Applications and Threats Content version 8202 and 8203 release notes

Manjunath_V · ‎11-28-2019

Team,

Please provide the release notes of Applications and Threats Content version 8202 and 8203

Remo · ‎12-02-2019

@Manjunath_V

In 8203 there are no modified applications

View solution in original post

OtakarKlier · ‎11-29-2019

Hello,

If you log into your support site, go to Updates->Dynamic updates.

Regards,

Remo · ‎11-30-2019

@OtakarKlier Do you see these versions there? I only see back to version 8205 and I assume this is the reason why @Manjunath_V is asking here ...

Manjunath_V · ‎12-02-2019

@Vsys yes you are right i was not able to find this in dynamic updates.

Remo · ‎12-02-2019

Applications and Threats Content Release Notes Version 8203

New Anti-Spyware Signatures (2)

Severity	ID	Attack Name	Default Action	Minimum PAN-OS Version	Maximum PAN-OS Version
critical	85446	MOONSHINE Android Malware Kit Command and Control Traffic Detection	reset-both	7.1.0
medium	85473	Malicious User-Agent in HTTP Traffic Detection	alert	7.1.0

New Vulnerability Signatures (24)

Severity	ID	Attack Name	CVE ID	Vendor ID	Default Action	Minimum PAN-OS Version	Maximum PAN-OS Version
high	56630	Nexus Yum Repository Plugin Remote Code Execution Vulnerability	CVE-2019-5475		alert	7.1.0
medium	56658	Google Chrome Popup Blocker Security Bypass Vulnerability	CVE-2019-5840		alert	7.1.0
critical	56692	Tecrail Responsive FileManager Server-Side Request Forgery Vulnerability	CVE-2018-14728		alert	7.1.0
high	56710	Microsoft Jet Database Engine Remote Code Execution Vulnerability	CVE-2019-1242		alert	7.1.0
critical	56722	HP Intelligent Management Center Command Injection Vulnerability	CVE-2019-5390		reset-both	7.1.0
critical	56723	HP Intelligent Management Center Memory Corruption Vulnerability	CVE-2019-5391		reset-both	7.1.0
high	56744	Atlassian Jira Customer Context Filter Path Traversal Vulnerability	CVE-2019-14994		alert	7.1.0
high	56778	E-Cology OA SQL Injection Vulnerability			alert	7.1.0
medium	56810	ASUS RT-N10 Repeater Command Injection Vulnerability			reset-both	7.1.0
critical	56814	Joomla! Component Raffle Factory SQL Injection Vulnerability	CVE-2018-17379		alert	7.1.0
high	56819	KDE KConfig Code Execution Vulnerability	CVE-2019-14744		alert	7.1.0
high	56820	Trend Micro Email Encryption Gateway Unvalidated Software Update Vulnerability	CVE-2018-6221		alert	7.1.0
medium	56823	Microsoft Office Sharepoint XSS Vulnerability	CVE-2019-1262		alert	8.1.0
critical	56824	IBM Operational Decision Manager XML External Entity Injection Vulnerability	CVE-2018-1821		alert	7.1.0
critical	56827	Cisco IOS XE WebUI Privileged Command Injection Vulnerability	CVE-2019-12650		alert	7.1.0
medium	56828	vBulletin SQL Injection Vulnerability	CVE-2019-17271		alert	7.1.0
critical	56831	Cyberark Password Vault Web Access Remote Code Execution Vulnerability	CVE-2018-9843		alert	7.1.0
high	56834	Cybelsoft ThinVNC Authentication Bypass Vulnerability	CVE-2019-17662		alert	7.1.0
critical	56835	Kibana Timelion Remote Code Execution Vulnerabilitiy	CVE-2019-7609		alert	7.1.0
critical	56836	Joomla! Component PrayerCenter SQL Injection Vulnerability	CVE-2018-7314		alert	7.1.0
critical	56840	Oracle Tarantella Enterprise Directory Traversal Vulnerability	CVE-2018-19753		alert	7.1.0
high	56845	Oracle Tarantella Enterprise Privilege Escalation Vulnerability	CVE-2018-19754		alert	7.1.0
critical	56848	Total.js CMS Remote Code Execution Vulnerability	CVE-2019-15954		alert	7.1.0
high	56849	Zoho ManageEngine Applications Manager MASRequestProcessor serverID SQL Injection Vulnerability			alert	7.1.0

Modified Vulnerability Signatures (96)

Severity	ID	Attack Name	CVE ID	Vendor ID	Default Action	Change	Minimum PAN-OS Version	Maximum PAN-OS Version
medium	30514	HTTP SQL Injection Attempt	CVE-2019-12516 CVE-2018-5315 CVE-2018-8734 CVE-2017-7973 CVE-2016-5792 CVE-2007-0984		alert	updated associated metadata information	7.1.0
medium	30657	MySQL Create Function Buffer Overflow Vulnerability	CVE-2005-2558		alert	updated associated metadata information	7.1.0
high	30725	Microsoft MDAC SoftwareDistribution.WebControl ActiveX Code execution Vulnerability	CVE-2006-0003		reset-both	updated associated metadata information	7.1.0
medium	31012	Apache apr-util IPv6 URI Parsing Vulnerability	CVE-2004-0786		alert	updated associated metadata information	7.1.0
critical	31586	CA BrightStor ARCserve Backup Universal Agent Buffer Overflow Vulnerability	CVE-2005-1018		reset-both	updated associated metadata information	7.1.0
high	32271	eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability	CVE-2006-3838		reset-both	updated associated metadata information	7.1.0
high	32575	Mozilla Firefox Multiple Unspecified Vulnerabilities	CVE-2009-3070		reset-both	updated associated metadata information	7.1.0
high	32658	HTTP Cross Site Scripting Attempt	CVE-2019-9167 CVE-2019-3963 CVE-2019-3964 CVE-2019-3965 CVE-2019-3966 CVE-2019-12517		alert	updated associated metadata information	7.1.0
medium	36239	HTTP SQL Injection Attempt	CVE-2017-8917 CVE-2018-10969 CVE-2019-12516		alert	updated associated metadata information	7.1.0
critical	38193	Android Stagefright Library Overflow Vulnerability	CVE-2015-1538		alert	updated associated metadata information	7.1.0
critical	39337	Wordpress Timing Side Channel Denial-Of-Service Vulnerability	CVE-2014-9034		alert	updated associated metadata information	7.1.0
critical	40440	Adobe Reader Memory Corruption Vulnerability	CVE-2017-16418	APSB17-36	reset-both	updated associated metadata information	7.1.0
critical	40453	Acrobat Reader Memory Corruption Vulnerability	CVE-2017-16394	APSB17-36	reset-both	updated associated metadata information	7.1.0
critical	40457	Adobe Reader Memory Corruption Vulnerability	CVE-2017-16411	APSB17-36	reset-both	updated associated metadata information	7.1.0
critical	40462	Android JavascriptInterface Code Execution Vulnerability			reset-both	updated associated metadata information	7.1.0
critical	40464	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11886		reset-both	updated associated metadata information	7.1.0
critical	40465	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11894		reset-both	updated associated metadata information	7.1.0
critical	40466	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11889		reset-both	updated associated metadata information	7.1.0
high	40467	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11916 CVE-2018-0840		reset-both	updated associated metadata information	7.1.0
critical	40468	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11909		reset-both	updated associated metadata information	7.1.0
critical	40469	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11918		reset-both	updated associated metadata information	7.1.0
high	40470	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11930		reset-both	updated associated metadata information	7.1.0
critical	40472	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11895		reset-both	updated associated metadata information	7.1.0
critical	40474	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11903		reset-both	updated associated metadata information	7.1.0
critical	40475	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11907		reset-both	updated associated metadata information	7.1.0
critical	40480	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11911		reset-both	updated associated metadata information	7.1.0
high	40481	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11913		reset-both	updated associated metadata information	7.1.0
critical	40482	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2017-11914		reset-both	updated associated metadata information	7.1.0
critical	40489	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0762		reset-both	updated associated metadata information	7.1.0
critical	40490	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0773		reset-both	updated associated metadata information	7.1.0
critical	40492	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0774		reset-both	updated associated metadata information	7.1.0
critical	40496	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0758		reset-both	updated associated metadata information	7.1.0
critical	40502	Microsoft Scripting Engine Information Disclosure Vulnerability	CVE-2018-0767		reset-both	updated associated metadata information	7.1.0
critical	40504	PHP Fileinfo Call Stack Exhaustion Denial-of-Service Vulnerability	CVE-2014-1943		reset-both	updated associated metadata information	7.1.0
critical	40505	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0838		reset-both	updated associated metadata information	7.1.0
critical	40508	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0858		reset-both	updated associated metadata information	7.1.0
critical	40509	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0860		reset-both	updated associated metadata information	7.1.0
critical	40511	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0837		reset-both	updated associated metadata information	7.1.0
critical	40512	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0835		reset-both	updated associated metadata information	7.1.0
high	40518	Microsoft Scripting Engine Information Disclosure Vulnerability	CVE-2018-0780		reset-both	updated associated metadata information	7.1.0
critical	40569	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0874		reset-both	updated associated metadata information	7.1.0
critical	40570	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0889		reset-both	updated associated metadata information	7.1.0
critical	40571	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0933 CVE-2018-0893		reset-both	updated associated metadata information	7.1.0
critical	40576	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0872		reset-both	updated associated metadata information	7.1.0
critical	40577	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0930		reset-both	updated associated metadata information	7.1.0
high	40585	Microsoft Windows Desktop Bridge Elevation Of Privilege Vulnerability	CVE-2018-0880		reset-both	updated associated metadata information	7.1.0
critical	40591	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0980		reset-both	updated associated metadata information	7.1.0
high	40597	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-1001		reset-both	updated associated metadata information	7.1.0
critical	40605	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0993		reset-both	updated associated metadata information	7.1.0
high	40610	Microsoft Excel Remote Code Execution Vulnerability	CVE-2018-0920		reset-both	updated associated metadata information	7.1.0
critical	40618	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0996		reset-both	updated associated metadata information	7.1.0
critical	40623	Microsoft Windows Vbscript Engine Remote Code Execution Vulnerability	CVE-2018-1004		reset-both	updated associated metadata information	7.1.0
critical	40634	uTorrent Remote Code Execution Vulnerability			reset-both	updated associated metadata information	7.1.0
critical	40642	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-8133 CVE-2018-8466		reset-both	updated associated metadata information	7.1.0
critical	40643	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-0953		reset-both	updated associated metadata information	7.1.0
critical	40645	Microsoft Browser Memory Corruption Vulnerability	CVE-2018-0954		reset-both	updated associated metadata information	7.1.0
high	40677	Adobe Reader Memory Corruption Vulnerability	CVE-2018-4967	APSB18-09	reset-both	updated associated metadata information	7.1.0
high	40690	Adobe Acrobat Web Capture Engine Memory Corruption Vulnerability	CVE-2018-4957	APSB18-09	reset-both	updated associated metadata information	7.1.0
high	40694	Adobe Reader Memory Corruption Vulnerability	CVE-2018-4975	APSB18-09	reset-both	updated associated metadata information	7.1.0
critical	40763	Microsoft Scripting Engine Memory Corruption Vulnerability	CVE-2018-8267		reset-both	updated associated metadata information	7.1.0
high	40896	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12781	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40898	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12791	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40908	Adobe Reader Memory Corruption Vulnerability	CVE-2018-5056	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40917	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12783	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40924	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12792	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40925	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12780	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40926	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12771	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40929	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12772	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40932	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12770	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40941	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12777	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40942	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12776	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40944	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12773	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40958	Adobe Acrobat Memory Corruption Vulnerability	CVE-2018-12774	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40959	Adobe Acrobat Memory Corruption Vulnerability	CVE-2018-12779	APSB18-21	reset-both	updated associated metadata information	7.1.0
critical	40986	Microsoft Internet Explorer Memory Corruption Vulnerability	CVE-2018-8631		reset-both	updated associated metadata information	7.1.0
high	40990	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12782	APSB18-21	reset-both	updated associated metadata information	7.1.0
high	40991	Adobe Reader Memory Corruption Vulnerability	CVE-2018-12799	APSB18-25	reset-both	updated associated metadata information	7.1.0
high	54080	Apache Santuario XML Security for Java DTD Denial-of-Service Vulnerability	CVE-2013-4517		reset-both	updated associated metadata information	7.1.0
high	54187	SpringSource Spring Framework SourceHttpMessageConverter XXE Information Disclosure Vulnerability	CVE-2013-6429		reset-both	updated associated metadata information	7.1.0
high	54196	Microsoft XML Core Services Integer Truncation Memory Corruption Vulnerability	CVE-2013-0006	MS13-002	reset-both	updated associated metadata information	7.1.0
high	54217	Oracle Java Security Slider Feature Bypass Vulnerability	CVE-2013-1489		reset-both	updated associated metadata information	7.1.0
high	54282	Oracle Java JPEGImageWriter Memory Corruption Vulnerability	CVE-2013-2429		reset-both	updated associated metadata information	7.1.0
high	54330	Novell iPrint Client ActiveX Control Stack Overflow Vulnerability	CVE-2011-3173		reset-both	updated associated metadata information	7.1.0
critical	54391	Microsoft Internet Explorer Internet Explorer Insecure Library Loading Vulnerability	CVE-2011-0038	MS11-003	alert	improved detection logic to address a possible fp issue	7.1.0
critical	54433	Malicious JavaScript Detection			reset-both	updated associated metadata information	7.1.0
high	54462	Protocol Evasion Application Detection			reset-both	updated associated metadata information	7.1.0
critical	54549	VBScript Remote Code Execution Vulnerability	CVE-2010-0483	MS10-022	reset-both	updated associated metadata information	7.1.0
critical	54552	Microsoft VBScript Memory Corruption Vulnerability	CVE-2014-0271	MS14-010 MS14-011	reset-both	updated associated metadata information	7.1.0
high	54646	RabbitMQ Web Management CSRF Vulnerability			reset-both	updated associated metadata information	7.1.0
critical	54703	CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow Vulnerability	CVE-2008-1472		reset-both	updated associated metadata information	7.1.0
high	54876	Clipbucket Arbitrary PHP Code Execution Vulnerability	CVE-2018-7665		alert	updated associated metadata information	7.1.0
high	55485	Adobe Reader Memory Corruption Vulnerability	CVE-2019-7109	APSB19-17	alert	improved detection logic to cover a new exploit	7.1.0
medium	55983	Sierra Wireless AirLink ES450 SNMPD Hard-coded Credentials Vulnerability	CVE-2018-4062		alert	updated associated metadata information	7.1.0
high	56129	Jackson-Databind Insecure Deserialization Vulnerability	CVE-2019-14361 CVE-2019-14439 CVE-2019-14379		reset-both	improved detection logic to cover a new exploit	7.1.0
critical	56471	Adobe Flash Player Memory Corruption Vulnerability	CVE-2015-8430 CVE-2015-8426 CVE-2015-8427	APSB15-32	alert	improved detection logic to address a possible fp issue	7.1.0
medium	56536	BACnet Stack 0.8.6 Denial-of-Service Vulnerability	CVE-2019-12480		alert	updated associated metadata information	7.1.0

Remo · ‎12-02-2019

Applications and Threats Content Release Notes Version 8202 - Part 1

Modified Applications (15)

Risk	Name	Category	Subcategory	Technology	Type of Change	Change	Depends On	Minimum PAN-OS Version
3	backblaze-backup	business-systems	storage-backup	client-server	expanded coverage; metadata change	from web-browsing to backblaze-backup; Added ssl and web-browsing in Implicit-use-application	ssl, web-browsing	6.1.0
2	chrome-remote-desktop	networking	remote-access	browser-based	expanded coverage; metadata change	from ssl, web-browsing to chrome-remote-desktop; Removed jabber from use-application; Added rtp as use-application	google-base, rtp-base, stun	6.1.0
2	cisco-spark-audio-video (functional)	collaboration	voip-video	peer-to-peer	metadata change	Extended UDP timeout to 3600s.	stun	6.1.0
1	cisco-spark-base	collaboration	social-business	browser-based	metadata change	Extended UDP timeout to 3600s.	ssl, web-browsing, webex-base, websocket	6.1.0
2	cisco-spark-file-transfer (functional)	collaboration	social-business	browser-based	metadata change	Extended UDP timeout to 3600s.	cisco-spark-base, jungledisk, ssl, web-browsing	6.1.0
2	h.225	collaboration	voip-video	client-server	expanded coverage	from unknown-tcp to h.225		6.1.0
5	hamachi	networking	encrypted-tunnel	peer-to-peer	removed false positive	from hamachi to unknown-udp	web-browsing	6.1.0
2	instagram-base	media	photo-video	client-server	metadata change	Added Web-browsing in Implicit-use-application	apple-maps, google-maps, ssl, web-browsing	6.1.0
2	instagram-upload (functional)	media	photo-video	client-server	expanded coverage; metadata change	from instagram-base,facebook-base to instagram-upload; Added ssl and web-browsing in Implicit-use-application	apple-maps, google-maps, instagram-base, ssl, web-browsing	6.1.0
2	ldap	business-systems	auth-service	client-server	expanded coverage	from insufficient-data to ldap		6.1.0
2	ms-wmi (functional)	business-systems	management	client-server	expanded coverage	from msrpc to ms-wmi	msrpc-base	6.1.0
2	slack-base	collaboration	social-business	browser-based	expanded coverage	from web-browsing, websocket to slack-base	ssl, web-browsing, websocket	6.1.0
2	telegram	collaboration	instant-messaging	client-server	expanded coverage	from unknown-udp to telegram	ssl, web-browsing	6.1.0
3	webex-base	collaboration	internet-conferencing	client-server	metadata change	Extended UDP timeout to 3600s.	cisco-spark-base, rtcp, rtp-base, ssl, stun, web-browsing	6.1.0
3	webex-desktop-sharing (functional)	collaboration	internet-conferencing	client-server	metadata change	Extended UDP timeout to 3600s.	ssl, web-browsing, webex-base	6.1.0

Modified Decoders (4)

Name

http

http2

msrpc

smb

New Anti-Spyware Signatures (24)

Severity	ID	Attack Name	Default Action	Minimum PAN-OS Version	Maximum PAN-OS Version
critical	85350	Cobalt Strike Beacon Command and Control Traffic Detection	reset-both	7.1.0
informational	85386	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85388	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85389	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85391	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85393	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85396	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85398	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85400	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85402	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85403	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85404	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85405	Trojan.Gafgyt Command and Control Traffic Detection	alert	7.1.0
informational	85407	Trojan.Zegost Command and Control Traffic	alert	7.1.0
critical	85447	NetWire RAT Command and Control Traffic Detection	reset-both	7.1.0
critical	85448	Pony Command and Control Traffic Detection	reset-both	7.1.0
critical	85449	JackFruit Command and Control Traffic Detection	reset-both	7.1.0
critical	85450	MuddyWater Command and Control Traffic Detection	reset-both	7.1.0
critical	85457	AZORult Command and Control Traffic Detection	reset-both	7.1.0
critical	85458	Amadey Botnet Command and Control Traffic Detection	reset-both	7.1.0
critical	85459	MasterMana Command and Control Traffic Detection	reset-both	8.1.0
critical	85460	MasterMana Command and Control Traffic Detection	reset-both	7.1.0
medium	85461	Generic Trojan Command and Control Traffic Detection	reset-both	7.1.0
critical	85467	Casbaneiro Command and Control Traffic Detection	reset-both	7.1.0

Modified Anti-Spyware Signatures (103)

