Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, os-windows, policy-other, protocol-scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:43339 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43283 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43288 <-> DISABLED <-> SERVER-WEBAPP /etc/motd file access attempt (server-webapp.rules) * 1:43290 <-> DISABLED <-> SERVER-WEBAPP /ws_ftp.log file access attempt (server-webapp.rules) * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules) * 1:43292 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43294 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules) * 1:43295 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules) * 1:43296 <-> DISABLED <-> SERVER-WEBAPP IP3 Networks NetAccess directory traversal attempt (server-webapp.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43299 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43304 <-> DISABLED <-> SERVER-WEBAPP csChatRBox setup attempt (server-webapp.rules) * 1:43305 <-> DISABLED <-> SERVER-WEBAPP csLiveSupport setup attempt (server-webapp.rules) * 1:43306 <-> DISABLED <-> SERVER-WEBAPP csNewsRemote setup attempt (server-webapp.rules) * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules) * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43325 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43326 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43327 <-> DISABLED <-> SERVER-WEBAPP HP Laserjet Pro Webadmin password reset attempt (server-webapp.rules) * 1:43328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:43329 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43330 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43331 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43332 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Landing Page Request Attempt (exploit-kit.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:43334 <-> DISABLED <-> SERVER-WEBAPP OpenFiler NetworkCard command execution attempt (server-webapp.rules) * 1:43335 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:43336 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:43282 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43281 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43285 <-> DISABLED <-> SERVER-WEBAPP /.svn/entries file access attempt (server-webapp.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43289 <-> DISABLED <-> SERVER-WEBAPP /etc/shadow file access attempt (server-webapp.rules) * 1:43358 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:43287 <-> DISABLED <-> SERVER-WEBAPP /etc/inetd.conf file access attempt (server-webapp.rules) * 1:43357 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43356 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43355 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43354 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43353 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43352 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43351 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43345 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43344 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43343 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43341 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules) * 1:43342 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43340 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules) * 1:43286 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/sh file access attempt (server-webapp.rules)
* 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules) * 1:21019 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules) * 1:21020 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules) * 1:21021 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:23555 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:24090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:35731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:41808 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules) * 1:41809 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules) * 1:41942 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules) * 1:41943 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:43238 <-> DISABLED <-> SERVER-WEBAPP Imatix Xitami web server head processing denial of service attempt (server-webapp.rules) * 1:5715 <-> DISABLED <-> SERVER-APACHE Apache malformed ipv6 uri overflow attempt (server-apache.rules) * 1:12255 <-> DISABLED <-> SERVER-WEBAPP CSGuestbook setup attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:43358 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:43357 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43356 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43355 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43354 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43353 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43352 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43351 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43345 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43344 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43343 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43342 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43341 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules) * 1:43340 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules) * 1:43339 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43336 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:43335 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:43334 <-> DISABLED <-> SERVER-WEBAPP OpenFiler NetworkCard command execution attempt (server-webapp.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:43332 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Landing Page Request Attempt (exploit-kit.rules) * 1:43331 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43330 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43329 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:43327 <-> DISABLED <-> SERVER-WEBAPP HP Laserjet Pro Webadmin password reset attempt (server-webapp.rules) * 1:43326 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43325 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules) * 1:43306 <-> DISABLED <-> SERVER-WEBAPP csNewsRemote setup attempt (server-webapp.rules) * 1:43305 <-> DISABLED <-> SERVER-WEBAPP csLiveSupport setup attempt (server-webapp.rules) * 1:43304 <-> DISABLED <-> SERVER-WEBAPP csChatRBox setup attempt (server-webapp.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43299 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:43296 <-> DISABLED <-> SERVER-WEBAPP IP3 Networks NetAccess directory traversal attempt (server-webapp.rules) * 1:43295 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules) * 1:43294 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules) * 1:43293 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43292 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules) * 1:43290 <-> DISABLED <-> SERVER-WEBAPP /ws_ftp.log file access attempt (server-webapp.rules) * 1:43289 <-> DISABLED <-> SERVER-WEBAPP /etc/shadow file access attempt (server-webapp.rules) * 1:43288 <-> DISABLED <-> SERVER-WEBAPP /etc/motd file access attempt (server-webapp.rules) * 1:43287 <-> DISABLED <-> SERVER-WEBAPP /etc/inetd.conf file access attempt (server-webapp.rules) * 1:43286 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/sh file access attempt (server-webapp.rules) * 1:43285 <-> DISABLED <-> SERVER-WEBAPP /.svn/entries file access attempt (server-webapp.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43283 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43282 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43281 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)
* 1:43238 <-> DISABLED <-> SERVER-WEBAPP Imatix Xitami web server head processing denial of service attempt (server-webapp.rules) * 1:5715 <-> DISABLED <-> SERVER-APACHE Apache malformed ipv6 uri overflow attempt (server-apache.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41942 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules) * 1:41943 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules) * 1:41808 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules) * 1:41809 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules) * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:35731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:23555 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:24090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:21021 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21020 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules) * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules) * 1:21019 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules) * 1:12255 <-> DISABLED <-> SERVER-WEBAPP CSGuestbook setup attempt (server-webapp.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
