Sourcefire VRT Rules Update

Date: 2012-11-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24608 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page download attempt (exploit-kit.rules)
 * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24626 <-> ENABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24625 <-> ENABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24624 <-> ENABLED <-> MALWARE-CNC Win32.Delf outbound connection (malware-cnc.rules)
 * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24623 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Mozilla Firefox (blacklist.rules)

Modified Rules:


 * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules)
 * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules)
 * 1:3474 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client name overflow (server-other.rules)
 * 1:3475 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client domain overflow (server-other.rules)
 * 1:3476 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client domain overflow (server-other.rules)
 * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules)
 * 1:3472 <-> DISABLED <-> SERVER-OTHER ARCserve discovery service overflow (server-other.rules)
 * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules)
 * 1:9813 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup connect_options buffer overflow attempt (server-other.rules)
 * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules)
 * 1:9636 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (server-other.rules)
 * 1:9635 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (server-other.rules)
 * 1:9634 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (server-other.rules)
 * 1:9633 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (server-other.rules)
 * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules)
 * 1:8729 <-> DISABLED <-> SERVER-OTHER Shixxnote font buffer overflow attempt (server-other.rules)
 * 1:8060 <-> DISABLED <-> SERVER-OTHER UltraVNC VNCLog buffer overflow (server-other.rules)
 * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules)
 * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules)
 * 1:6404 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:6011 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd buffer overflow attempt (server-other.rules)
 * 1:6010 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:5317 <-> DISABLED <-> SERVER-OTHER pcAnywhere buffer overflow attempt (server-other.rules)
 * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules)
 * 1:4918 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (os-windows.rules)
 * 1:4826 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (os-windows.rules)
 * 1:4641 <-> DISABLED <-> SERVER-OTHER Ethereal Distcc SOUT buffer overflow attempt (server-other.rules)
 * 1:4640 <-> DISABLED <-> SERVER-OTHER Ethereal Distcc SERR buffer overflow attempt (server-other.rules)
 * 1:4639 <-> DISABLED <-> SERVER-OTHER Ethereal Distcc ARGV buffer overflow attempt (server-other.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:4143 <-> DISABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:4130 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent buffer overflow Attempt (server-other.rules)
 * 1:4129 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent large login packet DoS attempt (server-other.rules)
 * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules)
 * 1:3696 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent DoS attempt (server-other.rules)
 * 1:3664 <-> DISABLED <-> SERVER-OTHER PPTP echo request buffer overflow attempt (server-other.rules)
 * 1:3695 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules)
 * 1:3663 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 buffer overflow attempt (server-other.rules)
 * 1:3662 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 little endian buffer overflow attempt (server-other.rules)
 * 1:3661 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 buffer overflow attempt (server-other.rules)
 * 1:3659 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 buffer overflow attempt (server-other.rules)
 * 1:3660 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 little endian buffer overflow attempt (server-other.rules)
 * 1:3658 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 little endian buffer overflow attempt (server-other.rules)
 * 1:3652 <-> DISABLED <-> SERVER-OTHER CVS pserver annotate revision overflow attempt (server-other.rules)
 * 1:3651 <-> DISABLED <-> SERVER-OTHER CVS rsh annotate revision overflow attempt (server-other.rules)
 * 1:3637 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF directory traversal attempt (server-other.rules)
 * 1:3541 <-> DISABLED <-> SERVER-OTHER RADIUS ATTR_TYPE_STR overflow attempt (server-other.rules)
 * 1:3540 <-> DISABLED <-> SERVER-OTHER RADIUS registration vendor ATTR_TYPE_STR overflow attempt (server-other.rules)
 * 1:3539 <-> DISABLED <-> SERVER-OTHER RADIUS MSID overflow attempt (server-other.rules)
 * 1:3538 <-> DISABLED <-> SERVER-OTHER RADIUS registration MSID overflow attempt (server-other.rules)
 * 1:3531 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client domain overflow (server-other.rules)
 * 1:3530 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client name overflow (server-other.rules)
 * 1:3525 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR NETWORK attempt (server-other.rules)
 * 1:3524 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR CHECKSUMS attempt (server-other.rules)
 * 1:3522 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG server overflow attempt (server-other.rules)
 * 1:3521 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR CHECKSUMS overflow attempt (server-other.rules)
 * 1:3520 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR NETWORK overflow attempt (server-other.rules)
 * 1:3481 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client domain overflow (server-other.rules)
 * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules)
 * 1:3485 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client domain overflow (server-other.rules)
 * 1:3484 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client name overflow (server-other.rules)
 * 1:3483 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client domain overflow (server-other.rules)
 * 1:3482 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client name overflow (server-other.rules)
 * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules)
 * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules)
 * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules)
 * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules)
 * 1:3480 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client name overflow (server-other.rules)
 * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules)
 * 1:2578 <-> DISABLED <-> SERVER-OTHER kerberos principal name overflow UDP (server-other.rules)
 * 1:2579 <-> DISABLED <-> SERVER-OTHER kerberos principal name overflow TCP (server-other.rules)
 * 1:3479 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client name overflow (server-other.rules)
 * 1:301 <-> DISABLED <-> SERVER-OTHER LPRng overflow (server-other.rules)
 * 1:304 <-> DISABLED <-> SERVER-OTHER SCO calserver overflow (server-other.rules)
 * 1:305 <-> DISABLED <-> SERVER-OTHER delegate proxy overflow (server-other.rules)
 * 1:3478 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client domain overflow (server-other.rules)
 * 1:306 <-> DISABLED <-> SERVER-OTHER VQServer admin (server-other.rules)
 * 1:307 <-> DISABLED <-> SERVER-OTHER CHAT IRC topic overflow (server-other.rules)
 * 1:3080 <-> DISABLED <-> SERVER-OTHER Unreal Tournament secure overflow attempt (server-other.rules)
 * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules)
 * 1:3477 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client name overflow (server-other.rules)
 * 1:3455 <-> DISABLED <-> SERVER-OTHER Bontago Game Server Nickname buffer overflow (server-other.rules)
 * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules)
 * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules)
 * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules)
 * 1:10187 <-> ENABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules)
 * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules)
 * 1:10998 <-> ENABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules)
 * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules)
 * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules)
 * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules)
 * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules)
 * 1:12078 <-> ENABLED <-> SERVER-OTHER CA BrightStor LGServer Heap buffer overflow (server-other.rules)
 * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer Stack buffer overflow (server-other.rules)
 * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules)
 * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules)
 * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules)
 * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules)
 * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules)
 * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules)
 * 1:12358 <-> DISABLED <-> SERVER-OTHER Helix DNA Server RTSP require tag heap overflow attempt (server-other.rules)
 * 1:1240 <-> DISABLED <-> SERVER-OTHER MDBMS overflow (server-other.rules)
 * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules)
 * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules)
 * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules)
 * 1:1261 <-> DISABLED <-> SERVER-OTHER AIX pdnsd overflow (server-other.rules)
 * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules)
 * 1:12667 <-> ENABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops rsxGetBackupLog second argument overflow (server-other.rules)
 * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops rsxGetBackupComplete overflow attemp (server-other.rules)
 * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops rxsSetDataGrowthScheduleAndFilter overflow attempt (server-other.rules)
 * 1:12787 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops rxsSetDefaultConfigName overflow attempt (server-other.rules)
 * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules)
 * 1:13221 <-> ENABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13222 <-> ENABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:1323 <-> DISABLED <-> SERVER-OTHER rwhoisd format string attempt (server-other.rules)
 * 1:13291 <-> ENABLED <-> SERVER-OTHER Samba send_mailslot buffer overflow attempt (server-other.rules)
 * 1:13363 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules)
 * 1:13365 <-> ENABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules)
 * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:13519 <-> ENABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules)
 * 1:13522 <-> ENABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules)
 * 1:13552 <-> ENABLED <-> SERVER-OTHER Symantec VERITAS Storage Foundation Suite buffer overflow attempt (server-other.rules)
 * 1:13553 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink username string buffer overflow (server-other.rules)
 * 1:13554 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink version string buffer overflow (server-other.rules)
 * 1:13555 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink remoteID string buffer overflow (server-other.rules)
 * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules)
 * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules)
 * 1:13631 <-> ENABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules)
 * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules)
 * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules)
 * 1:13715 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules)
 * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules)
 * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules)
 * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules)
 * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules)
 * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules)
 * 1:13916 <-> ENABLED <-> SERVER-OTHER Alt-N SecurityGateway username buffer overflow attempt (server-other.rules)
 * 1:1398 <-> DISABLED <-> SERVER-OTHER CDE dtspcd exploit attempt (server-other.rules)
 * 1:14230 <-> ENABLED <-> SERVER-OTHER SAP DB web server stack overflow attempt (server-other.rules)
 * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules)
 * 1:14741 <-> ENABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules)
 * 1:14769 <-> ENABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules)
 * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules)
 * 1:15145 <-> ENABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules)
 * 1:15146 <-> ENABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules)
 * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules)
 * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules)
 * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules)
 * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules)
 * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules)
 * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules)
 * 1:15514 <-> ENABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules)
 * 1:15555 <-> ENABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules)
 * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules)
 * 1:15573 <-> ENABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules)
 * 1:15882 <-> ENABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules)
 * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules)
 * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules)
 * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules)
 * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules)
 * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules)
 * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules)
 * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules)
 * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules)
 * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules)
 * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules)
 * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules)
 * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules)
 * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules)
 * 1:16008 <-> ENABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules)
 * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules)
 * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules)
 * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules)
 * 1:16071 <-> ENABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules)
 * 1:16213 <-> ENABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System arbitrary command execution attempt (server-other.rules)
 * 1:16341 <-> ENABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules)
 * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules)
 * 1:16393 <-> DISABLED <-> SERVER-OTHER Postgresql bit substring buffer overflow (server-other.rules)
 * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules)
 * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules)
 * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules)
 * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules)
 * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:16685 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules)
 * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules)