Severity	ID	Attack Name	Default Action	Change	Minimum PAN-OS Version	Maximum PAN-OS Version
medium	18019	X.509 Extensions Channel Command and Control Traffic Detection	alert	improved detection logic to address a possible fp issue	7.1.0
critical	80060	Wells Fargo Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	80061	NBC Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	80062	Microsoft Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	80063	Gmail Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	80064	AOL Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	80065	PayPal Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	80066	Fifth Third Bank Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	83087	Webshell.PHP.tennc.Chinese_Hackers Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83088	Webshell.PHP.xl7dev.Silic_Group_Hacker_Army Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83089	Webshell.PHP.Johntroony.SimShell_1.0 Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83090	Webshell.PHP.tennc.b374k_2.1 Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83091	Webshell.PHP.JohnTroony.aZRaiLPhp_v1.0 Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83092	Webshell.PHP.mattiasgeniar.b374k_2.2 Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83093	Webshell.PHP.ysrc.Chinese_Hackers Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83094	Webshell.PHP.ysrc.F4ckTeam Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83095	Webshell.PHP.ysrc.Mysql_BackDoor Command And Control Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	83097	Webshell.PHP.ysrc.b1u3b0y Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83098	Webshell.PHP.ysrc.ExpDoor.com Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83099	Webshell.PHP.ysrc.MetalSoft_Hackers_Team_1.1 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83100	Webshell.PHP.tennc.sky_oot Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83101	Webshell.PHP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83102	Webshell.PHP.tennc.Deface_Keeper_0.2 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83103	Webshell.PHP.JohnTroony.NTDaddy_v1.9 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83104	Webshell.PHP.xl7dev.oTTo Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83105	Webshell.PHP.xl7dev.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83108	Webshell.PHP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83109	Webshell.PHP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83110	Webshell.PHP.tennc.C37_Shell_v1.1 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83111	Webshell.PHP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83112	Webshell.PHP.bartblaze.GaZa Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83113	Webshell.PHP.ysrc.egy_spider Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83114	Webshell.PHP.bartblaze.RevSlideR_2015 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83117	Webshell.PHP.bartblaze.INDRAJITH_SHELL_v.2.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83118	Webshell.PHP.tanjiti.devilzShell Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83119	Webshell.PHP.ysrc.Kacak_FSO_1.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83120	Webshell.PHP.tanjiti.Devil_shell_v2.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83121	Webshell.PHP.mattiasgeniar.Rebels_Mailer Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83122	Webshell.PHP.tanjiti.Mauritania_Attacker_and_Virusa_Worm Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83123	Webshell.PHP.tdifg.Mexican_WebShell_PHP Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83124	Webshell.PHP.tanjiti.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83125	Webshell.PHP.mattiasgeniar.Pro_Mailer_V2 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83126	Webshell.PHP.mattiasgeniar.team_p Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83127	Webshell.PHP.tennc.MumaSec Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83128	Webshell.PHP.tennc.Shor7cut Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83129	Webshell.PHP.tanjiti.iMHaBiRLiGi Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83134	Webshell.PHP.tdifg.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83135	Webshell.PHP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83136	Webshell.PHP.ysrc.mOon Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83137	Webshell.PHP.tanjiti.h4ckcity Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83138	Webshell.PHP.bartblaze.Peterson Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83139	Webshell.PHP.tennc.sai Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83140	Webshell.PHP.tanjiti.backdoor Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83141	Webshell.PHP.ysrc.Symlink_Sa_2.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83142	Webshell.PHP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83143	Webshell.PHP.JohnTroony.b374k Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83144	Webshell.PHP.ysrc.jalanG Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83145	Webshell.PHP.xl7dev.BnS_Shell Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83146	Webshell.PHP.bartblaze.E404 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83147	Webshell.PHP.tennc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83148	Webshell.PHP.tanjiti.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83149	Webshell.PHP.bartblaze.PentaSec Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83150	Webshell.PHP.JohnTroony.KA_uShell Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83151	Webshell.PHP.tdifg.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83152	Webshell.PHP.ysrc.uploader Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83153	Webshell.PHP.JohnTroony.Cyber_Shell_v_1.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83154	Webshell.PHP.JohnTroony.lama_shell_v_3.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83155	Webshell.PHP.mattiasgeniar.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83157	Webshell.PHP.tanjiti.c99madshell_v_3.0 Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83160	Webshell.PHP.tanjiti.PHP_Shell_offender Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83161	Webshell.PHP.mattiasgeniar.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83162	Webshell.PHP.tdifg.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83164	Webshell.PHP.tennc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83165	Webshell.PHP.ysrc.MSSQL_Cracker Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83166	Webshell.ASP.ysrc.hididi Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83167	Webshell.ASPX.ysrc.ASPXSpy Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83168	Webshell.ASPX.ysrc.ASPXSpy Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83169	Webshell.ASP.ysrc.F4ckTeam Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83170	Webshell.ASP.ysrc.hackyong Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83171	Webshell.ASP.ysrc.F4ckTeam Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83172	Webshell.ASPX.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83173	Webshell.ASP.tanjiti.zehiriv Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83174	Webshell.ASP.tdifg.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83175	Webshell.ASP.ysrc.interactive Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83176	Webshell.ASP.ysrc.black_skull Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	83177	Webshell.ASP.git.80sec Command and Control Traffic	reset-both	updated associated metadata information	7.1.0
critical	85106	NetWire RAT Downloader Traffic Detection	reset-both	updated associated metadata information	7.1.0
critical	85123	Apple Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85124	Apple Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85125	Paypal Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85164	Telekom Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85166	WhatsApp Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85167	Chase Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85168	Paypal Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85233	Chartered Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85234	PostFinance Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85235	Xfinity Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85257	Microsoft Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85258	DHL Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85259	BMO Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85260	ICS Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85261	BMO Phishing Site Detection	reset-both	updated associated metadata information	7.1.0
critical	85307	NetWire RAT Command and Control Traffic Detection	reset-both	updated associated metadata information	7.1.0

Remo · ‎12-02-2019

Applications and Threats Content Release Notes Version 8202 - Part 2

Disabled Anti-Spyware Signatures (1)

Severity	ID	Attack Name	Default Action	Minimum PAN-OS Version	Maximum PAN-OS Version
critical	11001	Cobalt Strike Command and Control Traffic Detection	reset-both	7.1.0

New Vulnerability Signatures (50)

