Talos Rules 2021-02-09
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2021-1698: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 57106 through 57107.

Microsoft Vulnerability CVE-2021-1732: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 57103 through 57104.

Microsoft Vulnerability CVE-2021-24072: A coding deficiency exists in Microsoft SharePoint that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 57108.

Microsoft Vulnerability CVE-2021-24078: A coding deficiency exists in Microsoft Windows DNS server that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 57123.

Microsoft Vulnerability CVE-2021-24094: A coding deficiency exists in Microsoft Windows TCP/IP that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 57128.

Talos also has added and modified multiple rules in the file-image, file-other, os-windows, server-apache, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)

Modified Rules:


 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)

Modified Rules:


 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)

Modified Rules:


 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)

Modified Rules:


 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)

Modified Rules:


 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)

Modified Rules:


 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)

Modified Rules:


 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)

Modified Rules:


 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (snort3-server-other.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (snort3-os-windows.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (snort3-server-other.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (snort3-server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (snort3-os-windows.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (snort3-os-windows.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (snort3-server-other.rules)
 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (snort3-server-webapp.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (snort3-os-windows.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (snort3-server-apache.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (snort3-server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (snort3-server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (snort3-server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (snort3-server-other.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (snort3-server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (snort3-server-webapp.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (snort3-server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (snort3-server-iis.rules)

2021-02-09 18:50:24 UTC

Snort Subscriber Rules Update

Date: 2021-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57128 <-> DISABLED <-> OS-WINDOWS IPv6 stack remote code execution attempt (os-windows.rules)
 * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules)
 * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules)
 * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules)
 * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules)
 * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules)
 * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules)
 * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)
 * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules)
 * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules)
 * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules)

Modified Rules:


 * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)