Release notes for update package 1607-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday July 06, 2023
MD5 CHECKSUM:     703ecf5183257d0837ccc5589f6da553
SHA1 CHECKSUM:     27ac1c85602b19d323bf05fb86ac19a29049fa31
SHA256 CHECKSUM:     fa3ae9fabdf4daad7ba77692a925142fccf8441a2e55d7dcc4fc81ed93cf7059

UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a remote code execution vulnerability detected     No CVE/CAN Linux-Download-Commands-In-Parameter-Values
High     An attempt to exploit a vulnerability in JetBrains TeamCity detected     CVE-2023-34220     JetBrains-TeamCity-Commit-Status-Publisher-Page-Stored-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in OpenEMR Development Team OpenEMR detected     CVE-2023-2948     Openemr-Share_Template-List_Id-Reflected-Cross-Site-Scripting

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Linux-Download-Commands-In-Parameter-Values No CVE/CAN HTTP_CRL-Linux-Download-Commands-In-Parameter-Values Potential Compromise
High JetBrains-TeamCity-Commit-Status-Publisher-Page-Stored-Cross-Site-Scripting CVE-2023-34220 HTTP_CRL-JetBrains-TeamCity-Commit-Status-Publisher-Page-Stored-Cross-Site-Scripting Suspected Compromise
High Openemr-Share_Template-List_Id-Reflected-Cross-Site-Scripting CVE-2023-2948 HTTP_CRL-Openemr-Share_Template-List_Id-Reflected-Cross-Site-Scripting Suspected Compromise

Updated detected attacks:

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Junos-OS-Local-File-Inclusion-CVE-2022-22246 CVE-2022-22246 HTTP_CSU-Junos-OS-Local-File-Inclusion-CVE-2022-22246 Suspected Compromise
Fingerprint regexp changed

