Talos has added and modified multiple rules in the file-java, os-windows, policy-other, server-apache, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules)
* 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules)
* 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules)
* 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (snort3-server-webapp.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (snort3-file-java.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (snort3-file-java.rules) * 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (snort3-policy-other.rules)
* 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (snort3-os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (snort3-server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (snort3-server-webapp.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (snort3-server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (snort3-server-apache.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (snort3-server-other.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (snort3-server-webapp.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (snort3-server-webapp.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (snort3-server-apache.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (snort3-server-apache.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57532 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:57536 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory iMonitor crafted Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:57533 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 1:57534 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR file processing buffer overflow attempt (file-java.rules) * 3:57535 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage administrator API access detected (policy-other.rules) * 3:57526 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57524 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57520 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57527 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57523 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57529 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57522 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules) * 3:57525 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager SQL injection attempt (server-webapp.rules) * 3:57537 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage user creation via Apache Kafka detected (policy-other.rules) * 3:57538 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage cluster API access detected (policy-other.rules) * 3:57528 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (server-webapp.rules) * 3:57531 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57530 <-> ENABLED <-> SERVER-WEBAPP Cisco HyperFlex HX Installer command injection attempt (server-webapp.rules) * 3:57521 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business WAP command injection attempt (server-webapp.rules)
* 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache chunked-encoding worm attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
