April 2016 Page 1 of 13

SOPHOS IPS Signature Update Release Notes Version: 7.16.18 Release Date : 13th August 2019

IPS Signature Update

August 2019 Page 2 of 13

Release Information

Upgrade Applicable on

IPS Signature Release Version 7.16.17

Sophos Appliance Models XG-550, XG-750, XG-650

Upgrade Information

Upgrade type: Automatic

Compatibility Annotations: None

Introduction

The Release Note document for IPS Signature Database Version 7.16.18 includes support for the new

signatures. The following sections describe the release in detail.

New IPS Signatures

The Sophos Intrusion Prevention System shields the network from known attacks by matching the

network traffic against the signatures in the IPS Signature Database. These signatures are developed to

significantly increase detection performance and reduce the false alarms.

Report false positives at support@sophos.com along with the application details.

IPS Signature Update

August 2019 Page 3 of 13

This IPS Release includes Seventy Nine(79) signatures to address Seventy Six (76) vulnerabilities.

New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-IE Microsoft Edge Chakra CVE-2018-0780 AsmJSByteCodeGenerator EmitCall Type Confusion I

CVE-2018-0780

Browsers 1

BROWSER-IE Microsoft Edge CVE-2019-1139 Type Confusion Vulnerability

CVE-2019-1139

Browsers 2

BROWSER-IE Microsoft Edge CVE-2019-1140 Type Confusion Vulnerability

CVE-2019-1140

Browsers 2

BROWSER-IE Microsoft Edge CVE-2019-1196 Type Confusion Vulnerability

CVE-2019-1196

Browsers 2

BROWSER-IE Microsoft Internet Explorer Invalid Flag Reference Memory Corruption

CVE-2010-3962

Browsers 1

FILE-OFFICE Microsoft Windows Image File Handling Information Disclosure

CVE-2016-7212

Office Tools 2

FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read

CVE-2018-4886

Application and Software

1

IPS Signature Update

August 2019 Page 4 of 13

attempt

FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read attempt

CVE-2018-4886

Application and Software

2

FILE-OTHER Microsoft Outlook CVE-2019-1199 Use-After-Free Vulnerability

CVE-2019-1199

Application and Software

2

PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt

NA Operating System

and Services 3

PROTOCOL-SCADA IEC 104 force off denial of service attempt

NA Industrial Control

System 3

PROTOCOL-SCADA Modbus function scan

NA Industrial Control

System 3

PROTOCOL-SCADA Modbus list scan

NA Industrial Control

System 3

PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt

NA Industrial Control

System 3

PROTOCOL-SCADA Rockwell Automation RSLinx Classic CIP SendRRData Heap Buffer Overflow

CVE-2018-14821

Industrial Control System

1

PROTOCOL-SCADA NA Industrial Control 3

IPS Signature Update

August 2019 Page 5 of 13

SCADA Engine OPC Server arbitrary file upload attempt

System

PROTOCOL-TELNET login buffer non-evasive overflow attempt

CVE-2001-0797

Operating System and Services

1

PROTOCOL-VOIP BYE flood

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service

CVE-2009-2346

VoIP and Instant Messaging

3

PROTOCOL-VOIP Ghost call attack attempt

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP INVITE flood

CVE-2008-5180

VoIP and Instant Messaging

3

PROTOCOL-VOIP Mr.SIP Invite Request Denial-Of-Service Attempt

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP Mr.SIP Subscribe Request Denial-Of-Service Attempt

NA VoIP and Instant

Messaging 3

PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt

NA VoIP and Instant

Messaging 1

PROTOCOL-VOIP Response code 405 Method Not Allowed response flood

NA VoIP and Instant

Messaging 3

IPS Signature Update

August 2019 Page 6 of 13

PROTOCOL-VOIP SIP REGISTER flood attempt

CVE-2014-2154

VoIP and Instant Messaging

1

PROTOCOL-VOIP SIP REGISTER flood attempt

CVE-2014-2154

VoIP and Instant Messaging

3

SERVER-APACHE Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service

CVE-2012-3526

Apache HTTP Server

2

SERVER-APACHE Apache Tomcat remote JSP file upload attempt

CVE-2017-12617

Apache HTTP Server

3

SERVER-IIS Microsoft ASP.NET Bad Request Denial-Of-Service Attempt

CVE-2009-1536

Microsoft IIS web server

1

SERVER-IIS Microsoft Windows ASP .NET denial of service attempt

CVE-2014-0253

Microsoft IIS web server

1

SERVER-IIS tilde character file name discovery attempt

NA Microsoft IIS web

server 1

SERVER-MAIL Multiple IMAP Servers APPEND Command Buffer Overflow Attempt

CVE-2006-6425

Other Mail Server

1

SERVER-MYSQL MySQL/MariaDB Server Geometry Query Multistring Object Integer Overflow attempt

CVE-2013-1861

Database Management

System 1

IPS Signature Update

August 2019 Page 7 of 13

SERVER-MYSQL MySQL/MariaDB Server Geometry Query Object Integer Overflow Attempt

CVE-2013-1861

Database Management

System 1

SERVER-MYSQL Oracle MySQL Server InnoDB Memcached Plugin Resource Exhaustion Attempt

