Release notes for update package 1841-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Monday February 24, 2025
MD5 CHECKSUM:     0abd727a6ff41323e29d14490b729805
SHA1 CHECKSUM:     bb5fe8a108dafdab4414a7ddf627519d1e737126
SHA256 CHECKSUM:     d3ac3f4a79ad6c16e3111bd63c7306689449f198ca40085472afdcf5f2e24373


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in XWiki     CVE-2025-24893     Xwiki-Solrsearchmacros-Text-Code-Injection
High     An attempt to exploit a vulnerability in Gogs detected     CVE-2024-55947     Gogs-Repository-Contents-API-Path-Traversal
High     An attempt to exploit a vulnerability in Apache Solr detected     CVE-2024-52012     Apache-Solr-Configset-Upload-Directory-Traversal
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2024-49112     Microsoft-Windows-LDAP-Searchresultdone-Integer-Overflow-CVE-2024-49112
High     An attempt to exploit a vulnerability in Zimbra Collaboration Server detected     CVE-2024-45518     Zimbra-Collaboration-Proxy-Servlet-SSRF-CVE-2024-45518
High     An authentication failure in Microsoft Windows KDC Proxy detected     CVE-2024-43639     Microsoft-Windows-KDC-Proxy-KpsSocketRecvDataIoCompletion-Integer-Overflow
High     An attempt to exploit a vulnerability in Cisco IOS XE detected     CVE-2019-12651     Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12651
High     An attempt to exploit a vulnerability in Cisco IOS XE detected     CVE-2019-12650     Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12650
High     An attempt to exploit a vulnerability in a Cisco RV320 or RV325 router detected     CVE-2019-1653     Cisco-RV320-And-RV325-Information-Disclosure-CVE-2019-1653
High     An excessively large PNG image detected     CVE-2009-1097     Sun-Java-Web-Start-Splashscreen-PNG-Processing-Buffer-Overflow
High     A suspicious webpage containing obfuscated JavaScript detected     No CVE/CAN JavaScript-Obfuscated-With-Hangul-Filler-Characters
Low     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21285     Microsoft-Windows-MQ-Service-CVE-2025-21285-Null-Pointer-Dereference

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
Low Microsoft-Windows-MQ-Service-CVE-2025-21285-Null-Pointer-Dereference CVE-2025-21285 Generic_CS-Microsoft-Windows-Message-Queuing-Service-CVE-2025-21285-Null-Pointer-Dereference Possibly Unwanted Content

TCP Server Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Microsoft-Windows-KDC-Proxy-KpsSocketRecvDataIoCompletion-Integer-Overflow CVE-2024-43639 Generic_SS-Microsoft-Windows-KDC-Proxy-KpsSocketRecvDataIoCompletion-Integer-Overflow Suspected Compromise

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Zimbra-Collaboration-Proxy-Servlet-SSRF-CVE-2024-45518 CVE-2024-45518 HTTP_CSU-Zimbra-Collaboration-Proxy-Servlet-SSRF-CVE-2024-45518 Potential Compromise

LDAP Server Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Microsoft-Windows-LDAP-Searchresultdone-Integer-Overflow-CVE-2024-49112 CVE-2024-49112 LDAP_SS-Microsoft-Windows-LDAP-Searchresultdone-Integer-Overflow-CVE-2024-49112 Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Cisco-RV320-And-RV325-Information-Disclosure-CVE-2019-1653 CVE-2019-1653 HTTP_CRL-Cisco-RV320-And-RV325-Information-Disclosure-CVE-2019-1653 Suspected Compromise
High Gogs-Repository-Contents-API-Path-Traversal CVE-2024-55947 HTTP_CRL-Gogs-Repository-Contents-API-Path-Traversal Suspected Compromise
High Xwiki-Solrsearchmacros-Text-Code-Injection CVE-2025-24893 HTTP_CRL-Xwiki-Solrsearchmacros-Text-Code-Injection Suspected Compromise
High Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12650 CVE-2019-12650 HTTP_CRL-Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12650 Suspected Compromise
High Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12651 CVE-2019-12651 HTTP_CRL-Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12651 Suspected Compromise

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High JavaScript-Obfuscated-With-Hangul-Filler-Characters No CVE/CAN File-Text_JavaScript-Obfuscated-With-Hangul-Filler-Characters Suspected Compromise

PNG File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Sun-Java-Web-Start-Splashscreen-PNG-Processing-Buffer-Overflow CVE-2009-1097 File-PNG_PNG-Image-With-Excessively-Large-Height-Or-Width-Value Suspected Compromise

Archive type identification from member names

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Apache-Solr-Configset-Upload-Directory-Traversal CVE-2024-52012 File-Member-Name_Apache-Solr-Configset-Upload-Directory-Traversal Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Apache-Struts-File-Upload-Vulnerability-CVE-2023-50164 CVE-2023-50164 HTTP_CS-Apache-Struts-File-Upload-Vulnerabilities-CVE-2023-50164-CVE-2024-53677 Suspected Compromise
Name: HTTP_CS-Apache-Struts-File-Upload-Vulnerability-CVE-2023-50164->HTTP_CS-Apache-Struts-File-Upload-Vulnerabilities-CVE-2023-50164-CVE-2024-53677
Description has changed
Category tag group CVE2024 added
Fingerprint regexp changed

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Adobe-ColdFusion-Rmi-Registry-Insecure-Deserialization CVE-2017-11284 Generic_CS-Suspicious-Java-Serialized-Object Suspected Compromise
Description has changed
Category tag group CVE2017 added
Category tag group CVE2021 added
Low Microsoft-Message-Queuing-Remote-Code-Execution-CVE-2024-49122 CVE-2024-49122 Generic_CS-Microsoft-Message-Queuing-Binary-Protocol-Usage Protocol Information
Fingerprint regexp changed

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Wordpress-Wp-Statistics-Plugin-Gettop-Stored-Cross-Site-Scripting CVE-2024-2194 HTTP_CSU-Wordpress-Wp-Statistics-Plugin-Gettop-Stored-Cross-Site-Scripting Suspected Compromise
Category tag situation Suspected Compromise added
Category tag situation Potential Compromise removed
Fingerprint regexp changed
High Node.js-Systeminformation-Library-Command-Injection-CVE-2021-21315 CVE-2021-21315 HTTP_CSU-Node.js-Systeminformation-Command-Injection-CVE-2021-21315 Suspected Compromise
Name: HTTP_CRL-Node.js-Systeminformation-Library-Command-Injection-CVE-2021-21315->HTTP_CSU-Node.js-Systeminformation-Command-Injection-CVE-2021-21315
Category tag group TCP Correlation Dependency Group added
Category tag group HTTP URI Correlation Dependency Group added
Context has changed from HTTP Normalized Request-Line to HTTP Request URI

LDAP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Microsoft-Windows-Active-Directory-Buffer-Overflow CVE-2007-0040 LDAP_CS-Windows-Active-Directory-Buffer-Overflow Potential Compromise
Fingerprint regexp changed
High IBM-Lotus-Domino-LDAP-Bind-Request-Integer-Overflow CVE-2011-0917 LDAP_CS-IBM-Lotus-Domino-LDAP-Bind-Request-Integer-Overflow Suspected Compromise
Detection mechanism updated
High IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow CVE-2015-0117 LDAP_CS-IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow Suspected Compromise
Detection mechanism updated
Critical OpenLDAP-Nested-Filter-Stack-Overflow CVE-2020-12243 LDAP_CS-Samba-LDAP-Ad-Dc-Nested-Filter-Denial-Of-Service Compromise
Detection mechanism updated
High OpenLDAP-Slapd-Search-Parsing-Issuerandthisupdatecheck-Integer-Underflow CVE-2020-36228 LDAP_CS-OpenLDAP-Slapd-Search-Parsing-Issuerandthisupdatecheck-Integer-Underflow Suspected Compromise
Detection mechanism updated
High OpenLDAP-Slapd-Search-Parsing-Checktime-Assertion-Failure CVE-2021-27212 LDAP_CS-OpenLDAP-Slapd-Search-Parsing-Checktime-Assertion-Failure Suspected Compromise
Detection mechanism updated
High OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow CVE-2020-36221 LDAP_CS-OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow Suspected Denial of Service
Fingerprint regexp changed
High Microsoft-Active-Directory-Domain-Services-Elevation-Of-Privilege CVE-2021-42278 LDAP_CS-Microsoft-Active-Directory-Domain-Services-Elevation-Of-Privilege Suspected Compromise
Detection mechanism updated
High OpenLDAP-Back-SQL-LDAP-Search-SQL-Injection-Vulnerability CVE-2022-29155 LDAP_CS-OpenLDAP-Back-SQL-LDAP-Search-SQL-Injection-Vulnerability Suspected Compromise
Detection mechanism updated

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Cisco-RV320-And-RV325-Remote-Code-Execution-CVE-2019-1652 CVE-2019-1652 HTTP_CRL-Cisco-RV320-And-RV325-Remote-Code-Execution-CVE-2019-1652 Suspected Compromise
Name: HTTP_CRL-Cisco-RV320-And-RV325-Unauthenticated-Remote-Code-Execution->HTTP_CRL-Cisco-RV320-And-RV325-Remote-Code-Execution-CVE-2019-1652
Description has changed
Fingerprint regexp changed
High D-Link-Command-Injection-CVE-2019-16920 CVE-2019-16920 HTTP_CRL-D-Link-Command-Injection-CVE-2019-16920 Suspected Compromise
Fingerprint regexp changed

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Malicious-Internet-Shortcut-File No CVE/CAN File-Text_Suspicious-Internet-Shortcut-File Suspected Compromise
Description has changed
Category tag group MS2023-11 added
Category tag group CVE2023 added

PNG File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High PNG-GD-Graphics-Library-Rowbytes-And-Height-BOF CVE-2004-0990 File-PNG_PNG-Image-With-Large-Height-Or-Width-Value Potential Compromise
Comment has changed
Description has changed
Category tag os Any Operating System added
Category tag hardware Any Hardware added
Category tag application Any Software added
Category tag os_not_specific Any Operating System not specific added
Category tag application_not_specific Any Software not specific added
Category tag os Windows removed
Category tag hardware x86 removed
Category tag application Windows Media Player removed
Category tag os_not_specific Windows not specific removed
Fingerprint regexp changed

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Safari-Stack-Based-Out-Of-Bounds CVE-2020-27930 File-TextId_Safari-Stack-Based-Out-Of-Bounds Suspected Compromise
Fingerprint regexp changed
High Malicious-Internet-Shortcut-File No CVE/CAN File-TextId_Suspicious-Internet-Shortcut-File Suspected Compromise
Description has changed
Category tag group MS2023-11 added
Category tag group CVE2023 added

Zip File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Unzip-Extra-Field-Uncompressed-Size-Buffer-Overflow CVE-2014-9636 File-Zip_Unzip-Extra-Field-Uncompressed-Size-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Microsoft-Windows-MFC-Document-Title-Updating-Buffer-Overflow CVE-2010-3227 File-Zip_Microsoft-Windows-MFC-Document-Title-Updating-Buffer-Overflow Suspected Compromise
Detection mechanism updated

LIST OF OTHER CHANGES:

New objects:

Type Name
Category Microsoft Windows KDC Proxy
Category Neo4j
Application Grok

Updated objects:

Type Name Changes
Situation HTTP_CS-PNG-GD-Graphics-Library-Rowbytes-And-Height-BOF
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application GD Graphics Library removed
Category tag group CVE2004 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Fingerprint regexp changed
Situation File-Text_Internet-Shortcut-File-Transfer
Situation Generic_CS-Adobe-ColdFusion-Rmi-Registry-Insecure-Deserialization
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Adobe ColdFusion removed
Category tag group CVE2017 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
Fingerprint regexp changed
Situation File-PNG_Sun-Java-Web-Start-Splashscreen-PNG-Processing-Buffer-Overflow
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Sun Java Runtime Environment removed
Category tag application Sun Java Development Kit removed
Category tag group CVE2009 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Fingerprint regexp changed
Situation File-PNG_GD-Graphics-Library-Rowbytes-And-Height-BOF
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application GD Graphics Library removed
Category tag group CVE2004 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Fingerprint regexp changed
Situation File-PNG_IBM-Notes-PNG-Image-Parsing-Integer-Overflow
Description has changed
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application Lotus Notes removed
Category tag group CVE2013 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Suspected Compromise removed
Category tag group Severity over 4 Correlation Dependency Group removed
Fingerprint regexp changed
Situation File-TextId_Internet-Shortcut-File-Transfer
Situation File-Member-Name_Directory-Traversal-In-File-Name
Fingerprint regexp changed
Situation File-Name_Shared-Variables

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.