Talos has added and modified multiple rules in the file-flash, file-office, malware-cnc, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46345 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46337 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46302 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUEventHistory SQL injection attempt (server-webapp.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46346 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46303 <-> DISABLED <-> SERVER-WEBAPP Antsle antman authentication bypass attempt (server-webapp.rules) * 1:46344 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46338 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46325 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center UrlAccessController authentication bypass attempt (server-webapp.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt detected (server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46311 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUTransferHistory SQL injection attempt (server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46339 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46333 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46334 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46328 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed PageManagementService persistent XSS attempt (server-webapp.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 3:46321 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0574 attack attempt (server-webapp.rules) * 3:46320 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0576 attack attempt (policy-other.rules) * 3:46319 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0573 attack attempt (server-webapp.rules) * 3:46343 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis graph.php directory traversal attempt (server-webapp.rules)
* 1:45884 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45593 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45883 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46338 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46344 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46346 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46303 <-> DISABLED <-> SERVER-WEBAPP Antsle antman authentication bypass attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46302 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUEventHistory SQL injection attempt (server-webapp.rules) * 1:46337 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46345 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46339 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46334 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46333 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46328 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed PageManagementService persistent XSS attempt (server-webapp.rules) * 1:46325 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center UrlAccessController authentication bypass attempt (server-webapp.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt detected (server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46311 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUTransferHistory SQL injection attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 3:46343 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis graph.php directory traversal attempt (server-webapp.rules) * 3:46321 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0574 attack attempt (server-webapp.rules) * 3:46319 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0573 attack attempt (server-webapp.rules) * 3:46320 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0576 attack attempt (policy-other.rules)
* 1:45594 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45884 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45593 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45883 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (snort3-server-webapp.rules) * 1:46346 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (snort3-server-webapp.rules) * 1:46345 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (snort3-server-webapp.rules) * 1:46344 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (snort3-server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (snort3-server-other.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (snort3-server-webapp.rules) * 1:46339 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (snort3-malware-cnc.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46337 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (snort3-server-webapp.rules) * 1:46302 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUEventHistory SQL injection attempt (snort3-server-webapp.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (snort3-server-other.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46338 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (snort3-server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (snort3-server-other.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (snort3-server-apache.rules) * 1:46333 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (snort3-server-webapp.rules) * 1:46334 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (snort3-server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (snort3-server-apache.rules) * 1:46328 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed PageManagementService persistent XSS attempt (snort3-server-webapp.rules) * 1:46325 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center UrlAccessController authentication bypass attempt (snort3-server-webapp.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (snort3-server-apache.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (snort3-server-webapp.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (snort3-file-flash.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (snort3-server-other.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (snort3-server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt detected (snort3-server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (snort3-server-other.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (snort3-server-webapp.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (snort3-server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (snort3-server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (snort3-server-webapp.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (snort3-server-other.rules) * 1:46311 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUTransferHistory SQL injection attempt (snort3-server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (snort3-server-other.rules) * 1:46303 <-> DISABLED <-> SERVER-WEBAPP Antsle antman authentication bypass attempt (snort3-server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (snort3-server-other.rules)
* 1:45593 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (snort3-file-flash.rules) * 1:45884 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (snort3-file-office.rules) * 1:45594 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (snort3-file-flash.rules) * 1:45883 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (snort3-file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46337 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46302 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUEventHistory SQL injection attempt (server-webapp.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46303 <-> DISABLED <-> SERVER-WEBAPP Antsle antman authentication bypass attempt (server-webapp.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46339 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46338 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46346 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46345 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46344 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46334 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46333 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46328 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed PageManagementService persistent XSS attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46325 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center UrlAccessController authentication bypass attempt (server-webapp.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt detected (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46311 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUTransferHistory SQL injection attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 3:46343 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis graph.php directory traversal attempt (server-webapp.rules) * 3:46321 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0574 attack attempt (server-webapp.rules) * 3:46319 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0573 attack attempt (server-webapp.rules) * 3:46320 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0576 attack attempt (policy-other.rules)
* 1:45883 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45884 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45594 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45593 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt detected (server-webapp.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46311 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUTransferHistory SQL injection attempt (server-webapp.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46303 <-> DISABLED <-> SERVER-WEBAPP Antsle antman authentication bypass attempt (server-webapp.rules) * 1:46302 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUEventHistory SQL injection attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46339 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46338 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46337 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46334 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46333 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46328 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed PageManagementService persistent XSS attempt (server-webapp.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46325 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center UrlAccessController authentication bypass attempt (server-webapp.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46346 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46345 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46344 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 3:46343 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis graph.php directory traversal attempt (server-webapp.rules) * 3:46320 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0576 attack attempt (policy-other.rules) * 3:46321 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0574 attack attempt (server-webapp.rules) * 3:46319 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0573 attack attempt (server-webapp.rules)
* 1:45883 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45594 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45593 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45884 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
