A vulnerability in Cisco WebEx Browser Extension was recently publicly disclosed. Information about this vulnerability can be found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex and attempts to exploit this vulnerability are covered by SIDs 41407-41409.
Talos has also added and modified multiple rules in the app-detect, blacklist, browser-firefox, browser-ie, browser-other, file-flash, file-image, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41406 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41385 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41386 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41404 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41380 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules) * 1:41382 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41381 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41379 <-> DISABLED <-> SERVER-OTHER Squid HTTP Vary response header denial of service attempt (server-other.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules) * 1:41377 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41366 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack server denial of service attempt (server-other.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41403 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Simda (blacklist.rules) * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41405 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 3:41371 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0269 attack attempt (file-other.rules) * 3:41373 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41410 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0229 attack attempt (server-webapp.rules) * 3:41367 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0260 attack attempt (server-other.rules) * 3:41372 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41370 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0269 attack attempt (file-other.rules) * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules)
* 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:40250 <-> DISABLED <-> INDICATOR-OBFUSCATION Chunked encoding used without HTTP 1.1 evasion attempt. (indicator-obfuscation.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:40941 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules) * 1:40940 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:21230 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:21926 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file execution attempt (server-webapp.rules) * 1:21925 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BOT/0.1 (blacklist.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules) * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41386 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41385 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41366 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack server denial of service attempt (server-other.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41377 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41379 <-> DISABLED <-> SERVER-OTHER Squid HTTP Vary response header denial of service attempt (server-other.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41380 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41381 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41382 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules) * 1:41403 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Simda (blacklist.rules) * 1:41404 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41406 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41405 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 3:41410 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0229 attack attempt (server-webapp.rules) * 3:41372 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41373 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41370 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0269 attack attempt (file-other.rules) * 3:41371 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0269 attack attempt (file-other.rules) * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41367 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0260 attack attempt (server-other.rules)
* 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:40250 <-> DISABLED <-> INDICATOR-OBFUSCATION Chunked encoding used without HTTP 1.1 evasion attempt. (indicator-obfuscation.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:40940 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:21926 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file execution attempt (server-webapp.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:40941 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:21230 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:21925 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BOT/0.1 (blacklist.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41406 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41405 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41404 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:41403 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Simda (blacklist.rules) * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules) * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules) * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules) * 1:41386 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41385 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41382 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41381 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41380 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41379 <-> DISABLED <-> SERVER-OTHER Squid HTTP Vary response header denial of service attempt (server-other.rules) * 1:41378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41377 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41366 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack server denial of service attempt (server-other.rules) * 3:41410 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0229 attack attempt (server-webapp.rules) * 3:41372 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41373 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41370 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0269 attack attempt (file-other.rules) * 3:41371 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0269 attack attempt (file-other.rules) * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41367 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0260 attack attempt (server-other.rules)
* 1:21926 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file execution attempt (server-webapp.rules) * 1:21925 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BOT/0.1 (blacklist.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules) * 1:40250 <-> DISABLED <-> INDICATOR-OBFUSCATION Chunked encoding used without HTTP 1.1 evasion attempt. (indicator-obfuscation.rules) * 1:40940 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:40941 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:21230 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
