Talos has added and modified multiple rules in the file-image, file-multimedia, file-other, malware-cnc, os-linux, os-windows, policy-other, protocol-dns, server-mail, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
* 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
* 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
* 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
* 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
* 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
* 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
* 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
* 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
* 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules) * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
* 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59852 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (snort3-server-oracle.rules) * 1:59835 <-> ENABLED <-> SERVER-MAIL Dovecot denial of service attempt (snort3-server-mail.rules) * 1:59843 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (snort3-policy-other.rules) * 1:59825 <-> ENABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (snort3-server-other.rules) * 1:59834 <-> ENABLED <-> SERVER-MAIL Dovecot denial of service attempt (snort3-server-mail.rules) * 1:59830 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules) * 1:59846 <-> ENABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (snort3-server-other.rules) * 1:59864 <-> ENABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (snort3-os-windows.rules) * 1:59838 <-> ENABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (snort3-policy-other.rules) * 1:59828 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules) * 1:59849 <-> ENABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (snort3-os-linux.rules) * 1:59868 <-> ENABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (snort3-os-windows.rules) * 1:59865 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (snort3-server-oracle.rules) * 1:59866 <-> ENABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (snort3-server-other.rules) * 1:59837 <-> ENABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (snort3-server-webapp.rules) * 1:59831 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules) * 1:59836 <-> ENABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (snort3-server-webapp.rules) * 1:59829 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules) * 1:59867 <-> ENABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (snort3-server-other.rules) * 1:59839 <-> ENABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (snort3-policy-other.rules) * 1:59832 <-> ENABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (snort3-server-other.rules) * 1:59842 <-> ENABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (snort3-server-other.rules) * 1:59859 <-> ENABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (snort3-protocol-dns.rules) * 1:59844 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (snort3-policy-other.rules) * 1:59833 <-> ENABLED <-> SERVER-MAIL Dovecot denial of service attempt (snort3-server-mail.rules) * 1:59854 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (snort3-os-windows.rules) * 1:59845 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (snort3-policy-other.rules) * 1:59853 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (snort3-os-windows.rules)
* 1:58681 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:58682 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:59509 <-> ENABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (snort3-file-other.rules) * 1:58680 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:47277 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules) * 1:47276 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules) * 1:41209 <-> ENABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (snort3-server-other.rules) * 1:59510 <-> ENABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (snort3-file-other.rules) * 1:58679 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:7707 <-> ENABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (snort3-malware-cnc.rules) * 1:41206 <-> ENABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules) * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules) * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules) * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules) * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules) * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules) * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules) * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules) * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules) * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules) * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules) * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules) * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules) * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules) * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules) * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules) * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules) * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules) * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
* 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules) * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt * 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt * 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt * 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt * 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt * 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt * 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt * 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt * 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt * 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt * 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt * 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt * 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt * 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt * 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected * 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected * 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt * 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt * 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt * 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt * 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt * 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt * 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt * 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt
* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt * 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt * 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt * 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt * 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt * 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt * 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt * 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
