Talos has added and modified multiple rules in the exploit-kit, file-image, file-multimedia, file-other, malware-cnc, netbios, os-mobile, os-solaris, policy-other, protocol-imap, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 3:58566 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules) * 3:58565 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt (file-image.rules)
* 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (snort3-os-mobile.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (snort3-server-webapp.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (snort3-server-webapp.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (snort3-os-mobile.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (snort3-server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (snort3-server-webapp.rules) * 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (snort3-server-webapp.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (snort3-server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (snort3-server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (snort3-malware-cnc.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (snort3-server-webapp.rules)
* 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (snort3-netbios.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (snort3-netbios.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (snort3-server-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (snort3-file-other.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (snort3-server-other.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (snort3-protocol-imap.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (snort3-server-other.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (snort3-server-other.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (snort3-server-webapp.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (snort3-file-other.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (snort3-protocol-imap.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (snort3-file-multimedia.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (snort3-netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (snort3-netbios.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (snort3-netbios.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (snort3-server-mysql.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (snort3-os-solaris.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (snort3-protocol-imap.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (snort3-server-other.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (snort3-netbios.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (snort3-server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (snort3-server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (snort3-server-webapp.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (snort3-netbios.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (snort3-server-webapp.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (snort3-server-webapp.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (snort3-server-webapp.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (snort3-file-image.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (snort3-exploit-kit.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (snort3-netbios.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (snort3-protocol-imap.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (snort3-netbios.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (snort3-protocol-imap.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (snort3-server-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (snort3-policy-other.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (snort3-server-other.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (snort3-protocol-imap.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (snort3-server-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58569 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58558 <-> DISABLED <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt (server-webapp.rules) * 1:58559 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58567 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58560 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt (malware-cnc.rules) * 1:58568 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt (server-webapp.rules) * 1:58561 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt (server-webapp.rules) * 1:58556 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules) * 1:58563 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58562 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:58557 <-> DISABLED <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt (os-mobile.rules)
* 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:58307 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt (server-webapp.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:58556 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58557 <-> OS-MOBILE ARM Mali GPU kernel use-after-free attempt * 1:58558 <-> SERVER-WEBAPP EMC VMAX3 VASA Provider virtual appliance UploadConfigurator arbitrary JSP file upload attempt * 1:58559 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58560 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58561 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet ID_HIDDEN_RED_ALERT_TASK_ID SQL injection attempt * 1:58562 <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt * 1:58563 <-> SERVER-WEBAPP GE MDS PulseNET CommandLineService arbitrary Java object deserialization attempt * 1:58564 <-> MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt * 3:58565 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 3:58566 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1414 attack attempt * 1:58567 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58568 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt * 1:58569 <-> SERVER-WEBAPP Roundcube Webmail file disclosure attempt
* 1:1547 <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt * 1:1548 <-> SERVER-WEBAPP csSearch.cgi access * 1:18985 <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt * 1:2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt * 1:2551 <-> SERVER-OTHER Oracle Web Cache GET overflow attempt * 1:2552 <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt * 1:2553 <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt * 1:2554 <-> SERVER-OTHER Oracle Web Cache POST overflow attempt * 1:2555 <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt * 1:2556 <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt * 1:2557 <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt * 1:2558 <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt * 1:2559 <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt * 1:2560 <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt * 1:2580 <-> SERVER-WEBAPP server negative Content-Length attempt * 1:2597 <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt * 1:2598 <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt * 1:2673 <-> FILE-IMAGE libpng tRNS overflow attempt * 1:29131 <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt * 1:3065 <-> PROTOCOL-IMAP append literal overflow attempt * 1:3067 <-> PROTOCOL-IMAP examine literal overflow attempt * 1:3069 <-> PROTOCOL-IMAP fetch literal overflow attempt * 1:3071 <-> PROTOCOL-IMAP status literal overflow attempt * 1:3075 <-> PROTOCOL-IMAP unsubscribe literal overflow attempt * 1:3076 <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt * 1:3088 <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt * 1:3527 <-> OS-SOLARIS Oracle Solaris LPD overflow attempt * 1:49482 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:49483 <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt * 1:58307 <-> SERVER-WEBAPP Trend Micro Control Manager ProductTree XML external entity injection attempt * 1:6702 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt * 1:6703 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt * 1:6704 <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt * 1:6705 <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt * 1:6708 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt * 1:6709 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt * 1:6710 <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt * 1:6711 <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
