Talos has added and modified multiple rules in the browser-ie, browser-webkit, exploit-kit, file-other, os-linux, policy-other, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules) * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules) * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules) * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules) * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules) * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
* 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules) * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38288 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:34880 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules) * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules) * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules) * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules) * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
* 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34880 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules) * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules) * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules) * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules) * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)
* 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34880 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
