Talos has added and modified multiple rules in the browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)
* 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)
* 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)
* 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)
* 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (snort3-browser-webkit.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (snort3-server-webapp.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (snort3-server-mail.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (snort3-browser-webkit.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (snort3-policy-other.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (snort3-browser-ie.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (snort3-browser-chrome.rules) * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (snort3-browser-ie.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (snort3-browser-chrome.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules)
* 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (snort3-browser-ie.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (snort3-browser-ie.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (snort3-server-webapp.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (snort3-server-webapp.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (snort3-browser-firefox.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (snort3-browser-firefox.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (snort3-browser-ie.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (snort3-malware-cnc.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (snort3-browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)
* 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)
* 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
