Talos Rules 2021-02-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the indicator-compromise, indicator-scan, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)

Modified Rules:


 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)

Modified Rules:


 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (snort3-server-webapp.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (snort3-server-webapp.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (snort3-server-webapp.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (snort3-server-webapp.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (snort3-os-windows.rules)
 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (snort3-server-other.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (snort3-server-webapp.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (snort3-server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (snort3-server-webapp.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (snort3-server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (snort3-os-windows.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (snort3-server-webapp.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (snort3-server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (snort3-server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (snort3-server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (snort3-indicator-compromise.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (snort3-indicator-compromise.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (snort3-indicator-scan.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (snort3-server-other.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (snort3-server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (snort3-server-webapp.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (snort3-indicator-compromise.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (snort3-server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (snort3-server-other.rules)

2021-02-04 14:10:35 UTC

Snort Subscriber Rules Update

Date: 2021-02-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules)
 * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules)
 * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules)
 * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules)
 * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules)
 * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules)
 * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules)
 * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
 * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules)
 * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)