Talos has added and modified multiple rules in the browser-ie, malware-cnc, malware-other, policy-social, policy-spam, protocol-scada, protocol-telnet and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules)
* 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules)
* 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules)
* 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules)
* 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules)
* 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules)
* 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules)
* 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules)
* 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules)
* 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules)
* 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (snort3-server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (snort3-server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (snort3-server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (snort3-server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (snort3-server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (snort3-server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (snort3-malware-other.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (snort3-server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (snort3-server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (snort3-server-webapp.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (snort3-server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (snort3-server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (snort3-server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (snort3-server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (snort3-server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (snort3-server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (snort3-server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (snort3-server-webapp.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (snort3-server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (snort3-malware-other.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (snort3-server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (snort3-server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (snort3-malware-other.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (snort3-server-webapp.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (snort3-server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (snort3-server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (snort3-server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (snort3-server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (snort3-server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (snort3-server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (snort3-server-webapp.rules) * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (snort3-server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (snort3-server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (snort3-server-webapp.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (snort3-server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (snort3-server-webapp.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (snort3-server-webapp.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (snort3-server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (snort3-server-webapp.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (snort3-server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (snort3-server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (snort3-server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (snort3-server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (snort3-server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (snort3-server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (snort3-server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (snort3-server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (snort3-server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (snort3-server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (snort3-server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (snort3-server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (snort3-server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (snort3-malware-other.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (snort3-malware-other.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (snort3-malware-other.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (snort3-malware-other.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (snort3-malware-other.rules)
* 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (snort3-protocol-telnet.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (snort3-protocol-telnet.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (snort3-protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (snort3-browser-ie.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (snort3-protocol-telnet.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (snort3-protocol-telnet.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (snort3-policy-social.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (snort3-malware-cnc.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (snort3-protocol-telnet.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (snort3-protocol-telnet.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59323 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules) * 1:59353 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59325 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59308 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59330 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59356 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59360 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59326 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59357 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59358 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59324 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt (server-webapp.rules) * 1:59336 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59359 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt (server-webapp.rules) * 1:59361 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59332 <-> DISABLED <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt (server-webapp.rules) * 1:59309 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59317 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59316 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59354 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59338 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt (malware-other.rules) * 1:59310 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt (server-webapp.rules) * 1:59322 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt (server-webapp.rules) * 1:59320 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59312 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59313 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59314 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt (server-webapp.rules) * 1:59349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt (malware-other.rules) * 1:59329 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59307 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59337 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59321 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59352 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt (malware-other.rules) * 1:59311 <-> DISABLED <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt (server-webapp.rules) * 1:59328 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59306 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59331 <-> DISABLED <-> SERVER-WEBAPP rConfig snippets SQL injection attempt (server-webapp.rules) * 1:59362 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt (server-webapp.rules) * 1:59346 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules) * 1:59315 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59318 <-> DISABLED <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt (server-webapp.rules) * 1:59355 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:59348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt (malware-other.rules) * 1:59319 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt (server-webapp.rules) * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt (server-webapp.rules) * 1:59327 <-> DISABLED <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt (server-webapp.rules) * 1:59335 <-> DISABLED <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt (server-webapp.rules) * 1:59305 <-> DISABLED <-> SERVER-WEBAPP OCS Inventory NG command injection attempt (server-webapp.rules) * 1:59342 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59343 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59344 <-> DISABLED <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt (server-webapp.rules) * 1:59345 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt (server-webapp.rules)
* 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt * 1:59309 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59310 <-> SERVER-WEBAPP Symantec Web Gateway cross site scripting attempt * 1:59311 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59312 <-> SERVER-WEBAPP NagiosQL txtSearch cross site scripting attempt * 1:59313 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59314 <-> SERVER-WEBAPP HPE Intelligent Management Center PlatNavigationToBean URL Java expression language injection attempt * 1:59315 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59316 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59317 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59318 <-> SERVER-WEBAPP IPFire ids cgi OINKCODE command injection attempt * 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt * 1:59322 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota arbitrary JSP file upload attempt * 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt * 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt * 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt * 1:59332 <-> SERVER-WEBAPP Car Rental Management System local file inclusion attempt * 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt * 1:59335 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59336 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59337 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59338 <-> SERVER-WEBAPP Micro Focus GroupWise Admin Console cross site scripting attempt * 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor GetProductCategory SQL injection attempt * 1:59342 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59343 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59344 <-> SERVER-WEBAPP Multi Restaurant Table Reservation System 1.0 table_id unauthenticated SQL injection attempt * 1:59345 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59346 <-> SERVER-WEBAPP Oracle E-Business Suite Common Applications Calendar cross site scripting attempt * 1:59347 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59348 <-> MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt * 1:59349 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59350 <-> MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt * 1:59351 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59352 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59353 <-> MALWARE-OTHER Php.Webshell.SmallShell download attempt * 1:59354 <-> MALWARE-OTHER Php.Webshell.SmallShell upload attempt * 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt * 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt * 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt * 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:17269 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt * 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt * 1:25856 <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt * 1:28088 <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt * 1:28112 <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt * 1:29396 <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same * 1:29397 <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same * 1:29398 <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same * 1:29399 <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same * 3:30933 <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt * 3:32114 <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt * 1:3274 <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt * 1:3533 <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt * 1:3537 <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt * 3:36649 <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt * 3:44419 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt * 3:46126 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46127 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:46128 <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt * 3:50320 <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt * 1:53264 <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt * 1:56624 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56625 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56626 <-> SERVER-WEBAPP rConfig command injection attempt * 1:56627 <-> SERVER-WEBAPP rConfig command injection attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
