Microsoft Vulnerability CVE-2022-23270: A coding deficiency exists in Point-to-Point Tunneling Protocol that may lead to remote code execution.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 59726 for Snort2, and GID 1, SID 300125 for Snort3.
Microsoft Vulnerability CVE-2022-23279: A coding deficiency exists in Microsoft Windows ALPC that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59727 through 59728 for Snort2, and GID 1, SID 300126 for Snort3.
Microsoft Vulnerability CVE-2022-26925: A coding deficiency exists in Microsoft Windows LSA that may lead to spoofing.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 59737 for Snort2, and GID 1, SID 300133 for Snort3.
Microsoft Vulnerability CVE-2022-26937: A coding deficiency exists in Microsoft Windows Network File System that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59738 through 59741 for Snort2, and GID 1, SIDs 300134 through 300137 for Snort3.
Microsoft Vulnerability CVE-2022-29104: A coding deficiency exists in Microsoft Windows Print Spooler that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59730 through 59731 for Snort2 and GID 1, SID 300128 for Snort3..
Microsoft Vulnerability CVE-2022-29142: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59733 through 59734 for Snort2, and GID 1, SIDs 300129 through 300130 for Snort3.
Talos also has added and modified multiple rules in the file-image, file-java, malware-cnc, os-windows, policy-other, protocol-dns, protocol-rpc, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 3:59732 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt (policy-other.rules)
* 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:300134 <-> ENABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (snort3-os-windows.rules) * 1:300109 <-> ENABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (snort3-protocol-dns.rules) * 1:300132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (snort3-malware-cnc.rules) * 1:300115 <-> ENABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (snort3-file-image.rules) * 1:300137 <-> ENABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (snort3-protocol-rpc.rules) * 1:300112 <-> ENABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (snort3-server-webapp.rules) * 1:300124 <-> ENABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (snort3-protocol-dns.rules) * 1:300113 <-> ENABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (snort3-server-webapp.rules) * 1:300131 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (snort3-server-webapp.rules) * 1:300111 <-> ENABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (snort3-protocol-dns.rules) * 1:300129 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (snort3-os-windows.rules) * 1:300136 <-> ENABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (snort3-os-windows.rules) * 1:300125 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (snort3-os-windows.rules) * 1:300135 <-> ENABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (snort3-protocol-rpc.rules) * 1:300110 <-> ENABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (snort3-protocol-dns.rules) * 1:300127 <-> ENABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (snort3-server-iis.rules) * 1:300133 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (snort3-os-windows.rules) * 1:300130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (snort3-os-windows.rules)
* 1:57336 <-> ENABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (snort3-policy-other.rules) * 1:38940 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (snort3-server-webapp.rules) * 1:38941 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (snort3-server-webapp.rules) * 1:59613 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (snort3-protocol-voip.rules) * 1:59579 <-> ENABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (snort3-protocol-dns.rules) * 1:29465 <-> ENABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (snort3-file-other.rules) * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (snort3-server-webapp.rules) * 1:38942 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59701 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection (malware-cnc.rules) * 1:59707 <-> DISABLED <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt (protocol-dns.rules) * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules) * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59700 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules) * 1:59709 <-> DISABLED <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt (protocol-dns.rules) * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules) * 1:59708 <-> DISABLED <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt (protocol-dns.rules) * 1:59723 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:59729 <-> DISABLED <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt (server-iis.rules) * 1:59730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59703 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59712 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt (os-windows.rules) * 1:59710 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59722 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59720 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59721 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59724 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt (server-webapp.rules) * 1:59719 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59706 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59702 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules) * 1:59711 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt (server-webapp.rules) * 1:59731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt (os-windows.rules) * 1:59737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt (os-windows.rules) * 1:59725 <-> DISABLED <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt (protocol-dns.rules) * 1:59713 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:59726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt (os-windows.rules) * 1:59727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:59718 <-> DISABLED <-> SERVER-WEBAPP Xinuos Openserver command injection attempt (server-webapp.rules) * 1:59705 <-> DISABLED <-> SERVER-WEBAPP vBulletin cross-site scripting attempt (server-webapp.rules) * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:59704 <-> DISABLED <-> POLICY-OTHER Golang get remote command execution attempt (policy-other.rules)
* 1:59613 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt (protocol-voip.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300103 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300104 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300105 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300106 <-> POLICY-OTHER Golang get remote command execution attempt * 1:300107 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300108 <-> SERVER-WEBAPP vBulletin cross-site scripting attempt * 1:300109 <-> PROTOCOL-DNS GNU C library glibc getanswer_r DNS buffer overflow attempt * 1:300110 <-> PROTOCOL-DNS ISC BIND query response missing RRSIG denial of service attempt * 1:300111 <-> PROTOCOL-DNS ISC BIND RRSIG response without relevant RR denial of service attempt * 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt * 1:300114 <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt * 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt * 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt * 1:300117 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300118 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300119 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300120 <-> SERVER-WEBAPP Xinuos Openserver command injection attempt * 1:300121 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300122 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300123 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt * 1:300124 <-> PROTOCOL-DNS BIND DNS64 and RPZ query processing denial of service attempt * 1:300125 <-> OS-WINDOWS Microsoft Windows Kernel Point-to-Point Tunneling Protocol remote code execution attempt * 1:300126 <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt * 1:300127 <-> SERVER-IIS Microsoft Windows HTTP.sys denial of service attempt * 1:300128 <-> OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt * 1:300129 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300130 <-> OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt * 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt * 1:300132 <-> MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection * 1:300133 <-> OS-WINDOWS Microsoft Windows LSA authentication spoofing attempt * 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt * 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt * 3:59732 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1513 attack attempt
* 1:29465 <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt * 1:38940 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38941 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:38942 <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt * 1:41390 <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt * 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt * 1:59613 <-> PROTOCOL-VOIP Digium Asterisk PJSIP missing contact header denial of service attempt