Release notes for update package 1588-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Monday May 15, 2023
MD5 CHECKSUM:     9fc40e692438b260f23d3958a5d63e67
SHA1 CHECKSUM:     86688a612abf610052278daca946806f01e85b22
SHA256 CHECKSUM:     b3493b5fa36ed4245e7c722264417689a3d559e0c666e1ac74caf85662efdfe5

UPDATE CRITICALITY:    MODERATE

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

Updated detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High HTTP-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass CVE-2009-3548 HTTP_CS-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass Potential Compromise
Fingerprint regexp changed
High Synology-DiskStation-Manager-Command-Execution CVE-2013-6955 HTTP_CS-Synology-DiskStation-Manager-Command-Execution Suspected Compromise
Name: Generic_CS-Synology-DiskStation-Manager-Command-Execution->HTTP_CS-Synology-DiskStation-Manager-Command-Execution
Category tag group HTTP Correlation Dependency Group added
Context has changed from TCP Client Stream Unknown to HTTP Client Stream

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High VMware-VNC-Vmwdynresolution-Heap-Buffer-Overflow CVE-2017-4933 Generic_CS-VMware-VNC-Vmwdynresolution-Heap-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed

HTTP Request Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High PeerCast-HTTP-Authentication-Buffer-Overflow No CVE/CAN HTTP_CSH-PeerCast-HTTP-Authentication-Buffer-Overflow Suspected Compromise
Name: Generic_CS-PeerCast-HTTP-Authentication-Buffer-Overflow->HTTP_CSH-PeerCast-HTTP-Authentication-Buffer-Overflow
Category tag group HTTP Correlation Dependency Group added
Context has changed from TCP Client Stream Unknown to HTTP Request Header Line
High HP-Operations-Manager-Server-Unauthorized-File-Upload CVE-2009-3843 HTTP_CSH-HP-Operations-Manager-Server-Unauthorized-File-Upload Suspected Compromise
Fingerprint regexp changed
High IBM-Rational-Quality-Manager-And-Test-Lab-Manager-Policy-Bypass No CVE/CAN HTTP_CSH-IBM-Rational-Quality-Manager-And-Test-Lab-Manager-Policy-Bypass Suspected Compromise
Fingerprint regexp changed
Critical Php-Nuke-Referer-SQL-Injection CVE-2007-1061 HTTP_CSH-SQL-Injection-In-Referer-Header-Field Compromise
Fingerprint regexp changed
High IBM-Cognos-Server-Backdoor-Account-Remote-Code-Execution CVE-2010-0557 HTTP_CSH-IBM-Cognos-Server-Backdoor-Account-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed
High Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery No CVE/CAN HTTP_CSH-Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery Suspected Compromise
Name: Generic_CS-Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery->HTTP_CSH-Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery
Category tag group HTTP Correlation Dependency Group added
Context has changed from TCP Client Stream Unknown to HTTP Request Header Line
High Samba-Swat-HTTP-Authentication-Buffer-Overflow CVE-2004-0600 HTTP_CSH-Samba-Swat-HTTP-Authentication-Buffer-Overflow Suspected Compromise
Name: Generic_CS-Samba-Swat-HTTP-Authentication-Buffer-Overflow->HTTP_CSH-Samba-Swat-HTTP-Authentication-Buffer-Overflow
Category tag group HTTP Correlation Dependency Group added
Context has changed from TCP Client Stream Unknown to HTTP Request Header Line

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Symantec-Scan-Engine-Authentication-Bypass CVE-2006-0230 HTTP_CRL-Symantec-Scan-Engine-Authentication-Bypass Suspected Compromise
Name: Generic_CS-Symantec-Scan-Engine-Authentication-Bypass->HTTP_CRL-Symantec-Scan-Engine-Authentication-Bypass
Category tag group HTTP Correlation Dependency Group added
Category tag group TCP Correlation Dependency Group removed
Context has changed from TCP Client Stream Unknown to HTTP Normalized Request-Line

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Microsoft-Internet-Explorer-Jserrortostring-Heap-Buffer-Overflow CVE-2017-11810 File-Text_Microsoft-Internet-Explorer-Jserrortostring-Heap-Buffer-Overflow Suspected Compromise
Detection mechanism updated

LIST OF OTHER CHANGES:

Updated objects:

Type Name Changes
Certificate Authority Hongkong Post Root CA 1
Marked for removal
Filter Security Risk Tag
Filter Hits by URL Category
Filter Total Application and Web Events
IPList Rwanda
IPList Cyprus
IPList Kenya
IPList Djibouti
IPList Central African Republic
IPList Lebanon
IPList Qatar
IPList United Arab Emirates
IPList Israel
IPList Turkey
IPList Greece
IPList Estonia
IPList Latvia
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Finland
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Mauritius
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Mozambique
IPList Pakistan
IPList Bangladesh
IPList India
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Thailand
IPList Indonesia
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList South Korea
IPList Japan
IPList Singapore
IPList Cook Islands
IPList Russia
IPList Australia
IPList Marshall Islands
IPList Solomon Islands
IPList New Zealand
IPList Fiji
IPList Portugal
IPList Nigeria
IPList Spain
IPList Malta
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Guernsey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Croatia
IPList Barbados
IPList French Guiana
IPList Greenland
IPList Brazil
IPList Jamaica
IPList Dominican Republic
IPList Martinique
IPList Trinidad and Tobago
IPList Dominica
IPList Saint Lucia
IPList Saint Martin
IPList Saint Barthélemy
IPList Guadeloupe
IPList Grenada
IPList El Salvador
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Haiti
IPList Argentina
IPList Chile
IPList Peru
IPList Mexico
IPList Pitcairn Islands
IPList Tonga
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList Canada
IPList United States
IPList Serbia
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList TOR relay nodes IP Address List
IPList Netflix Servers
IPList Amazon AMAZON ap-northeast-1
IPList Amazon AMAZON me-central-1
IPList Line Messenger IP Address List
IPList Okta IP Address List
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON eu-central-1
IPList Amazon AMAZON eu-west-1
IPList Amazon AMAZON us-west-2
Situation Generic_CS-HP-Operations-Manager-Server-Unauthorized-File-Upload
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application HP Operations Manager for Windows removed
Category tag group CVE2009 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application HP Performance Manager removed
Category tag group CVE2009 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-IBN-Director-CIM-Server-Consumer-Name-Handling-Denial-Of-Service
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application IBM Systems Director removed
Category tag group CVE2009 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Application-Server-Portal-Cross-Site-Scripting
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Application Server Portal removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-IBM-Rational-Quality-Manager-And-Test-Lab-Manager-Policy-Bypass
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application IBM Rational Quality Manager and Test Lab Manager removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-CA-Total-Defense-Suite-SQL-Injection-Vulnerability
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application CA Total Defense Suite removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-CA-Total-Defense-Suite-getDBConfigSettings-Credential-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application CA Total Defense Suite removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-CA-Total-Defense-Suite-UNCWS-UnassignFunctionalRoles-SQL-Injection
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application CA Total Defense Suite removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Sybase-M-Business-Anywhere-agSoap.exe-BOF
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Sybase M-Business Anywhere removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-McAfee-Firewall-Reporter-IsValidClient-Remote-Code-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application McAfee Firewall Reporter removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Cisco-Common-Services-Framework-Help-Servlet-Cross-Site-Scripting
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Cisco Systems Unified Operations Manager removed
Category tag application Cisco Systems CiscoWorks Common Services removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-GlassFish-Server-Malformed-Username-Cross-Site-Scripting
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle GlassFish Server removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Cisco-Common-Services-Devices-Center-Cross-Site-Scripting
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Cisco Systems Unified Operations Manager removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-HP-Web-Jetadmin
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application HP Web JetAdmin removed
Category tag group CVE2004 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-10g-Isqlplus-Service-Heap-Overflow
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Application Server 10g removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Red-Hat-Directory-Server-Accept-Language-Parsing-Buffer-Overflow
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Red Hat Directory Server removed
Category tag group CVE2008 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_HTTP-IBM-Cognos-Server-Backdoor-Account-Remote-Code-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application IBM Cognos Express removed
Category tag group CVE2010 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Novell-Groupwise-Internet-Agent-HTTP-Interface-Stack-Buffer-Overflow
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Novell GroupWise removed
Category tag group CVE2011 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Novell-Groupwise-Messenger-Nmma.exe-Createsearch-Memory-Corruption
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Novell GroupWise Messenger removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Asterisk-Management-Interface-Digest-Authentication-Stack-BOF
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Digium Asterisk removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-GlassFish-Server-Multiple-Reflected-XSS-Vulnerabilities
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle GlassFish Server removed
Category tag group CVE2012 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Business-Transaction-Management-Arbitrary-File-Creation
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Business Transaction Management removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Business-Transaction-Management-Arbitrary-File-Deletion
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Business Transaction Management removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Novell-Remote-Manager-Off-By-One-Denial-Of-Service
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Novell Remote Manager removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Webmin-Show.cgi-Command-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Webmin removed
Category tag group CVE2012 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Symantec-Messaging-Gateway-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Symantec Messaging Gateway removed
Category tag group CVE2012 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Solarwinds-Orion-Ipam-Reflected-Cross-Site-Scripting
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application SolarWinds Orion IPAM removed
Category tag group CVE2012 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Microsoft-OData-Protocol-Replace-Denial-Of-Service-Vulnerability
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag group MS2013-01 removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Digium Asterisk removed
Category tag group CVE2012 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Digium Asterisk removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Bitcoin-Miner-Getwork-JSON-Request
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Bitcoin removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Peer to Peer removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Pineapp-Mail-Secure-Ldapsyncnow-Remote-Command-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application PineApp Mail-SeCure removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Pineapp-Mail-Secure-Confpremenu.php-Export-Log-Command-Injection
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application PineApp Mail-SeCure removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Pineapp-Mail-Secure-Conflivelog.pl-Command-Injection
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application PineApp Mail-SeCure removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Endeca-Server-Createdatastore-Remote-Command-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Endeca Server removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Pineapp-Mail-Secure-Confpremenu.php-Install-License-Command-Injection
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application PineApp Mail-SeCure removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-BPEL-Process-Manager-Scriptservlet-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle BPEL Process Manager removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Zimbra-Collaboration-Server-Local-File-Inclusion
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Zimbra Collaboration Server removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-VMware-Hyperic-HQ-Groovy-Script-Console-Java-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application VMware Hyperic HQ removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Symantec-Endpoint-Protection-Manager-Xml-External-Entity
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Symantec Endpoint Protection Manager removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Digium-Asterisk-Cookie-Stack-Overflow
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Digium Asterisk removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Splunk-Collect-File-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Splunk removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-CA-Erwin-Web-Portal-Configserviceprovider-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application CA Erwin Web Portal removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-CA-Erwin-Web-Portal-Configserviceprovider-Remote-File-Creation
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application CA Erwin Web Portal removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Alienvault-Ossim-AV-Centerd-Util.pm-Get_License-Arbitrary-Command-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application AlienVault AlienVault removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Event-Processing-Fileuploadservlet-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Event Processing removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Business-Intelligence-Mobile-App-Designer-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Business Intelligence Mobile App Designer removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-HP-Network-Virtualization-toServerObject-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application HP Network Virtualization removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Manageengine-EventLog-Analyzer-Agenthandler-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ManageEngine EventLog Analyzer removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Symantec-Endpoint-Protection-Manager-Cross-Site-Scripting
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Symantec Endpoint Protection Manager removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation HTTP_CS-Arcserve-Unified-Data-Protection-Management-Service-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Arcserve Unified Data Protection removed
Category tag group CVE2015 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation HTTP_CS-Lexmark-Markvision-Enterprise-Libraryfileuploadservlet-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Lexmark MarkVision Enterprise removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation HTTP_CSU-Shared-Variables
Situation HTTP_CSH-Shared-Variables
Fingerprint regexp changed
Situation HTTP_CRL-Shared-Variables
Fingerprint regexp changed
Situation HTTP_CRL-Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ManageEngine EventLog Analyzer removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-Virtual-Server-Agent-Command-Injection
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Oracle Virtual Server removed
Category tag group CVE2010 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Manageengine-Desktop-Central-Statusupdate-Arbitrary-File-Upload
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ManageEngine DesktopCentral removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Manageengine-Desktop-Central-Msp-Fileuploadservlet-Arbitrary-File-Upload
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application ManageEngine DesktopCentral removed
Category tag group CVE2015 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Visual-Mining-Netcharts-Server-Savefile.jsp-Page-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Visual Mining NetCharts Server removed
Category tag group CVE2015 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Multiple-Solarwinds-Orion-Getaccounts-SQL-Injections
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application SolarWinds Orion IPAM removed
Category tag application SolarWinds NetFlow Traffic Analyzer removed
Category tag application SolarWinds Server and Application Monitor removed
Category tag application SolarWinds Network Configuration Manager removed
Category tag application SolarWinds Network Performance Monitor (NPM) removed
Category tag application SolarWinds User Device Tracker removed
Category tag application SolarWinds VoIP and Network Quality Manager removed
Category tag application SolarWinds Web Performance Monitor removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Solarwinds-Firewall-Security-Manager-Userlogin.jsp-Policy-Bypass
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application SolarWinds Firewall Security Manager removed
Category tag group CVE2015 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Arcserve-Unified-Data-Protection-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Arcserve Unified Data Protection removed
Category tag group CVE2015 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Arcserve-Unified-Data-Protection-Management-Service-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Arcserve Unified Data Protection removed
Category tag group CVE2015 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Lexmark-Markvision-Enterprise-Libraryfileuploadservlet-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Lexmark MarkVision Enterprise removed
Category tag group CVE2014 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation Generic_CS-Oracle-GoldenGate-Message-Length
Fingerprint regexp changed
Situation Generic_CS-Shared-Variable-Fingerprints
Fingerprint regexp changed

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.