Blog

APPLICATION AND THREAT CONTENT RELEASE NOTES -UPDATED

WWN – SENIOR CHIEF CHRISTOPHER VERA IMAGE CREDIT FOXER/S ACADEMY

Application and Threat Content Release NotesVersion 498Notes: With Content 498, PAN-OS versions 6.1.4 and above can extract the destination server address from a SOCKS proxy connection, and apply URL filtering functions based on this address.New Applications (3)RiskNameCategorySubcategoryTechnologyDepends OnPreviously Identified AsMinimum PAN-OS Version1anydesknetworkingremote-accessclient-serversslssl5.0.01ibm-connect-directgeneral-internetfile-sharingclient-serverunknown-tcp5.0.01italkbb-chinese-tvmediaphoto-videoclient-serverssl,web-browsingunknown-udp5.0.0
Modified Applications (6)RiskNameCategorySubcategoryTechnologyDepends OnMinimum PAN-OS Version4google-docs-editing(function)business-systemsoffice-programsbrowser-basedgoogle-base,google-docs4.0.05psiphonnetworkingproxybrowser-basedike,ipsec-esp-udp,ssh,ssl,web-browsing4.0.04twitchmediaphoto-videobrowser-basedadobe-flash-socketpolicy-server,irc,ssl,web-browsing4.0.04ultrasurfnetworkingproxyclient-serverssl4.0.02webex-whiteboard(function)collaborationinternet-conferencingclient-serverssl,web-browsing,webex4.0.01windows-azure-base(function)business-systemsgeneral-businessbrowser-basedssl,web-browsing4.0.0
Modified Decoders (5)Namednsimapsockssmtppop3
New Anti-spyware Signatures (1)SeverityIDAttack NameDefault ActionMinimum PAN-OS VersionMaximum PAN-OS Versioncritical14328AlienSpy.Gen Command And Control Trafficalert4.0.0
Modified Anti-spyware Signatures (3)SeverityIDAttack NameDefault ActionMinimum PAN-OS VersionMaximum PAN-OS Versioncritical13518Favorites.Gen Command And Control Trafficalert4.0.0critical13742NUCLEAR.Gen Command And Control Trafficalert4.0.0high20000Conficker DNS Requestalert4.0.04.1.0.0
Disabled Anti-spyware Signatures (2)SeverityIDAttack NameDefault ActionMinimum PAN-OS VersionMaximum PAN-OS Versioncritical14037delf.Gen Command And Control Trafficalert4.0.0critical14000Suspicious.Gen Command And Control Trafficalert4.0.0
New File Type (1)SeverityIDFile Typelow52160CHM
New Vulnerability Signatures (9)SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Versioninformational37518TCP-Over-DNS Traffic Evasion Application Detectionallow4.0.0high37588JQuery Plugin JUI Filter Rules Parsing Code Execution Vulnerabilityalert4.0.0high37590Wordpress Survey and Poll Plugin SQL Injection VulnerabilityCVE-2015-2090alert4.0.0medium37591Microsoft Internet Explorer Same Origin Policy Bypass Vulnerabilityalert4.0.0medium37593VideoLan VLC Player M2V File Parsing Memory Corruption VulnerabilityCVE-2014-9598alert4.0.0medium37594VideoLan VLC Player FLV File Parsing Memory Corruption VulnerabilityCVE-2014-9597alert4.0.0high37639Generic Exploit Host Webpagealert4.0.0critical37645Malicious Flash File Detectionalert4.0.0high37592ClearSCADA Remote Authentication Bypass Vulnerabilityalert4.0.0
Modified Vulnerability Signatures (85)SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Versioncritical35703Adobe Flash Player RTMP Object Confusion VulnerabilityCVE-2013-2555APSB13-11reset-client4.0.0critical30336Microsoft Windows URI Handler Command Execution VulnerabilityCVE-2007-3896MS07-061reset-both5.0.0medium31040Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service VulnerabilityCVE-2007-3875reset-client4.0.0high31246ClamAV CHM File Handling Integer OverflowCVE-2005-2450reset-client4.0.0high31360Microsoft Windows itss.dll CHM File Handling Heap CorruptionCVE-2006-2297reset-client4.0.0critical32590Microsoft Windows GDI+ PNG Remote Code Execution VulnerabilityCVE-2009-3126MS09-062reset-both4.0.0critical32996Windows Media Player Remote Code Execution VulnerabilityCVE-2010-0268MS10-027reset-both4.0.0critical33432Generic Webpage exploitalert4.0.0critical33531Generic Exploit Host Webpagealert4.0.0critical33630Generic Exploit Host Webpagealert4.0.0critical33811Generic Exploit Host Webpagealert4.0.0critical33912Generic Exploit Host Webpagealert4.0.0critical33943Firefox Memory Corruption VulnerabilityCVE-2010-3765reset-both4.0.0critical34183Oracle Database CSA Remote Code Execution VulnerabilityCVE-2010-3600reset-server4.0.0critical34260Internet Explorer Uninitialized Memory Corruption VulnerabilityCVE-2010-2559MS10-053reset-both4.0.0critical34755Adobe Acrobat and Reader Code Execution VulnerabilityAPSB12-08reset-both4.0.0critical34828Microsoft Internet Explorer Center Element Memory Corruption VulnerabilityCVE-2012-1523MS12-037reset-both4.0.0critical34840Microsoft Internet Explorer Memory Corruption VulnerabilityCVE-2012-1889MS12-043reset-both4.0.0critical34859Apple iTunes m3u Playlist File Heap Based Buffer Overflow VulnerabilityCVE-2012-0677reset-both4.0.0critical34873Microsoft Internet Explorer Memory Corruption VulnerabilityCVE-2012-1522MS12-044reset-both4.0.0critical34899Microsoft Internet Explorer Virtual Function Table Memory Corruption VulnerabilityCVE-2012-2522MS12-052reset-both4.0.0critical34904Adobe Reader WKT String Buffer Overflow VulnerabilityCVE-2012-2050APSB12-16reset-both4.0.0critical34909Microsoft Exchange Server Oracle Outside In Libraries Remote Code Execution VulnerabilityCVE-2012-2525;CVE-2012-1767;CVE-2012-1773MS12-058,MS12-067reset-both4.0.0critical34913Microsoft Exchange Server Oracle Outside In Libraries JPEG2000 Remote Code Execution VulnerabilityCVE-2012-2525;CVE-2012-1767;CVE-2012-1773;CVE-2012-1769MS12-058,MS12-067reset-both4.0.0critical34918Adobe Flash OpenType Font VulnerabilityCVE-2012-1535APSB12-18reset-both4.0.0critical35018Microsoft Internet Explorer execCommand Use-After-Free VulnerabilityCVE-2012-4969MS12-063reset-both4.0.0critical35044Microsoft RTF File Heap Overflow VulnerabilityCVE-2012-0183MS12-029reset-both4.0.0critical35059Generic Exploit Host Webpagealert4.0.0critical35203Internet Explorer CSS Import Rule Processing Memory Corruption VulnerabilityCVE-2010-3971MS11-003reset-both4.0.0critical35225Microsoft Office Word Large SPRM Records Buffer Overflow VulnerabilityCVE-2009-0565MS09-027reset-both4.0.0critical35266Microsoft Windows Shell Validation Remote Code Execution VulnerabilityCVE-2010-0027MS10-007,MS10-002reset-both4.0.0critical35305Novell Groupwise HTTP Request Remote Code Execution Vulnerabilityreset-server4.0.0critical35313Oracle Java Runtime Environment Remote Code Execution VulnerabilityCVE-2012-5076reset-both4.0.0critical35314Oracle Java Runtime Environment Remote Code Execution VulnerabilityCVE-2013-0422reset-both4.0.0critical35536Microsoft Internet Explorer Layout Memory Corruption VulnerabilityCVE-2012-1526MS12-052reset-both4.0.0critical35642Microsoft Internet Explorer Use After Free VulnerabilityCVE-2013-0025MS13-009reset-both4.0.0critical35665Microsoft Internet Explorer Use After Free VulnerabilityCVE-2013-0025MS13-009reset-both4.0.0critical36356Gongda Exploit Kit landing pagealert4.0.0critical36466Fiesta Exploit Kit Detectionalert4.0.0critical36468Generic ActiveX Exploit Host Webpagealert4.0.0critical36469Generic ActiveX Exploit Host Webpagealert4.0.0critical36605GOON/INFINITY Exploit Kit Detectionalert4.0.0critical36606GOON/INFINITY Exploit Kit Detectionalert4.0.0critical36680Generic Exploit Host Webpagealert4.0.0critical36683RIG Exploit Kit Detectionalert4.0.0critical36689Fiesta Exploit Kit Detectionalert4.0.0critical36691Fiesta Exploit Kit Detectionalert4.0.0critical37274KAIXIN Exploit Kit Detectionalert4.0.0critical37282Generic Exploit Host Webpagealert5.0.0critical37285Generic Exploit Host Webpagealert4.0.0critical37289Generic Exploit Host Webpagealert4.0.0critical37291Generic Exploit Host Webpagealert4.0.0critical37292Generic Exploit Host Webpagealert4.0.0critical37294Generic Exploit Host Webpagealert4.0.0critical37295Generic Exploit Host Webpagealert4.0.0critical37302Fiesta Exploit Kit Detectionalert4.0.0critical37313Upatre/Dyre Phishing Traffic Detectionalert4.0.0critical37314Upatre/Dyre Phishing Traffic Detectionalert4.0.0critical37326Generic Exploit Host Webpagealert4.0.0critical37327GOON/INFINITY Exploit Kit Detectionalert4.0.0critical37329Generic Exploit Host Webpagealert4.0.0critical37330Generic Exploit Host Webpagealert4.0.0critical37333Generic Exploit Host Webpagealert4.0.0critical37336Generic Exploit Host Webpagealert4.0.0critical37338Generic Exploit Host Webpagealert4.0.0critical37339Generic Exploit Host Webpagealert4.0.0critical37340Generic Exploit Host Webpagealert4.0.0critical37347Generic Exploit Host Webpagealert4.0.0critical37348Generic Exploit Host Webpagealert4.0.0critical37359Dridex Malware Traffic Detectionalert4.0.0critical37361Generic Exploit Host Webpagealert4.0.0critical37362Generic Exploit Host Webpagealert4.0.0critical37423Generic Exploit Host Webpagealert4.0.0critical37424Generic Exploit Host Webpagealert4.0.0critical37441Generic Exploit Host Webpagealert4.0.0critical37443Generic Exploit Host Webpagealert4.0.0critical37444Generic Exploit Host Webpagealert4.0.0critical37445Generic Exploit Host Webpagealert4.0.0critical37446Generic Exploit Host Webpagealert4.0.0critical37447Generic Exploit Host Webpagealert4.0.0critical37448Generic Exploit Host Webpagealert4.0.0critical37529Generic Exploit Host Webpagealert4.0.0critical37553Generic Exploit Host Webpagealert4.0.0critical37556Generic Exploit Host Webpagealert4.0.0critical37566Generic Exploit Host Webpagealert4.0.0
Disabled Vulnerability Signatures (4)SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Versioncritical36690Fiesta Exploit Kit Detectionalert4.0.0critical37293Generic Exploit Host Webpagealert4.0.0critical37337Generic Exploit Host Webpagealert4.0.0critical37345Generic Exploit Host Webpagealert4.0.0


