森德網站設計

資安情報站

產品技術通報:IBM Security Network Intrusion Prevention System (GX), IBM QRadar Network Security (XGS) XPU 3908.09122 更新

通報簡述
本次更新總共包含了 30 個新的入侵偵測特徵,並建議對 48 個事件進行阻擋。

產品: IBM Security Network Intrusion Prevention System (GX), IBM QRadar Network Security (XGS) 全系列

版本: 3908.09122
更新方式
1. 能使用網際網路的使用者,可利用 ManualUpgrader 或 SiteProtector 管理介面直接進行更新。
2. 無法使用網際網路的使用者,請至 http://ibmss.flexnetoperations.com/ 網站下載網頁中手動下載,並依手冊指示進行手動更新。
3. 更新之後,請檢查使用中的 Policy,並調整勾選新增的偵測事件特徵後,將 Policy 套用至相關元件。
新增特徵碼
編號 特徵碼名稱 參考資料 類別 風險等級
159818 HTTP_Zoho_ManageEngine_SLA_SQL_Injection CVE-2019-11448 Unauthorized Access Attempt MEDIUM
160799 PDF_Reader_Mem_Corruption_086 CVE-2019-7774 Suspicious Activity MEDIUM
160803 PDF_Reader_Info_Disclosure_017 CVE-2019-7778 Suspicious Activity MEDIUM
160850 PDF_Reader_Mem_Corruption_088 CVE-2019-7834 Suspicious Activity MEDIUM
161068 HTTP_CiscoPrime_EPNM_Tar_Dot_Dot CVE-2019-1821 Suspicious Activity MEDIUM
161921 Script_ADO_Recordset_Memory_Corruption CVE-2019-0888 Suspicious Activity HIGH
162185 DBMan_CheckDBFiles_Filename_DoS CVE-2019-5355 Denial of Service MEDIUM
163113 MSRPC_Advantech_WebAccess_bwmail_Exec CVE-2019-10991 Unauthorized Access Attempt HIGH
163113 MSRPC_Advantech_BwPAlarm_Overflow CVE-2019-10991 Unauthorized Access Attempt HIGH
163617 HTTP_Atlassian_JIRA_Exec CVE-2019-11581 Unauthorized Access Attempt HIGH
164065 HTTP_Palo_Alto_VPN_Exec CVE-2019-1579 Unauthorized Access Attempt HIGH
164561 Script_Edge_Memory_Corruption_184 CVE-2019-1139 Suspicious Activity MEDIUM
164562 Script_Edge_Memory_Corruption_182 CVE-2019-1140 Suspicious Activity HIGH
164581 Script_Edge_Memory_Corruption_181 CVE-2019-1196 Suspicious Activity MEDIUM
164708 Json_Lord_Exploit_Kit Suspicious Activity HIGH
164708 HTML_Lord_Exploit_Kit Unauthorized Access Attempt HIGH
165008 PDF_Reader_Mem_Corruption_090 CVE-2019-8003 Suspicious Activity MEDIUM
165009 PDF_Reader_Info_Disclosure_019 CVE-2019-8004 Suspicious Activity MEDIUM
165031 PDF_Reader_Mem_Corruption_089 CVE-2019-8026 Suspicious Activity MEDIUM
165043 PDF_Reader_Mem_Corruption_100 CVE-2019-8038 Suspicious Activity MEDIUM
165048 PDF_Reader_Info_Disclosure_018 CVE-2019-8043 Suspicious Activity MEDIUM
165051 PDF_Reader_Mem_Corruption_092 CVE-2019-8046 Suspicious Activity HIGH
165056 PDF_Reader_Mem_Corruption_093 CVE-2019-8051 Suspicious Activity HIGH
165058 PDF_Reader_Mem_Corruption_094 CVE-2019-8053 Suspicious Activity HIGH
165059 PDF_Reader_Mem_Corruption_095 CVE-2019-8054 Suspicious Activity HIGH
165060 PDF_Reader_Mem_Corruption_101 CVE-2019-8055 Suspicious Activity HIGH
165061 PDF_Reader_Mem_Corruption_096 CVE-2019-8056 Suspicious Activity HIGH
165062 PDF_Reader_Mem_Corruption_097 CVE-2019-8057 Suspicious Activity HIGH
165063 PDF_Reader_Mem_Corruption_098 CVE-2019-8058 Suspicious Activity HIGH
165064 PDF_Reader_Mem_Corruption_099 CVE-2019-8059 Suspicious Activity HIGH
修正與強化
1. 添加了對新TLS 1.3密碼的支持。
2. 增強HTTP_ThinkCMF_Content_Exec以涵蓋其他攻擊變體。
3. 改進了TCP_VxWorks_MSS_Length_DoS檢測以解決不常見的誤報。
4. 改進了TCP_VxWorks_Zero_Urgent_Pointer檢測以解決誤報。
阻擋建議
事件阻擋(Block)注意事項:
此次XPU於預設Policy中新增 48 個阻擋事件,若您不是使用預設Policy,請修改您目前的Policy使其偵測到下列事件時可以成功阻擋:
JPEG_Acrobat_ImageConversion_Overflow
HTTP_Apache_Solr_XXE_Exec
Image_Reader_Text_Mem_Corruption_001
HTTP_Drupal_Property_Value_Exec
ID3_Flash_Player_Comm_Info_Disclosure
CompoundFile_Word_User_Disclosure
CompoundFile_Word_Macrobutton_Disclosure
HTTP_Cisco_Webex_URI_Exec
Script_Cisco_Webex_URI_Exec
DHCP_Windows_UncodeOption_Overflow
HTML_mIRC_URI_Exec
HTTP_mIRC_URI_Exec
Script_mIRC_URI_Exec
D
其他更新
-
注意事項
-
返回