Talos has added and modified multiple rules in the browser-ie, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (server-webapp.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (server-webapp.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules)
* 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (server-webapp.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (server-webapp.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules)
* 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (snort3-server-webapp.rules) * 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (snort3-server-webapp.rules) * 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (snort3-server-webapp.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (snort3-file-pdf.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (snort3-file-pdf.rules) * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-other.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (snort3-server-other.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-other.rules) * 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (snort3-server-webapp.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (snort3-server-webapp.rules)
* 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (snort3-browser-ie.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (snort3-browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (server-webapp.rules) * 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (server-webapp.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules)
* 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (server-webapp.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (server-webapp.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules)
* 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (server-webapp.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (server-webapp.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules)
* 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (browser-ie.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
