远程代码执行漏洞(MS10-018)
8. 攻击[10366]:APACHE COMMONS FILEUPLOAD组件DOS漏洞
9. 攻击[50532]:Windows SMB协议用户认证成功
10. 攻击[63450]:HP SiteScope SOAP调用APIPreferenceImpl安全绕过漏洞
11. 攻击[23010]:ELASTICSEARCH远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18794. This package include changed rules:

new rules:
1. threat[24311]:GNU C Library (glibc) gethostname Function Heap Buffer Overflow - Wordpress XML-RPC
2. threat[24312]:Microsoft Windows Shell Command Injection(CVE-2012-0175)
3. threat[24313]:Cgit Path Parameter Directory Traversal Information Disclosure(CVE-2018-14912)
4. threat[24314]:Microsoft Windows Shell SettingContentms Remote Code Execution(CVE-2018-8414)

update rules:
1. threat[65502]:Microsoft Internet Explorer HTML Object Handling Memory Corruption Vulnerability)
2. threat[23381]:Microsoft Internet Explorer CVE-2015-0053 Remote Memory Corruption Vulnerability
3. threat[23359]:ElasticSearch Groovy command exec Remote Code Execution Vulnerability (CVE-2015-1427)
4. threat[62920]:Microsoft Host Integration Server Access of Unallocated Memory Denial of Service Vulnerability
5. threat[63352]:Microsoft .NET Framework OData Denial of Service Vulnerability
6. threat[10412]:Apache HTTP Server Denial Of Service Vulnerability
7. threat[67726]:Microsoft IE HTML Rendering Remote Code Execution Vulnerability (MS10-018)
8. threat[10366]:APACHE COMMONS FILEUPLOAD Module DOS Vulnerability
9. threat[50532]:Windows SMB User Authentication Success
10. threat[63450]:HP SiteScope SOAP Call APIPreferenceImpl Security Bypass Vulnerability
11. threat[23010]:ELASTICSEARCH Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-18 18:59:50
名称: eoi.unify.allrulepatch.ips.5.6.10.18722.rule 版本:5.6.10.18722
MD5:d4fa42dc04c785007c071f73f172132b 大小:22.71M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18722。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30712]:HP SiteScope SOAP调用 远程任意文件访问(CVE-2015-3259)(CVE-2012-3260)
2. 攻击[10483]:Apache Tomcat 块请求远程拒绝服务漏洞(CVE-2014-0075)
3. 攻击[24310]:Apache Struts2通配符OGNL命令执行(CVE-2013-2134)

更新规则:
1. 攻击[63450]:HP SiteScope SOAP调用APIPreferenceImpl安全绕过漏洞
2. 攻击[23131]:ManageEngine产品任意文件上传漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18722. This package include changed rules:

new rules:
1. threat[30712]:HP SiteScope SOAP Call Remote Arbitray File Access(CVE-2015-3259)(CVE-2012-3260)
2. threat[10483]:Apache Tomcat HTTP Chunked Encoding Chunk Size Denial of Service(CVE-2014-0075)
3. threat[24310]:Apache Struts2 wildcard OGNL command execution(CVE-2013-2134)

update rules:
1. threat[63450]:HP SiteScope SOAP Call APIPreferenceImpl Security Bypass Vulnerability
2. threat[23131]:ManageEngine Desktop Central StatusUpdate Arbitrary File Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-11 17:59:45
名称: eoi.unify.allrulepatch.ips.5.6.10.18694.rule 版本:5.6.10.18694
MD5:f4e6eed44378c0b463145ac2d28a503f 大小:22.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18694。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18694. This package include changed rules:


update rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-10-04 20:02:53
名称: eoi.unify.allrulepatch.ips.5.6.10.18693.rule 版本:5.6.10.18693
MD5:87994da9fda861b432db0b3b4fc7ee52 大小:22.72M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18693。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[41619]:恶意软件Xbash向C2服务器上传扫描结果信息
3. 攻击[41618]:恶意软件Xbash C2服务器通信

更新规则:
1. 攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18693. This package include changed rules:

new rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[41619]:Malware Xbash uploads scan result information to C2 server
3. threat[41618]:Malware Xbash Communicating with C2 Server

update rules:
1. threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-30 19:32:29
名称: eoi.unify.allrulepatch.ips.5.6.10.18657.rule 版本:5.6.10.18657
MD5:ed7a4c1af363dfe3f20f7d2ef1c9fc3f 大小:22.74M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18657。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41615]:Webshell后门程序Darkshell访问控制
2. 攻击[41616]:Webshell后门程序PHPJackal访问控制
3. 攻击[41617]:Webshell后门程序KA_uShell访问控制
4. 攻击[41611]:恶意程序xorddos.origin/linux_b网络通信

更新规则:
1. 攻击[68655]:可疑Webshell后门访问控制
2. 攻击[24003]:Microsoft Windows SMB Server信息泄露漏洞扫描(CVE-2017-0147)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18657. This package include changed rules:

new rules:
1. threat[41615]:Webshell Backdoor Program Darkshell Access and Control
2. threat[41616]:Webshell Backdoor Program PHPJackal Access and Control
3. threat[41617]:Webshell Backdoor Program KA_uShell Access and Control
4. threat[41611]:Malware xorddos.origin/linux_b network communication

update rules:
1. threat[68655]:Suspicious Webshell Backdoor Access and Control
2. threat[24003]:Microsoft Windows SMB Server Information Disclosure Vulnerability Scan(CVE-2017-0147)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-27 20:40:43
名称: eoi.unify.allrulepatch.ips.5.6.10.18639.rule 版本:5.6.10.18639
MD5:5e96f1afb130b1ae62705becf9707c7a 大小:22.71M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18639。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24303]:HPE智能管理中心PLATtftp服务器fread函数堆栈缓冲区溢出
2. 攻击[24304]:Trend Micro Control Manager SQL注入漏洞(CVE-2018-3602)
3. 攻击[24305]:Advantech Webaccess webvrpcs 目录遍历远程代码执行
4. 攻击[41614]:Webshell后门操控数据库

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞
2. 攻击[24221]:PHPSPY Webshell访问控制
3. 攻击[20580]:PeerCast URI解析栈溢出漏洞(CVE-2006-1148)
4. 攻击[41608]:恶意程序windows/jenki_c网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18639. This package include changed rules:


new rules:
1. threat[24303]:HPE Intelligent Management Center PLAT tftpserver fread Stack Buffer Overflow
2. threat[24304]:Trend Micro Control Manager SQL Injection Vulnerability(CVE-2018-3602)
3. threat[24305]:Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution
4. threat[41614]:Webshell Backdoor Controlling Database

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability
2. threat[24221]:PHPSPY Webshell Access and Control
3. threat[20580]:PeerCast URI Parsing StackOverflow Vulnerability(CVE-2006-1148)
4. threat[41608]:Malicious program windows/jenki_c network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-20 16:32:17
名称: eoi.unify.allrulepatch.ips.5.6.10.18603.rule 版本:5.6.10.18603
MD5:8b4386512cb6800ea023fd49d593ba91 大小:22.53M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18603。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41613]:恶意程序windows/storm.a_a网络通信
2. 应用:APPS: 极路由SSL


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18603. This package include changed rules:

new rules:
1. threat[41613]:Malicious Program windows/storm.a_a Network Communications
2. app:


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-13 17:02:05
名称: eoi.unify.allrulepatch.ips.5.6.10.18583.rule 版本:5.6.10.18583
MD5:3c43d13e5d23cab611943f9ae01261a7 大小:22.67M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18583。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24236]:Asterisk 越界写漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18583. This package include changed rules:


update rules:
1. threat[24236]:Asterisk out-of-bounds write vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-10 16:07:38
名称: eoi.unify.allrulepatch.ips.5.6.10.18551.rule 版本:5.6.10.18551
MD5:3649ee15782a5a033c4d61818cea5f39 大小:22.67M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18551。该升级包新增/改进的规则有:


新增规则:
1. 攻击[41604]:恶意程序windows/Ramnit网络通信
2. 攻击[41605]:恶意程序windows/FlawedAmmyyRAT网络通信
3. 攻击[41606]:恶意程序windows/jenki_a网络通信
4. 攻击[41607]:恶意程序windows/jenki_b网络通信
5. 攻击[41608]:恶意程序windows/jenki_b网络通信
6. 攻击[24302]:可疑XML外部实体(XXE)注入攻击尝试
7. 应用:魔百盒
8. 应用:叮咚音箱

更新规则:
1. 攻击[20580]:PeerCast URI解析栈溢出漏洞(CVE-2006-1148)
2. 攻击[23426]:Allegro RomPager HTTP Cookie处理安全限制绕过漏洞(CVE-2014-9222)
3. 攻击[10428]:Apache ActiveMQ 未授权关闭拒绝服务攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18551. This package include changed rules:


new rules:
1. threat[41604]:Malicious program windows/Ramnit network communication
2. threat[41605]:Malicious program windows/FlawedAmmyyRAT network communication
3. threat[41606]:Malicious program windows/jenki_a network communication
4. threat[41607]:Malicious program windows/jenki_b network communication
5. threat[41608]:Malicious program windows/jenki_c network communication
6. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt
7. app:Mobaihe
8. app:DingDong Smart Speaker

update rules:
1. threat[20580]:PeerCast URI Parsing StackOverflow Vulnerability(CVE-2006-1148)
2. threat[23426]:Allegro Software RomPager 'Fortune Cookie' Unspecified HTTP Authentication Bypass (CVE-2014-9222)
3. threat[10428]:Apache ActiveMQ Unauthorized Shutdown Denial of Service