Severity	ID	Attack Name	CVE ID	Vendor ID	Default Action	Minimum PAN-OS Version	Maximum PAN-OS Version
critical	40109	Compal CH7465LG Improper Input Validation Brute-Force Attempt Detection	CVE-2019-13025		alert	6.1.0
critical	56579	Microsoft Internet Explorer Memory Corruption Vulnerability	CVE-2014-0275	MS14-010	alert	7.1.0
critical	56580	Microsoft Internet Explorer Memory Corruption Vulnerability	CVE-2014-0303	MS14-012	alert	7.1.0
critical	56581	Microsoft Internet Explorer Use-After-Free Vulnerability	CVE-2014-0283	MS14-010	alert	7.1.0
critical	56582	Mozilla Firefox WebIDL Implementation Privilege Escalation Vulnerability	CVE-2014-1510 CVE-2014-1511		alert	7.1.0
high	56584	Advantech WebAccess SCADA webeye ActiveX ip_addr Parameter Buffer Overflow Vulnerability	CVE-2014-8388		alert	7.1.0
critical	56593	Microsoft Internet Explorer Memory Corruption Vulnerability	CVE-2014-0282	MS14-035	alert	7.1.0
high	56603	Microsoft Office Bad Index Remote Code Execution Vulnerability	CVE-2014-6334	MS14-069	alert	7.1.0
high	56617	Squid Proxy Digest Authentication Denial-of-Service Vulnerability	CVE-2019-12525		alert	7.1.0
critical	56666	SaltStack Salt SQL Injection Vulnerability	CVE-2019-1010259		alert	7.1.0
high	56669	D-Link Routers Remote Command Execution Vulnerability	CVE-2019-16920		reset-both	7.1.0
critical	56670	WhatsApp Remote Code Execution Vulnerability	CVE-2019-11932		alert	7.1.0
high	56671	Advantech WebAccess SCADA Bwgetval Arbitrary File Deletion Vulnerability	CVE-2019-13552		alert	7.1.0
critical	56672	Cisco Smart Switch Remote Code Execution Vulnerability	CVE-2019-1912 CVE-2019-1913 CVE-2019-1914		reset-both	7.1.0
high	56675	phpIPAM SQL Injection Vulnerability	CVE-2019-16692		alert	7.1.0
medium	56676	Eclipse Mosquitto MQTT SUBSCRIBE Topic Stack Overflow Vulnerability	CVE-2019-11779		alert	8.1.0
high	56679	NPMJS Gitlabhook Remote Command Injection Vulnerability	CVE-2019-5485		alert	7.1.0
high	56680	File Sharing Wizard Buffer Overflow Vulnerability	CVE-2019-16724		alert	7.1.0
critical	56687	Apache Karaf XML External Entity Injection Vulnerability	CVE-2018-11788		alert	7.1.0
high	56690	Cisco RV110W OS Remote Command Injection Vulnerability	CVE-2014-0683 CVE-2015-6396		reset-both	7.1.0
critical	56691	Eaton Intelligent Power Manager File Inclusion Vulnerability	CVE-2018-12031		alert	7.1.0
medium	56693	Metasploit VxWorks WDB Agent Scanner Detection			alert	7.1.0
critical	56695	Sapplica Sentrifugo SQL Injection Vulnerability	CVE-2018-15873		alert	7.1.0
high	56697	Microsoft Jet Database Engine Remote Code Execution Vulnerability	CVE-2019-1243		alert	7.1.0
critical	56698	Joomla! Social Factory SQL Injection Vulnerability	CVE-2018-17385		alert	7.1.0
critical	56703	CWJoomla Multiple Products SQL Injection Vulnerability	CVE-2018-14592		alert	7.1.0
critical	56704	Compal CH7465LG Improper Input Validation Vulnerability	CVE-2019-13025		alert	7.1.0
informational	56705	Compal CH7465LG Improper Input Validation Attempt			allow	7.1.0
critical	56707	LibreNMS Command Execution Vulnerability	CVE-2018-20434		alert	7.1.0
critical	56708	Joomla Article Factory Manager SQL Injection Vulnerability	CVE-2018-17380		alert	7.1.0
high	56709	Harbor Project Privilege Escalation Vulnerability	CVE-2019-16097		alert	7.1.0
critical	56711	Joomla Jobs Factory SQL Injection Vulnerability	CVE-2018-17382		alert	7.1.0
critical	56715	Joomla AlphaIndex Dictionaries Component SQL Injection Vulnerability	CVE-2018-17397		alert	7.1.0
critical	56716	CMS ISWEB 3.5.3 SQL Injection Vulnerability	CVE-2018-14956		alert	7.1.0
critical	56717	ZLDNN DNNArticle Information Disclosure Vulnerability	CVE-2018-9126		alert	7.1.0
high	56720	Drupal Avatar Uploader Information Disclosure Vulnerability	CVE-2018-9205		alert	7.1.0
critical	56721	E-Negosyo System SQL Injection Vulnerability	CVE-2018-18801		alert	7.1.0
high	56725	Microsoft Jet Database Engine Remote Code Execution Vulnerability	CVE-2019-1250		alert	7.1.0
high	56726	Adobe Reader Memory Corruption Vulnerability	CVE-2019-7111	APSB19-17	alert	7.1.0
critical	56731	Joomla Swap Factory SQL Injection Vulnerability	CVE-2018-17384		alert	7.1.0
high	56745	Redis HyperLogLog hllCount Stack Buffer Overflow Vulnerability	CVE-2019-10193		alert	7.1.0
critical	56784	Cisco IOS XE WebUI Command Injection Vulnerability Vulnerability	CVE-2019-12651		alert	7.1.0
critical	56803	Socomec DIRIS A-40 Information Disclosure Vulnerability	CVE-2019-15859		alert	7.1.0
high	56804	HP Intelligent Management Center Code Execution Vulnerability	CVE-2019-11956		alert	7.1.0
high	56805	Jenkins Script Security Plugin Sandbox Bypass Vulnerability	CVE-2019-10393 CVE-2019-10394 CVE-2019-10399 CVE-2019-10400		alert	7.1.0
high	56808	Microsoft Jet Database Engine Remote Code Execution Vulnerability	CVE-2019-1249		alert	7.1.0
critical	56809	vBulletin Remote Code Execution Vulnerability	CVE-2019-17132		alert	7.1.0
critical	56813	HPE Intelligent Management Center AMF3 Externalizable Deserialization Vulnerability	CVE-2019-11944		alert	7.1.0
critical	56816	Pulse Secure Platform Stack-Based Buffer Overflow Vulnerability	CVE-2019-11542		alert	7.1.0
high	56817	Microsoft Windows HTTP2 Data Dribble Denial-of-Service Vulnerability	CVE-2019-9511		alert	9.0.0

