Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-java, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules)
* 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules)
* 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules)
* 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (snort3-server-webapp.rules) * 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (snort3-server-webapp.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (snort3-server-webapp.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (snort3-browser-ie.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (snort3-browser-ie.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (snort3-browser-ie.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (snort3-browser-plugins.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (snort3-server-webapp.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (snort3-browser-plugins.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (snort3-browser-ie.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (snort3-server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (snort3-server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (snort3-server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (snort3-browser-plugins.rules) * 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (snort3-server-webapp.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (snort3-browser-plugins.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (snort3-server-webapp.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (snort3-server-webapp.rules) * 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (snort3-server-webapp.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (snort3-server-webapp.rules)
* 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (snort3-browser-ie.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (snort3-server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules)
* 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules)
* 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
