Talos Rules 2022-05-12
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-other, malware-cnc, policy-other, protocol-dns, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29190

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)

29181

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)

29171

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)

29170

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)

29161

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)
 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)

29160

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)

29151

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)
 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)

29141

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)
 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)

29130

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)

29111

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 3:59750 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)
 * 3:59751 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)

3000

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:300143 <-> ENABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (snort3-server-other.rules)
 * 1:300138 <-> ENABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (snort3-server-apache.rules)
 * 1:300142 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (snort3-protocol-dns.rules)
 * 1:300139 <-> ENABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (snort3-server-apache.rules)

Modified Rules:


 * 1:57336 <-> ENABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (snort3-policy-other.rules)
 * 1:300131 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (snort3-server-webapp.rules)
 * 1:59610 <-> ENABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (snort3-server-other.rules)
 * 1:58280 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (snort3-malware-cnc.rules)
 * 1:58279 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (snort3-malware-cnc.rules)
 * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (snort3-file-java.rules)

2983

2022-05-12 13:12:15 UTC

Snort Subscriber Rules Update

Date: 2022-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59776 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59746 <-> DISABLED <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt (protocol-dns.rules)
 * 1:59781 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59775 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59774 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59747 <-> DISABLED <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt (server-other.rules)
 * 1:59748 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59742 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt (server-apache.rules)
 * 1:59745 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59767 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59755 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59756 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59778 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59763 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59758 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59743 <-> DISABLED <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt (server-apache.rules)
 * 1:59744 <-> DISABLED <-> SERVER-WEBAPP TuziCMS SQL injection attempt (server-webapp.rules)
 * 1:59761 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59752 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59777 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59779 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59757 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59754 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59762 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59759 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59753 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59765 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59771 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59769 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59764 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59766 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59773 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59768 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59770 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59772 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59749 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt (server-webapp.rules)
 * 1:59780 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)
 * 1:59760 <-> DISABLED <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules)
 * 1:58279 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:58280 <-> DISABLED <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt (malware-cnc.rules)
 * 1:59610 <-> DISABLED <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt (server-other.rules)
 * 1:59735 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (server-webapp.rules)

3031

2022-05-12 13:15:38 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3034

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3100

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3101

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3110

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3130

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3140

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3150

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3170

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

3190

2022-05-12 13:15:39 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

31110

2022-05-12 13:15:40 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

31150

2022-05-12 13:15:40 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

31180

2022-05-12 13:15:40 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

31200

2022-05-12 13:15:40 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt

31210

2022-05-12 13:15:40 UTC

Snort Subscriber Rules Update

Date: 2022-05-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300138 <-> SERVER-APACHE Apache SVN mod_authz_svn MOVE denial of service attempt
* 1:300139 <-> SERVER-APACHE Apache SVN mod_authz_svn COPY denial of service attempt
* 1:300140 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300141 <-> SERVER-WEBAPP TuziCMS SQL injection attempt
* 1:300142 <-> PROTOCOL-DNS ISC BIND TKEY response denial of service attempt
* 1:300143 <-> SERVER-OTHER MIT Kerberos Modify Principal null principal denial of service attempt
* 1:300144 <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt
* 1:300145 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300146 <-> SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt
* 1:300147 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300148 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300149 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300150 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300151 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300152 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300153 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300154 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300155 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300156 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300157 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300158 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300159 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300160 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300161 <-> FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt
* 1:300162 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 3:59750 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt
* 3:59751 <-> SERVER-WEBAPP Cisco Enterprise NFV Infrastructure command injection attempt

Modified Rules:

* 1:17276 <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:31511 <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt
* 1:41853 <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt
* 1:57336 <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt
* 1:58279 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:58280 <-> MALWARE-CNC Doc.Dropper.SquirrelWaffle download attempt
* 1:59610 <-> SERVER-OTHER GnuTLS ASN1 DER length field buffer overflow attempt