Talos has added and modified multiple rules in the browser-chrome, browser-ie and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules)
* 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules)
* 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules) * 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules)
* 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules)
* 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules)
* 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (snort3-server-webapp.rules) * 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (snort3-browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (snort3-browser-ie.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (snort3-browser-ie.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (snort3-protocol-other.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (snort3-browser-ie.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (snort3-server-webapp.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (snort3-browser-chrome.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (snort3-server-webapp.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (snort3-browser-chrome.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
* 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (snort3-server-webapp.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (snort3-browser-ie.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (snort3-browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules)
* 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
