Talos has added and modified multiple rules in the browser-firefox, file-executable, file-image, malware-cnc, os-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (snort3-server-webapp.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (snort3-server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (snort3-server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (snort3-server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (snort3-server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (snort3-server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (snort3-browser-firefox.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (snort3-server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (snort3-os-windows.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (snort3-server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (snort3-server-webapp.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (snort3-browser-firefox.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (snort3-file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (snort3-malware-cnc.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
* 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