Remarkable, isn’t it?


Have a great day, guys!



David

— 
David Vincenzetti 
CEO

Hacking Team
Milan Singapore Washington DC
www.hackingteam.com

email: d.vincenzetti@hackingteam.com 
mobile: +39 3494403823 
phone: +39 0229060603 


Begin forwarded message:


Subject: Palo Alto Networks Content Updated
Date: May 6, 2015 at 1:47:21 AM GMT+2
To: Undisclosed recipients:;


Application and Threat Content Release Notes

Version 498

Notes: With Content 498, PAN-OS versions 6.1.4 and above can extract the destination server address from a SOCKS proxy connection, and apply URL filtering functions based on this address.

New Applications (3)

Risk Name Category Subcategory Technology Depends On Previously Identified As Minimum PAN-OS Version
1 anydesk networking remote-access client-server ssl ssl 5.0.0
1 ibm-connect-direct general-internet file-sharing client-server unknown-tcp 5.0.0
1 italkbb-chinese-tv media photo-video client-server ssl,web-browsing unknown-udp 5.0.0


Modified Applications (6)

Risk Name Category Subcategory Technology Depends On Minimum PAN-OS Version
4 google-docs-editing(function) business-systems office-programs browser-based google-base,google-docs 4.0.0
5 psiphon networking proxy browser-based ike,ipsec-esp-udp,ssh,ssl,web-browsing 4.0.0
4 twitch media photo-video browser-based adobe-flash-socketpolicy-server,irc,ssl,web-browsing 4.0.0
4 ultrasurf networking proxy client-server ssl 4.0.0
2 webex-whiteboard(function) collaboration internet-conferencing client-server ssl,web-browsing,webex 4.0.0
1 windows-azure-base(function) business-systems general-business browser-based ssl,web-browsing 4.0.0


Modified Decoders (5)

Name
dns
imap
socks
smtp
pop3


New Anti-spyware Signatures (1)

Severity ID Attack Name Default Action Minimum PAN-OS Version Maximum PAN-OS Version
critical 14328 AlienSpy.Gen Command And Control Traffic alert 4.0.0


Modified Anti-spyware Signatures (3)

Severity ID Attack Name Default Action Minimum PAN-OS Version Maximum PAN-OS Version
critical 13518 Favorites.Gen Command And Control Traffic alert 4.0.0
critical 13742 NUCLEAR.Gen Command And Control Traffic alert 4.0.0
high 20000 Conficker DNS Request alert 4.0.0 4.1.0.0


Disabled Anti-spyware Signatures (2)

Severity ID Attack Name Default Action Minimum PAN-OS Version Maximum PAN-OS Version
critical 14037 delf.Gen Command And Control Traffic alert 4.0.0
critical 14000 Suspicious.Gen Command And Control Traffic alert 4.0.0


New File Type (1)

Severity ID File Type
low 52160 CHM


New Vulnerability Signatures (9)

Severity ID Attack Name CVE ID Vendor ID Default Action Minimum PAN-OS Version
informational 37518 TCP-Over-DNS Traffic Evasion Application Detection allow 4.0.0
high 37588 JQuery Plugin JUI Filter Rules Parsing Code Execution Vulnerability alert 4.0.0
high 37590 WordPress Survey and Poll Plugin SQL Injection Vulnerability CVE-2015-2090 alert 4.0.0
medium 37591 Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability alert 4.0.0
medium 37593 VideoLan VLC Player M2V File Parsing Memory Corruption Vulnerability CVE-2014-9598 alert 4.0.0
medium 37594 VideoLan VLC Player FLV File Parsing Memory Corruption Vulnerability CVE-2014-9597 alert 4.0.0
high 37639 Generic Exploit Host Webpage alert 4.0.0
critical 37645 Malicious Flash File Detection alert 4.0.0
high 37592 ClearSCADA Remote Authentication Bypass Vulnerability alert 4.0.0


Modified Vulnerability Signatures (85)