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-06 18:01:44
名称: eoi.unify.allrulepatch.ips.5.6.10.18500.rule 版本:5.6.10.18500
MD5:2dc55d14751b195455798280a2abe197 大小:22.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18500。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24300]:GPON Home Gateway 远程命令执行漏洞(CVE-2018-10561,CVE-2018-10562)
2. 攻击[24301]:BusyBox wget缓冲区溢出(CVE-2018-1000517)

更新规则:
1. 攻击[24299]:D-Link DSL-2750B任意命令执行漏洞
2. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)
3. 攻击[24236]:Asterisk 越界写漏洞
4. 攻击[10251]:Microsoft Windows ASP.NET拒绝服务攻击
5. 应用:DNS协议


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18500. This package include changed rules:

new rules:
1. threat[24300]:Remote command execution vulnerability of GPON Home Gateway (cve-2018-10561,cve-2018-10562)
2. threat[24301]:BusyBox Project BusyBox wget Buffer Overflow(CVE-2018-1000517)

update rules:
1. threat[24299]:D-Link DSL-2750B Arbitrary Command Execution Vulnerability
2. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)
3. threat[24236]:Asterisk out-of-bounds write vulnerability
4. threat[10251]:ASP.NET in Microsoft Windows Denial of Service
5. app:DNS Protocol


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-30 23:01:42
名称: eoi.unify.allrulepatch.ips.5.6.10.18479.rule 版本:5.6.10.18479
MD5:34496185ed375c18a5b2f6f4356945f4 大小:22.48M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18479。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24296]:Adobe Acrobat EMF EmfPlusDrawLines计数堆缓冲区溢出漏洞(CVE-2018-5067)
2. 攻击[24297]:Node.js nghttp2 nghttp2_frame_altsvc_free 空指针引用(CVE-2018-1000168)
3. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)

更新规则:
1. 攻击[24294]:Apache Solr XML 外部实体注入漏洞(CVE-2018-8010,CVE-2018-8026)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18479. This package include changed rules:

new rules:
1. threat[24296]:Adobe Acrobat EMF EmfPlusDrawLines Count Heap Buffer Overflow Vulnerability(CVE-2018-5067)
2. threat[24297]:Node.js Foundation Node.js nghttp2 nghttp2_frame_altsvc_free Null Pointer Dereference(CVE-2018-1000168)
3. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)

update rules:
1. threat[24294]:Apache Solr ConfigSets XML External Entity Expansion Information Disclosure(CVE-2018-8010,CVE-2018-8026)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-23 18:24:08
名称: eoi.unify.allrulepatch.ips.5.6.10.18434.rule 版本:5.6.10.18434
MD5:db17bfbe2dd386216aebefe97e914716 大小:22.66M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18434。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41601]:恶意程序Linux/Fbot.Linux.Agent.fy_a网络通信
2. 攻击[41603]:恶意程序windows/feifan_a网络通信
3. 攻击[41602]:恶意程序windows/hellbot_a网络通信
4. 攻击[24290]:phpMyAdmin index.php本地文件包含漏洞(CVE-2018-12613)
5. 攻击[24291]:Trend Micro Control Manager sCloudService GetPassword SQL注入(CVE-2018-3604)

更新规则:
1. 攻击[24003]:Microsoft Windows SMB Server信息泄露漏洞(CVE-2017-0147)
2. 攻击[24011]:IBM IMAP 邮件箱名字栈溢出漏洞(EMPHASISMINE)
3. 攻击[24165]:Microsoft Edge ProfiledLdElem 类型混淆


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18434. This package include changed rules:

new rules:
1. threat[41601]:Malicious Program Linux/Fbot.Linux.Agent.fy_a Network Communications
2. threat[41603]:Malicious Programs windows/feifan_a Network Communication
3. threat[41602]:Malicious Program windows/hellbot_a Network Communications
4. threat[24290]:phpMyAdmin index.php Local File Inclusion Vulnerability(CVE-2018-12613)
5. threat[24291]:Trend Micro Control Manager sCloudService GetPassword SQL Injection vulnerability(CVE-2018-3604)

update rules:
1. threat[24003]:Microsoft Windows SMB Server Information Disclosure Vulnerability(CVE-2017-0147)
2. threat[24011]:IBM Domino IMAP Mailbox Name Stack Buffer Overflow(EMPHASISMINE)
3. threat[24165]:Microsoft Edge ProfiledLdElem Type Confusion



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-16 22:44:38
名称: eoi.unify.allrulepatch.ips.5.6.10.18383.rule 版本:5.6.10.18383
MD5:6fdcbdedd72f4619e841fa103d05f4ea 大小:22.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18383。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24289]:Zoho ManageEngine ApplicationManager testCredential.do 命令注入(CVE-2018-7890)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18383. This package include changed rules:

new rules:
1. threat[24289]:Zoho ManageEngine ApplicationManager testCredential.do Command Injection(CVE-2018-7890)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-09 19:09:09
名称: eoi.unify.allrulepatch.ips.5.6.10.18344.rule 版本:5.6.10.18344
MD5:e3a8c3f7128e94b7bce51a483f9fb58a 大小:22.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18344。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41598]:恶意程序linux/daserf_a网络通信
2. 攻击[41597]:恶意程序linux/chinaz_c网络通信
3. 攻击[41599]:恶意程序windows/diamondfox_a 网络通信
4. 攻击[24287]:Modx Revolution远程代码执行漏洞(CVE-2018-1000207)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18344. This package include changed rules:

new rules:
1. threat[41598]:Malicious Programs linux/daserf_a Network Communication
2. threat[41597]:Malicious Programs linux/chinaz_c Network Communication
3. threat[41599]:Malicious Programs windows/diamondfox_a Network Communication
4. threat[24287]:Modx Revolution Remote Code Execution Vulnerability(CVE-2018-1000207)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-08-02 18:13:16
名称: eoi.unify.allrulepatch.ips.5.6.10.18317.rule 版本:5.6.10.18317
MD5:3a4b170d37688d31a69096754f0a48c3 大小:22.28M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18317。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10482]:Asterisk PJSIP Invalid fmtp Media 属性拒绝服务漏洞(CVE-2018-1000099)
2. 攻击[24284]:Cisco Prime Infrastructure和DCNM目录遍历漏洞(CVE-2018-0258)
3. 攻击[24285]:CMS Made Simple密码重置漏洞(CVE-2018-10081)
4. 攻击[24286]:WebLogic 任意文件上传远程代码执行漏洞(CVE-2018-2894)
5. 攻击[41596]:恶意程序linux/chinaz_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18317. This package include changed rules:

new rules:
1. threat[10482]:Asterisk PJSIP Invalid fmtp Media Attribute Denial Of Service Vulnerability(CVE-2018-1000099)
2. threat[24284]:Cisco Prime Infrastructure And DCNM Directory Traversal Vulnerability(CVE-2018-0258)
3. threat[24285]:CMS Made Simple Password Reset Vulnerability(CVE-2018-10081)
4. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894)
5. threat[41596]:Malicious Programs linux/chinaz_a Network Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-27 15:06:59
名称: eoi.unify.allrulepatch.ips.5.6.10.18230.rule 版本:5.6.10.18230
MD5:d9237bf4d84d1d4a685bea64f1f1a27d 大小:22.26M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18230。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24282]:Dell EMC VMAX Virtual Appliance Manager 认证绕过漏洞
2. 攻击[24283]:Oracle WebLogic Remote Diagnosis Assistant rda_tfa_ref_date 命令注入漏洞(CVE-2018-2615)

更新规则:
1. 攻击[41588]:PHP Webshell脚本上传


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18230. This package include changed rules:

new rules:
1. threat[24282]:Dell EMC VMAX Virtual Appliance Manager Authentication Bypass Vulnerability
2. threat[24283]:Oracle WebLogic Remote Diagnosis Assistant rda_tfa_ref_date Command Injection Vulnerability(CVE-2018-2615)

update rules:
1. threat[41588]:PHP Webshell Script Upload


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-19 18:12:01
名称: eoi.unify.allrulepatch.ips.5.6.10.18181.rule 版本:5.6.10.18181
MD5:e470d1e9b7d06ac7015d8da1be030529 大小:22.64M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18181。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24278]:NetGain Systems Enterprise Manager 反序列化任意代码执行漏洞
2. 攻击[24280]:Adobe Acrobat/Reader ImageConversion堆缓冲区溢出漏洞(CVE-2018-4982)
3. 攻击[24281]:Adobe Acrobat ImageConversion EmfPlusPath对象堆缓冲区溢出漏洞(CVE-2018-4978)

更新规则:
1. 攻击[24264]:NetGain Systems Enterprise Manager snmpwalk ip参数目录遍历漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18181. This package include changed rules:


new rules:
1. threat[24278]:NetGain Systems Enterprise Manager Deserialization Arbitrary Code Execution Vulnerability
2. threat[24280]:Adobe Acrobat/Reader ImageConversion Heap Buffer Overflow(CVE-2018-4982)
3. threat[24281]:Adobe Acrobat ImageConversion EmfPlusPath Object Heap Buffer Overflow(CVE-2018-4978)

update rules:
1. threat[24264]:NetGain Systems Enterprise Manager snmpwalk ip Directory Traversal Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-12 20:15:31
名称: eoi.unify.allrulepatch.ips.5.6.10.18149.rule 版本:5.6.10.18149
MD5:a8d124c329f56514d5817a13d9085a84 大小:22.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18149。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24277]:Foxit Reader BMP biWidth 堆溢出漏洞(CVE-2017-17557)

更新规则:
1. 攻击[24276]:Apache HTTP Server远程安全限制绕过漏洞(CVE-2018-15715)
2. 攻击[41588]:PHP Webshell脚本上传
3. 攻击[41579]:恶意程序windows/drive_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18149. This package include changed rules:

new rules:
1. threat[24277]:Foxit Reader BMP biWidth Heap-based Buffer Overflow Vulnerability(CVE-2017-17557)

update rules:
1. threat[24276]:Apache HTTP Server Remote Security Limit Bypass Vulnerability (CVE-2018-15715)
2. threat[41588]:PHP Webshell Script Upload
3. threat[41579]:Malware windows/drive_a Network Connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-07-05 18:21:00
名称: eoi.unify.allrulepatch.ips.5.6.10.18133.rule 版本:5.6.10.18133
MD5:64d5f04ea51395cf685a72e7cf4af9e9 大小:22.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18133。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30711]:思科路由器iou-web未授权访问

更新规则:
1. 攻击[23627]:Nano-10 PLC远程拒绝服务漏洞(CVE-2013-5741)
2. 攻击[67469]:Postgres登陆失败


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18133. This package include changed rules:

new rules:
1. threat[30711]:Cisco router iou-web is not authorized to access

update rules:
1. threat[23627]:Nano-10 PLC Remote Denial of Service Vulnerability(CVE-2013-5741)
2. threat[67469]:Postgres Login Error


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-28 17:25:14
名称: eoi.unify.allrulepatch.ips.5.6.10.18054.rule 版本:5.6.10.18054
MD5:3f52c732a972d3d2ef8c5e8d78b04df5 大小:22.62M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18054。该升级包新增/改进的规则有:

更新规则:
1. 攻击[24162]:Autodesk Design Review BMP biClrUsed缓冲区溢出漏洞
2. 攻击[23843]:Cisco ASA防火墙SNMP溢出漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18054. This package include changed rules:

update rules:
1. threat[24162]:Autodesk Design Review BMP biClrUsed Buffer Overflow Vulnerability
2. threat[23843]:Cisco ASA SNMP OID parsing stack buffer overflow Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-21 19:02:28
名称: eoi.unify.allrulepatch.ips.5.6.10.18051.rule 版本:5.6.10.18051
MD5:ae1aedb16794db7df5cd07fc1d5b781a 大小:22.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18051。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41588]:PHP Webshell脚本上传
2. 攻击[24275]:OMRON CX-One CX-FLnet Version 字段堆溢出漏洞

更新规则:
1. 攻击[24268]:Drupal远程代码执行漏洞(CVE-2018-7602)
2. 攻击[41562]:恶意程序windows/kasidet_v1.0网络通信
3. 攻击[41581]:恶意程序windows/drive_d网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18051. This package include changed rules:

new rules:
1. threat[41588]:PHP Webshell Script Upload
2. threat[24275]:OMRON CX-One CX-FLnet Version Heap-based Buffer Overflow Vulnerability

update rules:
1. threat[24268]:Drupal Remote Code Execution Vulnerability (CVE-2018-7602)
2. threat[41562]:Malware windows/kasidet_v1.0 Network Communication
3. threat[41581]:Malware windows/drive_d Network Connection


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-14 19:26:11
名称: eoi.unify.allrulepatch.ips.5.6.10.18026.rule 版本:5.6.10.18026
MD5:214d4c03084bf22a3ececf4798698135 大小:22.01M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18026。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24272]:Roundcube Webmail archive.php IMAP命令注入
2. 攻击[24273]:Adobe Acrobat ImageConversion EMF EMR STRETCHBLT越界读取漏洞
3. 攻击[24274]:Advantech WebAccess Node chkLogin2 SQL 注入漏洞

更新规则:
1. 攻击[41575]:恶意程序windows/solar_a网络通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18026. This package include changed rules:


new rules:
1. threat[24272]:Roundcube Webmail archive.php IMAP Command Injection
2. threat[24273]:Adobe Acrobat ImageConversion EMF EMR STRETCHBLT Out of Bounds Read Vulnerability
3. threat[24274]:Advantech WebAccess Node chkLogin2 SQL Injection Vulnerability

update rules:
1. threat[41575]:Malicious windows/solar_a network communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-07 18:03:43
名称: eoi.unify.allrulepatch.ips.5.6.10.17954.rule 版本:5.6.10.17954
MD5:03b0a8281f173e7b7464569e6efefc32 大小:21.89M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17954。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24266]:Joomla! Core SQL注入漏洞(CVE-2018-8045)
2. 攻击[24267]:Microsoft Internet Explorer脚本引擎内存破坏漏洞(CVE-2018-0935)
3. 攻击[24269]:Microsoft Windows Shell远程代码执行漏洞(CVE-2018-0883)
4. 攻击[41582]:恶意程序windows/umbraloader_b网络通信
5. 攻击[24270]:PHP phar 404页面跨站脚本漏洞(CVE-2018-5712)
6. 攻击[24271]:Microsoft Windows SNMP服务拒绝服务漏洞(CVE-2018-0967)

更新规则:
1. 攻击[41533]:Gafgyt僵尸网络通信
2. 攻击[62698]:ProFTPD后门未授权访问漏洞
3. 攻击[41562]:恶意程序windows/kasidet_v1.0网络通信
4. 应用:NFS


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17954. This package include changed rules:


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-06-01 09:33:28
名称: eoi.unify.allrulepatch.ips.5.6.10.17911.rule 版本:5.6.10.17911
MD5:b665831e209b0b196768b7fb60793da8 大小:21.87M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17911。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41573]:恶意程序windows/Jukbot_a网络通信
2. 攻击[41574]:恶意程序windows/madness_a网络通信
3. 攻击[24265]:HPE Moonshot Provisioning Manager 设备 khuploadfile cgi 目录遍历漏洞
4. 攻击[41575]:恶意程序windows/solar_a网络通信
5. 攻击[41576]:恶意程序linux/MrBlackDDos_a网络通信 + ++ +
6. 攻击[41577]:恶意程序linux/MrBlackDDos_b网络通信 +++++
7. 攻击[41578]:恶意程序Windows/dirtjumper.RussKill_a网络通信
8. 攻击[41579]:恶意程序windows/drive_a网络通信
9. 攻击[41580]:恶意程序windows/drive_c网络通信
10. 攻击[41581]:恶意程序windows/drive_d网络通信
11. 攻击[41563]:恶意程序windows/Lokibot网络通信
12. 攻击[24260]:Adobe Acrobat XPS Path元素越界写入漏洞


更新规则:
1. 攻击[41502]:魔鼬DDoS木马通信
2. 攻击[24163]:GoAhead httpd LD_PRELOAD 远程代码执行漏洞
3. 攻击[24250]:Drupal核心远程代码执行漏洞
4. 攻击[41495]:9527win僵尸网络肉鸡上线


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17911. This package include changed rules:

new rules:
1. threat[41573]:Malicious windows/Jukbot_a network communication
2. threat[41574]:Malicious windows/madness_a network communication
3. threat[24265]:HPE Moonshot Provisioning Manager Appliance khuploadfile cgi Directory Traversal Vulnerability
4. threat[41575]:Malicious windows/solar_a network communication
5. threat[41576]:Malicious linux/MrBlackDDos_a network communication
6. threat[41577]:Malicious linux/MrBlackDDos_b network communication
7. threat[41578]:Malware Windows/dirtjumper.RussKill_a Network Connection
8. threat[41579]:Malware windows/drive_a Network Connection
9. threat[41580]:Malware windows/drive_c Network Connection
10. threat[41581]:Malware windows/drive_d Network Connection
11. threat[41563]:Malware windows/Lokibot Network Communication
12. threat[24260]:Adobe Acrobat XPS Path Element Out of Bounds Write Vulnerability

update rules:
1. threat[41502]:DDoS Trojan.moyou Communication
2. threat[24163]:GoAhead httpd LD_PRELOAD Remote Code Execution Vulnerability
3. threat[24250]:Drupal Core Remote Code Execution Vulnerability
4. threat[41495]:Zombies of Botnet 9527win Connect to the Server


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-24 18:01:30
名称: eoi.unify.allrulepatch.ips.5.6.10.17838.rule 版本:5.6.10.17838
MD5:151a1f0165c2b18af208d42988edb505 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17838。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24259]:TBK DVR硬盘录像机认证绕过漏洞
2. 攻击[41556]:恶意软件 Aldi/windows_a 网络通信
3. 攻击[41556]:恶意程序umbraloader/win_a网络通信
4. 攻击[41560]:恶意程序windows/gyddos.nitol_c网络攻击
5. 攻击[41561]:恶意程序windows/IPKiller_a网络通信
6. 攻击[41562]:恶意程序windows/kasidet_v1.0_a网络通信
7. 攻击[41564]:恶意程序UUGangt.Reconyc/win_a网络通信
8. 攻击[41565]:恶意程序Windows/vertexnet_a网络通信
9. 攻击[41566]:恶意程序windows/vertexnet_b网络通信
10. 攻击[41567]:恶意程序windows/wmddos_a网络通信
11. 攻击[41568]:恶意程序Windows/wmddos_c网络通信
12. 攻击[24264]:NetGain Systems Enterprise Manager snmpwalk ip参数目录遍历漏洞
13. 攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17838. This package include changed rules:

new rules:
1. threat[24259]:TBK DVR Devices Authentication Bypass Vulnerability
2. threat[41556]:Malicious Programs Aldi/windows_a Network Communication
3. threat[41556]:Malware umbraloader/win_a Network Communication
4. threat[41560]:Malware windows/gyddos.nitol_c Network Attack
5. threat[41561]:Malware windows/IPKiller_a Network Communication
6. threat[41562]:Malware windows/kasidet_v1.0_a Network Communication
7. threat[41564]:Malware UUGangt.Reconyc/win_a network communication
8. threat[41565]:Malware Windows/vertexnet_a Network Communication
9. threat[41566]:Malware Windows/vertexnet_b network communication
10. threat[41567]:Malware windows/wmddos_a Network Connection
11. threat[41568]:Malware Windows/wmddos_c Network connection
12. threat[24264]:NetGain Systems Enterprise Manager snmpwalk ip Directory Traversal Vulnerability
13. threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-18 08:38:03
名称: eoi.unify.allrulepatch.ips.5.6.10.17704.rule 版本:5.6.10.17704
MD5:7c72b54d6ca78746650eb7a11722e974 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17704。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24256]:Spring Messaging 远程代码执行漏洞
2. 攻击[24257]:Spring Data Commons 远程代码执行漏洞
3. 攻击[24258]:Adobe Acrobat ImageConversion EMF EMR STRETCHDIBITS 堆缓冲区溢出漏洞


更新规则:
1. 攻击[24255]:Web服务远程命令执行攻击
2. 应用:百度音乐(原千千静听)
3. 应用:优酷土豆视频

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17704. This package include changed rules:

new rules:
1. threat[24256]:Spring Messaging Remote Code Execution Vulnerability
1. threat[24257]:Spring Data Commons Remote Code Execution Vulnerability
1. threat[24258]:Adobe Acrobat ImageConversion EMF EMR STRETCHDIBITS Heap-based Buffer Overflow Vulnerability


update rules:
1. threat[24255]:Web Service Remote Command Execution Attack
2. app:Baidu music(TTPlayer)
3. app:Youku Tudou Vedio


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-10 19:33:26
名称: eoi.unify.allrulepatch.ips.5.6.10.17680.rule 版本:5.6.10.17680
MD5:5da7b5d5309d7905ef04b8dfe97beb01 大小:21.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17680。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24254]:Advantech WebAccess SCADA certUpdate.asp 目录遍历漏洞
2. 攻击[24255]:Web服务远程命令执行攻击



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17680. This package include changed rules:

new rules:
1. threat[24254]:Advantech WebAccess SCADA certUpdate asp filename Directory Traversal Vulnerability
2. threat[24255]:Web Service Remote Command Execution Attack



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-05-03 18:18:03
名称: eoi.unify.allrulepatch.ips.5.6.10.17666.rule 版本:5.6.10.17666
MD5:9be46d354a224eca5eb06c07e6430631 大小:21.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17666。该升级包新增/改进的规则有:


更新规则:
1. 攻击[21460]:木马后门程序Backdoor.ASP.Ace ASP Web访问


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17666. This package include changed rules:


update rules:
1. threat[21460]:Backdoor/Trojan Backdoor.ASP.Ace ASP Web Access


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-26 18:39:21
名称: eoi.unify.allrulepatch.ips.5.6.10.17654.rule 版本:5.6.10.17654
MD5:a39635afa64e1028a0b189f1c8584b86 大小:21.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17654。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24248]:Oracle OSS Support Tools Diagnostic Assistant远程命令注入漏洞
2. 攻击[10481]:Squid HTTP Caching Proxy拒绝服务攻击漏洞(CVE-2018-1000027)
3. 攻击[24249]:Microsoft IE浏览器 JsErrorToString 堆溢出漏洞
4. 攻击[50546]:Allen Bradley Micrologix 1400 Series B Session泄露风险
5. 攻击[24250]:Drupal核心远程代码执行漏洞
6. 攻击[24251]:Adobe Acrobat ImageConversion EMF 文件整数溢出漏洞
7. 攻击[24253]:Adobe ColdFusion RMI Registry 反序列化漏洞

更新规则:
1. 攻击[41493]:lostlove僵尸网络肉鸡上线
2. 攻击[24133]:HPE Intelligent Management Center getSelInsBean表达式语言注入漏洞(CVE-2017-12490)
3. 攻击[24148]:HPE Intelligent Management Center saveSelectedDevices表达式语言注入漏洞(CVE-2017-12491)
4. 攻击[24247]:Allen Bradley Micrologix 1400系列 B Memory Module Store Program 文件写入漏洞
5. 攻击[41548]:Webshell后门伪装404错误页面


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17654. This package include changed rules:

new rules:
1. threat[24248]:Oracle OSS Support Tools Diagnostic Assistant Remote Code Injection Vulnerability
2. threat[10481]:Squid HTTP Caching Proxy Denial of Service Vulnerability(CVE-2018-1000027)
3. threat[24249]:Microsoft Internet Explorer JsErrorToString Heap Buffer Overflow Vulnerability
4. threat[50546]:Allen Bradley Micrologix 1400 Series B Session Revelation Risk
5. threat[24250]:Drupal Core Remote Code Execution Vulnerability
6. threat[24251]:Adobe Acrobat ImageConversion EMF Integer Overflow Vulnerability
7. threat[24253]:Adobe ColdFusion RMI Registry Insecure Deserialization Vulnerability

update rules:
1. threat[41493]:Zombies of Botnet lostlove Connect to the Server
2. threat[24133]:HPE Intelligent Management Center getSelInsBean Expression Language Injection Vulnerability(CVE-2017-12490)
3. threat[24148]:HPE Intelligent Management Center saveSelectedDevices Expression Language Injection Vulnerability(CVE-2017-12491)
4. threat[24247]:Allen Bradley Micrologix 1400 Series B Memory Module Store Program File Write Vulnerability
5. threat[41548]:Webshell Backdoor Pretended as 404 Page


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-19 17:51:08
名称: eoi.unify.allrulepatch.ips.5.6.10.17650.rule 版本:5.6.10.17650
MD5:a96cc058328c8e93133bcb5d27f5cd8e 大小:22.00M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17650。该升级包新增/改进的规则有:

更新规则:
1. 攻击[23614]:Oracle Weblogic Server Java反序列化漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17650. This package include changed rules:

update rules:
1. threat[23614]:Oracle Weblogic Server Java Unserialization Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-17 22:55:01
名称: eoi.unify.allrulepatch.ips.5.6.10.17608.rule 版本:5.6.10.17608
MD5:b42e997f26d0121a8cb91360430cd90c 大小:21.98M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17608。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24247]:Allen Bradley Micrologix 1400系列 B Memory Module Store Program 文件写入漏洞
2. 攻击[10480]:Allen Bradley Micrologix 1400 Series B Ethernet功能拒绝服务漏洞
3. 攻击[24245]:锐捷网关设备远程命令执行漏洞
4. 攻击[24244]:IBM Informix OpenAdmin Tool welcomeService.php 命令执行漏洞
5. 攻击[24246]:Cisco IOS and IOS XE Software Smart Install 远程代码执行漏洞

更新规则:
1. 攻击[41386]:TrickBot银行木马通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17608. This package include changed rules:

new rules:
1. threat[24247]:Allen Bradley Micrologix 1400 Series B Memory Module Store Program File Write Vulnerability
2. threat[10480]:Allen Bradley Micrologix 1400 Series B Ethernet Card Malformed Packet Denial of Service Vulnerability
3. threat[24245]:Ruijie Gateway Device Remote Command Execution Vulnerability
4. threat[24244]:IBM Informix OpenAdmin Tool welcomeService php Command Execution Vulnerability
5. threat[24246]:Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

update rules:
1. threat[41386]:TrickBot Banking Trojan Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-12 23:26:43
名称: eoi.unify.allrulepatch.ips.5.6.10.17567.rule 版本:5.6.10.17567
MD5:d90c099a9af14f7fe68bbdb350251775 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17567。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24241]:NetIQ Access Manager Identity Server目录遍历漏洞
2. 攻击[24242]:Microsoft Office远程内存栈溢出漏洞(CVE-2018-0802)
3. 攻击[24243]:Mozilla Firefox WebAssembly Table整数下溢漏洞
4. 攻击[41549]:PHP Webshell后门访问
5. 攻击[41550]:Ani-Shell PHP Webshell访问
6. 攻击[41548]:Webshell后门伪装404错误页面
7. 攻击[30710]:智能型管理中心不安全反序列化漏洞
8. 攻击[24239]:Dell EMC Storage Manager目录遍历漏洞(CVE-2017-14384)
9. 攻击[24240]:Flexense SyncBreeze Enterprise HTTP服务器缓冲区漏洞
10. 攻击[24235]:Microsoft SQL RDBMS 引擎 UNC 路径注入权限升级漏洞
11. 攻击[24238]:趋势科技邮件安全虚拟设备认证绕过漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17567. This package include changed rules:


