Scribd
Upload
29 views7 pages

ADC Updates January 31 2024

The document describes new database assessment security (DAS) objects, web application firewall (WAF) signatures, database activity monitoring (DAM) table groups, and modified existing DAS objects that were added to improve security testing of databases and web applications.

Uploaded by

Rajeev Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
29 views7 pages

ADC Updates January 31 2024

The document describes new database assessment security (DAS) objects, web application firewall (WAF) signatures, database activity monitoring (DAM) table groups, and modified existing DAS objects that were added to improve security testing of databases and web applications.

Uploaded by

Rajeev Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

New DAS Objects: [total: 9]

==================================

Assessment Name: CVE-2023-47145: IBM Db2 is vulnerable to a privilege escalation to


SYSTEM user via MSI repair functionality on Windows.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-45193: IBM Db2 is vulnerable to a denial of service when


a specially crafted cursor is used.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-50308: IBM Db2 under certain circumstances could allow an
authenticated user to the database to cause a denial of service when a statement is
run on columnar tables.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-47746: IBM Db2 is vulnerable to a denial of service when


a specially crafted query is used.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-27859: IBM Db2 is vulnerable to remote code execution


caused by installing like-named jar files across multiple databases.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-47747: IBM Db2 is vulnerable to a denial of service when


using a specially crafted query.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-47141: IBM Db2 is vulnerable to denial of service with a


specially crafted query.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: CVE-2023-47158: IBM Db2 is vulnerable to denial of service with a


specially crafted query.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities

Assessment Name: Ensure Base Backups are Configured and Functional (PostgreSQL 15)
Affected Databases: PostgreSQL
Change Details: Added a new test for assessment policy CIS - Security Configuration
Benchmark (For PostgreSQL 15)

New WAF Objects: [total: 10]


==================================
Signature name: CVE-2023-6933: WP Better Search Replace Plugin - PHP Object
Injection
Signature ID:708163
Pattern: part="WP_HTML_Token", rgxp="WP_HTML_Token[\s\S]{1,200}\;\}"
Attack: Illegal Resource Access - Blocking
Attack Class: Illegal Resource Access
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Policy Name: CVE-2024-23897, CVE-2024-23898: Jenkins Arbitrary file read


vulnerability
Policy ID: 20000273
min_ver: 10.0 and above

Predicates:

1. HTTP Request, Operation: Match All

a. Part: Header
Match Operation: "MatchRegExp"
Name: "Side"
Value: "upload|download"
b. Part: Parameter
Match Operation: "Include"
Name: "remoting"
Value: "false"
c. Part: Header
Match Operation: "MatchRegExp"
Name: "Session"
Value: "."
d. Part: URL
Match Operation: "Include"
Value: "/cli"

2. HTTP Request Method Operation: At Least One


Value: POST

Signature name: SQLi array && array


Signature ID:708162
Pattern: part="array", rgxp="^[\s\S]{0,50}[\'\"\`]\s?or\s\(?\s?(array\s?\[)[\s\S]
{1,50}\]\s?\)?\s?\&\&\s?array"
Attack: SQL Injection - Blocking
Attack Class: SQL Injection
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Signature name: CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass


Signature ID:708161
Pattern: part="/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml"
Attack: Authentication Bypass - Blocking
Attack Class: Authentication Bypass
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications
Signature name: Blocking ptst.io domains for OOB attacks
Signature ID:708160
Pattern: part=".ptst.io", rgxp="\w{1,60}\.ptst\.io"
Attack: Automation Attack - Blocking
Attack Class: Automation Attack
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Signature name: Blocking .r87.me domains for OOB attacks


Signature ID:708158
Pattern: part=".r87.me", rgxp="\w{1,80}\.r87\.me"
Attack: Automation Attack - Blocking
Attack Class: Automation Attack
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Signature name: SQLI upper_inc(numrange)


Signature ID:708157
Pattern: part="upper_inc", part="numrange", rgxp="^[\s\S]{0,50}[\'\"\`]\s?or\s(not\
s)?upper_inc\(\s?numrange\([\s\S]{1,50}(\#|\-\-|\/\*)"
Attack: SQL Injection - Blocking
Attack Class: SQL Injection
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Signature name: SQLI lower_inc(numrange)


Signature ID:708156
Pattern: part="lower_inc", part="numrange", rgxp="^[\s\S]{0,50}[\'\"\`]\s?or\s(not\
s)?lower_inc\(\s?numrange\([\s\S]{1,50}(\#|\-\-|\/\*)"
Attack: SQL Injection - Blocking
Attack Class: SQL Injection
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Signature name: OR TRUE SQLi


Signature ID:708155
Pattern: part="true", rgxp="^.{0,100}[\'\"\)\;]\s?or\strue\s?(--|;|#).{0,10}$"
Attack: SQL Injection - Blocking
Attack Class: SQL Injection
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Signature name: OOB using tested-by-edgescan.com


Signature ID:708154
Pattern: part="tested-by-edgescan.com", rgxp="[\s\S]{1,50}tested-by-edgescan\.com"
Attack: Automation Attack - Blocking
Attack Class: Automation Attack
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

Modified DAM Objects: [total: 1]


==================================
Table Group Name: PostgreSQL System Object (Sensitive)
Object ID: 90070005
Affected Databases: PostgreSQL
Change Details: Added sensitive tables/views

Modified DAS Objects: [total: 39]


==================================

Assessment Name: Ensure 'log_error_verbosity' is Set Correctly


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Aurora
PostgreSQL)
Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure the Correct Messages Are Written to the Server Log (Aurora
PostgreSQL)
Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure the Correct SQL Statements Generating Errors are Recorded
(Aurora PostgreSQL)
Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'debug_print_parse' is Disabled (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'debug_print_rewritten' is disabled (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'debug_print_plan' is Disabled (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'debug_pretty_print' is Enabled (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'log_connections' is Enabled (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'log_disconnections' is Enabled (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'log_hostname' is Set Correctly (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: Ensure 'log_statement' is Set Correctly (Aurora PostgreSQL)


Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.

Assessment Name: CVE-2022-43680: Vulnerability in the Oracle Text (LibExpat)


component of Oracle Database Server
Affected Databases: Oracle
Change Details: Boolean Script for assessment test modified

Assessment Name: Permissions for local files directory of Namenode


Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Permissions for local files directory of Secondary Namenode


Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Permissions for local files directory of Datanode


Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Permissions for local files directory of HADOOP_LOG_DIR


Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Check permissions for files related to server SSL configuration
Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Check permissions for files related to client SSL configuration
Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Validate Truststore File Permissions for Druid (Router)


Affected Databases: Apache Druid
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Validate Config Files Permissions for Druid (Router)


Affected Databases: Apache Druid
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Validate Permissions for Request Logging File


Affected Databases: Apache Druid
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Validate Truststore File Permissions for Druid (Coordinator)


Affected Databases: Apache Druid
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Validate Config Files Permissions for Druid (Coordinator)


Affected Databases: Apache Druid
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Data Directory Access Mode (Neo4j)


Affected Databases: Neo4j
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Logs Directory Access Mode (Neo4j)


Affected Databases: Neo4j
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Check datadir permissions (Couchbase)


Affected Databases: Couchbase
Change Details: Added additional security checks for file permission to scripts

Assessment Name: static_config file permissions


Affected Databases: Couchbase
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Check logdir permissions


Affected Databases: Couchbase
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Aerospike Config File Access Mode


Affected Databases: Aerospike
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Aerospike Local Logs Access Mode


Affected Databases: Aerospike
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Config file permissions


Affected Databases: Yugabyte Cassandra
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Check datadir permissions


Affected Databases: Yugabyte Cassandra
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Ownership and Permissions for Impala Log Files


Affected Databases: Impala
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Ownership and Permissions for Impala Audit Log Files
Affected Databases: Impala
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Ownership and Permissions for $IMPALA_HOME Directory


Affected Databases: Impala
Change Details: Added additional security checks for file permission to scripts

Assessment Name: Redis Config File Permissions


Affected Databases: Redis
Change Details: Added additional security checks for file permission to scripts
Policy Name: DB2 Known Vulnerabilities
Affected Databases: DB2
Change Details: Associates new DB2 CVEs to policy

Policy Name: CIS - Security Configuration Benchmark For PostgreSQL 15


Affected Databases: PostgreSQL
Change Details: Added a new test to policy

Modified WAF Objects: [total: 1]


==================================

Signature name: Blocking OAST domains for OOB attacks


Signature ID:708118
Pattern: part=".oast", rgxp="\w{1,60}\.oast\.(pro|live|fun|online|me|site)"
Attack: Automation Attack - Blocking
Attack Class: Automation Attack
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications

You might also like