CVE-2017-9805: A coding deficiency exists in Apache Struts that may lead to remote code execution.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 44315.
Talos has added and modified multiple rules in the browser-firefox, exploit-kit, file-identify, file-office, file-other, malware-cnc, os-linux, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44298 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem command injection attempt (server-webapp.rules) * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules) * 1:44299 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44301 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44302 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem firmware upload attempt (server-webapp.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44306 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44307 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44308 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44309 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection attempt (malware-cnc.rules) * 1:44314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44305 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection attempt (malware-cnc.rules)
* 1:41791 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:23752 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:17621 <-> DISABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25602 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:41792 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21015 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44298 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem command injection attempt (server-webapp.rules) * 1:44299 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules) * 1:44301 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44302 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem firmware upload attempt (server-webapp.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44305 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44306 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44307 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44308 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44309 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection attempt (malware-cnc.rules) * 1:44314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection attempt (malware-cnc.rules)
* 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:23752 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:17621 <-> DISABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:41791 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:41792 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21015 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection attempt (malware-cnc.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection attempt (malware-cnc.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44309 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44308 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44307 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44306 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44305 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44302 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem firmware upload attempt (server-webapp.rules) * 1:44301 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules) * 1:44299 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44298 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem command injection attempt (server-webapp.rules)
* 1:21015 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:41792 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:41791 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:25602 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:17621 <-> DISABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:23752 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
