ADC Updates January 31 2024

New DAS Objects: [total: 9]
==================================
Assessment Name: CVE-2023-47145: IBM Db2 is vulnerable to a privilege escalation to

SYSTEM user via MSI repair functionality on Windows.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities
Assessment Name: CVE-2023-45193: IBM Db2 is vulnerable to a denial of service when

a specially crafted cursor is used.
Assessment Name: CVE-2023-50308: IBM Db2 under certain circumstances could allow an
authenticated user to the database to cause a denial of service when a statement is
run on columnar tables.

a specially crafted query is used.
Assessment Name: CVE-2023-27859: IBM Db2 is vulnerable to remote code execution

caused by installing like-named jar files across multiple databases.

using a specially crafted query.
Assessment Name: CVE-2023-47141: IBM Db2 is vulnerable to denial of service with a

specially crafted query.
Assessment Name: CVE-2023-47158: IBM Db2 is vulnerable to denial of service with a

specially crafted query.
Assessment Name: Ensure Base Backups are Configured and Functional (PostgreSQL 15)
Affected Databases: PostgreSQL
Change Details: Added a new test for assessment policy CIS - Security Configuration
Benchmark (For PostgreSQL 15)
New WAF Objects: [total: 10]

==================================
Signature name: CVE-2023-6933: WP Better Search Replace Plugin - PHP Object
Injection
Signature ID:708163
Pattern: part="WP_HTML_Token", rgxp="WP_HTML_Token[\s\S]{1,200}\;\}"
Attack: Illegal Resource Access - Blocking
Attack Class: Illegal Resource Access
Dictionary: Recommended for Blocking for Web Applications
Policy: Recommended Signatures Policy for Web Applications
Policy Name: CVE-2024-23897, CVE-2024-23898: Jenkins Arbitrary file read

vulnerability
Policy ID: 20000273
min_ver: 10.0 and above
Predicates:
1. HTTP Request, Operation: Match All
a. Part: Header
Match Operation: "MatchRegExp"
Name: "Side"
Value: "upload|download"
b. Part: Parameter
Match Operation: "Include"
Name: "remoting"
Value: "false"
c. Part: Header
Match Operation: "MatchRegExp"
Name: "Session"
Value: "."
d. Part: URL
Match Operation: "Include"
Value: "/cli"
2. HTTP Request Method Operation: At Least One

Value: POST
Signature name: SQLi array && array

Signature ID:708162
Pattern: part="array", rgxp="^[\s\S]{0,50}[\'\"\`]\s?or\s$?\s?(array\s?\[)[\s\S]
{1,50}\]\s?$?\s?\&\&\s?array"
Attack: SQL Injection - Blocking
Attack Class: SQL Injection
Signature name: CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass

Signature ID:708161
Pattern: part="/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml"
Attack: Authentication Bypass - Blocking
Attack Class: Authentication Bypass
Signature name: Blocking ptst.io domains for OOB attacks
Signature ID:708160
Pattern: part=".ptst.io", rgxp="\w{1,60}\.ptst\.io"
Attack: Automation Attack - Blocking
Attack Class: Automation Attack
Signature name: Blocking .r87.me domains for OOB attacks

Signature ID:708158
Pattern: part=".r87.me", rgxp="\w{1,80}\.r87\.me"
Signature name: SQLI upper_inc(numrange)

Signature ID:708157
Pattern: part="upper_inc", part="numrange", rgxp="^[\s\S]{0,50}[\'\"\`]\s?or\s(not\
s)?upper_inc$\s?numrange\([\s\S]{1,50}(\#|\-\-|\/\*)"
Signature name: SQLI lower_inc(numrange)

Signature ID:708156
Pattern: part="lower_inc", part="numrange", rgxp="^[\s\S]{0,50}[\'\"\`]\s?or\s(not\
s)?lower_inc\(\s?numrange\([\s\S]{1,50}(\#|\-\-|\/\*)"
Signature name: OR TRUE SQLi

