Talos Rules 2019-08-22
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-shellcode, os-linux, os-windows, policy-other, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29141

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)

29130

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)

29120

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

29111

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)

3000

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (snort3-server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (snort3-file-other.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (snort3-server-webapp.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (snort3-server-other.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (snort3-server-other.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (snort3-server-webapp.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (snort3-server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (snort3-file-office.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (snort3-server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (snort3-server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (snort3-file-office.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (snort3-server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (snort3-os-windows.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (snort3-file-image.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (snort3-file-image.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (snort3-server-other.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (snort3-server-webapp.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (snort3-indicator-compromise.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (snort3-browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (snort3-server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (snort3-server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (snort3-server-other.rules)

2990

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)

2983

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)

Modified Rules:


 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)