Release notes for update package 1408-5242

Rolling DFA upgrades

Starting from dynamic update 1393, the handling of situations appearing in multiple contexts is improved. To avoid the same traffic data to be matched against multiple DFA's, all DFA's are being modified. When large number of DFAs change at the same time, the temporary memory requirement during a policy installation or refresh increases. To avoid not enough available memory on low end NGFW appliances these changes on DFA's are implemented gradually over the course of 10 dynamic update packages. With low end NGFW appliances, especially N110 and N115, it is recommended to upgrade to NGFW version 6.8.2 or higher to better address new policy when there is not enough memory for both old and new policy. A large number of DFAs might change at the same time if there is a large gap between activating dynamic update packages and the subsequent policy refresh.

See knowledge base article 18570.

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Monday November 29, 2021
MD5 CHECKSUM:    e7aea8b854e5bd1b217b6031e5676137
SHA1 CHECKSUM:    40fc4d36582f7970732c90181e6cf9ef7144ccb1
SHA256 CHECKSUM:    0a0b27a28604de53f388d769e1730e16c095d6ce19677914e43f16f4ed574454

UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.5.1.10631
- Forcepoint NGFW:    6.3.1.19034

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Adobe Systems RoboHelp Server detected     CVE-2021-42727     Adobe-RoboHelp-Server-Filename-Directory-Traversal
High     An attempt to exploit a vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) detected     CVE-2021-22238     Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in Google Chrome detected     CVE-2021-30563     Google-Chrome-Type-Confusion-CVE-2021-30563
High     An attempt to exploit a vulnerability in SonicWall SMA100 detected     CVE-2019-7481     SonicWall-SMA100-SQL-Injection
High     An attempt to exploit a vulnerability in ResourceSpace detected     CVE-2021-41951     Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in SolarWinds Patch Manager detected     CVE-2021-35216     Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization
High     An attempt to exploit a vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) detected     CVE-2021-22238     Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in ResourceSpace detected     CVE-2021-41950     Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion
High     NetWire RAT infection traffic was detected     No CVE/CAN NetWire-RAT-Infection-Traffic
High     A self-signed certificate with default values was detected     No CVE/CAN Self-Signed-Certificate-With-Default-Values

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Adobe-RoboHelp-Server-Filename-Directory-Traversal CVE-2021-42727 HTTP_CS-Adobe-RoboHelp-Server-Filename-Directory-Traversal Suspected Compromise
High Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting CVE-2021-22238 HTTP_CS-Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting Suspected Compromise

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High NetWire-RAT-Infection-Traffic No CVE/CAN Generic_CS-NetWire-RAT-Infection-Traffic Suspected Botnet

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High SonicWall-SMA100-SQL-Injection CVE-2019-7481 HTTP_CRL-SonicWall-SMA100-SQL-Injection Suspected Compromise
High Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting CVE-2021-41951 HTTP_CRL-Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting Suspected Compromise
High Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization CVE-2021-35216 HTTP_CRL-Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization Suspected Compromise
High Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting CVE-2021-22238 HTTP_CRL-Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting Suspected Compromise
High Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion CVE-2021-41950 HTTP_CRL-Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion Suspected Compromise

TLS Server Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Self-Signed-Certificate-With-Default-Values No CVE/CAN TLS_SS-Self-Signed-Certificate-With-Default-Values Suspected Botnet

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Google-Chrome-Type-Confusion-CVE-2021-30563 CVE-2021-30563 File-Text_Google-Chrome-Type-Confusion-CVE-2021-30563 Suspected Compromise

Updated detected attacks:

UDP Packet Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low Squid-Proxy-HTCP-Packet-Processing-Denial-Of-Service CVE-2010-0639 Generic_UDP-Squid-Proxy-HTCP-Packet-Processing-Denial-Of-Service Potential Denial of Service
Fingerprint regexp changed

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Novell-iManager-Getmultipartparameters-Unauthorized-File-Upload No CVE/CAN HTTP_CS-Novell-iManager-Servlet-Modulemanager-Upload-Vulnerability Suspected Compromise
Fingerprint regexp changed
High HTTP-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass CVE-2009-3548 HTTP_CS-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass Potential Compromise
Fingerprint regexp changed
High EMC-Cmcne-Fileuploadcontroller-Information-Disclosure CVE-2014-2276 HTTP_CS-EMC-Cmcne-Fileuploadcontroller-Information-Disclosure Suspected Compromise
Fingerprint regexp changed
High Visual-Mining-Netcharts-Server-Admin-Console-Arbitrary-File-Upload CVE-2014-8516 HTTP_CS-Visual-Mining-Netcharts-Server-Admin-Console-Arbitrary-File-Upload Suspected Compromise
Fingerprint regexp changed
High Microsoft-IIS-IDA-Path-Disclosure CVE-2000-0071 HTTP_CS-Microsoft-IIS-IDA-Path-Disclosure Suspected Disclosure
Detection mechanism updated
High Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Movefile-Vulnerability CVE-2015-2605 HTTP_CS-Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Movefile-Vulnerability Suspected Compromise
Fingerprint regexp changed
High Ruby-On-Rails-Devise-Password-Reset CVE-2013-0233 HTTP_CS-Ruby-On-Rails-Devise-Password-Reset Suspected Compromise
Fingerprint regexp changed
High Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload CVE-2019-7816 HTTP_CS-Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload Suspected Compromise
Fingerprint regexp changed
High Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload-Second CVE-2019-7838 HTTP_CS-Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload-Second Suspected Compromise
Fingerprint regexp changed
High HTTP-TikiWiki-Jhot.php-Script-File-Upload-Security-Bypass CVE-2006-4602 HTTP_CS-TikiWiki-Jhot.php-Script-File-Upload-Security-Bypass Potential Compromise
Fingerprint regexp changed

DNS UDP Client Message

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High ISC-Bind-Tsig-Validation-Denial-Of-Service CVE-2020-8617 DNS-UDP_ISC-Bind-Tsig-Validation-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High ISC-BIND-Truncated-Tsig-Record CVE-2020-8622 DNS-UDP_ISC-Bind-Tsig-Truncation-Denial-Of-Service-1 Suspected Compromise
Detection mechanism updated

DNS UDP Server Message

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low Isc-Bind-Recursive-Resolver-Resource-Consumption-Denial-Of-Service CVE-2014-8500 DNS-UDP_Isc-Authoritative-Resource-Record Protocol Information
Fingerprint regexp changed
High ISC-Bind-Apl_42.c-Insist-Assertion-Failure-Denial-Of-Service CVE-2015-8704 DNS-UDP_ISC-Bind-Apl_42.c-Insist-Assertion-Failure-Denial-Of-Service Suspected Compromise
Detection mechanism updated
High ISC-Bind-DNS-Cookie-Assertion-Failure-Denial-Of-Service CVE-2016-2088 DNS-UDP_ISC-Bind-DNS-Cookie-Assertion-Failure-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

HTTPS Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Squid-SSL-Bump-Denial-Of-Service No CVE/CAN HTTPS_CS-Squid-SSL-Bump-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

HTTPS Server Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Squid-Proxy-SSL-Bump-Certificate-Validation-Bypass CVE-2015-3455 HTTPS_SS-TLS-Certificate-Common-Name-Null-Byte-Input-Validation-Error Suspected Compromise
Fingerprint regexp changed
High OpenSSL-Invalid-SRP-Parameters-G-And-B-Buffer-Overflow CVE-2014-3512 HTTPS_SS-OpenSSL-Invalid-SRP-Parameters-G-And-B-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Mozilla-Network-Security-Services-RSA-Signature-Forgery CVE-2014-1568 HTTPS_SS-Mozilla-Network-Security-Services-RSA-Signature-Forgery Suspected Compromise
Fingerprint regexp changed
Critical Weak-Diffie-Hellman-Parameters CVE-2015-4000 HTTPS_SS-Short-Diffie-Hellman-Prime Potential Disclosure
Fingerprint regexp changed
High OpenSSL-X509_cmp_Time-Denial-Of-Service CVE-2015-1789 HTTPS_SS-OpenSSL-X509_cmp_Time-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High Kaspersky-Internet-Security-HTTPS-Inspection-Insecure-Certificate-Validation No CVE/CAN HTTPS_SS-Kaspersky-Internet-Security-HTTPS-Inspection-Insecure-Certificate-Validation Suspected Compromise
Fingerprint regexp changed
High Mozilla-NSS-Tls-Regexp-Buffer-Overflow CVE-2009-2404 HTTPS_SS-Mozilla-NSS-Tls-Regexp-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High OpenSSL-Large-Dh-Parameter-Denial-Of-Service CVE-2018-0732 HTTPS_SS-OpenSSL-Large-Dh-Parameter-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Symantec-Alert-Management-System-Modem-String-Stack-Buffer-Overflow CVE-2010-0110 Generic_CS-Symantec-Alert-Management-System-Modem-String-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Symantec-Alert-Management-System-Pin-Number-Stack-Buffer-Overflow CVE-2010-0110 Generic_CS-Symantec-Alert-Management-System-Pin-Number-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High SAP-Netweaver-Diagtracehex-Denial-Of-Service CVE-2012-2612 Generic_CS-SAP-Netweaver-Diagtracehex-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
Low FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service CVE-2006-0900 Generic_FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service-2 Potential Denial of Service
Fingerprint regexp changed
High SAP-Sybase-Event-Stream-Processor-Parse-Connection-Unsafe-Pointer-Dereference CVE-2014-3457 Generic_CS-SAP-Sybase-Event-Stream-Processor-Esp_Parse-Connection-Unsafe-Pointer-Dereference Suspected Compromise
Fingerprint regexp changed
High IBM-Tivoli-Storage-Manager-Fastback-Mount-Vault-Stack-Buffer-Overflow CVE-2015-1896 Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Vault-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Critical Oracle-WebLogic-Server-RCE-Vulnerability-CVE-2019-2725 CVE-2019-2725 Generic_CS-Oracle-WebLogic-Server-Remoteobject-Insecure-Deserialization Compromise
Fingerprint regexp changed
High Oracle-GoldenGate-Manager-Command-Stack-Buffer-Overflow CVE-2018-2913 Generic_CS-Oracle-GoldenGate-Manager-Command-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-CVE-2019-2890-Insecure-Deserialization CVE-2019-2890 Generic_CS-Oracle-WebLogic-CVE-2019-2890-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-CVE-2020-2798-Insecure-Deserialization CVE-2020-2798 Generic_CS-Oracle-WebLogic-CVE-2020-2798-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-CVE-2020-14625-Insecure-Deserialization CVE-2020-14625 Generic_TCP-Oracle-WebLogic-CVE-2020-14625-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-Server-CVE-2020-14825 CVE-2020-14825 Generic_TCP-Oracle-WebLogic-CVE-2020-14825-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
Low HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access CVE-2006-4511 Generic_Novell-Groupwise-Messenger-HTTP-POST-Request-Memory-Access-Violation Potential Denial of Service
Fingerprint regexp changed
High IBM-Informix-Dynamic-Server-Long-Username-Buffer-Overflow CVE-2006-3853 Generic_CS-IBM-Informix-Dynamic-Server-Long-Username-Buffer-Overflow Potential Compromise
Fingerprint regexp changed

TCP Server Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Cerulean-Studios-Trillian-Oscar-Tag-Handling-Heap-Buffer-Overflow CVE-2008-5403 IM-TCP_SS-Cerulean-Studios-Trillian-Oscar-Tag-Handling-Heap-Buffer-Overflow Potential Compromise
Fingerprint regexp changed

HTTP Request URI

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High IBM-Lotus-Domino-Web-Server-URL-Accessing-Denial-of-Service CVE-2007-0067 HTTP_CSU-IBM-Lotus-Domino-Web-Server-URL-Accessing-Denial-of-Service Suspected Compromise
Fingerprint regexp changed
High Citrix-Application-Delivery-Controller-And-Gateway-Information-Disclosure CVE-2020-8195 HTTP_CSU-Citrix-Application-Delivery-Controller-And-Gateway-Information-Disclosure Suspected Compromise
Description has changed
High Bazar-Loader-Backdoor-Malware-Infection-Traffic No CVE/CAN HTTP_CSU-Bazar-Backdoor-Malware-Infection-Traffic Suspected Botnet
Fingerprint regexp changed
Low HTTP-IBM-Lotus-Domino-Web-Service-Denial-Of-Service CVE-2005-0986 HTTP_CSU-IBM-Lotus-Domino-Web-Service-Denial-Of-Service Potential Denial of Service
Fingerprint regexp changed

