Talos Rules 2021-02-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, file-image, file-pdf, indicator-compromise, malware-other, os-windows, protocol-scada, protocol-voip, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)

Modified Rules:


 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)

Modified Rules:


 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (snort3-malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (snort3-indicator-compromise.rules)
 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (snort3-malware-other.rules)
 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (snort3-indicator-compromise.rules)

Modified Rules:


 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (snort3-server-webapp.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (snort3-server-webapp.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (snort3-server-other.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (snort3-server-webapp.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (snort3-server-other.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (snort3-server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (snort3-server-webapp.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (snort3-os-windows.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (snort3-server-oracle.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (snort3-server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (snort3-server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (snort3-server-other.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (snort3-server-webapp.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (snort3-server-other.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (snort3-server-webapp.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (snort3-server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (snort3-server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (snort3-server-other.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (snort3-server-webapp.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules)

2021-02-02 14:14:15 UTC

Snort Subscriber Rules Update

Date: 2021-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules)
 * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules)
 * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules)
 * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules)
 * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)
 * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules)
 * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules)

Modified Rules:


 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules)
 * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)