This month, the DARC has released 20 filters:
11 new filters were added to block specific attacks
7 filters have been defined to provide accurate reporting regarding attacks which were already blocked by generic filters
2 filters have been improved
This Blacklist is used for rWeb and R&S®Web Application Firewall (Blacklist engine).
Blacklist update files are available on https://my.denyall.com.
12584: D-Link DIR-300L/600L Remote Command Execution
The remote D-Link DIR router is affected by a remote command execution vulnerability. An unauthenticated remote attacker can use this vulnerability to execute operating system commands as root.
12586: System.ini leak
The remote server is vulnerable to an information leak that could allow a remote attacker to learn sensitive information.
12587: Grandstream Phone Web UI Information Disclosure
The remote Grandstream phone is affected by an information disclosure vulnerability in the web administration interface due to the failure to restrict access to sensitive configuration data. An unauthenticated, remote attacker can exploit this to disclose sensitive information related to the device, such as the admin password.
12588: Apache Hadoop YARN ResourceManager Unauthenticated RCE (Remote) (Xbash)
The Apache Hadoop YARN ResourceManager running on the remote host is allowing unauthenticated users to create and execute applications. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to potentially execute arbitrary code, subject to the user privileges of the executing node.
12590: Remote Unauthenticated Command Execution though CGI
The remote NETGEAR DGN device is affected by a flaw in the setup.cgi script that allows an unauthenticated remote attacker to execute arbitrary commands with root privileges.
12592: Apache Struts 2 - Arbitrary Remote Command Execution
The remote web server contains a web application that uses a Java framework, which is affected by a remote command execution vulnerability.
12594: Western Digital MyCloud Unauthenticated File Upload
The remote WD MyCloud device is affected by a file upload vulnerability that allows a remote attacker to upload and execute files.
12596: Blueimp jQuery-File-Upload - Unauthenticated arbitrary file upload
Blueimp jQuery-File-Upload <= v9.22.0 is affected by a file upload vulnerability that allows a remote attacker to upload and execute files.
12597: MVPower DVR Remote Command Execution
AOST-based network video recorder distributed by MVPower is affected by a remote command execution vulnerability. An unauthenticated remote attacker can use this vulnerability to execute operating system commands as root.
12600: AVTech Multiple Vulnerabilities through CGI - Unrestrictred download
The remote AVTech device is affected by multiple vulnerabilties through the CGI interface
12585: D-Link DIR 850L Router Local File Inclusion
The remote D-Link DIR router is affected by a local file inclusion vulnerability that allows an attacker to execute arbitrary PHP scripts.
12589: HP UCMDB Server BeanUtils Java Deserialization RCE
The HP Universal Configuration Management Database (UCMDB) Server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons BeanUtils library. An unauthenticated, remote attacker can exploit this, by sending a crafted POST request, to execute arbitrary code on the target host.
12591: NUUO NVR Web Interface RCE
The remote network video recorder doesn't properly sanitize some user input which can allow a remote unauthenticated user to execute commands as root.
12593: Trend Micro Control Manager GetPassword() SQLi
The Trend Micro Control Manager running on the remote host is affected by an SQLi vulnerability when processing an HTTP request due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. An unauthenticated, remote attacker can exploit this issue, via a specially crafted HTTP request, to execute code under the context of the Network Service account.
12595: BuddyPress Plugin for WordPress < 2.9.2 Information Disclosure
The BuddyPress Plugin for WordPress running on the remote web server is prior to version 2.9.2. It is, therefore, affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability, via a specially crafted request, to display private administrative group information.
12599: Belkin N750 Router 1.10.22 Command Injection
Belkin N750 Router 1.10.22 is affected by a remote command injection vulnerability.
12601: Apache .htaccess and .htpasswd Disclosure
The remote web server discloses information via HTTP request.
10340: Common SQL injection techniques
12486: Apache Struts2 class Parameter ClassLoader Manipulation
The ClassLoader (before 126.96.36.199) via the 'class' parameter is directly mapped to the getClass() method. A remote attacker can execute arbitrary Java code via crafted parameters.
12570: ManageEngine Firewall Analyzer Multiple XSS
ManageEngine Firewall Analyzer is affected by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session.
- Go to Security panel, BL & SL update,
- Upload the blacklist.xml file,
- To finish, restart your applications.
R&S®Web Application Firewall
The Blacklist can be updated via the backup system.
- Unzip the RS_Web_Application_Firewall_6.5_Blacklist_Update_2019-01-31.zip file
- Go to Management panel, Backups,
- Upload the backlist.backup file,
- Open the backup and restore the Static Blacklist,
- Go to Policies, Security and Blacklist Configurations,
- Modify each Blacklist Configuration and select the newest Static Blacklist,
- Save changes,
- To finish, select all modified Blacklist Configurations and Apply them.
- No labels