CVE-2013-1570

Database Management

System 3

SERVER-MYSQL Oracle MySQL user enumeration attempt

CVE-2012-5615

Database Management

System 3

SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt

CVE-2016-0492

Database Management

System 2

SERVER-ORACLE Oracle Application Test Suite Server Authentication Bypass Attempt

CVE-2016-0492

Database Management

System 2

SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt

CVE-2016-0492

Other Web Server

2

SERVER-OTHER Cisco Catalyst Telnet Memory Leak Denial-Of-Service Attempt

NA Other Web

Server 3

SERVER-OTHER Dhcpcd Packet Size Buffer Overflow Attempt

CVE-2012-2152

Other Web Server

1

SERVER-OTHER DHCP Discover Broadcast

NA Other Web

Server 3

IPS Signature Update

August 2019 Page 8 of 13

Flood Attempt

SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt

CVE-2013-2329

Other Web Server

1

SERVER-OTHER HP-UX lpd command execution attempt

CVE-2005-3277

Other Web Server

1

SERVER-OTHER IBM Cognos Server Backdoor Account Remote Code Execution Attempt

CVE-2010-0557

Other Web Server

1

SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe Stack Buffer Overflow Attempt

CVE-2011-1206

Other Web Server

1

SERVER-OTHER ISC BIND 9 DNS rdata Length Handling Remote Denial-Of-Service Attempt

CVE-2013-4854

Other Web Server

3

SERVER-OTHER ISC BIND Malformed Control Channel Authentication Message Denial-Of-Service attempt

CVE-2016-1285

Other Web Server

3

SERVER-OTHER Java Library CommonsCollection Unauthorized Serialized Object Attempt

CVE-2015-3253

Other Web Server

1

SERVER-OTHER Microsoft Active

CVE-2013-

Other Web 3

IPS Signature Update

August 2019 Page 9 of 13

Directory LDAP Search Denial-Of-Service Attempt

1282 Server

SERVER-OTHER MIT Kerberos libkdb_ldap Principal Name Handling Denial-Of-Service Attempt

CVE-2011-0281

Other Web Server

3

SERVER-OTHER Multiple Vendors IPMI RAKP Username Brute Force Attempt

CVE-2013-4786

Other Web Server

2

SERVER-OTHER Novell NetWare AFP denial of service attempt

CVE-2010-0317

Other Web Server

3

SERVER-OTHER NTP mode 6 REQ_NONCE Denial-Of-Service Attempt

CVE-2013-5211

Other Web Server

3

SERVER-OTHER NTP mode 6 UNSETTRAP Denial-Of-Service Attempt

CVE-2013-5211

Other Web Server

3

SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt

CVE-2014-3567

Other Web Server

1

SERVER-OTHER OpenSSL TLS large number of session

CVE-2014-

Other Web Server

3

IPS Signature Update

August 2019 Page 10 of 13

tickets sent - possible dos attempt

3567

SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt

CVE-2014-0160

Other Web Server

3

SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt

CVE-2015-3329

Other Web Server

1

SERVER-OTHER Products Discovery Service Buffer Overflow

CVE-2006-5143

Other Web Server

4

SERVER-OTHER Products Discovery Service Buffer Overflow

CVE-2006-5143

Other Web Server

1

SERVER-OTHER Remote Desktop Protocol Brute Force Attempt

CVE-2015-0079

Other Web Server

3

SERVER-OTHER rsyslog Remote PRI Out Of Bounds Attempt

CVE-2014-3634

Other Web Server

1

SERVER-OTHER Spiffit UDP Denial-Of-Service Attempt

CVE-1999-0194

Other Web Server

3

SERVER-OTHER SSLv3 Plaintext Recovery Attempt

CVE-2013-0169

Other Web Server

1

SERVER-OTHER TLSv1.1 Plaintext Recovery Attempt

CVE-2013-0169

Other Web Server

1

SERVER-OTHER TLSv1.1 CVE- Other Web 2

IPS Signature Update

August 2019 Page 11 of 13

POODLE CBC Padding Brute Force Attempt

2014-8730

Server

SERVER-OTHER TLSv1.2 POODLE CBC Padding Brute Force Attempt

CVE-2014-8730

Other Web Server

2

SERVER-OTHER vsFTPd Denial-Of -Service Attempt

CVE-2004-2259

Other Web Server

3

SERVER-OTHER Windows iSCSI Target Login Request Denial-Of-Service Attempt

CVE-2014-0255

Other Web Server

3

SERVER-WEBAPP HPE Intelligent Management Center WebDMServlet Insecure Deserialization

CVE-2017-12558

Web Services and Applications

1

SERVER-WEBAPP WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow

CVE-2019-6537

Web Services and Applications

1

SERVER-WEBAPP WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow

CVE-2019-6537

Web Services and Applications

4

IPS Signature Update

August 2019 Page 12 of 13

• Name: Name of the Signature

• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

• Category: Class type according to threat

• Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical

IPS Signature Update

August 2019 Page 13 of 13

Important Notice

Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved.

All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters

Sophos Technologies Pvt. Ltd.

Reg. Office: Sophos House, Saigulshan Complex,

Beside White House, Panchvati Cross Road,

Ahmedabad – 380006, INDIA

Phone: +91-79-66216666

Fax: +91-79-26407640

Web site: www.sophos.com