Modified Vulnerability Signatures (9)

Severity	ID	Attack Name	CVE ID	Vendor ID	Default Action	Change	Minimum PAN-OS Version	Maximum PAN-OS Version
high	31606	Apple Safari for Windows and Internet Explorer Combined Code Execution Vulnerability	CVE-2008-2540		alert	improved detection logic to address a possible fp issue	7.1.0
high	38767	FortiOS Cookie Parser Buffer Overflow Vulnerability	CVE-2016-6909		alert	improved detection logic to cover a new exploit	7.1.0
low	39868	Suspicious HTTP Evasion Found			alert	improved detection logic to address a possible fp issue	7.1.0
critical	40781	Oracle WebLogic Server Java Deserialization Vulnerability	CVE-2016-3510 CVE-2016-0638		alert	updated associated metadata information	7.1.0
critical	40799	Oracle WebLogic Server Java Deserialization Vulnerability	CVE-2016-3510 CVE-2016-0638		alert	updated associated metadata information	7.1.0
critical	54503	Microsoft SMB Client Response Parsing Vulnerability	CVE-2010-0476	MS10-020	alert	improved detection logic to address a possible fp issue	7.1.0
critical	55807	Microsoft Internet Explorer Use-After-Free Vulnerability	CVE-2014-1772	MS14-035	alert	improved detection logic to cover a new exploit	7.1.0
high	56245	Apache Solr Remote Code Execution Vulnerability	CVE-2019-0193		alert	improved detection logic to cover a new exploit	7.1.0
critical	56632	vBulletin Remote Code Execution Vulnerability	CVE-2019-16759		alert	improved detection logic to cover a new exploit	7.1.0

Disabled Vulnerability Signatures (2)

Severity	ID	Attack Name	CVE ID	Vendor ID	Default Action	Minimum PAN-OS Version	Maximum PAN-OS Version
critical	33344	Adobe Reader Memory Corruption Vulnerability	CVE-2017-11231	APSB17-24	alert	7.1.0
high	36856	Mozilla Firefox SharedWorker MessagePort Handing Memory Corruption Vulnerability	CVE-2014-1548		alert	7.1.0

Manjunath_V · ‎12-02-2019

@RemoThank you for providing the details and useful.

Also would like to know if any modified application in release 8203

Remo · ‎12-02-2019

@Manjunath_V

In 8203 there are no modified applications

Unlock your full community experience!

Applications and Threats Content version 8202 and 8203 release notes

Applications and Threats Content version 8202 and 8203 release notes

Show your appreciation!