Talos Rules 2021-04-08
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)

Modified Rules:


 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)

Modified Rules:


 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)

Modified Rules:


 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)

Modified Rules:


 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (snort3-server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (snort3-server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (snort3-browser-other.rules)
 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (snort3-browser-other.rules)

2021-04-08 12:52:29 UTC

Snort Subscriber Rules Update

Date: 2021-04-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57391 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57389 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 1:57390 <-> ENABLED <-> SERVER-WEBAPP Advantech iView DeviceTreeTable directory traversal attempt (server-webapp.rules)
 * 3:57402 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
 * 3:57401 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:57395 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57392 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:57399 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)
 * 3:57394 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57396 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57393 <-> ENABLED <-> FILE-OTHER Cisco AMP for Endpoints dll-load exploit attempt (file-other.rules)
 * 3:57398 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products command injection attempt (server-webapp.rules)
 * 3:57397 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products FTP command injection attempt (server-webapp.rules)
 * 3:57400 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Products cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:56846 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 1:56845 <-> DISABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules)
 * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)
 * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules)