Talos has added and modified multiple rules in the browser-firefox, browser-ie, file-flash, file-office, file-other, file-pdf, indicator-obfuscation, protocol-dns, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
* 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules) * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37525 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 3:40922 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules) * 3:40921 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules) * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
* 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules) * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:37525 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules) * 3:40921 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules) * 3:40922 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules) * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules) * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
* 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules) * 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37525 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules) * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 3:40921 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules) * 3:40922 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
