Talos Rules 2021-05-20
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-other, protocol-dns, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)

Modified Rules:


 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (snort3-protocol-dns.rules)
 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (snort3-server-apache.rules)

Modified Rules:


 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (snort3-server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (snort3-server-webapp.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (snort3-server-webapp.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (snort3-server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (snort3-server-other.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (snort3-server-webapp.rules)

2021-05-20 13:09:11 UTC

Snort Subscriber Rules Update

Date: 2021-05-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57580 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server auth_ldap format string exploit attempt (server-apache.rules)
 * 1:57579 <-> DISABLED <-> PROTOCOL-DNS ISC BIND OPT record text format handling denial of service attempt (protocol-dns.rules)
 * 3:57595 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57586 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57604 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57596 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57590 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57587 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57599 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57591 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57585 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57582 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57600 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57584 <-> ENABLED <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt (server-webapp.rules)
 * 3:57583 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)
 * 3:57594 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57601 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57592 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57593 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt (file-other.rules)
 * 3:57581 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules)
 * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules)
 * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)