Talos has added and modified multiple rules in the file-office, file-other, os-windows, policy-other, protocol-dns, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules)
* 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules)
* 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules)
* 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (os-windows.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 3:59654 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules) * 3:59658 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59659 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59660 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59661 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59662 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59663 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt (server-webapp.rules) * 3:59668 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt (server-webapp.rules) * 3:59670 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt (server-webapp.rules)
* 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (snort3-server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (snort3-file-office.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (snort3-os-windows.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (snort3-policy-other.rules) * 1:59653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt (snort3-os-windows.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (snort3-server-other.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (snort3-server-webapp.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (snort3-server-webapp.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (snort3-server-webapp.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (snort3-file-office.rules) * 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (snort3-server-apache.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (snort3-os-windows.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (snort3-server-webapp.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (snort3-server-webapp.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (snort3-server-webapp.rules)
* 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt (snort3-os-windows.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (snort3-file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (snort3-protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59667 <-> DISABLED <-> SERVER-APACHE SVN URL command injection attempt (server-apache.rules) * 1:59652 <-> DISABLED <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt (server-webapp.rules) * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules) * 1:59655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt (os-windows.rules) * 1:59649 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59651 <-> DISABLED <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt (server-other.rules) * 1:59647 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59656 <-> DISABLED <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt (server-webapp.rules) * 1:59650 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59648 <-> DISABLED <-> SERVER-WEBAPP Netgear R8500 command injection attempt (server-webapp.rules) * 1:59664 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59665 <-> DISABLED <-> FILE-OFFICE Microsoft Word internal object auto update attempt (file-office.rules) * 1:59669 <-> DISABLED <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt (server-webapp.rules) * 1:59666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt (os-windows.rules)
* 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt * 1:59651 <-> SERVER-OTHER Strong Swan OpenSSL plugin ISAKMP denial of service attempt * 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt * 1:59653 <-> OS-WINDOWS Microsoft Windows SMBv2 NTLM tampering attempt * 3:59654 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt * 1:59655 <-> OS-WINDOWS Microsoft Windows SMBv1 out of bounds read attempt * 1:59656 <-> SERVER-WEBAPP Apache Groovy Elastic Search unauthorized serialized object attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt * 3:59658 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59659 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59660 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59661 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59662 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 3:59663 <-> SERVER-WEBAPP Cisco ASA and FTD SSL VPN heap buffer overflow attempt * 1:59664 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59665 <-> FILE-OFFICE Microsoft Word internal object auto update attempt * 1:59666 <-> OS-WINDOWS Microsoft Windows SMBv1 information disclosure attempt * 1:59667 <-> SERVER-APACHE SVN URL command injection attempt * 3:59668 <-> SERVER-WEBAPP Cisco ASA and FTD privilege escalation attempt * 1:59669 <-> SERVER-WEBAPP Apache Subversion denial-of-service attempt * 3:59670 <-> SERVER-WEBAPP Cisco Firepower Management Console security bypass file upload attempt
* 1:50633 <-> OS-WINDOWS Microsoft Windows SMBv1 NTLM tampering attempt * 1:52383 <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt * 1:52524 <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
