[Emerging-updates] Daily Ruleset Update Summary 09/10/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Sep 10 12:18:55 HADT 2013


[***]          Summary:          [***]

15 new Open rules. 40 new Pro rules (15/25).

MS Tuesday:
https://www.emergingthreats.net/2013/09/10/september-2013-microsoft-tuesday-coverage/

 PHP Super Globals, EK's, etc.

[+++]          Added rules:          [+++]

  Open:
  2017436 - ET WEB_SERVER PHP SERVER SuperGlobal in URI (web_server.rules)
  2017437 - ET WEB_SERVER PHP GET SuperGlobal in URI (web_server.rules)
  2017438 - ET WEB_SERVER PHP POST SuperGlobal in URI (web_server.rules)
  2017439 - ET WEB_SERVER PHP COOKIE SuperGlobal in URI (web_server.rules)
  2017440 - ET WEB_SERVER PHP SESSION SuperGlobal in URI (web_server.rules)
  2017441 - ET WEB_SERVER PHP REQUEST SuperGlobal in URI (web_server.rules)
  2017442 - ET WEB_SERVER PHP ENV SuperGlobal in URI (web_server.rules)
  2017443 - ET WEB_SERVER PHP SERVER SuperGlobal in POST (web_server.rules)
  2017444 - ET WEB_SERVER PHP GET SuperGlobal in POST (web_server.rules)
  2017445 - ET WEB_SERVER PHP POST SuperGlobal in POST (web_server.rules)
  2017446 - ET WEB_SERVER PHP COOKIE SuperGlobal in POST (web_server.rules)
  2017447 - ET WEB_SERVER PHP SESSION SuperGlobal in POST (web_server.rules)
  2017448 - ET WEB_SERVER PHP REQUEST SuperGlobal in POST (web_server.rules)
  2017449 - ET WEB_SERVER PHP ENV SuperGlobal in POST (web_server.rules)
  2017450 - ET CURRENT_EVENTS Sakura Sep 10 2013 (current_events.rules)

  Pro:
  2806970 - ETPRO WEB_SERVER Microsoft SharePoint DoS 1 CVE-2013-0081
(web_server.rules)
  2806971 - ETPRO WEB_SERVER Microsoft SharePoint DoS 2 CVE-2013-0081
(web_server.rules)
  2806972 - ETPRO WEB_SERVER Microsoft SharePoint XSS attempt CVE-2013-3180
(web_server.rules)
  2806973 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3202 (web_client.rules)
  2806974 - ETPRO WEB_CLIENT Microsoft Internet Explorer type confusion 1
CVE-2013-3203 (web_client.rules)
  2806975 - ETPRO WEB_CLIENT Microsoft Internet Explorer type confusion 2
CVE-2013-3203 (web_client.rules)
  2806976 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3205 (web_client.rules)
  2806977 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3206 (web_client.rules)
  2806978 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3207 (web_client.rules)
  2806979 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3208 (web_client.rules)
  2806980 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3209 (web_client.rules)
  2806981 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3845 (web_client.rules)
  2806982 - ETPRO EXPLOIT Microsoft .theme file Download with malicious
content CVE-2013-0810 (exploit.rules)
  2806983 - ETPRO WEB_CLIENT Possible FrontPage information disclosure via
XML CVE-2013-3137 (web_client.rules)
  2806984 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806985 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806986 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806987 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806988 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806989 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806990 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806991 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806992 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806993 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)
  2806994 - ETPRO DOS Active Directory DOS CVE-2013-3868 (dos.rules)


 [///]     Modified active rules:     [///]

  Open:
  2014636 - ET TROJAN Backdoor.Win32/Poison.BI (trojan.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2017183 - ET WEB_SERVER WebShell ASPXShell - Title (web_server.rules)
  2017435 - ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing JAR Sep
06 2013 (current_events.rules)

  Pro:
  2805916 - ETPRO TROJAN FAKEM RAT CnC (trojan.rules)


 [---]         Removed rules:         [---]

  2806872 - ETPRO TROJAN Trojan.Mybot-10022 CnC (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130910/d85f4576/attachment.html>


More information about the Emerging-updates mailing list