Talos Rules 2019-09-19
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the deleted, file-office, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules)
 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules)
 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules)
 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules)
 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)

Modified Rules:


 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)

Modified Rules:


 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (snort3-server-webapp.rules)
 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules)
 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (snort3-server-webapp.rules)
 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (snort3-server-webapp.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (snort3-policy-other.rules)
 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (snort3-server-webapp.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (snort3-server-webapp.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules)
 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules)
 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules)

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules)
 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)

Modified Rules:


 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)

2019-09-19 13:23:27 UTC

Snort Subscriber Rules Update

Date: 2019-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules)
 * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules)
 * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules)
 * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules)
 * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules)
 * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules)
 * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules)
 * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules)
 * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules)
 * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules)
 * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)

Modified Rules:


 * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
 * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)