Talos Rules 2022-05-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-image and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)

Modified Rules:



2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:300088 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules)
 * 1:300078 <-> ENABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (snort3-server-other.rules)
 * 1:300085 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules)
 * 1:300076 <-> ENABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (snort3-server-other.rules)
 * 1:300081 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (snort3-file-image.rules)
 * 1:300086 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules)
 * 1:300075 <-> ENABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (snort3-server-other.rules)
 * 1:300077 <-> ENABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (snort3-server-other.rules)
 * 1:300082 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (snort3-file-image.rules)
 * 1:300087 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules)
 * 1:300089 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules)
 * 1:300079 <-> ENABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (snort3-server-other.rules)
 * 1:300080 <-> ENABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (snort3-server-other.rules)
 * 1:300074 <-> ENABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (snort3-server-other.rules)

Modified Rules:


 * 1:300028 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:300026 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:300025 <-> ENABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (snort3-server-webapp.rules)
 * 1:300051 <-> ENABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (snort3-server-webapp.rules)
 * 1:300013 <-> ENABLED <-> SERVER-APACHE Apache Struts CookieInterceptor classloader access attempt (snort3-server-apache.rules)
 * 1:300037 <-> ENABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (snort3-server-other.rules)
 * 1:300055 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (snort3-malware-cnc.rules)
 * 1:300067 <-> ENABLED <-> SERVER-OTHER cURL libcurl NtLM type 3 stack based buffer overflow (snort3-server-other.rules)
 * 1:300070 <-> ENABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (snort3-server-other.rules)
 * 1:300053 <-> ENABLED <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (snort3-server-webapp.rules)
 * 1:300056 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300052 <-> ENABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (snort3-os-windows.rules)
 * 1:300033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (snort3-malware-cnc.rules)
 * 1:300027 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:300061 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300034 <-> ENABLED <-> SERVER-WEBAPP PHP malformed quoted printable denial of service attempt (snort3-server-webapp.rules)
 * 1:300036 <-> ENABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:300048 <-> ENABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (snort3-malware-cnc.rules)
 * 1:300057 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300071 <-> ENABLED <-> SERVER-OTHER Squid Proxy ESI response denial of service attempt (snort3-server-other.rules)
 * 1:300058 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300038 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules)
 * 1:300015 <-> ENABLED <-> SERVER-OTHER Cisco IOS HTTP percent sign denial of service attempt (snort3-server-other.rules)
 * 1:300072 <-> ENABLED <-> SERVER-OTHER Facebook Fizz Plaintext Record Layer integer overflow denial of service attempt (snort3-server-other.rules)
 * 1:300050 <-> ENABLED <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt (snort3-server-other.rules)
 * 1:300035 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer arbitrary javascript command attempt (snort3-file-multimedia.rules)
 * 1:300060 <-> ENABLED <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt (snort3-server-apache.rules)
 * 1:300059 <-> ENABLED <-> MALWARE-CNC Win.Malware.Emotet cnc outbound connection attempt (snort3-malware-cnc.rules)

2022-05-03 12:28:20 UTC

Snort Subscriber Rules Update

Date: 2022-05-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules)
 * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules)
 * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
 * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
 * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules)
 * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
 * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
 * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)

Modified Rules:



2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:47 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:48 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:48 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt


2022-05-03 12:39:48 UTC

Snort Subscriber Rules Update

Date: 2022-05-02-002

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt
* 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt
* 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt
* 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt
* 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
* 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt
* 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt

Modified Rules:

* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt