IPS Signature Release Note V9.16April 2016 Page 1 of 15 SOPHOS IPS Signature Update Release Notes Version: 9.16.17

April 2016 Page 1 of 15

SOPHOS IPS Signature Update Release Notes Version: 9.16.17 Release Date : 08th August 2019

IPS Signature Update

August 2019 Page 2 of 15

Release Information

Upgrade Applicable on

IPS Signature Release Version 9.16.17

Sophos Appliance Models

CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F

CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG-XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650

Upgrade Information

Upgrade type: Automatic

Compatibility Annotations: None

Introduction

The Release Note document for IPS Signature Database Version 9.16.17 includes support for the new

signatures. The following sections describe the release in detail.

New IPS Signatures

The Sophos Intrusion Prevention System shields the network from known attacks by matching the

network traffic against the signatures in the IPS Signature Database. These signatures are developed to

significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected] along with the application details.



This IPS Release includes Ninety Eight(98) signatures to address Eighty Eight(88) vulnerabilities.

New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt

CVE-2009-3075

Browsers 2

BROWSER-IE Microsoft Edge defineGetter type confusion attempt

CVE-2017-11914

Browsers 2

BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt

CVE-2017-8734

Browsers 2

BROWSER-IE Microsoft Edge white-space information disclosure attempt

CVE-2016-3247

Browsers 2

BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt

CVE-2014-6332

Browsers 2

BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt

CVE-2013-0092

Browsers 2

BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt

CVE-2015-2448

Browsers 2



BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt

CVE-2016-0063

Browsers 2

BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt

CVE-2016-7201

Browsers 2

BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt

CVE-2015-1667

Browsers 2

BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt

CVE-2013-3124

Browsers 2

BROWSER-IE Microsoft Internet Explorer CSVGHelpers use-after-free attempt

CVE-2016-0111

Browsers 2

BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt

CVE-2014-2782

Browsers 2

BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt

CVE-2015-1747

Browsers 2

BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt

CVE-2015-1705

Browsers 2



BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt

CVE-2015-2487

Browsers 2

BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt

CVE-2004-1050

Browsers 2

BROWSER-IE Microsoft Internet Explorer malformed object type overflow attempt

CVE-2003-0344

Browsers 2

BROWSER-IE Microsoft Internet Explorer MutationObserver use after free attempt

CVE-2015-2425

Browsers 2

BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt

CVE-2010-0491

Browsers 2

BROWSER-IE Microsoft Internet Explorer out of bounds read attempt

CVE-2016-7283

Browsers 2

BROWSER-IE Microsoft Internet Explorer request for mapi32x.dll over SMB attempt

CVE-2016-0020

Browsers 2

BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt

CVE-2006-1245

Browsers 2



BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt

CVE-2017-0059

Browsers 2

BROWSER-IE Microsoft Internet Explorer type confusion attempt

CVE-2014-0271

Browsers 2

BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt

CVE-2016-7205

Browsers 2

BROWSER-IE Microsoft Windows Edge memory corruption attempt

CVE-2017-8731

Browsers 2

FILE-IDENTIFY Lotus file attachment detected

NA Application and

Software 4

FILE-IDENTIFY Microsoft Windows WMF file magic detected

NA Application and

Software 4

FILE-IDENTIFY OpenType Font file download request

NA Application and

Software 4

OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt

CVE-2018-8584

Operating System and Services

2

OS-WINDOWS NETBIOS SMB repeated logon failure

NA Operating System

and Services 3

PROTOCOL-POP libcurl MD5 digest buffer overflow attempt

CVE-2013-0249


1



PROTOCOL-TELNET login buffer overflow attempt

CVE-2001-0797


4

SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt

NA Apache HTTP

Server 1

SERVER-APACHE Apache Struts remote code execution attempt

CVE-2017-5638

Apache HTTP Server

1

SERVER-IIS cmd.exe access

NA Microsoft IIS web

server 1

SERVER-MAIL AUTH LOGON Brute Force Attempt

NA Other Mail

Server 3

SERVER-MAIL Multiple IMAP servers CREATE Command Buffer Overflow Attempt

CVE-2005-1520

Other Mail Server

1

SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow

CVE-2007-6435

Other Mail Server

1

SERVER-ORACLE Oracle WebLogic Server Remote Command Execution Attempt

CVE-2017-10271

Database Management

System 1

SERVER-OTHER Active Directory Invalid OID Denial-Of-Service Attempt

CVE-2009-1139

Other Web Server

3

SERVER-OTHER BGP Spoofed Connection

CVE-2004-

Other Web Server

3



Reset Attempt 0230

SERVER-OTHER Flexense Syncbreeze buffer overflow attempt

CVE-2018-5262

Other Web Server

1

SERVER-OTHER Iron Mountain Connected Backup Opcode 13 Processing Command Injection attempt

CVE-2011-2397

Other Web Server

1

SERVER-OTHER Multiple Vendors Host Buffer Overflow Attempt

CVE-2003-0178

Other Web Server

1

SERVER-OTHER Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow Attempt

CVE-2009-1252

Other Web Server

1

SERVER-OTHER Novell iPrint Server Remote Code Execution Attempt

CVE-2010-4328

Other Web Server

1

SERVER-OTHER NTPD Zero Origin Timestamp Denial-Of-Service Attempt

CVE-2016-9042

Other Web Server

2

SERVER-OTHER ntp Monlist Denial-Of-Service attempt

CVE-2013-5211

Other Web Server

3

SERVER-OTHER OpenSSL OCSP Status Request Extension Denial-Of-Service Attempt

CVE-2016-6304

Other Web Server

3

SERVER-OTHER OpenSSL SSLv3 Warning

CVE-2016-

Other Web Server

2



Denial-Of-Service Attempt

8610

SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt

CVE-2014-3567

Other Web Server

2

SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt

CVE-2014-3567

Other Web Server

3

SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER Oracle Weblogic unsafe deserialization remote code execution attempt detected

CVE-2018-2628

Other Web Server

1

SERVER-OTHER SAP SQL Anywhere .NET Malformed Integer Buffer Overflow Attempt

CVE-2014-9264

Other Web Server

1

SERVER-OTHER Squid Proxy Range Header Denial-Of-Service Attempt

CVE-2014-3609

Other Web Server

1



SERVER-OTHER Squid snmphandleUDP Off-By-One Buffer Overflow Attempt

CVE-2014-6270

Other Web Server

1

SERVER-OTHER TLSv1.0 Plaintext Recovery Attempt

CVE-2013-0169

Other Web Server

1

SERVER-OTHER TLSv1.2 Plaintext Recovery Attempt

CVE-2013-0169

Other Web Server

3

SERVER-OTHER TLSv1.2 POODLE CBC Padding Brute Force Attempt

CVE-2014-8730

Other Web Server

2

SERVER-WEBAPP Airlive IP Camera directory traversal attempt

CVE-2013-3541

Web Services and Applications

3

SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt

CVE-2012-3811


1

SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt

CVE-2009-2765


1

SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC Method Command Injection Attempt

CVE-2018-9866


1

SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection

NA Web Services and

Applications 1



attempt

SERVER-WEBAPP Drupal RESTWS restws_page_callback Command Injection Attempt

NA Web Services and

Applications 1

SERVER-WEBAPP Eaton VURemote denial of service attempt

NA Web Services and

Applications 1

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

CVE-2018-10562


1

SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt

CVE-2010-1552


1

SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt

CVE-2011-0276


1

SERVER-WEBAPP HTTP request with negative Content-Length attempt

CVE-2004-0095


1

SERVER-WEBAPP iPlanet Search directory traversal attempt

CVE-2002-1042


3

SERVER-WEBAPP Linksys E-Series apply.cgi Cross Site Scripting Attempt

NA Web Services and

Applications 1



SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl Function Buffer Overflow Attempt

CVE-2017-7269


1

SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt

CVE-2018-7034


1

SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt

NA Web Services and

Applications 1

SERVER-WEBAPP Novell Groupwise Messenger Parameter Memory Corruption Attempt

NA Web Services and

Applications 3

SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt

CVE-2016-1605


3

SERVER-WEBAPP PHP htmlspecialchars htmlentities Function Buffer Overflow Attempt

NA Web Services and

Applications 2

SERVER-WEBAPP SkyBlueCanvas CMS contact page command injection attempt

CVE-2014-1683


2

SERVER-WEBAPP Subversion HTTP Excessive REPORT Requests Denial-Of-

CVE-2015-0202


3



Service attempt

SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt

CVE-2015-5956


2

SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt

CVE-2014-8361


1

SERVER-WEBAPP WordPress login denial of service attempt

NA Web Services and

Applications 2

SERVER-WEBAPP WordPress XMLRPC Potential Port-Scan Attempt

CVE-2013-0235


3



• Name: Name of the Signature

• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

• Category: Class type according to threat

• Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical



Important Notice

Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved.

All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters

Sophos Technologies Pvt. Ltd.

Reg. Office: Sophos House, Saigulshan Complex,

Beside White House, Panchvati Cross Road,

Ahmedabad – 380006, INDIA

Phone: +91-79-66216666

Fax: +91-79-26407640

Web site: www.sophos.com

http://www.cyberoam.com/

Documents

IPS Signature Release Note V9.16April 2016 Page 1 of 15 SOPHOS IPS Signature Update Release Notes Version: 9.16.17