Signature ID:708155
Pattern: part="true", rgxp="^.{0,100}[\'\"$\;]\s?or\strue\s?(--|;|#).{0,10}$"
Signature name: OOB using tested-by-edgescan.com

Signature ID:708154
Pattern: part="tested-by-edgescan.com", rgxp="[\s\S]{1,50}tested-by-edgescan\.com"
Modified DAM Objects: [total: 1]

==================================
Table Group Name: PostgreSQL System Object (Sensitive)
Object ID: 90070005
Change Details: Added sensitive tables/views
Modified DAS Objects: [total: 39]

==================================
Assessment Name: Ensure 'log_error_verbosity' is Set Correctly

Change Details: Detecting OS system parameters was modified to catch any
variations.
Assessment Name: Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Aurora
PostgreSQL)
variations.
Assessment Name: Ensure the Correct Messages Are Written to the Server Log (Aurora
PostgreSQL)
variations.
Assessment Name: Ensure the Correct SQL Statements Generating Errors are Recorded
(Aurora PostgreSQL)
variations.
Assessment Name: Ensure 'debug_print_parse' is Disabled (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'debug_print_rewritten' is disabled (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'debug_print_plan' is Disabled (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'debug_pretty_print' is Enabled (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'log_connections' is Enabled (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'log_disconnections' is Enabled (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'log_hostname' is Set Correctly (Aurora PostgreSQL)

variations.
Assessment Name: Ensure 'log_statement' is Set Correctly (Aurora PostgreSQL)

variations.
Assessment Name: CVE-2022-43680: Vulnerability in the Oracle Text (LibExpat)

component of Oracle Database Server
Affected Databases: Oracle
Change Details: Boolean Script for assessment test modified
Assessment Name: Permissions for local files directory of Namenode

Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts
Assessment Name: Permissions for local files directory of Secondary Namenode

Assessment Name: Permissions for local files directory of Datanode

Assessment Name: Permissions for local files directory of HADOOP_LOG_DIR

Assessment Name: Check permissions for files related to server SSL configuration
Assessment Name: Check permissions for files related to client SSL configuration
Assessment Name: Validate Truststore File Permissions for Druid (Router)

Affected Databases: Apache Druid
Assessment Name: Validate Config Files Permissions for Druid (Router)

Assessment Name: Validate Permissions for Request Logging File

Assessment Name: Validate Truststore File Permissions for Druid (Coordinator)

Assessment Name: Validate Config Files Permissions for Druid (Coordinator)

Assessment Name: Data Directory Access Mode (Neo4j)

Affected Databases: Neo4j
Assessment Name: Logs Directory Access Mode (Neo4j)

Affected Databases: Neo4j
Assessment Name: Check datadir permissions (Couchbase)

Affected Databases: Couchbase
Assessment Name: static_config file permissions

Assessment Name: Check logdir permissions

Assessment Name: Aerospike Config File Access Mode

Affected Databases: Aerospike
Assessment Name: Aerospike Local Logs Access Mode

Affected Databases: Aerospike
Assessment Name: Config file permissions

Affected Databases: Yugabyte Cassandra
Assessment Name: Check datadir permissions

Affected Databases: Yugabyte Cassandra
Assessment Name: Ownership and Permissions for Impala Log Files

Affected Databases: Impala
Assessment Name: Ownership and Permissions for Impala Audit Log Files
Assessment Name: Ownership and Permissions for $IMPALA_HOME Directory

Assessment Name: Redis Config File Permissions

Affected Databases: Redis
Policy Name: DB2 Known Vulnerabilities
Change Details: Associates new DB2 CVEs to policy
Policy Name: CIS - Security Configuration Benchmark For PostgreSQL 15

Change Details: Added a new test to policy
Modified WAF Objects: [total: 1]

==================================
Signature name: Blocking OAST domains for OOB attacks

Signature ID:708118
Pattern: part=".oast", rgxp="\w{1,60}\.oast\.(pro|live|fun|online|me|site)"

ADC Updates January 31 2024

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ADC Updates January 31 2024

Uploaded by

Copyright:

Available Formats

New DAS Objects: [total: 9]

Assessment Name: CVE-2023-47145: IBM Db2 is vulnerable to a privilege escalation to

Assessment Name: CVE-2023-45193: IBM Db2 is vulnerable to a denial of service when

Assessment Name: CVE-2023-47746: IBM Db2 is vulnerable to a denial of service when

Assessment Name: CVE-2023-27859: IBM Db2 is vulnerable to remote code execution

Assessment Name: CVE-2023-47747: IBM Db2 is vulnerable to a denial of service when

Assessment Name: CVE-2023-47141: IBM Db2 is vulnerable to denial of service with a

Assessment Name: CVE-2023-47158: IBM Db2 is vulnerable to denial of service with a

New WAF Objects: [total: 10]

Policy Name: CVE-2024-23897, CVE-2024-23898: Jenkins Arbitrary file read

1. HTTP Request, Operation: Match All

2. HTTP Request Method Operation: At Least One

Signature name: SQLi array && array

Signature name: CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass

Signature name: Blocking .r87.me domains for OOB attacks

Signature name: SQLI upper_inc(numrange)

Signature name: SQLI lower_inc(numrange)

Signature name: OR TRUE SQLi

Signature name: OOB using tested-by-edgescan.com

Modified DAM Objects: [total: 1]

Modified DAS Objects: [total: 39]

Assessment Name: Ensure 'log_error_verbosity' is Set Correctly

Assessment Name: Ensure 'debug_print_parse' is Disabled (Aurora PostgreSQL)

Assessment Name: Ensure 'debug_print_rewritten' is disabled (Aurora PostgreSQL)

Assessment Name: Ensure 'debug_print_plan' is Disabled (Aurora PostgreSQL)

Assessment Name: Ensure 'debug_pretty_print' is Enabled (Aurora PostgreSQL)

Assessment Name: Ensure 'log_connections' is Enabled (Aurora PostgreSQL)

Assessment Name: Ensure 'log_disconnections' is Enabled (Aurora PostgreSQL)

Assessment Name: Ensure 'log_hostname' is Set Correctly (Aurora PostgreSQL)

Assessment Name: Ensure 'log_statement' is Set Correctly (Aurora PostgreSQL)

Assessment Name: CVE-2022-43680: Vulnerability in the Oracle Text (LibExpat)

Assessment Name: Permissions for local files directory of Namenode

Assessment Name: Permissions for local files directory of Secondary Namenode

Assessment Name: Permissions for local files directory of Datanode

Assessment Name: Permissions for local files directory of HADOOP_LOG_DIR

Assessment Name: Validate Truststore File Permissions for Druid (Router)

Assessment Name: Validate Config Files Permissions for Druid (Router)

Assessment Name: Validate Permissions for Request Logging File

Assessment Name: Validate Truststore File Permissions for Druid (Coordinator)

Assessment Name: Validate Config Files Permissions for Druid (Coordinator)

Assessment Name: Data Directory Access Mode (Neo4j)

Assessment Name: Logs Directory Access Mode (Neo4j)

Assessment Name: Check datadir permissions (Couchbase)

Assessment Name: static_config file permissions

Assessment Name: Check logdir permissions

Assessment Name: Aerospike Config File Access Mode

Assessment Name: Aerospike Local Logs Access Mode

Assessment Name: Config file permissions

Assessment Name: Check datadir permissions

Assessment Name: Ownership and Permissions for Impala Log Files

Assessment Name: Ownership and Permissions for $IMPALA_HOME Directory

Assessment Name: Redis Config File Permissions

Policy Name: CIS - Security Configuration Benchmark For PostgreSQL 15

Modified WAF Objects: [total: 1]

Signature name: Blocking OAST domains for OOB attacks

You might also like