Talos has added and modified multiple rules in the browser-webkit, file-office, file-other, file-pdf, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45721 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45722 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45733 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45732 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45735 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45734 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 3:45731 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:45730 <-> ENABLED <-> SERVER-OTHER Cisco TelePresence TC and TE software authentication bypass attempt (server-other.rules) * 3:45714 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45729 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager appuserFindList.do access detected (policy-other.rules) * 3:45711 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45712 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45713 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45716 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45697 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45698 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45706 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45708 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45715 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45699 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45710 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45700 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45701 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45702 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45709 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45703 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45717 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45707 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45718 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45704 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45705 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules)
* 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:33655 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45732 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45733 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45735 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45722 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45734 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45721 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 3:45715 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45713 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45697 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45716 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45714 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45706 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45698 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45699 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45710 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45700 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45701 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45707 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45702 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45729 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager appuserFindList.do access detected (policy-other.rules) * 3:45705 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45730 <-> ENABLED <-> SERVER-OTHER Cisco TelePresence TC and TE software authentication bypass attempt (server-other.rules) * 3:45731 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:45718 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45703 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45712 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45704 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45717 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45711 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45709 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45708 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules)
* 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:33655 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45733 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (snort3-browser-webkit.rules) * 1:45725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (snort3-file-pdf.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (snort3-file-pdf.rules) * 1:45721 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (snort3-server-webapp.rules) * 1:45722 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (snort3-server-webapp.rules) * 1:45727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (snort3-file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (snort3-file-pdf.rules) * 1:45728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (snort3-file-pdf.rules) * 1:45724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (snort3-file-pdf.rules) * 1:45732 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (snort3-browser-webkit.rules) * 1:45734 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (snort3-browser-webkit.rules) * 1:45737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (snort3-file-pdf.rules) * 1:45735 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (snort3-browser-webkit.rules) * 1:45726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (snort3-file-pdf.rules) * 1:45723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (snort3-file-pdf.rules) * 1:45736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (snort3-file-pdf.rules)
* 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (snort3-file-other.rules) * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (snort3-file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (snort3-server-other.rules) * 1:33655 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45722 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45721 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45732 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45733 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45735 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45734 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 3:45713 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45730 <-> ENABLED <-> SERVER-OTHER Cisco TelePresence TC and TE software authentication bypass attempt (server-other.rules) * 3:45731 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:45718 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45714 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45712 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45716 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45715 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45705 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45711 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45710 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45697 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45698 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45717 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45729 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager appuserFindList.do access detected (policy-other.rules) * 3:45707 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45709 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45699 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45708 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45700 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45701 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45702 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45706 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45703 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45704 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules)
* 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:33655 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45722 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45721 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45735 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45734 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45733 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45732 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 3:45710 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45709 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45706 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45714 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45697 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45712 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45698 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45717 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45711 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45731 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:45730 <-> ENABLED <-> SERVER-OTHER Cisco TelePresence TC and TE software authentication bypass attempt (server-other.rules) * 3:45729 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager appuserFindList.do access detected (policy-other.rules) * 3:45718 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45707 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45708 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45699 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45700 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45701 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45716 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45702 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45703 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45704 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45715 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45705 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45713 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules)
* 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:33655 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
