Talos has added and modified multiple rules in the file-image, file-office, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (server-webapp.rules) * 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (server-webapp.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (server-webapp.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules)
* 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (server-webapp.rules) * 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (server-webapp.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules)
* 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (snort3-server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (snort3-server-webapp.rules) * 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (snort3-server-webapp.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (snort3-server-webapp.rules) * 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (snort3-server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (snort3-server-webapp.rules) * 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (snort3-server-webapp.rules)
* 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (server-webapp.rules) * 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (server-webapp.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (server-webapp.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules)
* 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (server-webapp.rules) * 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (server-webapp.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (server-webapp.rules) * 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (server-webapp.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules)
* 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (server-webapp.rules) * 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (server-webapp.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (server-webapp.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules)
* 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
