Talos Rules 2021-04-21
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, malware-cnc, policy-other, protocol-voip, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (snort3-server-webapp.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (snort3-server-webapp.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (snort3-browser-chrome.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (snort3-policy-other.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (snort3-server-webapp.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (snort3-browser-chrome.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (snort3-server-webapp.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (snort3-server-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (snort3-malware-cnc.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (snort3-policy-other.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (snort3-browser-chrome.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (snort3-server-webapp.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (snort3-server-webapp.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (snort3-policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (snort3-policy-other.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (snort3-policy-other.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (snort3-policy-other.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (snort3-browser-chrome.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (snort3-protocol-voip.rules)
 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (snort3-server-apache.rules)

2021-04-22 00:27:21 UTC

Snort Subscriber Rules Update

Date: 2021-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57445 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57458 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57454 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57444 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57459 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure gzip configuration upload (policy-other.rules)
 * 1:57451 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Malcodecov data exfiltration attempt (malware-cnc.rules)
 * 1:57441 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57447 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57457 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57443 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 1:57453 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure remote code execution attempt (server-webapp.rules)
 * 1:57446 <-> DISABLED <-> BROWSER-CHROME Google Chrome JavaScript engine use after free attempt (browser-chrome.rules)
 * 1:57450 <-> DISABLED <-> SERVER-OTHER F5 WAF/ASM crafted reponse header buffer overflow attempt (server-other.rules)
 * 1:57449 <-> DISABLED <-> SERVER-WEBAPP F5 TMM crafted IPv6 URI buffer overflow attempt (server-webapp.rules)
 * 1:57452 <-> ENABLED <-> SERVER-WEBAPP Pulse Connect Secure template injection attempt (server-webapp.rules)
 * 1:57440 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 OnServiceConnectionError memory corruption attempt (browser-chrome.rules)
 * 1:57456 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57455 <-> DISABLED <-> POLICY-OTHER Pulse Connect Secure vulnerable URI access attempt (policy-other.rules)
 * 1:57442 <-> DISABLED <-> SERVER-WEBAPP Terramaster TOS command injection attempt (server-webapp.rules)
 * 3:57448 <-> ENABLED <-> SERVER-OTHER Cisco FTD SSL inspection denial of service attempt (server-other.rules)

Modified Rules:


 * 1:49376 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid separators (protocol-voip.rules)