Talos has added and modified multiple rules in the indicator-compromise, indicator-scan, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
* 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
* 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
* 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
* 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
* 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
* 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (snort3-server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (snort3-server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (snort3-server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (snort3-server-webapp.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (snort3-os-windows.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (snort3-server-other.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (snort3-server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (snort3-server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (snort3-server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (snort3-server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (snort3-server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (snort3-os-windows.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (snort3-server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (snort3-server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (snort3-server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (snort3-server-webapp.rules)
* 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (snort3-indicator-compromise.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (snort3-indicator-scan.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (snort3-server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (snort3-server-other.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (snort3-server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (snort3-server-other.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (snort3-server-webapp.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (snort3-indicator-compromise.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (snort3-server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (snort3-server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
* 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
