Talos has added and modified multiple rules in the file-image and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:300088 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules) * 1:300078 <-> ENABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (snort3-server-other.rules) * 1:300085 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules) * 1:300076 <-> ENABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (snort3-server-other.rules) * 1:300081 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (snort3-file-image.rules) * 1:300086 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules) * 1:300075 <-> ENABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (snort3-server-other.rules) * 1:300077 <-> ENABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (snort3-server-other.rules) * 1:300082 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (snort3-file-image.rules) * 1:300087 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules) * 1:300089 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (snort3-server-other.rules) * 1:300079 <-> ENABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (snort3-server-other.rules) * 1:300080 <-> ENABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (snort3-server-other.rules) * 1:300074 <-> ENABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (snort3-server-other.rules)
* 1:300028 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules) * 1:300026 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules) * 1:300025 <-> ENABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (snort3-server-webapp.rules) * 1:300051 <-> ENABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (snort3-server-webapp.rules) * 1:300013 <-> ENABLED <-> SERVER-APACHE Apache Struts CookieInterceptor classloader access attempt (snort3-server-apache.rules) * 1:300037 <-> ENABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (snort3-server-other.rules) * 1:300055 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (snort3-malware-cnc.rules) * 1:300067 <-> ENABLED <-> SERVER-OTHER cURL libcurl NtLM type 3 stack based buffer overflow (snort3-server-other.rules) * 1:300070 <-> ENABLED <-> SERVER-OTHER NTPsec ntp_control null pointer dereference attempt (snort3-server-other.rules) * 1:300053 <-> ENABLED <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (snort3-server-webapp.rules) * 1:300056 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300052 <-> ENABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (snort3-os-windows.rules) * 1:300033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (snort3-malware-cnc.rules) * 1:300027 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules) * 1:300061 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300034 <-> ENABLED <-> SERVER-WEBAPP PHP malformed quoted printable denial of service attempt (snort3-server-webapp.rules) * 1:300036 <-> ENABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:300048 <-> ENABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (snort3-malware-cnc.rules) * 1:300057 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300071 <-> ENABLED <-> SERVER-OTHER Squid Proxy ESI response denial of service attempt (snort3-server-other.rules) * 1:300058 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300038 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules) * 1:300015 <-> ENABLED <-> SERVER-OTHER Cisco IOS HTTP percent sign denial of service attempt (snort3-server-other.rules) * 1:300072 <-> ENABLED <-> SERVER-OTHER Facebook Fizz Plaintext Record Layer integer overflow denial of service attempt (snort3-server-other.rules) * 1:300050 <-> ENABLED <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt (snort3-server-other.rules) * 1:300035 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer arbitrary javascript command attempt (snort3-file-multimedia.rules) * 1:300060 <-> ENABLED <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt (snort3-server-apache.rules) * 1:300059 <-> ENABLED <-> MALWARE-CNC Win.Malware.Emotet cnc outbound connection attempt (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59672 <-> DISABLED <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt (server-other.rules) * 1:59679 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59678 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:59671 <-> DISABLED <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt (server-other.rules) * 1:59677 <-> DISABLED <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt (server-other.rules) * 1:59674 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59680 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59675 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59676 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt (server-other.rules) * 1:59673 <-> DISABLED <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt (server-other.rules) * 1:59681 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt (server-webapp.rules) * 1:59682 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59684 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59683 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59685 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules) * 1:59686 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300074 <-> SERVER-OTHER HPE Intelligence Management Center RMI remote code execution attempt * 1:300075 <-> SERVER-OTHER TightVNC vncviewer HandleCoRREBPP buffer overflow attempt * 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300079 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman stack-based buffer attempt * 1:300080 <-> SERVER-OTHER Delta Electronics Delta Industrial Automation COMMGR 1.08 stack buffer overflow attempt * 1:300081 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300082 <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt * 1:300083 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300084 <-> SERVER-WEBAPP Online Learning Management System SQL injection attempt * 1:300085 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300086 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300087 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300088 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt * 1:300089 <-> SERVER-OTHER Red Hat Directory Server vslapd denial of service attempt
* 1:43268 <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