add rules:
1. threat[24241]:NetIQ Access Manager Identity Server Directory Traversal Vulnerability
2. threat[24242]:Microsoft Office Remote Stack Overflow Vulnerability(CVE-2018-0802)
3. threat[24243]:Mozilla Firefox WebAssembly Table Integer Underflow Vulnerability
4. threat[41549]:PHP Webshell Backdoor Access
5. threat[41550]:Ani-Shell PHP Webshell Access
6. threat[41548]:Webshell Backdoor Pretended as 404 Page
7. threat[30710]:HPE Intelligent Management Center Insecure Deserialization Vulnerability
8. threat[24239]:Dell EMC Storage Manager Directory Traversal Vulnerability(CVE-2017-14384)
9. threat[24240]:Flexense SyncBreeze Enterprise ParseHttpHeader Stack Buffer Overflow
10. threat[24235]:Microsoft SQL RDBMS Engine UNC Path Injection Privilege Escalation Vulnerability
11. threat[24238]:Trend Micro InterScan Mail Security Virtual Appliance Authentication Bypass Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-04-05 21:57:50
名称: eoi.unify.allrulepatch.ips.5.6.10.17515.rule 版本:5.6.10.17515
MD5:0fa39fb4833954ac930b7b54092c4579 大小:21.95M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17515。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41542]:PHP木马文件phpspy2014上传
2. 攻击[24231]:EMC Data Protection Advisor应用服务认证绕过漏洞
3. 攻击[24232]:ElectronJs远程代码执行漏洞 (CVE-2018-1000006)
4. 攻击[24234]:VMware VNC VMWDynResolution堆缓冲区溢出漏洞
5. 攻击[41543]:木马后门程序ASP一句话木马
6. 攻击[24236]:Asterisk 越界写漏洞
7. 攻击[41544]:木马后门程序JSP一句话木马文件上传
8. 攻击[24237]:Jenkins 目录遍历漏洞
9. 攻击[24233]:D-Link Router service.cgi 任意代码执行漏洞

更新规则:
1. 攻击[41060]:木马后门程序PHP一句话木马


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17515. This package include changed rules:

new rules:
1. threat[41542]:PHP Trojan File phpspy2014 Uploading
2. threat[24231]:EMC Data Protection Advisor Application Service Authentication Bypass Vulnerability
3. threat[24232]:ElectronJs Remote Code Execution Vulnerability(CVE-2018-1000006)
4. threat[24234]:VMware VNC VMWDynResolution Heap Buffer Overflow Vulnerability
5. threat[41543]:Trojan/Backdoor General ASP trojan
6. threat[24236]:Asterisk out-of-bounds write vulnerability
7. threat[41544]:Trojan/Backdoor General JSP trojan Files Upload
8. threat[24237]:Jenkins directory traversal vulnerability
9. threat[24233]:D-Link Router service.cgi Arbitrary Code Execution Vulnerability

update rules:
1. threat[41060]:Trojan/Backdoor General PHP trojan


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-29 18:20:21
名称: eoi.unify.allrulepatch.ips.5.6.10.17482.rule 版本:5.6.10.17482
MD5:6c50264c3a0d57bb1e43c815d2649276 大小:21.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17482。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49018]:蠕虫病毒W32.Faedevour建立后门通信
2. 攻击[41535]:木马后门程序Zusy变种网络通信
3. 攻击[41536]:木马后门程序Forced Entry网络通信
4. 攻击[41537]:木马后门程序EvilFTP网络通信
5. 攻击[41538]:木马后门程序Millenium网络通信
6. 攻击[41539]:木马后门程序HVL-RAT网络通信
7. 攻击[41540]:木马后门程序Coma网络通信

更新规则:
1. 攻击[24228]:Citect Scada ODBC 缓冲区溢出漏洞
2. 攻击[24230]:Novell ZENworks Handheld Management IP Conduit Hardware Data Payload Size Buffer Overflow 缓冲区溢出漏洞
3. 攻击[40337]:木马后门程序Netspy木马通信
4. 攻击[40340]:木马后门程序GirlFriend木马连接建立
5. 攻击[40021]:木马后门程序Gatecrasher木马建立连接
6. 攻击[40173]:木马后门程序DonaldDick木马建立连接
7. 攻击[40486]:木马后门程序Bugs木马通信
8. 攻击[20424]:网络蠕虫Sasser(震荡波)FTP后门缓冲区溢出攻击


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17482. This package include changed rules:

new rules:
1. threat[49018]:Worm W32.Faedevour Backdoor Communication
2. threat[41535]:Trojan/Backdoor Zusy.Variant Network Communication
3. threat[41536]:Trojan/Backdoor Forced Entry Network Communication
4. threat[41537]:Trojan/Backdoor EvilFTP Network Communication
5. threat[41538]:Trojan/Backdoor Millenium Network Communication
6. threat[41539]:Trojan/Backdoor HVL-RAT Network Communication
7. threat[41540]:Trojan/Backdoor Coma Network Communication

update rules:
1. threat[24228]:Citect Scada ODBC Buffer Overflow
2. threat[24230]:Novell ZENworks Handheld Management IP Conduit Hardware Data Payload Size Buffer Overflow
3. threat[40337]:Backdoor/Trojan Netspy Trojan Communication
4. threat[40340]:Backdoor/Trojan GirlFriend Communication
5. threat[40021]:Backdoor/Trojan Gatecrasher Connection
6. threat[40173]:Backdoor/Trojan DonaldDick Connection
7. threat[40486]:Backdoor/Trojan Bugs Communication
8. threat[20424]:Network Worm Sasser FTP Backdoor Buffer Overflow


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-22 17:09:49
名称: eoi.unify.allrulepatch.ips.5.6.10.17419.rule 版本:5.6.10.17419
MD5:db9f2d6a27a38c58f1be5787aa9261cd 大小:21.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17419。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49018]:蠕虫病毒W32.Faedevour建立后门通信
2. 攻击[41535]:木马后门程序Zusy变种网络通信
3. 攻击[41337]:远程连接windows命令行



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17419. This package include changed rules:

new rules:
1. threat[49018]:Worm W32.Faedevour Backdoor Communication
2. threat[41535]:Trojan/Backdoor Zusy.Variant Network Communication
3. threat[41337]:Remote Connections to Windows cmd Command Line



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-15 16:33:13
名称: eoi.unify.allrulepatch.ips.5.6.10.17397.rule 版本:5.6.10.17397
MD5:616ae346cd9246382109d5479b15ebaa 大小:21.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17397。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24224]:CMS Made Simple 2.1.6 远程代码执行漏洞
2. 攻击[41533]:Gafgyt僵尸网络通信
3. 攻击[41534]:网页包含挖矿脚本代码



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17397. This package include changed rules:

new rules:
1. threat[24224]:CMS Made Simple 2.1.6 - Remote Code Execution Vulnerability
2. threat[41533]:Botnet Gafgyt Communication
3. threat[41534]:Web Page Contains Mining Script Code



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-08 16:53:26
名称: eoi.unify.allrulepatch.ips.5.6.10.17379.rule 版本:5.6.10.17379
MD5:598f7c83c8db66d4385eae928fd1c363 大小:21.93M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17379。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24223]:NetEx HyperIP 6.1.0 Post-Auth 远程命令执行
2. 攻击[24224]:CMS Made Simple 2.1.6 远程代码执行漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17379. This package include changed rules:

new rules:
1. threat[24223]:NetEx HyperIP Post-Auth Command Execution
2. threat[24224]:CMS Made Simple 2.1.6 - Remote Code Execution Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-03-01 18:54:22
名称: eoi.unify.allrulepatch.ips.5.6.10.17357.rule 版本:5.6.10.17357
MD5:d135156358df26997165eea363922e47 大小:21.94M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17357。该升级包新增/改进的规则有:


更新规则:
1. 攻击[24194]:Oracle Application Testing Suite组件UploadServlet filename字段目录遍历漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17357. This package include changed rules:


update rules:
1. threat[24194]:Oracle Application Testing Suite UploadServlet filename Directory Traversal


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-22 17:59:54
名称: eoi.unify.allrulepatch.ips.5.6.10.17353.rule 版本:5.6.10.17353
MD5:0a5f076f537e338cf43b825315fbddc2 大小:21.92M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17353。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24220]:PHPSPY v2006 Webshell访问
2. 攻击[24221]:PHPSPY v2008 Webshell访问
3. 攻击[24222]:PHPSPY v2013 Webshell访问
4. 攻击[24216]:WSO PHP Webshell访问



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17353. This package include changed rules:

new rules:
1. threat[24220]:PHPSPY v2006 Webshell Access
2. threat[24221]:PHPSPY v2008 Webshell Access
3. threat[24222]:PHPSPY v2013 Webshell Access
4. threat[24216]:WSO PHP Webshell Access



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-15 13:25:24
名称: eoi.unify.allrulepatch.ips.5.6.10.17341.rule 版本:5.6.10.17341
MD5:38a1b9b42acbed2252f15ec50986b2d7 大小:21.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17341。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24209]:施耐德派尔高Sarix Pro摄像头session.cgi程序缓冲区溢出漏洞
2. 攻击[24210]:施耐德派尔高Sarix enhanced摄像头命令执行漏洞
3. 攻击[30709]:施耐德派尔高Sarix Pro网络摄像头信息泄露漏洞
4. 攻击[24211]:施耐德派尔高Sarix Pro网络摄像头WEB管理界面登录认证绕过漏洞
5. 攻击[24213]:施耐德派尔高Sarix Pro网络摄像头web界面空帐号密码账号漏洞
6. 攻击[24217]:施耐德派尔高Sarix Pro网络摄像头import.cgi XML实体注入漏洞
7. 攻击[24218]:施耐德派尔高Sarix Pro网络摄像头set_param程序system.opkg.remove命令执行漏洞
8. 攻击[24219]:施耐德派尔高Sarix Pro网络摄像头set_param程序network.ieee8021x.delete_certs命令执行漏洞

更新规则:
1. 攻击[23896]:Memcached Append/Prepend操作整数溢出漏洞(CVE-2016-8704)
2. 攻击[23897]:Memcached Update整数溢出漏洞(CVE-2016-8705)
3. 攻击[23898]:Memcached SASL认证整数溢出漏洞(CVE-2016-8706)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17341. This package include changed rules:

new rules:
1. threat[24209]:Schneider Parr Sarix Pro camera session.cgi program buffer overflow vulnerability
2. threat[24210]:Schneider Parr Sarix enhanced Camera Command Execution Vulnerability
3. threat[30709]:Schneider Pelco Sarix Pro Webcam Information Disclosure Vulnerability
4. threat[24211]:Schneider Pelco Sarix Pro Webcam WEB Management Interface Login Certified Bypass Vulnerability
5. threat[24213]:Schneider Pelco Sarix Pro webcam's web management interface has an empty username and password account
6. threat[24217]:Schneider Pelco Sarix Pro Webcam import.cgi XML Entity Injection Vulnerability
7. threat[24218]:Schneider Pelco Sarix Pro webcam set_param program system.opkg.remove Command Execution Vulnerability
8. threat[24219]:Schneider Pelco Sarix Pro webcam set_param program network.ieee8021x.delete_certs Command Execution Vulnerability

update rules:
1. threat[23896]:Memcached Append/Prepend Operations Integer Overflow Vulnerability(CVE-2016-8704)
2. threat[23897]:Memcached Update Integer Overflow Vulnerability(CVE-2016-8705)
3. threat[23898]:Memcached SASL Authentication Integer Overflow Vulnerability(CVE-2016-8706)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-08 18:13:06
名称: eoi.unify.allrulepatch.ips.5.6.10.17305.rule 版本:5.6.10.17305
MD5:2149f0455d11ed3d662bb38b49e0dca5 大小:21.91M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17305。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24207]:Oracle WebLogic Server远程代码执行漏洞(CVE-2017-10271)
2. 攻击[24208]:HPE Intelligent Management Center 远程代码执行漏洞(CVE-2017-12521)

更新规则:
1. 攻击[49014]:门罗币挖矿程序网络通信
2. 攻击[49013]:比特币矿机尝试连接矿池服务器)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17305. This package include changed rules:


new rules:
1. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability(CVE-2017-10271)
2. threat[24208]:HPE Intelligent Management Center Remote Code Execution Vulnerability(CVE-2017-12521)

update rules:
1. threat[49014]:Monero XMR Mining Programs Communication
2. threat[49013]:Bitcoin Miners Attempt to Connect the Mining Pool


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-02-02 09:18:37
名称: eoi.unify.allrulepatch.ips.5.6.10.17276.rule 版本:5.6.10.17276
MD5:e6b0c55836e08700c9db0e4eec7e27f8 大小:21.89M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17276。该升级包新增/改进的规则有:

新增规则:
1. 攻击[49017]:恶意软件RubyMiner挖矿程序连接服务器
2. 攻击[10473]:Node.js zlib windowBits 拒绝服务漏洞(CVE-2017-14919)
3. 攻击[30706]:NetGain Systems Enterprise Manager type字段目录遍历漏洞(CVE-2017-16599)
4. 攻击[41531]:木马后门程序任我行远控网络通信
5. 攻击[24203]:ESF pfSense system_groupmanager.php命令注入漏洞
6. 攻击[24201]:NetGain Systems Enterprise Manager exec jsp 命令执行漏洞(CVE-2017-16602)
7. 攻击[41529]:木马后门程序熊宝宝远控网络通信

更新规则:
1. 攻击[23621]:Sielco Sistemi Winlog Lite 缓冲区溢出漏洞
2. 攻击[49014]:门罗币挖矿程序网络通信
3. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
4. 攻击[24118]:Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17276. This package include changed rules:

new rules:
1. threat[49017]:Malware RubyMiner Connect to Server
2. threat[10473]:Node.js zlib windowBits Denial of Service(CVE-2017-14919)
3. threat[30706]:NetGain Systems Enterprise Manager misc sample jsp type Directory_Traversal(CVE-2017-16599)
4. threat[41531]:Trojan/Backdoor RenWoXing Network Communication
5. threat[24203]:ESF pfSense system_groupmanager.php Command Injection Vulnerability
6. threat[24201]:NetGain Systems Enterprise Manager exec jsp Command Execution(CVE-2017-16602)
7. threat[41529]:Trojan/Backdoor XiongBaoBao Network Communication

update rules:
1. threat[23621]:Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
2. threat[49014]:Monero XMR Mining Programs Communication
3. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
4. threat[24118]:Apache HTTP Server Memory Corruption Vulnerability(CVE-2017-9788)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-01-25 16:21:00
名称: eoi.unify.allrulepatch.ips.5.6.10.17225.rule 版本:5.6.10.17225
MD5:c258d04b4e1dd4e7da665590a237e69f 大小:21.88M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17225。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24196]:Microsoft Edge类型混淆漏洞(CVE-2018-0775)
2. 攻击[24197]:Microsoft Edge Scripting Engine内存破坏漏洞(CVE-2018-0758)
3. 攻击[24198]:Microsoft Edge Scripting Engine内存破坏漏洞(CVE-2018-0776)
4. 攻击[24199]:Microsoft Edge Scripting Engine Remote内存破坏漏洞(CVE-2018-0773)
5. 攻击[24200]:Microsoft Internet Explorer/Edge脚本引擎远程内存破坏漏洞(CVE-2018-0762)
6. 攻击[10472]:SysGauge Server 3.6.18 拒绝服务漏洞(CVE-2017-15667)
7. 应用:赛风

更新规则:
1. 攻击[49002]:苹果XcodeGhost木马连接服务器
2. 攻击[49003]:Mirai僵尸连接服务器
3. 攻击[49004]:Blackmoon银行木马通信
4. 攻击[49005]:暗云木马通信
5. 攻击[49006]:海莲花(OceanLotus)特种木马连接服务器
6. 攻击[49007]:黑暗力量(Black Energy)木马通信
7. 攻击[49009]:可疑僵尸网络通信
8. 攻击[49010]:僵尸网络程序bluebot客户端连接服务器
9. 攻击[49011]:NetSarang XShell/Xmanager/Xftp nssock2.dll后门程序通信
10. 攻击[49012]:DownLoader:Win32/flexible恶意程序通信
11. 攻击[49013]:比特币矿机尝试连接矿池服务器
12. 攻击[49014]:门罗币挖矿程序网络通信
13. 攻击[49015]:Windows系统下威金蠕虫病毒解析恶意网站域名
14. 攻击[49016]:Windows系统下熊猫烧香蠕虫病毒解析恶意网站域名
15. 攻击[41525]:IoT蠕虫DarkCat传播
16. 攻击[49004]:Blackmoon银行木马通信
17. 攻击[49008]:Bill Gates僵尸网络通讯
18. 应用:微信传文件


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17225. This package include changed rules:


new rules:
1. threat[24196]:Microsoft Edge type confusion vulnerability(CVE-2018-0775)
2. threat[24197]:Microsoft Edge Scripting Engine Memory Corruption Vulnerability(CVE-2018-0758)
3. threat[24198]:Microsoft Edge Scripting Engine Memory Corruption Vulnerability(CVE-2018-0776)
4. threat[24199]:Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2018-0773)
5. threat[24200]:Microsoft Internet Explorer/Edge Script Engine Memory Corruption Vulnerability(CVE-2018-0762)
6. threat[10472]:SysGauge Server 3.6.18 Denial of Service vulnerability(CVE-2017-15667)
7. app:psiphon

update rules:
1. threat[49002]:Apple XcodeGhost Trojan Connecting Server
2. threat[49003]:Mirai Botnet Connecting to the Server
3. threat[49004]:Blackmoon Banking Trojan Communication
4. threat[49005]:Dark clouds Trojan Communication
5. threat[49006]:Special Trojan OceanLotus Connecting Server
6. threat[49007]:Trojan.BlackEnergy Communication
7. threat[49009]:Suspicious Botnet Communication
8. threat[49010]:Botnet bluebot Client Connecting to Server
9. threat[49011]:NetSarang XShell/Xmanager/Xftp nssock2.dll Backdoor Communication
10. threat[49012]:DownLoader:Win32/flexible Communication
11. threat[49013]:Bitcoin Miners Attempt to Connect the Mining Pool
12. threat[49014]:Monero XMR Mining Programs Communication
13. threat[49015]:Worm.Viking Parsing Malicious Website Domain Name on Windows System
14. threat[49016]:Nimaya Parsing Malicious Website Domain Name on Windows System
15. threat[41525]:IoT Worm DarkCat Spreading
16. threat[49004]:Blackmoon Banking Trojan Communication
17. threat[49008]:Bill Gates BotNet Communication
18. app:WeChat File Transfer


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-01-18 18:04:50
名称: eoi.unify.allrulepatch.ips.5.6.10.17150.rule 版本:5.6.10.17150
MD5:546a405e4b8beda7bd47f0d547dff6ac 大小:21.87M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17150。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10470]:Digium Asterisk chan_skinny SCCP 拒绝服务漏洞
2. 攻击[24192]:Apache CouchDB _config命令执行漏洞(CVE-2017-12636)
3. 攻击[24193]:HPE Intelligent Management Center PLAT flexFileUpload 任意文件上传漏洞(CVE-2017-8961)
4. 攻击[24194]:Oracle Application Testing Suite组件UploadServlet filename字段目录遍历漏洞
5. 攻击[41525]:IoT蠕虫DarkCat传播
6. 攻击[24195]:浏览器CPU Spectre 漏洞(CVE-2017-5753 and CVE-2017-5715)

更新规则:
1. 攻击[41181]:Suspicious Webshell 文件上传后门



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17150. This package include changed rules:

new rules:
1. threat[10470]:Digium Asterisk chan_skinny SCCP packet Denial of Service
2. threat[24192]:Apache CouchDB _config Command Execution Vulnerability(CVE-2017-12636)
3. threat[24193]:HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload Vulnerability(CVE-2017-8961)
4. threat[24194]:Oracle Application Testing Suite UploadServlet filename Directory Traversal
5. threat[41525]:IoT Worm DarkCat Spreading
6. threat[24195]:Browser CPU Spectre vulnerability(CVE-2017-5753 and CVE-2017-5715)

update rules:
1. threat[41181]:Suspicious Webshell File Upload Backdoor



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-01-11 13:45:31
名称: eoi.unify.allrulepatch.ips.5.6.10.17122.rule 版本:5.6.10.17122
MD5:a597636088345154fc2299c4f032af87 大小:21.87M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17122。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24181]:PHP zend_hash_destroy Uninitialized Pointer代码执行漏洞(CVE-2017-5340)
2. 攻击[24183]:HPE Intelligent Management Center dbman FileTrans任意文件写入漏洞
3. 攻击[24182]:HPE Intelligent Management Center dbman RestartDB 命令注入漏洞
4. 攻击[24184]:HPE Intelligent Management Center CommonUtils ZIP 目录穿越漏洞
5. 攻击[24185]:HPE智能管理中心accessMgrServlet不安全的反序列化漏洞
6. 攻击[24186]:华为HG532路由器远程命令执行漏洞(CVE-2017-17215)
7. 攻击[24187]:vBulletin routestring Unauthenticated远程代码执行漏洞
8. 攻击[24189]:Realtek rtl81xx SDK远程代码执行漏洞(CVE-2014-8361)

更新规则:
1. 攻击[24154]:Intel Active Management Technology远程权限提升漏洞
2. 攻击[23992]:IIS 6.0远程代码执行漏洞(CVE-2017-7269)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17122. This package include changed rules:

new rules:
1. threat[24181]:PHP zend_hash_destroy Uninitialized Pointer Code Execution Vulnerability(CVE-2017-5340)
2. threat[24183]:HPE Intelligent Management Center dbman FileTrans Arbitrary File Write Vulnerability
3. threat[24182]:HPE Intelligent Management Center dbman RestartDB Command Injection
4. threat[24184]:HPE Intelligent Management Center CommonUtils ZIP Directory Traversal
5. threat[24185]:HPE Intelligent Management Center accessMgrServlet Insecure Deserialization
6. threat[24186]:HUAWEI HG532 Routers Remote Command Execution Vulnerability(CVE-2017-17215)
7. threat[24187]:vBulletin routestring Unauthenticated Remote Code Execution Vulnerability
8. threat[24189]:Realtek rtl81xx SDK Remote Code Execution Vulnerability(CVE-2014-8361)

update rules:
1. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability
2. threat[23992]:IIS 6.0Remote Code Execution Vulnerability(CVE-2017-7269)

发布时间:2018-01-04 16:48:43
名称: eoi.unify.allrulepatch.ips.5.6.10.17082.rule 版本:5.6.10.17082
MD5:1d621647e6e726958002149406489312 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17082。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24172]:HPE Intelligent Management Center RMI Registry Insecure反序列化漏洞(CVE-2017-5792)
2. 攻击[24165]:Microsoft Edge ProfiledLdElem 类型混淆
3. 攻击[24167]:Microsoft Edge Frame 元素同源策略绕过
4. 攻击[30705]:Dell SonicWALL GMS-Analyzer license.jsp信息泄露漏洞
5. 攻击[24168]:HPE Intelligent Management Center栈缓冲区溢出漏洞(CVE-2017-5805)
6. 攻击[24173]:Magento 2.0.6反序列化远程代码执行漏洞(CVE-2016-4010)
7. 攻击[24171]:Trend Micro Mobile Security Enterprise eas 代理同步客户端 slink id SQL注入

更新规则:
1. 攻击[23967]:Microsoft Internet Explorer远程内存破坏漏洞(CVE-2016-7287)(MS16-144)
2. 攻击[24160]:Microsoft Internet Explorer and Edge Blocksite htm 欺骗
3. 攻击[24097]:Trend Micro IWSVA LogSettingHandler doPostMountDevice 命令注入漏洞
4. 攻击[41523]:门罗币挖矿程序网络通信
5. 攻击[23915]:Cisco Adaptive Security Appliance SNMP远程代码执行漏洞(CVE-2016-6366)
6. 应用:ipsec-esp-udp


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17082. This package include changed rules:

new rules:
1. threat[24172]:HPE Intelligent Management Center RMI Registry Insecure Deserialization Vulnerability(CVE-2017-5792)
2. threat[24165]:Microsoft Edge ProfiledLdElem Type Confusion
3. threat[24167]:Microsoft Edge Frame Elements Same Origin Policy Bypass
4. threat[30705]:Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure Vulnerability
5. threat[24168]:HPE Intelligent Management Center Stack Buffer Overflow Vulnerability(CVE-2017-5805)
6. threat[24173]:Magento 2.0.6 Unserialize Remote Code Execution Vulnerability(CVE-2016-4010)
7. threat[24171]:Trend Micro Mobile Security Enterprise eas agent sync client info slink id SQL Injection

update rules:
1. threat[23967]:Microsoft Internet Explorer Remote Memory Corruption Vulnerability(CVE-2016-7287)(MS16-144)
2. threat[24160]:Microsoft Internet Explorer and Edge Blocksite htm Spoofing
3. threat[24097]:Trend Micro IWSVA LogSettingHandler doPostMountDevice Command Injection Vulnerability
4. threat[41523]:Monero XMR Mining Programs Communication
5. threat[23915]:Cisco Adaptive Security Appliance SNMP Code Execution(CVE-2016-6366)
6. app:ipsec-esp-udp

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-28 15:57:29
名称: eoi.unify.allrulepatch.ips.5.6.10.17063.rule 版本:5.6.10.17063
MD5:44009b0bf4ed41a2cd8a9707dd44632e 大小:21.86M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.17063。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24174]:WebLogic WLS 组件远程命令执行漏洞
2. 攻击[41523]:门罗币挖矿程序网络通信

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.17063. This package include changed rules:

new rules:
1. threat[24174]:WebLogic WLS Component Remote Command Execution Vulnerability
2. threat[41523]:Monero XMR Mining Programs Communication

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-22 20:36:06
名称: eoi.unify.allrulepatch.ips.5.6.10.16995.rule 版本:5.6.10.16995
MD5:e8b7079dd3b6e1fafe5011662819856a 大小:21.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16995。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24157]:Diasoft File Replication Pro ExecCommand命令执行漏洞
2. 攻击[24158]:op5 Monitor command_test.php命令注入漏洞
3. 攻击[24159]:Samba NDR Parsing ndr_pull_dnsp_name整数溢出漏洞
4. 攻击[24161]:Microsoft Internet Explorer CVE-2017-0008 信息泄露漏洞
5. 攻击[24162]:Autodesk Design Review BMP biClrUsed缓冲区溢出漏洞

更新规则:
1. 攻击[30657]:远程控制工具VNC软件连接
2. 攻击[23966]:Microsoft Edge远程内存破坏漏洞(CVE-2016-7288)(MS16-145)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16995. This package include changed rules:


new rules:
1. threat[24157]:Diasoft File Replication Pro ExecCommand Command Execution Vulnerability
2. threat[24158]:op5 Monitor command_test.php Command Injection Vulnerability
3. threat[24159]:Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow Vulnerability
4. threat[24161]:Microsoft Internet Explorer CVE-2017-0008 Information Disclosure
5. threat[24162]:Autodesk Design Review BMP biClrUsed Buffer Overflow Vulnerability

update rules:
1. threat[30657]:Remote Control Tool VNC Software Connection
2. threat[23966]:Microsoft Edge Remote Memory Corruption Vulnerability(CVE-2016-7288)(MS16-145)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-21 18:03:56
名称: eoi.unify.allrulepatch.ips.5.6.10.16993.rule 版本:5.6.10.16993
MD5:a5f93afac1b34cff92e55d9386c10328 大小:21.84M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16993。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24163]:GoAhead httpd LD_PRELOAD 远程代码执行漏洞


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16993. This package include changed rules:

new rules:
1. threat[24163]:GoAhead httpd LD_PRELOAD Remote Code Execution Vulnerability