HTTP Request Header Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Novell-Remote-Manager-Off-By-One-Denial-Of-Service No CVE/CAN HTTP_CSH-Novell-Remote-Manager-Off-By-One-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High Squid-Proxy-Cache-Cachemgr.cgi-Resource-Exhaustion CVE-2012-5643 HTTP_CSH-Squid-Proxy-Cache-Cachemgr.cgi-Resource-Exhaustion Suspected Compromise
Fingerprint regexp changed
High Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow CVE-2012-5976 HTTP_CSH-Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow Suspected Compromise
Fingerprint regexp changed
High HTTP-ColdFusion-Admin-Password-DoS CVE-2000-0538 HTTP_CSH-ColdFusion-Admin-Password-DoS Denial of Service
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-6.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-5.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-4.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-3.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Netscape-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Opera-Browser-Usage Browsers
Fingerprint regexp changed
High HTTP-Trend-Micro-Control-Manager-Chunked-Encoding-Buffer-Overflow CVE-2005-1929 HTTP_CSH-Trend-Micro-Control-Manager-Chunked-Encoding-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Opera-Mini-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-2.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
High HTTP-Apache-Host-Header-Default-Error-Page-XSS CVE-2002-0840 HTTP_CSH-Script-In-Host-Header Attack Related Anomalies
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-7.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-9.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unknown-Browser Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Safari-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low IP-Address-As-HTTP-Host No CVE/CAN HTTP_CSH-IP-Address-As-HTTP-Host Protocol Information
Fingerprint regexp changed
High HTTP-Apache-Portable-Runtime-Apr-Psprintf-Long-String-Vulnerability CVE-2003-0245 HTTP_CSH-Oversized-Host-Header-Field Attack Related Anomalies
Fingerprint regexp changed
Low HTTP-Oracle-Bea-WebLogic-Transfer-Encoding-BOF CVE-2008-4008 HTTP_CSH-Transfer-Encoding-Invalid Protocol Violations
Fingerprint regexp changed
High Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion CVE-2013-2686 HTTP_CSH-Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion Suspected Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-8.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-10.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-11.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service CVE-2014-0098 HTTP_CSH-Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service Possibly Unwanted Content
Fingerprint regexp changed
High Apache-Struts-Cookieinterceptor-Classloader-Security-Bypass CVE-2014-0113 HTTP_CHS-Apache-Struts-Cookieinterceptor-Classloader-Security-Bypass Suspected Compromise
Fingerprint regexp changed
Low Valve-Steam-Usage No CVE/CAN HTTP_CSH-Valve-Steam-Usage Online Gaming Protocols
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-8.1 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-8 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7.8 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7.5 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-iPad Browser Platforms
Fingerprint regexp changed
High Free-Download-Manager-Remote-Control-Authorization-Header-Buffer-Overflow CVE-2009-0183 HTTP_CSH-Excessively-Long-Basic-Authorization-Header Potential Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-iPhone Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.1-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.0-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.4-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.3-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.2-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.1-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.0-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-3-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Unidentified-Android-Version-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Unidentified-Android-Version-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-2-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-1-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.1-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.0-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.4-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.3-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.2-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.1-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.0-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-3-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-2-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-1-Mobile Browser Platforms
Fingerprint regexp changed
High PhpFileManager-Cmd-Parameter-Command-Execution No CVE/CAN HTTP_CSH-PhpFileManager-Cmd-Parameter-Command-Execution Suspected Compromise
Fingerprint regexp changed
Critical Schneider-Electric-Modicon-M340-Buffer-Overflow-Vulnerability CVE-2015-7937 HTTP_CSH-Schneider-Electric-Modicon-M340-Buffer-Overflow-Vulnerability Suspected Compromise
Fingerprint regexp changed
High Apache-Subversion-Mod_Dav_SVN-Integer-Overflow CVE-2015-5343 HTTP_CSH-Apache-Subversion-Mod_Dav_SVN-Integer-Overflow Suspected Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-8.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-10.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-11.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-9.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
High Apache-Activemq-Fileserver-Move-Directory-Traversal CVE-2016-3088 HTTP_CSH-Apache-Activemq-Fileserver-Move-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High ABB-Pb610-Panel-Builder-600-Idal-HTTP-Host-Stack-Buffer-Overflow CVE-2019-7232 HTTP_CRH-ABB-Pb610-Panel-Builder-600-Idal-HTTP-Host-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Edge-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Samsung-Browser-Usage Browsers
Fingerprint regexp changed
High Cobalt-Strike-C2-HTTP-Traffic No CVE/CAN HTTP_CSH-Cobalt-Strike-C2-HTTP-Traffic Suspected Botnet
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Up-To-Date-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Obsolete-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unidentified-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Up-To-Date-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Obsolete-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unidentified-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Up-To-Date-Edge-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Obsolete-Edge-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unidentified-Edge-Browser-Usage Browsers
Fingerprint regexp changed

HTTP Reply Header Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Adobe-Acrobat-File-Extension-Buffer-Overflow CVE-2004-0632 HTTP_SHS-Adobe-Acrobat-File-Extension-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Internet-Explorer-File-Name-Spoofing No CVE/CAN HTTP_SHS-Internet-Explorer-File-Name-Spoofing Potential Compromise
Fingerprint regexp changed
High Apple-QuickTime-Plugin-Content-Type-Buffer-Overflow CVE-2012-3753 HTTP_SHS-Apple-QuickTime-Plugin-Content-Type-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

HTTP Status Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service CVE-2019-5097 HTTP_SLS-Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

CCSO TCP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High CCSO-Mercury-Mail-Transport-System-Long-Command-BOF CVE-2005-4411 CCSO_Mercury-Mail-Transport-System-Long-Command-BOF Potential Compromise
Fingerprint regexp changed

LDAP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High OpenLDAP-Slapd-SASL-Slap_Parse_User-Assertion-Failure CVE-2020-36222 LDAP_CS-OpenLDAP-Slapd-SASL-Slap_Parse_User-Assertion-Failure Suspected Compromise
Fingerprint regexp changed
High IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow CVE-2015-0117 LDAP_CS-IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

MSRPC Client Payload Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High MSRPC-Workstation-Service-Buffer-Overflow-MS06-070 CVE-2006-4691 MSRPC-TCP_CPS-Microsoft-Windows-Workstation-Service-BOF-MS06-070-2 Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Webvrpcs-Service-Strncpy-Buffer-Overflow CVE-2016-0856 MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Strncpy-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Webvrpcs-Service-Function-0x013c80-Buffer-Overflow CVE-2016-0856 MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Function-0x013c80-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Webvrpcs-Service-Function-0x013c71-Buffer-Overflow CVE-2016-0856 MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Function-0x013c71-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Scada-Bwpslinkzip-Stack-Based-Buffer-Overflow CVE-2018-7499 MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpslinkzip-Stack-Based-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Scada-Notify2-Stack-Based-Buffer-Overflow CVE-2018-7499 MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Notify2-Stack-Based-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Scada-Bwnodeip-Stack-Based-Buffer-Overflow CVE-2018-14816 MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwnodeip-Stack-Based-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High HP-OpenView-NNM-ovutil.dll-Stringtoseconds-Buffer-Overflow CVE-2011-0262 HTTP_CRL-HP-OpenView-NNM-ovutil.dll-Stringtoseconds-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Low HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access CVE-2006-4511 HTTP_CRL-Novell-Groupwise-Messenger-HTTP-POST-Request-Memory-Access-Violation Potential Denial of Service
Fingerprint regexp changed
High Wordpress-W3-Total-Cache-PHP-Code-Execution CVE-2013-2010 HTTP_CRL-Wordpress-W3-Total-Cache-PHP-Code-Execution Suspected Compromise
Name: HTTP_CS-Wordpress-W3-Total-Cache-PHP-Code-Execution->HTTP_CRL-Wordpress-W3-Total-Cache-PHP-Code-Execution
Category tag group TCP Correlation Dependency Group removed
Context has changed from HTTP Client Stream to HTTP Normalized Request-Line
High Oracle-WebLogic-Server-CVE-2020-14882 CVE-2020-14882 HTTP_CRL-Oracle-WebLogic-Server-CVE-2020-14882 Suspected Compromise
Description has changed
High HP-OpenView-Network-Node-Manager-ovet_demandpoll.exe-Format-String CVE-2010-1550 HTTP_CRL-HP-OpenView-Network-Node-Manager-ovet_demandpoll.exe-Format-String Suspected Compromise
Fingerprint regexp changed
Critical HP-OpenView-Network-Node-Manager-Invalid-Option-Buffer-Overflow CVE-2010-1960 HTTP_CRL-HP-OpenView-Network-Node-Manager-Invalid-Option-Buffer-Overflow Compromise
Fingerprint regexp changed
High HP-OpenView-Network-Node-Manager-Jovgraph-Argument-Buffer-Overflow CVE-2010-1964 HTTP_CRL-HP-OpenView-Network-Node-Manager-Jovgraph-Argument-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High HP-OpenView-Network-Node-Manager-Nnmrptconfig-Schdparams-And-Nameparams-BOF CVE-2011-0267 HTTP_CRL-HP-OpenView-Nnmrptconfig-Network-Node-Manager-Schd-And-Nameparams-BOF-2 Potential Compromise
Fingerprint regexp changed
High HTTP-Possible-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Script-In-Get-Request Potential Compromise
Fingerprint regexp changed
Low HTTP-Possible-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Possible-Script-In-Get-Request Possibly Unwanted Content
Fingerprint regexp changed
High Novell-ZENworks-Configuration-Management-DirectoryViewer-Information-Disclosure CVE-2015-0785 HTTP_CRL-Novell-ZENworks-Configuration-Management-DirectoryViewer-Information-Disclosure Suspected Compromise
Fingerprint regexp changed
High PhpFileManager-Cmd-Parameter-Command-Execution No CVE/CAN HTTP_CRL-PhpFileManager-Cmd-Parameter-Command-Execution Suspected Compromise
Fingerprint regexp changed
High Novell-ZENworks-Mobile-Management-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Novell-ZENworks-Mobile-Management-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed
Critical Oracle-Application-Testing-Suite-Downloadservlet-File-Directory-Traversal CVE-2016-0482 HTTP_CRL-Oracle-Application-Testing-Suite-Downloadservlet-File-Directory-Traversal Compromise
Fingerprint regexp changed
High Oracle-ATS-Downloadservlet-Exportfilename-Directory-Traversal CVE-2016-0486 HTTP_CRL-Oracle-ATS-Downloadservlet-Exportfilename-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Oracle-ATS-Downloadservlet-Tmapreportimage-Directory-Traversal CVE-2016-0480 HTTP_CRL-Oracle-ATS-Downloadservlet-Tmapreportimage-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Dashboard-Openwidget-Directory-Traversal CVE-2016-0855 HTTP_CRL-Advantech-WebAccess-Dashboard-Openwidget-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Unraid-Auth-Bypass-PHP-RCE CVE-2020-5847 HTTP_CRL-Unraid-Auth-Bypass-PHP-RCE Suspected Compromise
Description has changed
High Jenkins-Active-Choices-Plugin-Stored-Cross-Site-Scripting CVE-2021-21616 HTTP_CRL-Jenkins-Active-Choices-Plugin-Stored-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed

TLS Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low Encrypted_Server_Name_Indicator No CVE/CAN TLS_CS-Encrypted_Server_Name_Indicator System Inspections
Fingerprint regexp changed

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Asus-Net4Switch-Ipswcom.dll-ActiveX-Control-Stack-Buffer-Overflow No CVE/CAN File-Text_Asus-Net4Switch-Ipswcom.dll-ActiveX-Control-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High GhostDNS No CVE/CAN File-Text_DNSChanger-Injected-Iframe Suspected Compromise
Fingerprint regexp changed
High JavaScript-Obfuscation No CVE/CAN File-Text_JS-Obfuscator-Obfuscated-JavaScript-Detected Potential Compromise
Fingerprint regexp changed
High Apple-Safari-Webkit-Floating-Point-Buffer-Overflow CVE-2009-2195 File-Text_Apple-Safari-Webkit-Floating-Point-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt CVE-2011-2217 File-Text_Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt Suspected Compromise
Fingerprint regexp changed
High Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution CVE-2011-0926 File-Text_Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution Potential Compromise
Fingerprint regexp changed
High Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption CVE-2010-1881 File-Text_Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
Critical Ie-Object-Type-Property-BOF CVE-2003-0344 File-Text_Microsoft-Internet-Explorer-Object-Tag-Slash-Buffer-Overflow Compromise
Fingerprint regexp changed
Critical Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow CVE-2008-0015 File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow Compromise
Fingerprint regexp changed
Low Embedded-Object-In-HTML No CVE/CAN File-Text_Embedded-ActiveX-Object-In-HTML Protocol Information
Fingerprint regexp changed
High Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow CVE-2008-3364 File-Text_Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-Com-Object-System-Compromise CVE-2005-2087 File-Text_Internet-Explorer-Com-Object-System-Compromise Potential Compromise
Fingerprint regexp changed
Critical HTTP_Microsoft-Visual-Foxpro-Vfp6r.dll-Docmd-ActiveX-Control-Command-Execution CVE-2008-0236 File-Text_Microsoft-Visual-Foxpro-Vfp6r-Docmd-ActiveX-Control-Command-Execution Compromise
Fingerprint regexp changed
High Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037 CVE-2008-0015 File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037 Suspected Compromise
Fingerprint regexp changed
Critical Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution CVE-2007-5660 File-Text_Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution Compromise
Fingerprint regexp changed
High HTTP-Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption CVE-2006-4495 File-Text_Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation-Memory-Corruption CVE-2007-0218 File-Text_Microsoft-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation Potential Compromise
Fingerprint regexp changed
High JavaScript-Obfuscation No CVE/CAN File-Text_JavaScript-Xor-One-Time-Pad-Obfuscation-Method Suspected Compromise
Fingerprint regexp changed
High Konqueror-Same-Origin-Policy-Bypass CVE-2002-1151 File-Text_Same-Origin-Policy-Bypass Potential Compromise
Fingerprint regexp changed
High HTTP-McAfee-Subscription-Manager-ActiveX-Buffer-Overflow CVE-2006-3961 File-Text_McAfee-Subscription-Manager-ActiveX-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
Critical HTTP-Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Code-Execution CVE-2006-4704 File-Text_Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Control-Usage Compromise
Fingerprint regexp changed
High HTTP_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption CVE-2007-0219 File-Text_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption CVE-2007-3041 File-Text_Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability CVE-2006-4193 File-Text_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability Potential Compromise
Fingerprint regexp changed
High HTTP-Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption CVE-2008-1086 File-Text_Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption CVE-2006-1303 File-Text_Internet-Explorer-Com-Object-Instantiation-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability CVE-2007-0940 File-Text_Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability Potential Compromise
Fingerprint regexp changed
High HTTP_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption CVE-2006-4697 File-Text_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Axis-Camera-Control-ActiveX-Control-SetBMP-Buffer-Overflow CVE-2007-2239 File-Text_Axis-Communications-Camera-Control-ActiveX-Object Potential Compromise
Fingerprint regexp changed
High HTTP-Microsoft-Ie-ActiveX-Object-IObjectsafety-Implementation-Code-Execution CVE-2007-2216 File-Text_Microsoft-Ie-ActiveX-IObjectsafety-Implementation-Code-Execution Potential Compromise
Fingerprint regexp changed
High SAPGUI-AddTab-Method-ActiveX-Control-Buffer-Overflow CVE-2008-4827 File-Text_SAP-GUI-ActiveX-Control-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
Critical Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow CVE-2007-4607 File-Text_Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow Compromise
Fingerprint regexp changed
High HP-Easy-Printer-Care-Software-ActiveX-Control-Directory-Traversal CVE-2011-2404 File-Text_HP-Easy-Printer-Care-Software-ActiveX-Control-Directory-Traversal Potential Compromise
Fingerprint regexp changed
Low Microsoft-Windows-XP-Large-Image-Resize-DoS No CVE/CAN File-Text_Microsoft-Windows-XP-Large-Image-Resize-DoS Potential Denial of Service
Fingerprint regexp changed
Low Mozilla-Non-Ascii-Hostname-BOF CVE-2004-0902 File-Text_Mozilla-Non-Ascii-Hostname-BOF Possibly Unwanted Content
Fingerprint regexp changed
High RealNetworks-RealPlayer-Ivr-Handling-Heap-Buffer-Overflow No CVE/CAN File-Text_RealPlayer-Vulnerable-Embedded-ActiveX-Control Potential Compromise
Fingerprint regexp changed
High Apple-Safari-HTML-Image-Element-Handling-Use-After-Free CVE-2010-0054 File-Text_Apple-Safari-HTML-Image-Element-Handling-Use-After-Free-3 Potential Compromise
Fingerprint regexp changed
High Internet-Explorer-Security-Zone-Bypass-Url-Spoofing No CVE/CAN File-Text_Internet-Explorer-Security-Zone-Bypass-Url-Spoofing Suspected Compromise
Fingerprint regexp changed
High Oracle-AutoVue-ActiveX-SaveViewStateToFile-Remote-File-Creation No CVE/CAN File-Text_Oracle-AutoVue-ActiveX-SaveViewStateToFile-Remote-File-Creation Suspected Compromise
Fingerprint regexp changed
High Oracle-AutoVue-ActiveX-Export3DBom-Remote-File-Creation No CVE/CAN File-Text_Oracle-AutoVue-ActiveX-Export3DBom-Remote-File-Creation Suspected Compromise
Fingerprint regexp changed
High McAfee-Security-Center-Mcinsctl.dll-ActiveX-Control-File-Overwrite CVE-2005-3657 File-Text_McAfee-Security-Center-Mcinsctl.dll-ActiveX-Control-File-Overwrite Suspected Compromise
Fingerprint regexp changed
High HP-Easy-Printer-Care-ActiveX-Control-Directory-Traversal CVE-2011-4786 File-Text_HP-Easy-Printer-Care-ActiveX-Control-Directory-Traversal Potential Compromise
Fingerprint regexp changed
High Microsoft-Windows-Win32k.sys-Memory-Corruption CVE-2011-5046 File-Text_Microsoft-Windows-Win32k.sys-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High IBM-Rational-Rhapsody-Bb-Flashback-Fbrecorder-Multiple-Vulnerabilities CVE-2011-1388 File-Text_IBM-Rational-Rhapsody-Bb-Flashback-Fbrecorder-Multiple-Vulnerabilities Suspected Compromise
Fingerprint regexp changed
High IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Stack-Buffer-Overflow CVE-2012-2176 File-Text_IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Stack-Buffer-Overflow CVE-2012-0549 File-Text_Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-Buffer-Overflow CVE-2011-4187 File-Text_Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-BOF-2 Potential Compromise
Fingerprint regexp changed
High GE-Proficy-Historian-Keyhelp-ActiveX-Remote-Code-Execution CVE-2012-2516 File-Text_GE-Proficy-Historian-Keyhelp-ActiveX-Remote-Code-Execution Potential Compromise
Fingerprint regexp changed
High Cisco-AnyConnect-VPN-Client-Software-Downgrade CVE-2012-2494 File-Text_Cisco-AnyConnect-VPN-Client-Software-Downgrade Suspected Compromise
Fingerprint regexp changed
High Samsung-Kies-Arbitrary-Command-Execution CVE-2012-3807 File-Text_Samsung-Kies-Arbitrary-Command-Execution Suspected Compromise
Fingerprint regexp changed
High CYME-Multiple-Products-Chartfx.clientserver.core.dll-Remote-Code-Execution No CVE/CAN File-Text_CYME-Multiple-Products-Chartfx-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed
High Safenet-HASP-SL-ActiveX-Control-ChooseFilePath-Buffer-Overflow No CVE/CAN File-Text_Safenet-HASP-SL-ActiveX-Control-ChooseFilePath-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-Java-Web-Start-ActiveX-Control-LaunchApp-Memory-Access-Error CVE-2013-2416 File-Text_Oracle-Java-Web-Start-ActiveX-Control-LaunchApp-Memory-Access-Error Suspected Compromise
Fingerprint regexp changed
High IBM-iNotes-ActiveX-Control-Integer-Overflow CVE-2013-3027 File-Text_IBM-iNotes-ActiveX-Control-Integer-Overflow Suspected Compromise
Fingerprint regexp changed
High MW6-Technologies-Aztec-ActiveX-Control-Buffer-Overflow CVE-2013-6040 File-Text_MW6-Technologies-Aztec-ActiveX-Control-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High MW6-Technologies-Maxicode-ActiveX-Control-Buffer-Overflow CVE-2013-6040 File-Text_MW6-Technologies-Maxicode-ActiveX-Control-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High MW6-Technologies-Datamatrix-ActiveX-Control-Buffer-Overflow CVE-2013-6040 File-Text_MW6-Technologies-Datamatrix-ActiveX-Control-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Microsoft-Internet-Explorer-TSUserEX.DLL-ActiveX-Control-Vulnerability CVE-2006-4219 File-Text_Microsoft-Internet-Explorer-TSUserEX.DLL-ActiveX-Control-Vulnerability Suspected Compromise
Fingerprint regexp changed
High HP-Sprinter-Tidestone-Formula-One-ActiveX-Multiple-Memory-Corruption CVE-2014-2635 File-Text_HP-Sprinter-Tidestone-Formula-One-ActiveX-Multiple-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Advantech-WebAccess-SCADA-Webeye.ocx-IP_Addr-Parameter-Buffer-Overflow CVE-2014-8388 File-Text_Advantech-WebAccess-SCADA-Webeye.ocx-Obsolete-ActiveX-Control-Usage Suspected Compromise
Fingerprint regexp changed
High Honeywell-Opos-Suite-Hwoposscanner.ocx-Open-Method-Stack-Buffer-Overflow CVE-2014-8269 File-Text_Honeywell-Opos-Suite-Hwoposscanner.ocx-Open-Method-Stack-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Honeywell-Opos-Suite-Hwoposscale.ocx-Open-Method-Stack-Buffer-Overflow CVE-2014-8269 File-Text_Honeywell-Opos-Suite-Hwoposscale.ocx-Open-Method-Stack-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Out-Of-Bounds-Indexing CVE-2015-8040 File-Text_Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Vulnerabilities Potential Compromise
Fingerprint regexp changed
High Schneider-Electric-Proclima-Atx45-Sethtmlfilename-Heap-Buffer-Overflow CVE-2014-8511 File-Text_Schneider-Electric-Proclima-Atx45-Sethtmlfilename-Heap-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-Proclima-Metadraw-Arrangeobjects-Memory-Corruption CVE-2014-9188 File-Text_Schneider-Electric-Proclima-Metadraw-Several-Vulnerabilities Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-Isobjectmodel-Removeparameter-Stack-Buffer-Overflow CVE-2014-9200 File-Text_Schneider-Electric-Isobjectmodel-Removeparameter-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-Data-Quality-Trillium-Based-Setentities-Type-Confusion CVE-2015-0444 File-Text_Oracle-Data-Quality-Loaderwizard-Multiple-Type-Confusion-Vulnerabilities Suspected Compromise
Fingerprint regexp changed
High Panasonic-Security-API-SDK-Multicastaddr-Stack-Buffer-Overflow CVE-2015-4648 File-Text_Panasonic-Security-API-SDK-Multicastaddr-Stack-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High NetIQ-Security-Solutions-For-Iseries-Safeshellexecute-Stack-Buffer-Overflow CVE-2015-0795 File-Text_NetIQ-Security-Solutions-For-Iseries-Safeshellexecute-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High JavaScript-Obfuscation No CVE/CAN File-Text_JavaScript-ActiveX-Obfuscation Suspected Attack Related Anomalies
Fingerprint regexp changed
High Samsung-Smartviewer-Stwaxconfignvr-Memory-Corruption CVE-2015-8039 File-Text_Samsung-Smartviewer-Stwaxconfignvr-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Samsung-Smartviewer-Stwaxconfig-Memory-Corruption CVE-2015-8039 File-Text_Samsung-Smartviewer-Stwaxconfig-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Unitronics-VisiLogic-OPLC-ActiveX-Control-Memory-Corruption CVE-2015-6478 File-Text_Unitronics-VisiLogic-OPLC-TeeCommander-ChartLink-ActiveX-Control-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-Proclima-F1bookview-Copyall-Memory-Corruption CVE-2015-8561 File-Text_Schneider-Electric-Proclima-Multiple-Methods-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Unitronics-VisiLogic-OPLC-IDE-Teepreviewer-ChartLink-Memory-Corruption CVE-2015-6478 File-Text_Unitronics-VisiLogic-OPLC-IDE-Teepreviewer-ChartLink-Memory-Corruption Suspected Compromise
Fingerprint regexp changed

Other Binary File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low Conflicting-Content-Type-Header No CVE/CAN File-Binary_Conflicting-Content-Type-JPEG Protocol Violations
Fingerprint regexp changed
High Delta-Industrial-Automation-CNCSoft-Screeneditor-Element-Name-Stack-BOF CVE-2020-16199 File-Binary_Delta-Industrial-Automation-CNCSoft-Screeneditor-Element-Name-Stack-BOF Suspected Compromise
Fingerprint regexp changed
Low Google-Chrome-Extension-Package No CVE/CAN File-Binary_Google-Chrome-CRX-Extension-Package Possibly Unwanted Content
Fingerprint regexp changed
High File-Type-Identification No CVE/CAN File-Binary_Microsoft-Word-For-Macintosh-Version-5-Document Potential Compromise
Fingerprint regexp changed
Low BZip2-Compressed-File No CVE/CAN File-Binary_BZip2-Compressed-File-Download Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Windows-Media-HTTP-Stream Streaming Protocols
Fingerprint regexp changed
Low Conflicting-Content-Type-Header No CVE/CAN File-Binary_Conflicting-Content-Type-Text Protocol Information
Fingerprint regexp changed
Low Conflicting-Content-Type-Header No CVE/CAN File-Binary_Conflicting-Content-Type-Text-HTML Protocol Information
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Standard-MIDI-Download Streaming Protocols
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Mp3-Download Streaming Protocols
Fingerprint regexp changed
High Cisco-Webex-Recording-Format-Player-Atas32.dll-Integer-Overflow CVE-2012-1336 File-Binary_Cisco-Webex-Recording-Format-Player-Atas32.dll-Integer-Overflow Suspected Compromise
Fingerprint regexp changed
Low Java-Related-File-Transfers No CVE/CAN File-Binary_Java-Class-File Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Rar-File Protocol Information
Fingerprint regexp changed
High Windows-Shell-Shortcut-Arbitrary-Code-Execution CVE-2010-2568 File-Binary_Windows-LNK-File-Transfer Suspected Attack Related Anomalies
Fingerprint regexp changed
Low Windows-Shell-Shortcut-Arbitrary-Code-Execution CVE-2010-2568 File-Binary_Windows-Control-Panel-Applet-Shortcut-File-Transfer Other Suspicious Traffic
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_TIFF-File Protocol Information
Fingerprint regexp changed
High Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow-2 CVE-2013-5879 File-Binary_Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow-2 Suspected Compromise
Fingerprint regexp changed
Low XAR-Archive-File-Transfer No CVE/CAN File-Binary_XAR-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Cabinet-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Binary_ELF-Executable-File-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Binary_Mach-O-Executable-File-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Critical IBM-Lotus-Domino-BMP-Color-Palette-Stack-Buffer-Overflow CVE-2015-1903 File-Binary_IBM-Lotus-Domino-BMP-Color-Palette-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_LhArc-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Ar-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Compiled-Help Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_ACE-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_StuffIt-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Blizzard-MPQ-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Matroska-Media-Container Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Memory-Dump Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Romfs-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_VMware-Virtual-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Oracle-VirtualBox-Virtual-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Hyper-V-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_CD-ROM-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Metafile Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Animation-Flic-Video Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-ASF-Container Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Word-Perfect-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Fax-Cover-Sheet Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_RealMedia-Video Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_RealNetworks-Internet-Video Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Lotus-1-2-3-Spreadsheet Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Excel-Legacy-Spreadsheet Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Word-Legacy-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Autocad-DWG Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Autocad-FAS Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Autocad-DWF Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Help-Document Possibly Unwanted Content
Fingerprint regexp changed
High McAfee-Epolicy-Orchestrator-Datachannel-Guid-SQL-Injection CVE-2016-8027 File-Binary_McAfee-Epolicy-Orchestrator-Datachannel-Guid-SQL-Injection Suspected Compromise
Fingerprint regexp changed

PDF File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Adobe-Acrobat--Embedded-JBIG2-Stream-Buffer-Overflow CVE-2009-0658 File-PDF_Adobe-Acrobat-Embedded-JBIG2-Stream-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High JavaScript-In-PDF No CVE/CAN File-PDF_JavaScript-With-Open-Action-In-PDF-Not-HTTP-Port Suspected Compromise
Fingerprint regexp changed
High Foxit-PDF-Reader-And-Editor-Annotation-Rect-Use-After-Free CVE-2021-34842 File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-Rect-Use-After-Free Suspected Compromise
Fingerprint regexp changed
High Foxit-PDF-Reader-And-Editor-Annotation-CVE-2021-34850-Use-After-Free CVE-2021-34850 File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-CVE-2021-34850-Use-After-Free Suspected Compromise
Fingerprint regexp changed

OLE File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High OpenOffice-OLE-File-Stream-Buffer-Overflow CVE-2008-0320 File-OLE_OpenOffice-OLE-File-Stream-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Microsoft-Word-Mso.dll-Lscreateline-Memory-Corruption No CVE/CAN File-OLE_Microsoft-Word-Mso.dll-Lscreateline-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Excel-95-Workbook Possibly Unwanted Content
Fingerprint regexp changed
High Microsoft-OLE-Structured-Storage-File-Transfer No CVE/CAN File-OLE_Unusual-Directory-Structure Potential Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-Presentation Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Null-Class-Id Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Unknown-Class-Id Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Word-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Installer-Database Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Installer-Transform Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Installer-Patch Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-Slide Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Excel-Workbook Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Generic-OLE-Package Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Word-6-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Adobe-Photoshop-7-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Outlook-Message Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Equation-2.0-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Equation-3.0-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-95-Presentation Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-Add-In Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Visio-Drawing Possibly Unwanted Content
Fingerprint regexp changed