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High MS-Forefront-UAG-ExcelTable-Reflected-XSS CVE-2011-1896 HTTP_CRL-MS-Forefront-UAG-ExcelTable-Reflected-XSS Suspected Compromise
Detection mechanism updated
Low HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access CVE-2006-4511 HTTP_CRL-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access Potential Denial of Service
Fingerprint regexp changed
High HTTP-Webgais-Cgi-System-Compromise CVE-1999-0176 HTTP_CRL-Webgais-Cgi-System-Compromise Potential Compromise
Fingerprint regexp changed
High HTTP-Guestserver-Cgi-System-Compromise CVE-2001-0180 HTTP_CRL-Guestserver-Cgi-System-Compromise Potential Compromise
Fingerprint regexp changed
Low HTTP-Verity-Ultraseek-Search-Path-Disclosure CVE-2004-0050 HTTP_CRL-Verity-Ultraseek-Search-Path-Disclosure Potential Disclosure
Fingerprint regexp changed
High HTTP-MyBB-Domecode-Function-Php-Code-Execution CVE-2006-2908 HTTP_CRL-MyBB-Domecode-Function-Remote-Php-Code-Execution Potential Compromise
Fingerprint regexp changed
High Apache-Tomcat-Directory-Listing-Information-Disclosure No CVE/CAN HTTP_CRL-Apache-Tomcat-Directory-Listing-Information-Disclosure Suspected Disclosure
Fingerprint regexp changed
Low HTTP-CPanel-Multiple-Cross-Site-Scripting-Vulnerabilities CVE-2004-1875 HTTP_CRL-CPanel-Multiple-Cross-Site-Scripting-Vulnerabilities Potential Disclosure
Fingerprint regexp changed
High Novell-iManager-Create-Attribute-EnteredAttrName-Buffer-Overflow CVE-2011-4188 HTTP_CRL-Novell-iManager-Create-Attribute-EnteredAttrName-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Webmin-Show.cgi-Command-Execution CVE-2012-2982 HTTP_CRL-Webmin-Show.cgi-Command-Execution Suspected Compromise
Fingerprint regexp changed
High IIS-Isapi-Windows-Media-Services-BOF-MS03-019 CVE-2003-0227 HTTP_CRL-IIS-Isapi-Windows-Media-Services-BOF-3 Potential Compromise
Fingerprint regexp changed
High LabStore-SQL-Injection No CVE/CAN HTTP_CRL-LabStore-SQL-Injection Suspected Compromise
Fingerprint regexp changed
Low Microsoft-Sharepoint-Server-Access-Control-Vulnerability CVE-2008-4032 HTTP_CRL-Sharepoint-Server-Access-Control-Exploit Potential Disclosure
Fingerprint regexp changed
Critical MODx-Reflect-Base-File-Inclusion No CVE/CAN HTTP_CRL-MODx-Reflect-Base-File-Inclusion Compromise
Fingerprint regexp changed
Critical PicoFlat-Pagina-Parameter-File-Inclusion CVE-2007-5390 HTTP_CRL-PicoFlat-Pagina-Parameter-File-Inclusion Compromise
Fingerprint regexp changed
Critical WAMP-Webmail-No-Url-File-Inclusion CVE-2006-5147 HTTP_CRL-WAMP-Webmail-No-Url-File-Inclusion Compromise
Fingerprint regexp changed
High ocPortal-Arbitrary-File-Inclusion No CVE/CAN HTTP_CRL-ocPortal-Arbitrary-File-Inclusion-Vulnerability Suspected Compromise
Detection mechanism updated
High PHPWAY-Link-Management-Script-Multiple-File-Inclusion-Vulnerabilities CVE-2008-2270 HTTP_CRL-PHPWAY-Link-Management-Script-Main-Page-Directory-Remote-File-Inclusion Potential Compromise
Fingerprint regexp changed
High PHPWAY-Link-Management-Script-Multiple-File-Inclusion-Vulnerabilities CVE-2008-2270 HTTP_CRL-PHPWAY-Link-Management-Script-Page-To-Include-Remote-File-Inclusion Potential Compromise
Fingerprint regexp changed
Critical Microsoft-Active-Directory-Federation-Services-XSS-CVE-2015-1757 CVE-2015-1757 HTTP_CRL-Microsoft-Active-Directory-Federation-Services-XSS-CVE-2015-1757 Compromise
Detection mechanism updated
High PhpFileManager-Cmd-Parameter-Command-Execution No CVE/CAN HTTP_CRL-PhpFileManager-Cmd-Parameter-Command-Execution Suspected Compromise
Fingerprint regexp changed
High Novell-ZENworks-Mobile-Management-Cross-Site-Scripting No CVE/CAN HTTP_CRL-Novell-ZENworks-Mobile-Management-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed
High Spring-Core-Remote-Code-Execution CVE-2022-22965 HTTP_CRL-Spring-Core-Remote-Code-Execution-Suspicious-Parameter-Name Potential Compromise
Fingerprint regexp changed
High Gitlab-Community-And-Enterprise-Edition-Notes-Stored-Cross-Site-Scripting CVE-2022-1175 HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Notes-Stored-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed

Other Binary File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Adobe-Acrobat-Imageconversion-EMF-EMR_Stretchblt-Out-Of-Bounds-Read CVE-2018-4886 File-Binary_Adobe-Acrobat-Imageconversion-EMF-EMR_Stretchblt-Out-Of-Bounds-Read Potential Compromise
Fingerprint regexp changed

PDF File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High JavaScript-In-PDF No CVE/CAN File-PDF_JavaScript-With-Open-Action-In-PDF Potential Compromise
Fingerprint regexp changed

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Microsoft-Exchange-Unsafe-Deserialization-CVE-2022-41082 CVE-2022-41082 File-TextId_Microsoft-Exchange-Unsafe-Deserialization Suspected Compromise
Description has changed
High Schneider-Electric-IGSS-Dashboard-CVE-2023-3001-Insecure-Deserialization CVE-2023-3001 File-TextId_Schneider-Electric-IGSS-Dashboard-CVE-2023-3001-Insecure-Deserialization Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Appliance Information sg-1202-0-C1.svg
IPList Microsoft Azure service for AzureDeviceUpdate
IPList Microsoft Azure service for MicrosoftPurviewPolicyDistribution
IPList Amazon MEDIA_PACKAGE_V2 ca-central-1
IPList Amazon CODEBUILD il-central-1
Situation HTTP_Proxy-DNS-Lookup-Error
Situation HTTP_Proxy-Connection-Timeout

