Talos has added and modified multiple rules in the browser-other, file-image, file-java, file-other, os-windows, protocol-dns, protocol-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules)
* 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules)
* 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules)
* 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 3:59568 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59567 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules) * 3:59569 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt (protocol-other.rules) * 3:59565 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59564 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt (protocol-dns.rules) * 3:59566 <-> ENABLED <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt (server-webapp.rules)
* 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (snort3-server-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (snort3-server-other.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (snort3-server-webapp.rules) * 1:300070 <-> ENABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (snort3-native.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (snort3-browser-other.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (snort3-server-other.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (snort3-server-other.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (snort3-server-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (snort3-file-java.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (snort3-file-image.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (snort3-server-other.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (snort3-file-java.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (snort3-file-java.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (snort3-protocol-scada.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (snort3-file-other.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (snort3-file-other.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (snort3-server-webapp.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (snort3-server-webapp.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (snort3-browser-other.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (snort3-file-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (snort3-file-other.rules) * 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (snort3-server-webapp.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (snort3-server-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (snort3-file-image.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (snort3-file-other.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (snort3-file-java.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (snort3-server-webapp.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (snort3-server-webapp.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (snort3-file-other.rules)
* 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (snort3-os-windows.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (snort3-os-windows.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59558 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59562 <-> DISABLED <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt (server-other.rules) * 1:59557 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt (server-webapp.rules) * 1:59537 <-> DISABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59542 <-> DISABLED <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt (server-other.rules) * 1:59559 <-> DISABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (server-other.rules) * 1:59560 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59540 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt (server-webapp.rules) * 1:59536 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59541 <-> DISABLED <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (server-webapp.rules) * 1:59538 <-> ENABLED <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt (browser-other.rules) * 1:59550 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt (server-other.rules) * 1:59543 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59539 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt (server-webapp.rules) * 1:59551 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59556 <-> DISABLED <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt (protocol-scada.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59547 <-> DISABLED <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt (server-other.rules) * 1:59544 <-> DISABLED <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt (file-other.rules) * 1:59563 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59561 <-> DISABLED <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt (file-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59552 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59555 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59545 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules) * 1:59553 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59554 <-> DISABLED <-> FILE-JAVA IBM Java SDK privilege escalation attempt (file-java.rules) * 1:59546 <-> DISABLED <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt (file-other.rules)
* 1:59535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:59534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300068 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:300069 <-> FILE-OFFICE Microsoft Word abstractNum use after free attempt * 1:300070 <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt * 1:59536 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59537 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59538 <-> BROWSER-OTHER Electronic Arts Origin Client template injection attempt * 1:59539 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode default credential authentication attempt * 1:59540 <-> SERVER-WEBAPP Zoho ManageEngine DataSecurity Plus Xnode directory traversal attempt * 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt * 1:59542 <-> SERVER-OTHER Redis HyperLogLog hllSparseToDense heap buffer overflow attempt * 1:59543 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59544 <-> FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt * 1:59545 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59546 <-> FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt * 1:59547 <-> SERVER-OTHER REDIS HyperLogLog hllCount stack buffer overflow attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59550 <-> SERVER-OTHER Quagga BGP daemon BGP capabilities parsing denial of service attempt * 1:59551 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:59552 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59553 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59554 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59555 <-> FILE-JAVA IBM Java SDK privilege escalation attempt * 1:59556 <-> PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt * 1:59557 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59558 <-> SERVER-WEBAPP Oracle WebLogic Server insecure deserialization exploit attempt * 1:59560 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59561 <-> FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt * 1:59562 <-> SERVER-OTHER LibVNCServer File Transfer extension use after free attempt * 1:59563 <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt * 3:59564 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59565 <-> PROTOCOL-DNS Cisco IOS XE mDNS denial of service attempt * 3:59566 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59567 <-> SERVER-WEBAPP Cisco IOx application environment command injection attempt * 3:59568 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt * 3:59569 <-> PROTOCOL-OTHER Cisco IOS XE RPKI-RTR denial of service attempt
* 1:51926 <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt * 1:59534 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt * 1:59535 <-> OS-WINDOWS Microsoft Windows Server portmap.sys out of bounds write attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