Severity ID Attack Name CVE ID Vendor ID Default Action Minimum PAN-OS Version
critical 35703 Adobe Flash Player RTMP Object Confusion Vulnerability CVE-2013-2555 APSB13-11 reset-client 4.0.0
critical 30336 Microsoft Windows URI Handler Command Execution Vulnerability CVE-2007-3896 MS07-061 reset-both 5.0.0
medium 31040 Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service Vulnerability CVE-2007-3875 reset-client 4.0.0
high 31246 ClamAV CHM File Handling Integer Overflow CVE-2005-2450 reset-client 4.0.0
high 31360 Microsoft Windows itss.dll CHM File Handling Heap Corruption CVE-2006-2297 reset-client 4.0.0
critical 32590 Microsoft Windows GDI+ PNG Remote Code Execution Vulnerability CVE-2009-3126 MS09-062 reset-both 4.0.0
critical 32996 Windows Media Player Remote Code Execution Vulnerability CVE-2010-0268 MS10-027 reset-both 4.0.0
critical 33432 Generic Webpage exploit alert 4.0.0
critical 33531 Generic Exploit Host Webpage alert 4.0.0
critical 33630 Generic Exploit Host Webpage alert 4.0.0
critical 33811 Generic Exploit Host Webpage alert 4.0.0
critical 33912 Generic Exploit Host Webpage alert 4.0.0
critical 33943 Firefox Memory Corruption Vulnerability CVE-2010-3765 reset-both 4.0.0
critical 34183 Oracle Database CSA Remote Code Execution Vulnerability CVE-2010-3600 reset-server 4.0.0
critical 34260 Internet Explorer Uninitialized Memory Corruption Vulnerability CVE-2010-2559 MS10-053 reset-both 4.0.0
critical 34755 Adobe Acrobat and Reader Code Execution Vulnerability APSB12-08 reset-both 4.0.0
critical 34828 Microsoft Internet Explorer Center Element Memory Corruption Vulnerability CVE-2012-1523 MS12-037 reset-both 4.0.0
critical 34840 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2012-1889 MS12-043 reset-both 4.0.0
critical 34859 Apple iTunes m3u Playlist File Heap Based Buffer Overflow Vulnerability CVE-2012-0677 reset-both 4.0.0
critical 34873 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2012-1522 MS12-044 reset-both 4.0.0
critical 34899 Microsoft Internet Explorer Virtual Function Table Memory Corruption Vulnerability CVE-2012-2522 MS12-052 reset-both 4.0.0
critical 34904 Adobe Reader WKT String Buffer Overflow Vulnerability CVE-2012-2050 APSB12-16 reset-both 4.0.0
critical 34909 Microsoft Exchange Server Oracle Outside In Libraries Remote Code Execution Vulnerability CVE-2012-2525;CVE-2012-1767;CVE-2012-1773 MS12-058,MS12-067 reset-both 4.0.0
critical 34913 Microsoft Exchange Server Oracle Outside In Libraries JPEG2000 Remote Code Execution Vulnerability CVE-2012-2525;CVE-2012-1767;CVE-2012-1773;CVE-2012-1769 MS12-058,MS12-067 reset-both 4.0.0
critical 34918 Adobe Flash OpenType Font Vulnerability CVE-2012-1535 APSB12-18 reset-both 4.0.0
critical 35018 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability CVE-2012-4969 MS12-063 reset-both 4.0.0
critical 35044 Microsoft RTF File Heap Overflow Vulnerability CVE-2012-0183 MS12-029 reset-both 4.0.0
critical 35059 Generic Exploit Host Webpage alert 4.0.0
critical 35203 Internet Explorer CSS Import Rule Processing Memory Corruption Vulnerability CVE-2010-3971 MS11-003 reset-both 4.0.0
critical 35225 Microsoft Office Word Large SPRM Records Buffer Overflow Vulnerability CVE-2009-0565 MS09-027 reset-both 4.0.0
critical 35266 Microsoft Windows Shell Validation Remote Code Execution Vulnerability CVE-2010-0027 MS10-007,MS10-002 reset-both 4.0.0
critical 35305 Novell Groupwise HTTP Request Remote Code Execution Vulnerability reset-server 4.0.0
critical 35313 Oracle Java Runtime Environment Remote Code Execution Vulnerability CVE-2012-5076 reset-both 4.0.0
critical 35314 Oracle Java Runtime Environment Remote Code Execution Vulnerability CVE-2013-0422 reset-both 4.0.0