Updated objects:

Type Name Changes
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Tanzania
IPList Armenia
IPList DR Congo
IPList Uganda
IPList Seychelles
IPList Jordan
IPList Lebanon
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Turkey
IPList Egypt
IPList Greece
IPList Estonia
IPList Latvia
IPList Azerbaijan
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Zimbabwe
IPList Zambia
IPList Mauritius
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Tajikistan
IPList Sri Lanka
IPList India
IPList Nepal
IPList Myanmar
IPList Kazakhstan
IPList Kyrgyzstan
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Cambodia
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Russia
IPList Australia
IPList New Zealand
IPList Fiji
IPList Portugal
IPList Ghana
IPList Nigeria
IPList Spain
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Andorra
IPList Liechtenstein
IPList Jersey
IPList Guernsey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Bosnia and Herzegovina
IPList Angola
IPList Barbados
IPList French Guiana
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Dominican Republic
IPList Martinique
IPList Bermuda
IPList Anguilla
IPList Trinidad and Tobago
IPList St Kitts and Nevis
IPList Dominica
IPList Antigua and Barbuda
IPList Saint Lucia
IPList British Virgin Islands
IPList St Vincent and Grenadines
IPList Montserrat
IPList Guadeloupe
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Nicaragua
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Argentina
IPList Chile
IPList Bolivia
IPList Peru
IPList Mexico
IPList French Polynesia
IPList Niue
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Antarctica
IPList Sint Maarten
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon S3
IPList Amazon EC2
IPList Microsoft Azure datacenter for australiaeast
IPList Microsoft Azure datacenter for australiasoutheast
IPList Microsoft Azure datacenter for brazilsouth
IPList Microsoft Azure datacenter for canadacentral
IPList TOR relay nodes IP Address List
IPList Microsoft Azure datacenter for canadaeast
IPList Microsoft Azure datacenter for centralindia
IPList Microsoft Azure datacenter for centraluseuap
IPList Microsoft Azure datacenter for centralus
IPList Microsoft Azure datacenter for eastasia
IPList Microsoft Azure datacenter for eastus2euap
IPList Microsoft Azure datacenter for eastus2
IPList Microsoft Azure datacenter for eastus
IPList Microsoft Azure datacenter for centralfrance
IPList Microsoft Azure datacenter for southfrance
IPList Microsoft Azure datacenter for japaneast
IPList Microsoft Azure datacenter for japanwest
IPList Apple Servers
IPList Microsoft Azure datacenter for koreacentral
IPList Microsoft Azure datacenter for koreasouth
IPList Microsoft Azure datacenter for northcentralus
IPList Microsoft Azure datacenter for northeurope
IPList Microsoft Azure datacenter for southcentralus
IPList Microsoft Azure datacenter for southindia
IPList Microsoft Azure datacenter for southeastasia
IPList Microsoft Azure datacenter for uksouth
IPList Microsoft Azure datacenter for ukwest
IPList Microsoft Azure datacenter for westcentralus
IPList Microsoft Azure datacenter for westeurope
IPList Microsoft Azure datacenter for westindia
IPList Microsoft Azure datacenter for westus2
IPList Microsoft Azure datacenter for westus
IPList Microsoft Azure datacenter
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Microsoft Azure service for PowerPlatformPlex
IPList Amazon AMAZON ap-southeast-1
IPList NordVPN Servers IP Address List
IPList Microsoft Azure service for CognitiveServicesFrontend
IPList Amazon AMAZON ap-southeast-2
IPList Amazon EC2 ap-southeast-2
IPList Amazon AMAZON eu-west-3
IPList Amazon AMAZON us-east-1
IPList Amazon EC2 us-east-1
IPList Amazon AMAZON us-east-2
IPList Amazon S3 us-east-2
IPList Amazon AMAZON us-west-2
IPList Amazon EC2 us-west-2
IPList Microsoft Azure datacenter for australiacentral
IPList Microsoft Azure datacenter for australiacentral2
IPList Microsoft Azure datacenter for brazilse
IPList Microsoft Azure datacenter for germanyn
IPList Microsoft Azure datacenter for germanywc
IPList Microsoft Azure datacenter for norwaye
IPList Microsoft Azure datacenter for norwayw
IPList Microsoft Azure datacenter for southafricanorth
IPList Microsoft Azure datacenter for southafricawest
IPList Microsoft Azure datacenter for switzerlandn
IPList Microsoft Azure datacenter for switzerlandw
IPList Microsoft Azure datacenter for uaecentral
IPList Microsoft Azure datacenter for uaenorth
IPList Microsoft Azure datacenter for uknorth
IPList Microsoft Azure datacenter for uksouth2
IPList Microsoft Azure service for ActionGroup
IPList Microsoft Azure service for ApiManagement
IPList Microsoft Azure service for AppConfiguration
IPList Microsoft Azure service for AppServiceManagement
IPList Microsoft Azure service for AzureArcInfrastructure
IPList Microsoft Azure service for AzureBackup
IPList Microsoft Azure service for AzureCloud
IPList Microsoft Azure service for AzureConnectors
IPList Microsoft Azure service for AzureContainerRegistry
IPList Microsoft Azure service for AzureCosmosDB
IPList Microsoft Azure service for AzureDataExplorerManagement
IPList Microsoft Azure service for AzureDigitalTwins
IPList Microsoft Azure service for AzureEventGrid
IPList Microsoft Azure service for AzureFrontDoor_FirstParty
IPList Microsoft Azure service for AzureMonitor
IPList Microsoft Azure service for AzureMonitor_Core
IPList Microsoft Azure service for AzureResourceManager
IPList Microsoft Azure service for CognitiveServicesManagement
IPList Microsoft Azure service for EventHub
IPList Microsoft Azure service for HDInsight
IPList Microsoft Azure service for MicrosoftContainerRegistry
IPList Microsoft Azure service for PowerBI
IPList Microsoft Azure service for SqlManagement
IPList Microsoft Azure service for StorageSyncService
IPList Microsoft Azure datacenter for usstagee
IPList Microsoft Azure datacenter for jioindiacentral
IPList Microsoft Azure datacenter for jioindiawest
IPList Microsoft Azure datacenter for swedencentral
IPList Microsoft Azure datacenter for swedensouth
IPList Microsoft Azure datacenter for westus3
IPList Microsoft Azure datacenter for qatarcentral
IPList Microsoft Azure service for AzureAttestation
IPList Microsoft Azure datacenter for polandcentral
IPList Microsoft Azure datacenter for brazilne
IPList Microsoft Azure datacenter for northeurope2
IPList Microsoft Azure service for WindowsAdminCenter
IPList Google Cloud IP Address List for asia-southeast1
IPList Google Cloud IP Address List for europe-west1
IPList Google Cloud IP Address List for europe-west2
IPList Google Cloud IP Address List for us-east5
IPList Microsoft Azure service for AzureSentinel
Situation HTTP_CSU-Shared-Variables
Situation HTTP_CSH-Shared-Variables
Fingerprint regexp changed
Situation HTTP_CRL-Shared-Variables
Fingerprint regexp changed
Situation HTTP_CRL-IIS-Isapi-Dot-Printer-Buffer-Overflow
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application IIS removed
Category tag group MS2001 removed
Category tag group CVE2001 removed
Category tag os_not_specific Windows not specific removed
Category tag application_not_specific IIS not specific removed
Category tag situation Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Situation HTTP_CRL-OpenFire-Server-Multiple-Vulnerabilities
Fingerprint regexp changed
Situation HTTP_CRL-Script-In-URL-Parameters
Fingerprint regexp changed
Situation HTTP_CSH-PhpFileManager-Cmd-Parameter-Command-Execution
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application phpFileManager removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Fingerprint regexp changed
Situation File-PDF_JavaScript-With-Open-Action-In-PDF-Not-HTTP-Port
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Fingerprint regexp changed

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.