Talos has added and modified multiple rules in the file-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules)
* 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules)
* 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules)
* 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules)
* 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules)
* 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules)
* 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules)
* 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules)
* 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules)
* 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules)
* 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules) * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59871 <-> ENABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (snort3-server-other.rules) * 1:59875 <-> ENABLED <-> POLICY-OTHER Apache Solr configset upload attempt (snort3-policy-other.rules) * 1:59874 <-> ENABLED <-> POLICY-OTHER Apache Solr configset upload attempt (snort3-policy-other.rules) * 1:59876 <-> ENABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (snort3-server-webapp.rules)
* 1:59844 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (snort3-policy-other.rules) * 1:36532 <-> ENABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59871 <-> DISABLED <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt (server-other.rules) * 1:59878 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules) * 1:59872 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59881 <-> DISABLED <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt (server-other.rules) * 1:59869 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59874 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59873 <-> DISABLED <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt (file-other.rules) * 1:59875 <-> DISABLED <-> POLICY-OTHER Apache Solr configset upload attempt (policy-other.rules) * 1:59876 <-> DISABLED <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt (server-webapp.rules) * 1:59870 <-> DISABLED <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt (file-other.rules) * 1:59877 <-> DISABLED <-> FILE-OTHER PEAR Archive Tar code deserialization attempt (file-other.rules)
* 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules) * 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300188 <-> FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt * 1:300189 <-> FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt * 1:300190 <-> FILE-OTHER PEAR Archive Tar code deserialization attempt * 1:59871 <-> SERVER-OTHER ISC DHCP TCP session exhaustion denial of service attempt * 1:59874 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59875 <-> POLICY-OTHER Apache Solr configset upload attempt * 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt * 1:59881 <-> SERVER-OTHER Citrix FileShare remote file inclusion attempt
* 1:36532 <-> SERVER-OTHER Oracle Java RMI remote code execution attempt * 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
