Talos has added and modified multiple rules in the browser-ie, browser-webkit, file-other, indicator-compromise and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
* 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
* 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules) * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
* 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
* 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (snort3-browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (snort3-server-webapp.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (snort3-server-webapp.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (snort3-server-webapp.rules) * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (snort3-browser-webkit.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (snort3-browser-webkit.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (snort3-browser-webkit.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (snort3-server-webapp.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (snort3-server-webapp.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (snort3-browser-webkit.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (snort3-file-other.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (snort3-browser-webkit.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (snort3-indicator-compromise.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (snort3-browser-webkit.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (snort3-browser-webkit.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (snort3-browser-webkit.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (snort3-indicator-compromise.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (snort3-server-webapp.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (snort3-server-other.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (snort3-browser-webkit.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (snort3-server-webapp.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (snort3-server-other.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (snort3-file-other.rules)
* 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (snort3-file-other.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (snort3-file-other.rules) * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
* 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
* 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
