Talos has added and modified multiple rules in the file-other, indicator-compromise, policy-other, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
* 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules)
* 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules)
* 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
* 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules)
* 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (snort3-indicator-compromise.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (snort3-policy-other.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (snort3-server-webapp.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (snort3-indicator-compromise.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (snort3-server-webapp.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (snort3-server-webapp.rules) * 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (snort3-server-webapp.rules)
* 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (snort3-file-other.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (snort3-file-other.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
* 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