Flash File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low File-Type-Identification No CVE/CAN File-Flash_Adobe-Flash-Media-Transfer Streaming Protocols
Fingerprint regexp changed

HTTP Server Header Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Squid-Proxy-HTTP-Vary-Header-Handling-Denial-Of-Service CVE-2021-28662 HTTP_SHS-Squid-Proxy-HTTP-Vary-Header-Handling-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

PNG File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Libpng-PNG-Inflate-Buffer-Overflow CVE-2011-3045 File-PNG_Libpng-PNG-Inflate-Buffer-Overflow Potential Compromise
Fingerprint regexp changed

RIFF File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Adobe-Shockwave-Director-tSAC-Chunk-String-Termination-Memory-Corruption CVE-2011-2118 File-RIFF_Adobe-Shockwave-Director-tSAC-Chunk-Termination-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-RIFF_WAVE-Download Streaming Protocols
Fingerprint regexp changed

Identified Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Novell-Groupwise-Internet-Agent-RRULE-Weekday-Parsing-Buffer-Overflow CVE-2011-2662 File-TextId_Novell-Groupwise-Internet-Agent-RRULE-Weekday-Parsing Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-TextId_Microsoft-Excel-2013-Workbook Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-TextId_Microsoft-Word-2010-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-TextId_Microsoft-Word-2013-Document Possibly Unwanted Content
Fingerprint regexp changed
High Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution No CVE/CAN File-TextId_Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution-1 Suspected Compromise
Description has changed
High Siemens-JT2Go-Plmxml-File-Parsing-External-Entity-Injection CVE-2020-26981 File-TextId_Siemens-JT2Go-Plmxml-File-Parsing-External-Entity-Injection Suspected Compromise
Fingerprint regexp changed
High Jenkins-Filesystem-Trigger-Plugin-External-Entity-Injection CVE-2021-21659 File-TextId_Jenkins-Filesystem-Trigger-Plugin-External-Entity-Injection Suspected Compromise
Fingerprint regexp changed

Zip File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Manageengine-Servicedesk-File-Upload-Directory-Traversal No CVE/CAN File-Zip_Manageengine-Servicedesk-File-Upload-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
Critical Microsoft-Java-VM-Bytecode-Verifier-Bypass CVE-2003-0111 File-Zip_Microsoft-Java-VM-Bytecode-Verifier-Bypass-JAR Compromise
Fingerprint regexp changed
High Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution CVE-2010-0263 File-Zip_Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution Suspected Compromise
Fingerprint regexp changed
High Oracle-Java-Rmi-Services-Default-Configuration-Remote-Code-Execution CVE-2011-3556 File-Zip_Oracle-Java-Rmi-Services-Default-Configuration-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Zip_Executable-In-JAR Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Zip_Executable-In-Archive Protocol Information
Fingerprint regexp changed
High Unitronics-VisiLogic-OPLC-IDE-Vlp-File-Parsing-Heap-Buffer-Overflow CVE-2015-7939 File-Zip_Unitronics-VisiLogic-OPLC-IDE-Vlp-File-Parsing-Heap-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Trend-Micro-OfficeScan-Zip-Directory-Traversal CVE-2019-18187 File-Zip_Trend-Micro-OfficeScan-Zip-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Zoho-Manageengine-Desktop-Central-Appdependency-Arbitrary-File-Write CVE-2020-10859 File-Zip_Zoho-Manageengine-Desktop-Central-Appdependency-Arbitrary-File-Write Suspected Compromise
Fingerprint regexp changed

Executable File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Low Executable-File-Transfer No CVE/CAN File-Exe_Executable-File-Upload Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Exe_Executable-File-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Exe_Executable-In-Archive Protocol Information
Fingerprint regexp changed
Low UPX-Packed-Executable No CVE/CAN File-Exe_UPX-Packed-Executable Possibly Unwanted Content
Fingerprint regexp changed
High Microsoft-Windows-PE-File-Signature-Spoofing-Vulnerability CVE-2020-1599 File-Exe_Conflicting-Content-Type-HTA Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryResourceSpace
CategorySonicWall

Updated objects:

TypeNameChanges
IPListRwanda
IPListIraq
IPListSaudi Arabia
IPListIran
IPListCyprus
IPListTanzania
IPListArmenia
IPListKenya
IPListSeychelles
IPListJordan
IPListLebanon
IPListKuwait
IPListOman
IPListUnited Arab Emirates
IPListIsrael
IPListTurkey
IPListEgypt
IPListGreece
IPListEstonia
IPListLatvia
IPListLithuania
IPListGeorgia
IPListMoldova
IPListBelarus
IPListFinland
IPListÅland
IPListUkraine
IPListNorth Macedonia
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListKosovo
IPListZimbabwe
IPListMauritius
IPListRéunion
IPListSouth Africa
IPListMayotte
IPListAfghanistan
IPListPakistan
IPListBangladesh
IPListSri Lanka
IPListBhutan
IPListIndia
IPListNepal
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListKyrgyzstan
IPListVietnam
IPListThailand
IPListIndonesia
IPListLaos
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListBrunei
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListSingapore
IPListRussia
IPListMongolia
IPListAustralia
IPListChristmas Island
IPListPapua New Guinea
IPListNew Zealand
IPListCameroon
IPListCongo Republic
IPListPortugal
IPListGhana
IPListEquatorial Guinea
IPListNigeria
IPListGuinea
IPListMali
IPListSpain
IPListMorocco
IPListMalta
IPListAlgeria
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListNetherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListMonaco
IPListFrance
IPListAndorra
IPListLiechtenstein
IPListJersey
IPListIsle of Man
IPListSlovakia
IPListCzechia
IPListNorway
IPListSan Marino
IPListItaly
IPListSlovenia
IPListMontenegro
IPListCroatia
IPListAngola
IPListGreenland
IPListParaguay
IPListUruguay
IPListBrazil
IPListDominican Republic
IPListBahamas
IPListAntigua and Barbuda
IPListSaint Lucia
IPListBritish Virgin Islands
IPListSaint Martin
IPListSaint Barthélemy
IPListCayman Islands
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListArgentina
IPListChile
IPListBolivia
IPListPeru
IPListMexico
IPListFrench Polynesia
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListCanada
IPListUnited States
IPListSerbia
IPListAntarctica
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon CLOUDFRONT
IPListMicrosoft Azure datacenter for australiaeast
IPListMicrosoft Azure datacenter for canadacentral
IPListTOR relay nodes IP Address List
IPListMicrosoft Azure datacenter for centralus
IPListMicrosoft Azure datacenter for southeastasia
IPListMicrosoft Azure datacenter for westus2
IPListMicrosoft Azure datacenter
IPListBotnet IP Address List
IPListMalicious Site IP Address List
IPListAmazon AMAZON sa-east-1
IPListAmazon AMAZON us-east-1
IPListMicrosoft Azure datacenter for norwaye
IPListMicrosoft Azure datacenter for switzerlandn
IPListMicrosoft Azure service for AzureArcInfrastructure
IPListMicrosoft Azure service for AzureCloud
IPListMicrosoft Azure service for AzureSignalR
IPListMicrosoft Azure service for AzureTrafficManager
IPListMicrosoft Azure datacenter for swedencentral
IPListMicrosoft Azure datacenter for westus3
IPListMicrosoft Azure datacenter for qatarcentral
SituationDNS-TCP_Standard-Query-Request-Type-AAAA
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-WKS
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-Null
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-A
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-CNAME
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-MX
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-SRV
Fingerprint regexp changed
SituationDNS-TCP_Standard-Query-Request-Type-TXT
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-Null
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-WKS
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-TXT
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-A
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-CNAME
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-MX
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-SRV
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Request-Type-AAAA
Fingerprint regexp changed
SituationDNS-UDP_ISC-BIND-DNS-Key-Record-Too-Short-1
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ISC BIND removed
Category tag group CVE2020 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group UDP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
SituationDNS-UDP_Standard-Query-Reply-Type-Null
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Reply-Type-KEY
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Reply-Type-A
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Reply-Type-CNAME
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Reply-Type-MX
Fingerprint regexp changed
SituationDNS-UDP_Standard-Query-Reply-Type-SRV
Fingerprint regexp changed
SituationDNS-UDP_Suspiciously-Long-TXT-Reply-Content
Fingerprint regexp changed
SituationDNS-UDP_ISC-BIND-DNS-Key-Record-Too-Short-2
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ISC BIND removed
Category tag group CVE2020 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group UDP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
SituationHTTP_CS-Multiple-Host-Headers
Fingerprint regexp changed
SituationHTTP_CSU-Shared-Variables
SituationHTTP_CSU-Known-Exploit-Kit-Parameter-Pattern
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group HTTP URI Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSH-Browser-Usage-Variables-Setter
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Generic browser removed
Category tag os_not_specific Any Operating System not specific removed
Category tag application_not_specific Generic browser not specific removed
Category tag situation Browsers removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSH-GoogleEarth-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Shared-Variables
Fingerprint regexp changed
SituationHTTP_CSH-Long-Range-Or-Range-Request-Header
Fingerprint regexp changed
SituationHTTP_SHS-Transfer-Encoding-Invalid
Fingerprint regexp changed
SituationHTTP_SHS-Transfer-Encoding-Chunked
Fingerprint regexp changed
SituationHTTP_SHS-Transfer-Encoding-Deflate
Fingerprint regexp changed
SituationHTTP_SHS-Transfer-Encoding-Compress
Fingerprint regexp changed
SituationHTTP_SHS-Transfer-Encoding-Gzip
Fingerprint regexp changed
SituationHTTP_SHS-Transfer-Encoding-Identity
Fingerprint regexp changed
SituationSMTP_Shared-Variables-For-Client-Command-Stream-Context
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation System Inspections removed
Category tag group TCP Client Traffic removed
SituationHTTP_Vulnerable-HTML-Help-ActiveX-Control-Access
Description has changed
Category tag situation Obsolete added
Category tag os Windows XP removed
Category tag os Windows 2000 removed
Category tag os Windows 2003 removed
Category tag hardware Any Hardware removed
Category tag group MS2007-02 removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows XP not specific removed
Category tag os_not_specific Windows 2000 not specific removed
Category tag os_not_specific Windows 2003 not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Server Traffic removed
SituationHTTP_Authentium-Command-AntiVirus-odapi.dll-Multiple-Buffer-Overflows
Description has changed
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Authentium Command Antivirus removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Server Traffic removed
SituationFTP_CS-Shared-Variables-For-Client-Stream-Context
Fingerprint regexp changed
SituationSMB-TCP_SC-Remote-Delete-Service
Fingerprint regexp changed
SituationSMB-TCP_SC-Remote-Start-Service
Fingerprint regexp changed
SituationSMB-TCP_SC-Remote-Stop-Service
Fingerprint regexp changed
SituationSMB-TCP_SC-At-Scheduler-JobAdd
Fingerprint regexp changed
SituationSMB-TCP_SC-At-Scheduler-JobDelete
Fingerprint regexp changed
SituationSMB-TCP_CHS-SMB3-Negotiate-Chained-Compression-Unsupported
Fingerprint regexp changed
SituationHTTP_SLS-Unknown-Informal-Status-Code
Fingerprint regexp changed
SituationHTTP_SLS-Unknown-Success-Status-Code
Fingerprint regexp changed
SituationHTTP_SLS-Unknown-Redirection-Status-Code
Fingerprint regexp changed
SituationHTTP_SLS-Unknown-Client-Error-Status-Code
Fingerprint regexp changed
SituationHTTP_SLS-Unknown-Server-Error-Status-Code
Fingerprint regexp changed
SituationFile-Text_JavaScript-Comment-Split
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Generic HTTP client removed
Category tag os_not_specific Any Operating System not specific removed
Category tag application_not_specific Generic HTTP client not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
SituationFile-OLE_Microsoft-PowerPoint-95-Slide
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Microsoft PowerPoint removed
Category tag os_not_specific Windows not specific removed
Category tag application_not_specific Microsoft PowerPoint not specific removed
Category tag situation Possibly Unwanted Content removed
SituationFile-Binary_Disk-Image-Transfer
Fingerprint regexp changed
SituationHTTP_SHS-Icecast-Not-Audio
Fingerprint regexp changed
SituationFile-Text_Base64-Encoded-HTML-Object
Fingerprint regexp changed
SituationFile-Text_Vulnerable-HTML-Help-ActiveX-Control-Access
Description has changed
Category tag situation Obsolete added
Category tag os Windows XP removed
Category tag os Windows 2000 removed
Category tag os Windows 2003 removed
Category tag hardware Any Hardware removed
Category tag group MS2007-02 removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows XP not specific removed
Category tag os_not_specific Windows 2000 not specific removed
Category tag os_not_specific Windows 2003 not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
SituationFile-Text_Authentium-Command-AntiVirus-odapi.dll-Multiple-Buffer-Overflows
Description has changed
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Authentium Command Antivirus removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
SituationFile-TextId_Script-In-SVG
Fingerprint regexp changed
SituationFile-Text_Internet-Explorer-AxDebugger-Document-ActiveX-Vulnerability
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-64-Bit
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-32-Bit
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Nonstandard-Optional-Header-Size
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Dynamic-Link-Libary
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Unknown-Architecture
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-x86-64
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-x86
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Header-Overlap
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Windows-Unknown-Subsystem
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Windows-POSIX-Subsystem
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Windows-OS2-Subsystem
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Windows-Console-Application
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Windows-GUI-Application
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Windows-Native-Subsystem
Fingerprint regexp changed
SituationFile-Exe_Portable-Executable-Nonstandard-Optional-Header-Signature
Fingerprint regexp changed
SituationFile-Text_Internet-Explorer-Sysmon-ActiveX-Denial-Of-Service
Fingerprint regexp changed

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2021 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.