Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-image, file-multimedia, file-other, file-pdf, malware-cnc, malware-other, os-windows, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules)
* 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules)
* 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules)
* 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules)
* 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (snort3-server-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (snort3-browser-ie.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (snort3-file-other.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (snort3-file-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (snort3-malware-other.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (snort3-browser-ie.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (snort3-server-mail.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (snort3-browser-plugins.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (snort3-file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (snort3-server-webapp.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (snort3-browser-plugins.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (snort3-file-pdf.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (snort3-server-webapp.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (snort3-file-pdf.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (snort3-file-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (snort3-malware-other.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (snort3-browser-plugins.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (snort3-server-webapp.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (snort3-server-other.rules)
* 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (snort3-server-other.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (snort3-server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (snort3-file-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (snort3-server-other.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (snort3-server-other.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (snort3-server-other.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (snort3-server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (snort3-server-other.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (snort3-server-other.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (snort3-file-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (snort3-server-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (snort3-server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (snort3-server-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (snort3-server-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (snort3-server-other.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (snort3-browser-ie.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (snort3-server-other.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (snort3-server-other.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (snort3-server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (snort3-os-windows.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (snort3-server-webapp.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (snort3-malware-cnc.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (snort3-server-other.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (snort3-server-webapp.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (snort3-browser-ie.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (snort3-server-other.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (snort3-server-webapp.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (snort3-server-webapp.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (snort3-server-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (snort3-os-windows.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (snort3-server-other.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (snort3-server-other.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (snort3-malware-cnc.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (snort3-browser-plugins.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (snort3-server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (snort3-server-other.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (snort3-server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (snort3-server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (snort3-server-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (snort3-file-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (snort3-server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (snort3-server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (snort3-server-other.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (snort3-server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (snort3-server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (snort3-server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (snort3-server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (snort3-server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (snort3-server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (snort3-server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (snort3-server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (snort3-server-other.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (snort3-server-other.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (snort3-server-other.rules) * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (snort3-server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (snort3-server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (snort3-server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (snort3-server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules)
* 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules)
* 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