critical 35536 Microsoft Internet Explorer Layout Memory Corruption Vulnerability CVE-2012-1526 MS12-052 reset-both 4.0.0
critical 35642 Microsoft Internet Explorer Use After Free Vulnerability CVE-2013-0025 MS13-009 reset-both 4.0.0
critical 35665 Microsoft Internet Explorer Use After Free Vulnerability CVE-2013-0025 MS13-009 reset-both 4.0.0
critical 36356 Gongda Exploit Kit landing page alert 4.0.0
critical 36466 Fiesta Exploit Kit Detection alert 4.0.0
critical 36468 Generic ActiveX Exploit Host Webpage alert 4.0.0
critical 36469 Generic ActiveX Exploit Host Webpage alert 4.0.0
critical 36605 GOON/INFINITY Exploit Kit Detection alert 4.0.0
critical 36606 GOON/INFINITY Exploit Kit Detection alert 4.0.0
critical 36680 Generic Exploit Host Webpage alert 4.0.0
critical 36683 RIG Exploit Kit Detection alert 4.0.0
critical 36689 Fiesta Exploit Kit Detection alert 4.0.0
critical 36691 Fiesta Exploit Kit Detection alert 4.0.0
critical 37274 KAIXIN Exploit Kit Detection alert 4.0.0
critical 37282 Generic Exploit Host Webpage alert 5.0.0
critical 37285 Generic Exploit Host Webpage alert 4.0.0
critical 37289 Generic Exploit Host Webpage alert 4.0.0
critical 37291 Generic Exploit Host Webpage alert 4.0.0
critical 37292 Generic Exploit Host Webpage alert 4.0.0
critical 37294 Generic Exploit Host Webpage alert 4.0.0
critical 37295 Generic Exploit Host Webpage alert 4.0.0
critical 37302 Fiesta Exploit Kit Detection alert 4.0.0
critical 37313 Upatre/Dyre Phishing Traffic Detection alert 4.0.0
critical 37314 Upatre/Dyre Phishing Traffic Detection alert 4.0.0
critical 37326 Generic Exploit Host Webpage alert 4.0.0
critical 37327 GOON/INFINITY Exploit Kit Detection alert 4.0.0
critical 37329 Generic Exploit Host Webpage alert 4.0.0
critical 37330 Generic Exploit Host Webpage alert 4.0.0
critical 37333 Generic Exploit Host Webpage alert 4.0.0
critical 37336 Generic Exploit Host Webpage alert 4.0.0
critical 37338 Generic Exploit Host Webpage alert 4.0.0
critical 37339 Generic Exploit Host Webpage alert 4.0.0
critical 37340 Generic Exploit Host Webpage alert 4.0.0
critical 37347 Generic Exploit Host Webpage alert 4.0.0
critical 37348 Generic Exploit Host Webpage alert 4.0.0
critical 37359 Dridex Malware Traffic Detection alert 4.0.0
critical 37361 Generic Exploit Host Webpage alert 4.0.0
critical 37362 Generic Exploit Host Webpage alert 4.0.0
critical 37423 Generic Exploit Host Webpage alert 4.0.0
critical 37424 Generic Exploit Host Webpage alert 4.0.0
critical 37441 Generic Exploit Host Webpage alert 4.0.0
critical 37443 Generic Exploit Host Webpage alert 4.0.0
critical 37444 Generic Exploit Host Webpage alert 4.0.0
critical 37445 Generic Exploit Host Webpage alert 4.0.0
critical 37446 Generic Exploit Host Webpage alert 4.0.0
critical 37447 Generic Exploit Host Webpage alert 4.0.0
critical 37448 Generic Exploit Host Webpage alert 4.0.0
critical 37529 Generic Exploit Host Webpage alert 4.0.0
critical 37553 Generic Exploit Host Webpage alert 4.0.0
critical 37556 Generic Exploit Host Webpage alert 4.0.0
critical 37566 Generic Exploit Host Webpage alert 4.0.0


Disabled Vulnerability Signatures (4)

Severity ID Attack Name CVE ID Vendor ID Default Action Minimum PAN-OS Version
critical 36690 Fiesta Exploit Kit Detection alert 4.0.0
critical 37293 Generic Exploit Host Webpage alert 4.0.0
critical 37337 Generic Exploit Host Webpage alert 4.0.0
critical 37345 Generic Exploit Host Webpage alert 4.0.0




This email was sent to you because you are a registered user of the Palo Alto Networks Support Site. If you no longer wish to receive these updates, please unsubscribe by updating your profile on the Support Site.


TYPE THIS INTO TEXT EDITOR HTML. SOURCE-WIKILEAKS.ORG

Rate This Article:
No comments

leave a comment