Release notes for update package 1408-5242

Rolling DFA upgrades

Starting from dynamic update 1393, the handling of situations appearing in multiple contexts is improved. To avoid the same traffic data to be matched against multiple DFA's, all DFA's are being modified. When large number of DFAs change at the same time, the temporary memory requirement during a policy installation or refresh increases. To avoid not enough available memory on low end NGFW appliances these changes on DFA's are implemented gradually over the course of 10 dynamic update packages. With low end NGFW appliances, especially N110 and N115, it is recommended to upgrade to NGFW version 6.8.2 or higher to better address new policy when there is not enough memory for both old and new policy. A large number of DFAs might change at the same time if there is a large gap between activating dynamic update packages and the subsequent policy refresh.

See knowledge base article 18570.

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Monday November 29, 2021
MD5 CHECKSUM:     03fc7bc36adec725728e8ba79f7313b6
SHA1 CHECKSUM:     0bdbbaf0d4f35a423bf4e8241994f25860820be3
SHA256 CHECKSUM:     5286c84158d676495faeda3a1376447e53df5cd527a3f9dc86a72b235f917fbe

UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in Adobe Systems RoboHelp Server detected     CVE-2021-42727     Adobe-RoboHelp-Server-Filename-Directory-Traversal
High     An attempt to exploit a vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) detected     CVE-2021-22238     Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in Google Chrome detected     CVE-2021-30563     Google-Chrome-Type-Confusion-CVE-2021-30563
High     An attempt to exploit a vulnerability in SonicWall SMA100 detected     CVE-2019-7481     SonicWall-SMA100-SQL-Injection
High     An attempt to exploit a vulnerability in ResourceSpace detected     CVE-2021-41951     Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in SolarWinds Patch Manager detected     CVE-2021-35216     Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization
High     An attempt to exploit a vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) detected     CVE-2021-22238     Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in ResourceSpace detected     CVE-2021-41950     Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion
High     NetWire RAT infection traffic was detected     No CVE/CAN NetWire-RAT-Infection-Traffic
High     A self-signed certificate with default values was detected     No CVE/CAN Self-Signed-Certificate-With-Default-Values

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Adobe-RoboHelp-Server-Filename-Directory-Traversal CVE-2021-42727 HTTP_CS-Adobe-RoboHelp-Server-Filename-Directory-Traversal Suspected Compromise
High Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting CVE-2021-22238 HTTP_CS-Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting Suspected Compromise

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High NetWire-RAT-Infection-Traffic No CVE/CAN Generic_CS-NetWire-RAT-Infection-Traffic Suspected Botnet

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High SonicWall-SMA100-SQL-Injection CVE-2019-7481 HTTP_CRL-SonicWall-SMA100-SQL-Injection Suspected Compromise
High Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting CVE-2021-41951 HTTP_CRL-Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting Suspected Compromise
High Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization CVE-2021-35216 HTTP_CRL-Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization Suspected Compromise
High Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting CVE-2021-22238 HTTP_CRL-Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting Suspected Compromise
High Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion CVE-2021-41950 HTTP_CRL-Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion Suspected Compromise

TLS Server Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Self-Signed-Certificate-With-Default-Values No CVE/CAN TLS_SS-Self-Signed-Certificate-With-Default-Values Suspected Botnet

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Google-Chrome-Type-Confusion-CVE-2021-30563 CVE-2021-30563 File-Text_Google-Chrome-Type-Confusion-CVE-2021-30563 Suspected Compromise

Updated detected attacks:

UDP Packet Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Low Squid-Proxy-HTCP-Packet-Processing-Denial-Of-Service CVE-2010-0639 Generic_UDP-Squid-Proxy-HTCP-Packet-Processing-Denial-Of-Service Potential Denial of Service
Fingerprint regexp changed

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Novell-iManager-Getmultipartparameters-Unauthorized-File-Upload No CVE/CAN HTTP_CS-Novell-iManager-Servlet-Modulemanager-Upload-Vulnerability Suspected Compromise
Fingerprint regexp changed
High HTTP-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass CVE-2009-3548 HTTP_CS-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass Potential Compromise
Fingerprint regexp changed
High EMC-Cmcne-Fileuploadcontroller-Information-Disclosure CVE-2014-2276 HTTP_CS-EMC-Cmcne-Fileuploadcontroller-Information-Disclosure Suspected Compromise
Fingerprint regexp changed
High Visual-Mining-Netcharts-Server-Admin-Console-Arbitrary-File-Upload CVE-2014-8516 HTTP_CS-Visual-Mining-Netcharts-Server-Admin-Console-Arbitrary-File-Upload Suspected Compromise
Fingerprint regexp changed
High Microsoft-IIS-IDA-Path-Disclosure CVE-2000-0071 HTTP_CS-Microsoft-IIS-IDA-Path-Disclosure Suspected Disclosure
Detection mechanism updated
High Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Movefile-Vulnerability CVE-2015-2605 HTTP_CS-Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Movefile-Vulnerability Suspected Compromise
Fingerprint regexp changed
High Ruby-On-Rails-Devise-Password-Reset CVE-2013-0233 HTTP_CS-Ruby-On-Rails-Devise-Password-Reset Suspected Compromise
Fingerprint regexp changed
High Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload CVE-2019-7816 HTTP_CS-Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload Suspected Compromise
Fingerprint regexp changed
High Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload-Second CVE-2019-7838 HTTP_CS-Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload-Second Suspected Compromise
Fingerprint regexp changed
High HTTP-TikiWiki-Jhot.php-Script-File-Upload-Security-Bypass CVE-2006-4602 HTTP_CS-TikiWiki-Jhot.php-Script-File-Upload-Security-Bypass Potential Compromise
Fingerprint regexp changed

DNS UDP Client Message

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High ISC-Bind-Tsig-Validation-Denial-Of-Service CVE-2020-8617 DNS-UDP_ISC-Bind-Tsig-Validation-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High ISC-BIND-Truncated-Tsig-Record CVE-2020-8622 DNS-UDP_ISC-Bind-Tsig-Truncation-Denial-Of-Service-1 Suspected Compromise
Detection mechanism updated

DNS UDP Server Message

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Low Isc-Bind-Recursive-Resolver-Resource-Consumption-Denial-Of-Service CVE-2014-8500 DNS-UDP_Isc-Authoritative-Resource-Record Protocol Information
Fingerprint regexp changed
High ISC-Bind-Apl_42.c-Insist-Assertion-Failure-Denial-Of-Service CVE-2015-8704 DNS-UDP_ISC-Bind-Apl_42.c-Insist-Assertion-Failure-Denial-Of-Service Suspected Compromise
Detection mechanism updated
High ISC-Bind-DNS-Cookie-Assertion-Failure-Denial-Of-Service CVE-2016-2088 DNS-UDP_ISC-Bind-DNS-Cookie-Assertion-Failure-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

HTTPS Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Squid-SSL-Bump-Denial-Of-Service No CVE/CAN HTTPS_CS-Squid-SSL-Bump-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

HTTPS Server Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Squid-Proxy-SSL-Bump-Certificate-Validation-Bypass CVE-2015-3455 HTTPS_SS-TLS-Certificate-Common-Name-Null-Byte-Input-Validation-Error Suspected Compromise
Fingerprint regexp changed
High OpenSSL-Invalid-SRP-Parameters-G-And-B-Buffer-Overflow CVE-2014-3512 HTTPS_SS-OpenSSL-Invalid-SRP-Parameters-G-And-B-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Mozilla-Network-Security-Services-RSA-Signature-Forgery CVE-2014-1568 HTTPS_SS-Mozilla-Network-Security-Services-RSA-Signature-Forgery Suspected Compromise
Fingerprint regexp changed
Critical Weak-Diffie-Hellman-Parameters CVE-2015-4000 HTTPS_SS-Short-Diffie-Hellman-Prime Potential Disclosure
Fingerprint regexp changed
High OpenSSL-X509_cmp_Time-Denial-Of-Service CVE-2015-1789 HTTPS_SS-OpenSSL-X509_cmp_Time-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High Kaspersky-Internet-Security-HTTPS-Inspection-Insecure-Certificate-Validation No CVE/CAN HTTPS_SS-Kaspersky-Internet-Security-HTTPS-Inspection-Insecure-Certificate-Validation Suspected Compromise
Fingerprint regexp changed
High Mozilla-NSS-Tls-Regexp-Buffer-Overflow CVE-2009-2404 HTTPS_SS-Mozilla-NSS-Tls-Regexp-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High OpenSSL-Large-Dh-Parameter-Denial-Of-Service CVE-2018-0732 HTTPS_SS-OpenSSL-Large-Dh-Parameter-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Symantec-Alert-Management-System-Modem-String-Stack-Buffer-Overflow CVE-2010-0110 Generic_CS-Symantec-Alert-Management-System-Modem-String-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Symantec-Alert-Management-System-Pin-Number-Stack-Buffer-Overflow CVE-2010-0110 Generic_CS-Symantec-Alert-Management-System-Pin-Number-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High SAP-Netweaver-Diagtracehex-Denial-Of-Service CVE-2012-2612 Generic_CS-SAP-Netweaver-Diagtracehex-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
Low FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service CVE-2006-0900 Generic_FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service-2 Potential Denial of Service
Fingerprint regexp changed
High SAP-Sybase-Event-Stream-Processor-Parse-Connection-Unsafe-Pointer-Dereference CVE-2014-3457 Generic_CS-SAP-Sybase-Event-Stream-Processor-Esp_Parse-Connection-Unsafe-Pointer-Dereference Suspected Compromise
Fingerprint regexp changed
High IBM-Tivoli-Storage-Manager-Fastback-Mount-Vault-Stack-Buffer-Overflow CVE-2015-1896 Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Vault-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Critical Oracle-WebLogic-Server-RCE-Vulnerability-CVE-2019-2725 CVE-2019-2725 Generic_CS-Oracle-WebLogic-Server-Remoteobject-Insecure-Deserialization Compromise
Fingerprint regexp changed
High Oracle-GoldenGate-Manager-Command-Stack-Buffer-Overflow CVE-2018-2913 Generic_CS-Oracle-GoldenGate-Manager-Command-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-CVE-2019-2890-Insecure-Deserialization CVE-2019-2890 Generic_CS-Oracle-WebLogic-CVE-2019-2890-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-CVE-2020-2798-Insecure-Deserialization CVE-2020-2798 Generic_CS-Oracle-WebLogic-CVE-2020-2798-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-CVE-2020-14625-Insecure-Deserialization CVE-2020-14625 Generic_TCP-Oracle-WebLogic-CVE-2020-14625-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
High Oracle-WebLogic-Server-CVE-2020-14825 CVE-2020-14825 Generic_TCP-Oracle-WebLogic-CVE-2020-14825-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed
Low HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access CVE-2006-4511 Generic_Novell-Groupwise-Messenger-HTTP-POST-Request-Memory-Access-Violation Potential Denial of Service
Fingerprint regexp changed
High IBM-Informix-Dynamic-Server-Long-Username-Buffer-Overflow CVE-2006-3853 Generic_CS-IBM-Informix-Dynamic-Server-Long-Username-Buffer-Overflow Potential Compromise
Fingerprint regexp changed

TCP Server Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Cerulean-Studios-Trillian-Oscar-Tag-Handling-Heap-Buffer-Overflow CVE-2008-5403 IM-TCP_SS-Cerulean-Studios-Trillian-Oscar-Tag-Handling-Heap-Buffer-Overflow Potential Compromise
Fingerprint regexp changed

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High IBM-Lotus-Domino-Web-Server-URL-Accessing-Denial-of-Service CVE-2007-0067 HTTP_CSU-IBM-Lotus-Domino-Web-Server-URL-Accessing-Denial-of-Service Suspected Compromise
Fingerprint regexp changed
High Citrix-Application-Delivery-Controller-And-Gateway-Information-Disclosure CVE-2020-8195 HTTP_CSU-Citrix-Application-Delivery-Controller-And-Gateway-Information-Disclosure Suspected Compromise
Description has changed
High Bazar-Loader-Backdoor-Malware-Infection-Traffic No CVE/CAN HTTP_CSU-Bazar-Backdoor-Malware-Infection-Traffic Suspected Botnet
Fingerprint regexp changed
Low HTTP-IBM-Lotus-Domino-Web-Service-Denial-Of-Service CVE-2005-0986 HTTP_CSU-IBM-Lotus-Domino-Web-Service-Denial-Of-Service Potential Denial of Service
Fingerprint regexp changed

HTTP Request Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Novell-Remote-Manager-Off-By-One-Denial-Of-Service No CVE/CAN HTTP_CSH-Novell-Remote-Manager-Off-By-One-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed
High Squid-Proxy-Cache-Cachemgr.cgi-Resource-Exhaustion CVE-2012-5643 HTTP_CSH-Squid-Proxy-Cache-Cachemgr.cgi-Resource-Exhaustion Suspected Compromise
Fingerprint regexp changed
High Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow CVE-2012-5976 HTTP_CSH-Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow Suspected Compromise
Fingerprint regexp changed
High HTTP-ColdFusion-Admin-Password-DoS CVE-2000-0538 HTTP_CSH-ColdFusion-Admin-Password-DoS Denial of Service
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-6.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-5.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-4.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-3.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Netscape-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Opera-Browser-Usage Browsers
Fingerprint regexp changed
High HTTP-Trend-Micro-Control-Manager-Chunked-Encoding-Buffer-Overflow CVE-2005-1929 HTTP_CSH-Trend-Micro-Control-Manager-Chunked-Encoding-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Opera-Mini-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-2.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
High HTTP-Apache-Host-Header-Default-Error-Page-XSS CVE-2002-0840 HTTP_CSH-Script-In-Host-Header Attack Related Anomalies
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-7.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-9.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unknown-Browser Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Safari-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low IP-Address-As-HTTP-Host No CVE/CAN HTTP_CSH-IP-Address-As-HTTP-Host Protocol Information
Fingerprint regexp changed
High HTTP-Apache-Portable-Runtime-Apr-Psprintf-Long-String-Vulnerability CVE-2003-0245 HTTP_CSH-Oversized-Host-Header-Field Attack Related Anomalies
Fingerprint regexp changed
Low HTTP-Oracle-Bea-WebLogic-Transfer-Encoding-BOF CVE-2008-4008 HTTP_CSH-Transfer-Encoding-Invalid Protocol Violations
Fingerprint regexp changed
High Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion CVE-2013-2686 HTTP_CSH-Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion Suspected Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-8.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-10.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-11.x-Browser-Usage Major Browser Versions
Fingerprint regexp changed
Low Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service CVE-2014-0098 HTTP_CSH-Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service Possibly Unwanted Content
Fingerprint regexp changed
High Apache-Struts-Cookieinterceptor-Classloader-Security-Bypass CVE-2014-0113 HTTP_CHS-Apache-Struts-Cookieinterceptor-Classloader-Security-Bypass Suspected Compromise
Fingerprint regexp changed
Low Valve-Steam-Usage No CVE/CAN HTTP_CSH-Valve-Steam-Usage Online Gaming Protocols
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-8.1 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-8 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7.8 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7.5 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-iPad Browser Platforms
Fingerprint regexp changed
High Free-Download-Manager-Remote-Control-Authorization-Header-Buffer-Overflow CVE-2009-0183 HTTP_CSH-Excessively-Long-Basic-Authorization-Header Potential Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-iPhone Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.1-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.0-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.4-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.3-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.2-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.1-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.0-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-3-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Unidentified-Android-Version-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Unidentified-Android-Version-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-2-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-1-Tablet Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.1-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-5.0-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.4-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.3-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.2-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.1-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-4.0-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-3-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-2-Mobile Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android-1-Mobile Browser Platforms
Fingerprint regexp changed
High PhpFileManager-Cmd-Parameter-Command-Execution No CVE/CAN HTTP_CSH-PhpFileManager-Cmd-Parameter-Command-Execution Suspected Compromise
Fingerprint regexp changed
Critical Schneider-Electric-Modicon-M340-Buffer-Overflow-Vulnerability CVE-2015-7937 HTTP_CSH-Schneider-Electric-Modicon-M340-Buffer-Overflow-Vulnerability Suspected Compromise
Fingerprint regexp changed
High Apache-Subversion-Mod_Dav_SVN-Integer-Overflow CVE-2015-5343 HTTP_CSH-Apache-Subversion-Mod_Dav_SVN-Integer-Overflow Suspected Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-8.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-10.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-11.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-9.x-Browser-Compatibility-Mode-Usage Major Browser Versions
Fingerprint regexp changed
High Apache-Activemq-Fileserver-Move-Directory-Traversal CVE-2016-3088 HTTP_CSH-Apache-Activemq-Fileserver-Move-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High ABB-Pb610-Panel-Builder-600-Idal-HTTP-Host-Stack-Buffer-Overflow CVE-2019-7232 HTTP_CRH-ABB-Pb610-Panel-Builder-600-Idal-HTTP-Host-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Edge-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Samsung-Browser-Usage Browsers
Fingerprint regexp changed
High Cobalt-Strike-C2-HTTP-Traffic No CVE/CAN HTTP_CSH-Cobalt-Strike-C2-HTTP-Traffic Suspected Botnet
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Up-To-Date-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Obsolete-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unidentified-Firefox-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Up-To-Date-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Obsolete-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unidentified-Chrome-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Up-To-Date-Edge-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Obsolete-Edge-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Unidentified-Edge-Browser-Usage Browsers
Fingerprint regexp changed

HTTP Reply Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Adobe-Acrobat-File-Extension-Buffer-Overflow CVE-2004-0632 HTTP_SHS-Adobe-Acrobat-File-Extension-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Internet-Explorer-File-Name-Spoofing No CVE/CAN HTTP_SHS-Internet-Explorer-File-Name-Spoofing Potential Compromise
Fingerprint regexp changed
High Apple-QuickTime-Plugin-Content-Type-Buffer-Overflow CVE-2012-3753 HTTP_SHS-Apple-QuickTime-Plugin-Content-Type-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

HTTP Status Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service CVE-2019-5097 HTTP_SLS-Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

CCSO TCP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High CCSO-Mercury-Mail-Transport-System-Long-Command-BOF CVE-2005-4411 CCSO_Mercury-Mail-Transport-System-Long-Command-BOF Potential Compromise
Fingerprint regexp changed

LDAP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High OpenLDAP-Slapd-SASL-Slap_Parse_User-Assertion-Failure CVE-2020-36222 LDAP_CS-OpenLDAP-Slapd-SASL-Slap_Parse_User-Assertion-Failure Suspected Compromise
Fingerprint regexp changed
High IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow CVE-2015-0117 LDAP_CS-IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

MSRPC Client Payload Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High MSRPC-Workstation-Service-Buffer-Overflow-MS06-070 CVE-2006-4691 MSRPC-TCP_CPS-Microsoft-Windows-Workstation-Service-BOF-MS06-070-2 Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Webvrpcs-Service-Strncpy-Buffer-Overflow CVE-2016-0856 MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Strncpy-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Webvrpcs-Service-Function-0x013c80-Buffer-Overflow CVE-2016-0856 MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Function-0x013c80-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Webvrpcs-Service-Function-0x013c71-Buffer-Overflow CVE-2016-0856 MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Function-0x013c71-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Scada-Bwpslinkzip-Stack-Based-Buffer-Overflow CVE-2018-7499 MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpslinkzip-Stack-Based-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Scada-Notify2-Stack-Based-Buffer-Overflow CVE-2018-7499 MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Notify2-Stack-Based-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Scada-Bwnodeip-Stack-Based-Buffer-Overflow CVE-2018-14816 MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwnodeip-Stack-Based-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High HP-OpenView-NNM-ovutil.dll-Stringtoseconds-Buffer-Overflow CVE-2011-0262 HTTP_CRL-HP-OpenView-NNM-ovutil.dll-Stringtoseconds-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Low HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access CVE-2006-4511 HTTP_CRL-Novell-Groupwise-Messenger-HTTP-POST-Request-Memory-Access-Violation Potential Denial of Service
Fingerprint regexp changed
High Wordpress-W3-Total-Cache-PHP-Code-Execution CVE-2013-2010 HTTP_CRL-Wordpress-W3-Total-Cache-PHP-Code-Execution Suspected Compromise
Name: HTTP_CS-Wordpress-W3-Total-Cache-PHP-Code-Execution->HTTP_CRL-Wordpress-W3-Total-Cache-PHP-Code-Execution
Category tag group TCP Correlation Dependency Group removed
Context has changed from HTTP Client Stream to HTTP Normalized Request-Line
High Oracle-WebLogic-Server-CVE-2020-14882 CVE-2020-14882 HTTP_CRL-Oracle-WebLogic-Server-CVE-2020-14882 Suspected Compromise
Description has changed
High HP-OpenView-Network-Node-Manager-ovet_demandpoll.exe-Format-String CVE-2010-1550 HTTP_CRL-HP-OpenView-Network-Node-Manager-ovet_demandpoll.exe-Format-String Suspected Compromise
Fingerprint regexp changed
Critical HP-OpenView-Network-Node-Manager-Invalid-Option-Buffer-Overflow CVE-2010-1960 HTTP_CRL-HP-OpenView-Network-Node-Manager-Invalid-Option-Buffer-Overflow Compromise
Fingerprint regexp changed
High HP-OpenView-Network-Node-Manager-Jovgraph-Argument-Buffer-Overflow CVE-2010-1964 HTTP_CRL-HP-OpenView-Network-Node-Manager-Jovgraph-Argument-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High HP-OpenView-Network-Node-Manager-Nnmrptconfig-Schdparams-And-Nameparams-BOF CVE-2011-0267 HTTP_CRL-HP-OpenView-Nnmrptconfig-Network-Node-Manager-Schd-And-Nameparams-BOF-2 Potential Compromise
Fingerprint regexp changed
High HTTP-Possible-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Script-In-Get-Request Potential Compromise
Fingerprint regexp changed
Low HTTP-Possible-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Possible-Script-In-Get-Request Possibly Unwanted Content
Fingerprint regexp changed
High Novell-ZENworks-Configuration-Management-DirectoryViewer-Information-Disclosure CVE-2015-0785 HTTP_CRL-Novell-ZENworks-Configuration-Management-DirectoryViewer-Information-Disclosure Suspected Compromise
Fingerprint regexp changed
High PhpFileManager-Cmd-Parameter-Command-Execution No CVE/CAN HTTP_CRL-PhpFileManager-Cmd-Parameter-Command-Execution Suspected Compromise
Fingerprint regexp changed
High Novell-ZENworks-Mobile-Management-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Novell-ZENworks-Mobile-Management-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed
Critical Oracle-Application-Testing-Suite-Downloadservlet-File-Directory-Traversal CVE-2016-0482 HTTP_CRL-Oracle-Application-Testing-Suite-Downloadservlet-File-Directory-Traversal Compromise
Fingerprint regexp changed
High Oracle-ATS-Downloadservlet-Exportfilename-Directory-Traversal CVE-2016-0486 HTTP_CRL-Oracle-ATS-Downloadservlet-Exportfilename-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Oracle-ATS-Downloadservlet-Tmapreportimage-Directory-Traversal CVE-2016-0480 HTTP_CRL-Oracle-ATS-Downloadservlet-Tmapreportimage-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Advantech-WebAccess-Dashboard-Openwidget-Directory-Traversal CVE-2016-0855 HTTP_CRL-Advantech-WebAccess-Dashboard-Openwidget-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Unraid-Auth-Bypass-PHP-RCE CVE-2020-5847 HTTP_CRL-Unraid-Auth-Bypass-PHP-RCE Suspected Compromise
Description has changed
High Jenkins-Active-Choices-Plugin-Stored-Cross-Site-Scripting CVE-2021-21616 HTTP_CRL-Jenkins-Active-Choices-Plugin-Stored-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed

TLS Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Low Encrypted_Server_Name_Indicator No CVE/CAN TLS_CS-Encrypted_Server_Name_Indicator System Inspections
Fingerprint regexp changed

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Asus-Net4Switch-Ipswcom.dll-ActiveX-Control-Stack-Buffer-Overflow No CVE/CAN File-Text_Asus-Net4Switch-Ipswcom.dll-ActiveX-Control-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High GhostDNS No CVE/CAN File-Text_DNSChanger-Injected-Iframe Suspected Compromise
Fingerprint regexp changed
High JavaScript-Obfuscation No CVE/CAN File-Text_JS-Obfuscator-Obfuscated-JavaScript-Detected Potential Compromise
Fingerprint regexp changed
High Apple-Safari-Webkit-Floating-Point-Buffer-Overflow CVE-2009-2195 File-Text_Apple-Safari-Webkit-Floating-Point-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt CVE-2011-2217 File-Text_Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt Suspected Compromise
Fingerprint regexp changed
High Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution CVE-2011-0926 File-Text_Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution Potential Compromise
Fingerprint regexp changed
High Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption CVE-2010-1881 File-Text_Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
Critical Ie-Object-Type-Property-BOF CVE-2003-0344 File-Text_Microsoft-Internet-Explorer-Object-Tag-Slash-Buffer-Overflow Compromise
Fingerprint regexp changed
Critical Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow CVE-2008-0015 File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow Compromise
Fingerprint regexp changed
Low Embedded-Object-In-HTML No CVE/CAN File-Text_Embedded-ActiveX-Object-In-HTML Protocol Information
Fingerprint regexp changed
High Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow CVE-2008-3364 File-Text_Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-Com-Object-System-Compromise CVE-2005-2087 File-Text_Internet-Explorer-Com-Object-System-Compromise Potential Compromise
Fingerprint regexp changed
Critical HTTP_Microsoft-Visual-Foxpro-Vfp6r.dll-Docmd-ActiveX-Control-Command-Execution CVE-2008-0236 File-Text_Microsoft-Visual-Foxpro-Vfp6r-Docmd-ActiveX-Control-Command-Execution Compromise
Fingerprint regexp changed
High Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037 CVE-2008-0015 File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037 Suspected Compromise
Fingerprint regexp changed
Critical Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution CVE-2007-5660 File-Text_Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution Compromise
Fingerprint regexp changed
High HTTP-Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption CVE-2006-4495 File-Text_Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation-Memory-Corruption CVE-2007-0218 File-Text_Microsoft-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation Potential Compromise
Fingerprint regexp changed
High JavaScript-Obfuscation No CVE/CAN File-Text_JavaScript-Xor-One-Time-Pad-Obfuscation-Method Suspected Compromise
Fingerprint regexp changed
High Konqueror-Same-Origin-Policy-Bypass CVE-2002-1151 File-Text_Same-Origin-Policy-Bypass Potential Compromise
Fingerprint regexp changed
High HTTP-McAfee-Subscription-Manager-ActiveX-Buffer-Overflow CVE-2006-3961 File-Text_McAfee-Subscription-Manager-ActiveX-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
Critical HTTP-Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Code-Execution CVE-2006-4704 File-Text_Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Control-Usage Compromise
Fingerprint regexp changed
High HTTP_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption CVE-2007-0219 File-Text_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption CVE-2007-3041 File-Text_Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability CVE-2006-4193 File-Text_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability Potential Compromise
Fingerprint regexp changed
High HTTP-Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption CVE-2008-1086 File-Text_Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High HTTP-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption CVE-2006-1303 File-Text_Internet-Explorer-Com-Object-Instantiation-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability CVE-2007-0940 File-Text_Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability Potential Compromise
Fingerprint regexp changed
High HTTP_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption CVE-2006-4697 File-Text_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Axis-Camera-Control-ActiveX-Control-SetBMP-Buffer-Overflow CVE-2007-2239 File-Text_Axis-Communications-Camera-Control-ActiveX-Object Potential Compromise
Fingerprint regexp changed
High HTTP-Microsoft-Ie-ActiveX-Object-IObjectsafety-Implementation-Code-Execution CVE-2007-2216 File-Text_Microsoft-Ie-ActiveX-IObjectsafety-Implementation-Code-Execution Potential Compromise
Fingerprint regexp changed
High SAPGUI-AddTab-Method-ActiveX-Control-Buffer-Overflow CVE-2008-4827 File-Text_SAP-GUI-ActiveX-Control-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
Critical Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow CVE-2007-4607 File-Text_Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow Compromise
Fingerprint regexp changed
High HP-Easy-Printer-Care-Software-ActiveX-Control-Directory-Traversal CVE-2011-2404 File-Text_HP-Easy-Printer-Care-Software-ActiveX-Control-Directory-Traversal Potential Compromise
Fingerprint regexp changed
Low Microsoft-Windows-XP-Large-Image-Resize-DoS No CVE/CAN File-Text_Microsoft-Windows-XP-Large-Image-Resize-DoS Potential Denial of Service
Fingerprint regexp changed
Low Mozilla-Non-Ascii-Hostname-BOF CVE-2004-0902 File-Text_Mozilla-Non-Ascii-Hostname-BOF Possibly Unwanted Content
Fingerprint regexp changed
High RealNetworks-RealPlayer-Ivr-Handling-Heap-Buffer-Overflow No CVE/CAN File-Text_RealPlayer-Vulnerable-Embedded-ActiveX-Control Potential Compromise
Fingerprint regexp changed
High Apple-Safari-HTML-Image-Element-Handling-Use-After-Free CVE-2010-0054 File-Text_Apple-Safari-HTML-Image-Element-Handling-Use-After-Free-3 Potential Compromise
Fingerprint regexp changed
High Internet-Explorer-Security-Zone-Bypass-Url-Spoofing No CVE/CAN File-Text_Internet-Explorer-Security-Zone-Bypass-Url-Spoofing Suspected Compromise
Fingerprint regexp changed
High Oracle-AutoVue-ActiveX-SaveViewStateToFile-Remote-File-Creation No CVE/CAN File-Text_Oracle-AutoVue-ActiveX-SaveViewStateToFile-Remote-File-Creation Suspected Compromise
Fingerprint regexp changed
High Oracle-AutoVue-ActiveX-Export3DBom-Remote-File-Creation No CVE/CAN File-Text_Oracle-AutoVue-ActiveX-Export3DBom-Remote-File-Creation Suspected Compromise
Fingerprint regexp changed
High McAfee-Security-Center-Mcinsctl.dll-ActiveX-Control-File-Overwrite CVE-2005-3657 File-Text_McAfee-Security-Center-Mcinsctl.dll-ActiveX-Control-File-Overwrite Suspected Compromise
Fingerprint regexp changed
High HP-Easy-Printer-Care-ActiveX-Control-Directory-Traversal CVE-2011-4786 File-Text_HP-Easy-Printer-Care-ActiveX-Control-Directory-Traversal Potential Compromise
Fingerprint regexp changed
High Microsoft-Windows-Win32k.sys-Memory-Corruption CVE-2011-5046 File-Text_Microsoft-Windows-Win32k.sys-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High IBM-Rational-Rhapsody-Bb-Flashback-Fbrecorder-Multiple-Vulnerabilities CVE-2011-1388 File-Text_IBM-Rational-Rhapsody-Bb-Flashback-Fbrecorder-Multiple-Vulnerabilities Suspected Compromise
Fingerprint regexp changed
High IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Stack-Buffer-Overflow CVE-2012-2176 File-Text_IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Stack-Buffer-Overflow CVE-2012-0549 File-Text_Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-Buffer-Overflow CVE-2011-4187 File-Text_Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-BOF-2 Potential Compromise
Fingerprint regexp changed
High GE-Proficy-Historian-Keyhelp-ActiveX-Remote-Code-Execution CVE-2012-2516 File-Text_GE-Proficy-Historian-Keyhelp-ActiveX-Remote-Code-Execution Potential Compromise
Fingerprint regexp changed
High Cisco-AnyConnect-VPN-Client-Software-Downgrade CVE-2012-2494 File-Text_Cisco-AnyConnect-VPN-Client-Software-Downgrade Suspected Compromise
Fingerprint regexp changed
High Samsung-Kies-Arbitrary-Command-Execution CVE-2012-3807 File-Text_Samsung-Kies-Arbitrary-Command-Execution Suspected Compromise
Fingerprint regexp changed
High CYME-Multiple-Products-Chartfx.clientserver.core.dll-Remote-Code-Execution No CVE/CAN File-Text_CYME-Multiple-Products-Chartfx-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed
High Safenet-HASP-SL-ActiveX-Control-ChooseFilePath-Buffer-Overflow No CVE/CAN File-Text_Safenet-HASP-SL-ActiveX-Control-ChooseFilePath-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-Java-Web-Start-ActiveX-Control-LaunchApp-Memory-Access-Error CVE-2013-2416 File-Text_Oracle-Java-Web-Start-ActiveX-Control-LaunchApp-Memory-Access-Error Suspected Compromise
Fingerprint regexp changed
High IBM-iNotes-ActiveX-Control-Integer-Overflow CVE-2013-3027 File-Text_IBM-iNotes-ActiveX-Control-Integer-Overflow Suspected Compromise
Fingerprint regexp changed
High MW6-Technologies-Aztec-ActiveX-Control-Buffer-Overflow CVE-2013-6040 File-Text_MW6-Technologies-Aztec-ActiveX-Control-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High MW6-Technologies-Maxicode-ActiveX-Control-Buffer-Overflow CVE-2013-6040 File-Text_MW6-Technologies-Maxicode-ActiveX-Control-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High MW6-Technologies-Datamatrix-ActiveX-Control-Buffer-Overflow CVE-2013-6040 File-Text_MW6-Technologies-Datamatrix-ActiveX-Control-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Microsoft-Internet-Explorer-TSUserEX.DLL-ActiveX-Control-Vulnerability CVE-2006-4219 File-Text_Microsoft-Internet-Explorer-TSUserEX.DLL-ActiveX-Control-Vulnerability Suspected Compromise
Fingerprint regexp changed
High HP-Sprinter-Tidestone-Formula-One-ActiveX-Multiple-Memory-Corruption CVE-2014-2635 File-Text_HP-Sprinter-Tidestone-Formula-One-ActiveX-Multiple-Memory-Corruption Potential Compromise
Fingerprint regexp changed
High Advantech-WebAccess-SCADA-Webeye.ocx-IP_Addr-Parameter-Buffer-Overflow CVE-2014-8388 File-Text_Advantech-WebAccess-SCADA-Webeye.ocx-Obsolete-ActiveX-Control-Usage Suspected Compromise
Fingerprint regexp changed
High Honeywell-Opos-Suite-Hwoposscanner.ocx-Open-Method-Stack-Buffer-Overflow CVE-2014-8269 File-Text_Honeywell-Opos-Suite-Hwoposscanner.ocx-Open-Method-Stack-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Honeywell-Opos-Suite-Hwoposscale.ocx-Open-Method-Stack-Buffer-Overflow CVE-2014-8269 File-Text_Honeywell-Opos-Suite-Hwoposscale.ocx-Open-Method-Stack-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Out-Of-Bounds-Indexing CVE-2015-8040 File-Text_Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Vulnerabilities Potential Compromise
Fingerprint regexp changed
High Schneider-Electric-Proclima-Atx45-Sethtmlfilename-Heap-Buffer-Overflow CVE-2014-8511 File-Text_Schneider-Electric-Proclima-Atx45-Sethtmlfilename-Heap-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-Proclima-Metadraw-Arrangeobjects-Memory-Corruption CVE-2014-9188 File-Text_Schneider-Electric-Proclima-Metadraw-Several-Vulnerabilities Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-Isobjectmodel-Removeparameter-Stack-Buffer-Overflow CVE-2014-9200 File-Text_Schneider-Electric-Isobjectmodel-Removeparameter-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Oracle-Data-Quality-Trillium-Based-Setentities-Type-Confusion CVE-2015-0444 File-Text_Oracle-Data-Quality-Loaderwizard-Multiple-Type-Confusion-Vulnerabilities Suspected Compromise
Fingerprint regexp changed
High Panasonic-Security-API-SDK-Multicastaddr-Stack-Buffer-Overflow CVE-2015-4648 File-Text_Panasonic-Security-API-SDK-Multicastaddr-Stack-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High NetIQ-Security-Solutions-For-Iseries-Safeshellexecute-Stack-Buffer-Overflow CVE-2015-0795 File-Text_NetIQ-Security-Solutions-For-Iseries-Safeshellexecute-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High JavaScript-Obfuscation No CVE/CAN File-Text_JavaScript-ActiveX-Obfuscation Suspected Attack Related Anomalies
Fingerprint regexp changed
High Samsung-Smartviewer-Stwaxconfignvr-Memory-Corruption CVE-2015-8039 File-Text_Samsung-Smartviewer-Stwaxconfignvr-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Samsung-Smartviewer-Stwaxconfig-Memory-Corruption CVE-2015-8039 File-Text_Samsung-Smartviewer-Stwaxconfig-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Unitronics-VisiLogic-OPLC-ActiveX-Control-Memory-Corruption CVE-2015-6478 File-Text_Unitronics-VisiLogic-OPLC-TeeCommander-ChartLink-ActiveX-Control-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Schneider-Electric-Proclima-F1bookview-Copyall-Memory-Corruption CVE-2015-8561 File-Text_Schneider-Electric-Proclima-Multiple-Methods-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
High Unitronics-VisiLogic-OPLC-IDE-Teepreviewer-ChartLink-Memory-Corruption CVE-2015-6478 File-Text_Unitronics-VisiLogic-OPLC-IDE-Teepreviewer-ChartLink-Memory-Corruption Suspected Compromise
Fingerprint regexp changed

Other Binary File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Low Conflicting-Content-Type-Header No CVE/CAN File-Binary_Conflicting-Content-Type-JPEG Protocol Violations
Fingerprint regexp changed
High Delta-Industrial-Automation-CNCSoft-Screeneditor-Element-Name-Stack-BOF CVE-2020-16199 File-Binary_Delta-Industrial-Automation-CNCSoft-Screeneditor-Element-Name-Stack-BOF Suspected Compromise
Fingerprint regexp changed
Low Google-Chrome-Extension-Package No CVE/CAN File-Binary_Google-Chrome-CRX-Extension-Package Possibly Unwanted Content
Fingerprint regexp changed
High File-Type-Identification No CVE/CAN File-Binary_Microsoft-Word-For-Macintosh-Version-5-Document Potential Compromise
Fingerprint regexp changed
Low BZip2-Compressed-File No CVE/CAN File-Binary_BZip2-Compressed-File-Download Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Windows-Media-HTTP-Stream Streaming Protocols
Fingerprint regexp changed
Low Conflicting-Content-Type-Header No CVE/CAN File-Binary_Conflicting-Content-Type-Text Protocol Information
Fingerprint regexp changed
Low Conflicting-Content-Type-Header No CVE/CAN File-Binary_Conflicting-Content-Type-Text-HTML Protocol Information
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Standard-MIDI-Download Streaming Protocols
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Mp3-Download Streaming Protocols
Fingerprint regexp changed
High Cisco-Webex-Recording-Format-Player-Atas32.dll-Integer-Overflow CVE-2012-1336 File-Binary_Cisco-Webex-Recording-Format-Player-Atas32.dll-Integer-Overflow Suspected Compromise
Fingerprint regexp changed
Low Java-Related-File-Transfers No CVE/CAN File-Binary_Java-Class-File Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Rar-File Protocol Information
Fingerprint regexp changed
High Windows-Shell-Shortcut-Arbitrary-Code-Execution CVE-2010-2568 File-Binary_Windows-LNK-File-Transfer Suspected Attack Related Anomalies
Fingerprint regexp changed
Low Windows-Shell-Shortcut-Arbitrary-Code-Execution CVE-2010-2568 File-Binary_Windows-Control-Panel-Applet-Shortcut-File-Transfer Other Suspicious Traffic
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_TIFF-File Protocol Information
Fingerprint regexp changed
High Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow-2 CVE-2013-5879 File-Binary_Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow-2 Suspected Compromise
Fingerprint regexp changed
Low XAR-Archive-File-Transfer No CVE/CAN File-Binary_XAR-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Cabinet-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Binary_ELF-Executable-File-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Binary_Mach-O-Executable-File-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Critical IBM-Lotus-Domino-BMP-Color-Palette-Stack-Buffer-Overflow CVE-2015-1903 File-Binary_IBM-Lotus-Domino-BMP-Color-Palette-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_LhArc-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Ar-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Compiled-Help Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_ACE-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_StuffIt-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Blizzard-MPQ-Archive Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Matroska-Media-Container Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Memory-Dump Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Romfs-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_VMware-Virtual-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Oracle-VirtualBox-Virtual-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Hyper-V-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_CD-ROM-Disk-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Metafile Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Animation-Flic-Video Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-ASF-Container Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Word-Perfect-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Fax-Cover-Sheet Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_RealMedia-Video Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_RealNetworks-Internet-Video Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Lotus-1-2-3-Spreadsheet Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Excel-Legacy-Spreadsheet Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Word-Legacy-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Autocad-DWG Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Autocad-FAS Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Autodesk-Autocad-DWF Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-Binary_Microsoft-Windows-Help-Document Possibly Unwanted Content
Fingerprint regexp changed
High McAfee-Epolicy-Orchestrator-Datachannel-Guid-SQL-Injection CVE-2016-8027 File-Binary_McAfee-Epolicy-Orchestrator-Datachannel-Guid-SQL-Injection Suspected Compromise
Fingerprint regexp changed

PDF File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Adobe-Acrobat--Embedded-JBIG2-Stream-Buffer-Overflow CVE-2009-0658 File-PDF_Adobe-Acrobat-Embedded-JBIG2-Stream-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High JavaScript-In-PDF No CVE/CAN File-PDF_JavaScript-With-Open-Action-In-PDF-Not-HTTP-Port Suspected Compromise
Fingerprint regexp changed
High Foxit-PDF-Reader-And-Editor-Annotation-Rect-Use-After-Free CVE-2021-34842 File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-Rect-Use-After-Free Suspected Compromise
Fingerprint regexp changed
High Foxit-PDF-Reader-And-Editor-Annotation-CVE-2021-34850-Use-After-Free CVE-2021-34850 File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-CVE-2021-34850-Use-After-Free Suspected Compromise
Fingerprint regexp changed

OLE File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High OpenOffice-OLE-File-Stream-Buffer-Overflow CVE-2008-0320 File-OLE_OpenOffice-OLE-File-Stream-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Microsoft-Word-Mso.dll-Lscreateline-Memory-Corruption No CVE/CAN File-OLE_Microsoft-Word-Mso.dll-Lscreateline-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Excel-95-Workbook Possibly Unwanted Content
Fingerprint regexp changed
High Microsoft-OLE-Structured-Storage-File-Transfer No CVE/CAN File-OLE_Unusual-Directory-Structure Potential Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-Presentation Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Null-Class-Id Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Unknown-Class-Id Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Word-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Installer-Database Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Installer-Transform Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Installer-Patch Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-Slide Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Excel-Workbook Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Generic-OLE-Package Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Word-6-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Adobe-Photoshop-7-Image Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Outlook-Message Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Equation-2.0-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Equation-3.0-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-95-Presentation Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-PowerPoint-Add-In Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-OLE_Microsoft-Visio-Drawing Possibly Unwanted Content
Fingerprint regexp changed

Flash File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Low File-Type-Identification No CVE/CAN File-Flash_Adobe-Flash-Media-Transfer Streaming Protocols
Fingerprint regexp changed

HTTP Server Header Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Squid-Proxy-HTTP-Vary-Header-Handling-Denial-Of-Service CVE-2021-28662 HTTP_SHS-Squid-Proxy-HTTP-Vary-Header-Handling-Denial-Of-Service Suspected Compromise
Fingerprint regexp changed

PNG File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Libpng-PNG-Inflate-Buffer-Overflow CVE-2011-3045 File-PNG_Libpng-PNG-Inflate-Buffer-Overflow Potential Compromise
Fingerprint regexp changed

RIFF File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Adobe-Shockwave-Director-tSAC-Chunk-String-Termination-Memory-Corruption CVE-2011-2118 File-RIFF_Adobe-Shockwave-Director-tSAC-Chunk-Termination-Memory-Corruption Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-RIFF_WAVE-Download Streaming Protocols
Fingerprint regexp changed

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Novell-Groupwise-Internet-Agent-RRULE-Weekday-Parsing-Buffer-Overflow CVE-2011-2662 File-TextId_Novell-Groupwise-Internet-Agent-RRULE-Weekday-Parsing Suspected Compromise
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-TextId_Microsoft-Excel-2013-Workbook Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-TextId_Microsoft-Word-2010-Document Possibly Unwanted Content
Fingerprint regexp changed
Low File-Type-Identification No CVE/CAN File-TextId_Microsoft-Word-2013-Document Possibly Unwanted Content
Fingerprint regexp changed
High Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution No CVE/CAN File-TextId_Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution-1 Suspected Compromise
Description has changed
High Siemens-JT2Go-Plmxml-File-Parsing-External-Entity-Injection CVE-2020-26981 File-TextId_Siemens-JT2Go-Plmxml-File-Parsing-External-Entity-Injection Suspected Compromise
Fingerprint regexp changed
High Jenkins-Filesystem-Trigger-Plugin-External-Entity-Injection CVE-2021-21659 File-TextId_Jenkins-Filesystem-Trigger-Plugin-External-Entity-Injection Suspected Compromise
Fingerprint regexp changed

Zip File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Manageengine-Servicedesk-File-Upload-Directory-Traversal No CVE/CAN File-Zip_Manageengine-Servicedesk-File-Upload-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
Critical Microsoft-Java-VM-Bytecode-Verifier-Bypass CVE-2003-0111 File-Zip_Microsoft-Java-VM-Bytecode-Verifier-Bypass-JAR Compromise
Fingerprint regexp changed
High Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution CVE-2010-0263 File-Zip_Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution Suspected Compromise
Fingerprint regexp changed
High Oracle-Java-Rmi-Services-Default-Configuration-Remote-Code-Execution CVE-2011-3556 File-Zip_Oracle-Java-Rmi-Services-Default-Configuration-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Zip_Executable-In-JAR Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Zip_Executable-In-Archive Protocol Information
Fingerprint regexp changed
High Unitronics-VisiLogic-OPLC-IDE-Vlp-File-Parsing-Heap-Buffer-Overflow CVE-2015-7939 File-Zip_Unitronics-VisiLogic-OPLC-IDE-Vlp-File-Parsing-Heap-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High Trend-Micro-OfficeScan-Zip-Directory-Traversal CVE-2019-18187 File-Zip_Trend-Micro-OfficeScan-Zip-Directory-Traversal Suspected Compromise
Fingerprint regexp changed
High Zoho-Manageengine-Desktop-Central-Appdependency-Arbitrary-File-Write CVE-2020-10859 File-Zip_Zoho-Manageengine-Desktop-Central-Appdependency-Arbitrary-File-Write Suspected Compromise
Fingerprint regexp changed

Executable File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Low Executable-File-Transfer No CVE/CAN File-Exe_Executable-File-Upload Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Exe_Executable-File-Transfer Possibly Unwanted Content
Fingerprint regexp changed
Low Executable-File-Transfer No CVE/CAN File-Exe_Executable-In-Archive Protocol Information
Fingerprint regexp changed
Low UPX-Packed-Executable No CVE/CAN File-Exe_UPX-Packed-Executable Possibly Unwanted Content
Fingerprint regexp changed
High Microsoft-Windows-PE-File-Signature-Spoofing-Vulnerability CVE-2020-1599 File-Exe_Conflicting-Content-Type-HTA Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Category ResourceSpace
Category SonicWall

Updated objects:

Type Name Changes
IPList Rwanda
IPList Iraq
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Tanzania
IPList Armenia
IPList Kenya
IPList Seychelles
IPList Jordan
IPList Lebanon
IPList Kuwait
IPList Oman
IPList United Arab Emirates
IPList Israel
IPList Turkey
IPList Egypt
IPList Greece
IPList Estonia
IPList Latvia
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Åland
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Kosovo
IPList Zimbabwe
IPList Mauritius
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Sri Lanka
IPList Bhutan
IPList India
IPList Nepal
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Kyrgyzstan
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Brunei
IPList Macao
IPList Cambodia
IPList South Korea
IPList Japan
IPList Singapore
IPList Russia
IPList Mongolia
IPList Australia
IPList Christmas Island
IPList Papua New Guinea
IPList New Zealand
IPList Cameroon
IPList Congo Republic
IPList Portugal
IPList Ghana
IPList Equatorial Guinea
IPList Nigeria
IPList Guinea
IPList Mali
IPList Spain
IPList Morocco
IPList Malta
IPList Algeria
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList Monaco
IPList France
IPList Andorra
IPList Liechtenstein
IPList Jersey
IPList Isle of Man
IPList Slovakia
IPList Czechia
IPList Norway
IPList San Marino
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Angola
IPList Greenland
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Dominican Republic
IPList Bahamas
IPList Antigua and Barbuda
IPList Saint Lucia
IPList British Virgin Islands
IPList Saint Martin
IPList Saint Barthélemy
IPList Cayman Islands
IPList Belize
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Argentina
IPList Chile
IPList Bolivia
IPList Peru
IPList Mexico
IPList French Polynesia
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList Canada
IPList United States
IPList Serbia
IPList Antarctica
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon CLOUDFRONT
IPList Microsoft Azure datacenter for australiaeast
IPList Microsoft Azure datacenter for canadacentral
IPList TOR relay nodes IP Address List
IPList Microsoft Azure datacenter for centralus
IPList Microsoft Azure datacenter for southeastasia
IPList Microsoft Azure datacenter for westus2
IPList Microsoft Azure datacenter
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Amazon AMAZON sa-east-1
IPList Amazon AMAZON us-east-1
IPList Microsoft Azure datacenter for norwaye
IPList Microsoft Azure datacenter for switzerlandn
IPList Microsoft Azure service for AzureArcInfrastructure
IPList Microsoft Azure service for AzureCloud
IPList Microsoft Azure service for AzureSignalR
IPList Microsoft Azure service for AzureTrafficManager
IPList Microsoft Azure datacenter for swedencentral
IPList Microsoft Azure datacenter for westus3
IPList Microsoft Azure datacenter for qatarcentral
Situation DNS-TCP_Standard-Query-Request-Type-AAAA
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-WKS
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-Null
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-A
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-CNAME
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-MX
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-SRV
Fingerprint regexp changed
Situation DNS-TCP_Standard-Query-Request-Type-TXT
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-Null
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-WKS
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-TXT
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-A
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-CNAME
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-MX
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-SRV
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Request-Type-AAAA
Fingerprint regexp changed
Situation DNS-UDP_ISC-BIND-DNS-Key-Record-Too-Short-1
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ISC BIND removed
Category tag group CVE2020 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group UDP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Situation DNS-UDP_Standard-Query-Reply-Type-Null
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Reply-Type-KEY
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Reply-Type-A
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Reply-Type-CNAME
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Reply-Type-MX
Fingerprint regexp changed
Situation DNS-UDP_Standard-Query-Reply-Type-SRV
Fingerprint regexp changed
Situation DNS-UDP_Suspiciously-Long-TXT-Reply-Content
Fingerprint regexp changed
Situation DNS-UDP_ISC-BIND-DNS-Key-Record-Too-Short-2
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ISC BIND removed
Category tag group CVE2020 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group UDP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Situation HTTP_CS-Multiple-Host-Headers
Fingerprint regexp changed
Situation HTTP_CSU-Shared-Variables
Situation HTTP_CSU-Known-Exploit-Kit-Parameter-Pattern
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group HTTP URI Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation HTTP_CSH-Browser-Usage-Variables-Setter
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Generic browser removed
Category tag os_not_specific Any Operating System not specific removed
Category tag application_not_specific Generic browser not specific removed
Category tag situation Browsers removed
Category tag group TCP Client Traffic removed
Situation HTTP_CSH-GoogleEarth-Usage
Fingerprint regexp changed
Situation HTTP_CSH-Shared-Variables
Fingerprint regexp changed
Situation HTTP_CSH-Long-Range-Or-Range-Request-Header
Fingerprint regexp changed
Situation HTTP_SHS-Transfer-Encoding-Invalid
Fingerprint regexp changed
Situation HTTP_SHS-Transfer-Encoding-Chunked
Fingerprint regexp changed
Situation HTTP_SHS-Transfer-Encoding-Deflate
Fingerprint regexp changed
Situation HTTP_SHS-Transfer-Encoding-Compress
Fingerprint regexp changed
Situation HTTP_SHS-Transfer-Encoding-Gzip
Fingerprint regexp changed
Situation HTTP_SHS-Transfer-Encoding-Identity
Fingerprint regexp changed
Situation SMTP_Shared-Variables-For-Client-Command-Stream-Context
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation System Inspections removed
Category tag group TCP Client Traffic removed
Situation HTTP_Vulnerable-HTML-Help-ActiveX-Control-Access
Description has changed
Category tag situation Obsolete added
Category tag os Windows XP removed
Category tag os Windows 2000 removed
Category tag os Windows 2003 removed
Category tag hardware Any Hardware removed
Category tag group MS2007-02 removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows XP not specific removed
Category tag os_not_specific Windows 2000 not specific removed
Category tag os_not_specific Windows 2003 not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Server Traffic removed
Situation HTTP_Authentium-Command-AntiVirus-odapi.dll-Multiple-Buffer-Overflows
Description has changed
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Authentium Command Antivirus removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Server Traffic removed
Situation FTP_CS-Shared-Variables-For-Client-Stream-Context
Fingerprint regexp changed
Situation SMB-TCP_SC-Remote-Delete-Service
Fingerprint regexp changed
Situation SMB-TCP_SC-Remote-Start-Service
Fingerprint regexp changed
Situation SMB-TCP_SC-Remote-Stop-Service
Fingerprint regexp changed
Situation SMB-TCP_SC-At-Scheduler-JobAdd
Fingerprint regexp changed
Situation SMB-TCP_SC-At-Scheduler-JobDelete
Fingerprint regexp changed
Situation SMB-TCP_CHS-SMB3-Negotiate-Chained-Compression-Unsupported
Fingerprint regexp changed
Situation HTTP_SLS-Unknown-Informal-Status-Code
Fingerprint regexp changed
Situation HTTP_SLS-Unknown-Success-Status-Code
Fingerprint regexp changed
Situation HTTP_SLS-Unknown-Redirection-Status-Code
Fingerprint regexp changed
Situation HTTP_SLS-Unknown-Client-Error-Status-Code
Fingerprint regexp changed
Situation HTTP_SLS-Unknown-Server-Error-Status-Code
Fingerprint regexp changed
Situation File-Text_JavaScript-Comment-Split
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Generic HTTP client removed
Category tag os_not_specific Any Operating System not specific removed
Category tag application_not_specific Generic HTTP client not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Situation File-OLE_Microsoft-PowerPoint-95-Slide
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Microsoft PowerPoint removed
Category tag os_not_specific Windows not specific removed
Category tag application_not_specific Microsoft PowerPoint not specific removed
Category tag situation Possibly Unwanted Content removed
Situation File-Binary_Disk-Image-Transfer
Fingerprint regexp changed
Situation HTTP_SHS-Icecast-Not-Audio
Fingerprint regexp changed
Situation File-Text_Base64-Encoded-HTML-Object
Fingerprint regexp changed
Situation File-Text_Vulnerable-HTML-Help-ActiveX-Control-Access
Description has changed
Category tag situation Obsolete added
Category tag os Windows XP removed
Category tag os Windows 2000 removed
Category tag os Windows 2003 removed
Category tag hardware Any Hardware removed
Category tag group MS2007-02 removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows XP not specific removed
Category tag os_not_specific Windows 2000 not specific removed
Category tag os_not_specific Windows 2003 not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Situation File-Text_Authentium-Command-AntiVirus-odapi.dll-Multiple-Buffer-Overflows
Description has changed
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Authentium Command Antivirus removed
Category tag group CVE2007 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Situation File-TextId_Script-In-SVG
Fingerprint regexp changed
Situation File-Text_Internet-Explorer-AxDebugger-Document-ActiveX-Vulnerability
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-64-Bit
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-32-Bit
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Nonstandard-Optional-Header-Size
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Dynamic-Link-Libary
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Unknown-Architecture
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-x86-64
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-x86
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Header-Overlap
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Windows-Unknown-Subsystem
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Windows-POSIX-Subsystem
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Windows-OS2-Subsystem
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Windows-Console-Application
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Windows-GUI-Application
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Windows-Native-Subsystem
Fingerprint regexp changed
Situation File-Exe_Portable-Executable-Nonstandard-Optional-Header-Signature
Fingerprint regexp changed
Situation File-Text_Internet-Explorer-Sysmon-ActiveX-Denial-Of-Service
Fingerprint regexp changed

DISCLAIMER AND COPYRIGHT

Copyright © 2021 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.