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-19 20:18:01
名称: eoi.unify.allrulepatch.ips.5.6.10.16964.rule 版本:5.6.10.16964
MD5:cabf916547fb063dd28ac40d4321f52f 大小:21.83M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16964。该升级包新增/改进的规则有:

新增规则:
1. 攻击[41523]:门罗币挖矿程序网络通信
2. 攻击[24156]:Microsoft MSXML 信息泄露(CVE-2017-0022)
3. 攻击[24150]:IPFire ids cgi OINKCODE Parameter命令注入漏洞(CVE-2017-9757)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16964. This package include changed rules:

new rules:
1. threat[41523]:Monero XMR Mining Programs Communication
2. threat[24156]:Microsoft MSXML Information Disclosure(CVE-2017-0022)
3. threat[24150]:IPFire ids cgi OINKCODE Parameter Command Injection Vulnerability(CVE-2017-9757)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-14 17:23:36
名称: eoi.unify.allrulepatch.ips.5.6.10.16934.rule 版本:5.6.10.16934
MD5:3671b43a51ed0a65fa48924017bd3edc 大小:24.65M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16934。该升级包新增/改进的规则有:

新增规则:
1. 攻击[10458]:Apache Struts2 REST插件拒绝服务漏洞(CVE-2017-9793)
2. 攻击[24149]:IBM Informix Dynamic Server index.php testconn堆缓冲区溢出漏洞(CVE-2017-1092)
3. 攻击[30704]:HPE Network Automation FileServlet 信息泄露漏洞
4. 攻击[24148]:HPE Intelligent Management Center saveSelectedDevices表达式语言注入漏洞(CVE-2017-12491)

更新规则:
1. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635)
2. 攻击[23210]:SSH 服务暴力猜测用户口令


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16934. This package include changed rules:

new rules:
1. threat[10458]:Apache Struts 2 REST Plugin XStream Denial of Service(CVE-2017-9793)
2. threat[24149]:IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow Vulnerability(CVE-2017-1092)
3. threat[30704]:HPE Network Automation FileServlet Information Disclosure Vulnerability
4. threat[24148]:HPE Intelligent Management Center saveSelectedDevices Expression Language Injection Vulnerability(CVE-2017-12491)

update rules:
1. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635)
2. threat[23210]:SSH Service User Password Brute Forcce


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-07 17:33:57
名称: eoi.unify.allrulepatch.ips.5.6.10.16910.rule 版本:5.6.10.16910
MD5:6ec4fd1b6a55f03211ceefa41eef6cfe 大小:24.02M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16910。该升级包新增/改进的规则有:


新增规则:
1. 攻击[24140]:趋势科技企业设备 SafeSync SQL注入漏洞
2. 攻击[24142]:趋势 IWSVA 命令注入漏洞
3. 攻击[24143]:AlienVault USM and OSSIM fqdn get_fqdn命令注入漏洞
4. 攻击[24141]:Apache CouchDB权限提升漏洞(CVE-2017-12635)
5. 攻击[24144]:趋势 IWSVA命令注入漏洞
6. 攻击[24145]:趋势控制管理器lang参数任意文件包含漏洞
7. 攻击[24146]:JbossAS反序列化远程命令执行漏洞(CVE-2017-12149)

更新规则:
1. 攻击[24138]:VIPA Controls WinPLC7 recv Stack-based缓冲区溢出漏洞(CVE-2017-5177)
2. 攻击[24133]:HPE Intelligent Management Center getSelInsBean表达式语言注入漏洞(CVE-2017-12490)
3. 应用:腾讯资源
4. 应用:新浪微博
5. 应用:百度音乐(原千千静听)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16910. This package include changed rules:


new rules:
1. threat[24140]:Trend Micro SafeSync for Enterprise deviceTool pm get device info SQL Injection
2. threat[24142]:Trend Micro IWSVA DomainList TestingADKerberos Command Injection
3. threat[24143]:AlienVault USM and OSSIM fqdn get_fqdn Command Injection Vulnerability
4. threat[24141]:Apache CouchDB Privilege Escalation Vulnerability(CVE-2017-12635)
5. threat[24144]:Trend_Micro_IWSVA_DeploymentWizardAction_GetClusterInfo_Command_Injection
6. threat[24145]:Trend Micro Control Manager lang Parameter Arbitrary File Inclusion
7. threat[24146]:JbossAS Serialized Object Remote Code Execution Vulnerability(CVE-2017-12149)

update rules:
1. threat[24138]:VIPA Controls WinPLC7 recv Stack-based Buffer Overflow Vulnerability(CVE-2017-5177)
2. threat[24133]:HPE Intelligent Management Center getSelInsBean Expression Language Injection Vulnerability(CVE-2017-12490)
3. app:Tencent resources
4. app:Sina Micro-blog
5. app:Baidu music(TTPlayer)

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-12-01 10:19:24
名称: eoi.unify.allrulepatch.ips.5.6.10.16875.rule 版本:5.6.10.16875
MD5:8c95c715862650c9caa3f0bed75ba837 大小:24.63M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16875。该升级包新增/改进的规则有:

新增规则:
1. 攻击[30702]:趋势微控制管理器XML外部实体处理错误
2. 攻击[30703]:趋势SafeSync 命令注入
3. 攻击[24128]:趋势微控制管理器 SQL注入漏洞
4. 攻击[24130]:赛门铁克消息网关命令注入漏洞
5. 攻击[24129]:Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11249)
6. 攻击[24131]:HPE Intelligent Management Center dbman缓冲区溢出漏洞(CVE-2017-8956)
7. 攻击[24132]:Splunk企业服务器web告警模块服务端端请求伪造
8. 攻击[24134]:Red Hat JBoss BPM Suite BRMS 跨站脚本漏洞
9. 攻击[24135]:HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string堆溢出漏洞(CVE-2017-5789)
10. 攻击[24136]:Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-3036)
11. 攻击[24137]:Adobe Acrobat/Reader内存破坏漏洞(CVE-2017-11227)
12. 攻击[24117]:Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Stack-based缓冲区溢出远程代码执行漏洞(CVE-2017-9638)
13. 攻击[24139]:Microsoft Edge Chakra arguments 参数一个字节溢出

更新规则:
1. 攻击[41489]:后门程序Doublepulsar通信


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16875. This package include changed rules:

new rules:
1. threat[30702]:Trend_Micro_Control_Manager_XML_External_Entity_Processing
2. threat[30703]:Trend_Micro_SafeSync_for_Enterprise_storage_pm_discovery_iscsi_device_Command_Injection
3. threat[24128]:Trend Micro Control Manager SQL Injection
4. threat[24130]:Symantec_Messaging_Gateway_performRestore_Command_Injection
5. threat[24129]:Adobe Acrobat/Reader Memory Corruption Vulnerability(CVE-2017-11249)
6. threat[24131]:HPE Intelligent Management Center dbman Stack Buffer Overflow Vulnerability(CVE-2017-8956)
7. threat[24132]:Splunk Enterprise alerts alerts id Server-Side Request Forgery
8. threat[24134]:Red_Hat_JBoss_BPM_Suite_BRMS_Tasks_List_Cross-Site_Scripting
9. threat[24135]:HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow Vulnerability(CVE-2017-5789)
10. threat[24136]:Adobe Acrobat/Reader Memory Corruption Vulnerability(CVE-2017-3036)
11. threat[24137]:Adobe Acrobat/Reader Memory Corruption Vulnerability(CVE-2017-11227)
12. threat[24117]:Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow
13. threat[24139]:Microsoft Edge Chakra arguments Off By One

update rules:
1. threat[41489]:Backdoor Doublepulsar Communication


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-23 18:02:57
名称: eoi.unify.allrulepatch.ips.5.6.10.16817.rule 版本:5.6.10.16817
MD5:50e378d3167e65019052f8262c33411b 大小:24.61M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16817。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24121]:EFS Software Easy File Sharing Web Server sendemail.ghp缓冲区溢出漏洞
2. 攻击[24122]:Flexense DiskPulse Enterprise Server ParseHttpHeader缓冲区溢出漏洞



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16817. This package include changed rules:

new rules:
1. threat[24121]:EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow Vulnerability
2. threat[24122]:Flexense DiskPulse Enterprise Server ParseHttpHeader Stack Buffer Overflow Vulnerability



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-16 18:51:02
名称: eoi.unify.allrulepatch.ips.5.6.10.16806.rule 版本:5.6.10.16806
MD5:b4b7f56630c1eb139640c56455daaf11 大小:24.60M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16806。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24119]:FasterXML Jackson-databind反序列化代码执行漏洞(CVE-2017-15095)


注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16806. This package include changed rules:

new rules:
1. threat[24119]:FasterXML Jackson-databind Deserialization Remote Code Execution Vulnerability(CVE-2017-15095)


Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2017-11-09 16:39:20
名称: eoi.unify.allrulepatch.ips.5.6.10.16786.rule 版本:5.6.10.16786
MD5:0bfc9d6c60974dcf7d7bcd16c8bd4658 大小:24.56M
描述:

本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.16786。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24116]:Microsoft Office远程代码执行漏洞(CVE-2017-8570)
2. 攻击[50545]:比特币矿机尝试连接矿池服务器
3. 攻击[24117]:Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Stack-based缓冲区溢出远程代码执行漏洞(CVE-2017-9638)
4. 攻击[24118]:Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)

更新规则:
1. 攻击[24109]:Apache Solr/Lucene信息泄露及远程代码执行漏洞(CVE-2017-12629)




注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.16786. This package include