Sourcefire VRT Rules Update

Date: 2013-10-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2950.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:28215 <-> ENABLED <-> SERVER-WEBAPP vBulletin upgrade.php exploit attempt (server-webapp.rules)

Modified Rules:


 * 1:28208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules)
 * 1:27740 <-> ENABLED <-> EXPLOIT-KIT Oracle Java jar file downloaded by Java when zip was defined (exploit-kit.rules)
 * 1:28207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)