 * 1:16710 <-> ENABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules)
 * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules)
 * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules)
 * 1:17207 <-> ENABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules)
 * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules)
 * 1:17234 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:17235 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm download attempt (malware-cnc.rules)
 * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules)
 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules)
 * 1:1751 <-> DISABLED <-> SERVER-OTHER cachefsd buffer overflow attempt (server-other.rules)
 * 1:17520 <-> ENABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules)
 * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules)
 * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules)
 * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules)
 * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules)
 * 1:17661 <-> ENABLED <-> SERVER-OTHER Samba send_mailslot buffer overflow attempt (server-other.rules)
 * 1:17702 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules)
 * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules)
 * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules)
 * 1:1812 <-> DISABLED <-> SERVER-OTHER gobbles SSH exploit attempt (server-other.rules)
 * 1:1821 <-> DISABLED <-> SERVER-OTHER LPD dvips remote command execution attempt (server-other.rules)
 * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow over http attempt (server-other.rules)
 * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules)
 * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules)
 * 1:18753 <-> ENABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules)
 * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules)
 * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules)
 * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules)
 * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules)
 * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules)
 * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules)
 * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules)
 * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules)
 * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules)
 * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 Directory Transversal attempt (server-other.rules)
 * 1:1939 <-> DISABLED <-> SERVER-OTHER bootp hardware address length overflow (server-other.rules)
 * 1:1940 <-> DISABLED <-> SERVER-OTHER bootp invalid hardware type (server-other.rules)
 * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules)
 * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules)
 * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19938 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe Stack Buffer Overflow (server-other.rules)
 * 1:20058 <-> ENABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules)
 * 1:2039 <-> DISABLED <-> SERVER-OTHER bootp hostname format string attempt (server-other.rules)
 * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules)
 * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules)
 * 1:20749 <-> DISABLED <-> SERVER-OTHER EMC Retrospect client crafted packet buffer overflow attempt (server-other.rules)
 * 1:20874 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:21050 <-> DISABLED <-> SERVER-OTHER HP Diagnostics Server magentservice.exe stack overflow attempt (server-other.rules)
 * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules)
 * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules)
 * 1:21268 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI services remote object executation attempt (server-other.rules)
 * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules)
 * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules)
 * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules)
 * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules)
 * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules)
 * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules)
 * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules)
 * 1:22032 <-> ENABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules)
 * 1:22051 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mac.update.zyns.com - OSX.Maljava (blacklist.rules)
 * 1:22952 <-> ENABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules)
 * 1:23138 <-> ENABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules)
 * 1:23139 <-> ENABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules)
 * 1:2319 <-> DISABLED <-> SERVER-OTHER ebola PASS overflow attempt (server-other.rules)
 * 1:2320 <-> DISABLED <-> SERVER-OTHER ebola USER overflow attempt (server-other.rules)
 * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules)
 * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules)
 * 1:23402 <-> DISABLED <-> SERVER-WEBAPP CVS remote file information disclosure attempt (server-webapp.rules)
 * 1:23444 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet License Server buffer overflow attempt (server-other.rules)
 * 1:23456 <-> DISABLED <-> SERVER-OTHER IBM Tivoli name overflow attempt (server-other.rules)
 * 1:23563 <-> DISABLED <-> FILE-OTHER Microsoft Windows MHTML XSS attempt (file-other.rules)
 * 1:23632 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:2376 <-> DISABLED <-> SERVER-OTHER ISAKMP first payload certificate request length overflow attempt (server-other.rules)
 * 1:2377 <-> DISABLED <-> SERVER-OTHER ISAKMP second payload certificate request length overflow attempt (server-other.rules)
 * 1:2378 <-> DISABLED <-> SERVER-OTHER ISAKMP third payload certificate request length overflow attempt (server-other.rules)
 * 1:23789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules)
 * 1:2379 <-> DISABLED <-> SERVER-OTHER ISAKMP forth payload certificate request length overflow attempt (server-other.rules)
 * 1:23790 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules)
 * 1:2380 <-> DISABLED <-> SERVER-OTHER ISAKMP fifth payload certificate request length overflow attempt (server-other.rules)
 * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23979 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23980 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23981 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23982 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23983 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:2413 <-> DISABLED <-> SERVER-OTHER ISAKMP delete hash with empty hash attempt (server-other.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:2414 <-> DISABLED <-> SERVER-OTHER ISAKMP initial contact notification without SPI attempt (server-other.rules)
 * 1:2415 <-> DISABLED <-> SERVER-OTHER ISAKMP second payload initial contact notification without SPI attempt (server-other.rules)
 * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
 * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
 * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
 * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound communication (malware-cnc.rules)
 * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules)
 * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules)
 * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules)
 * 1:24324 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24325 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24326 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24327 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24328 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24329 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24330 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24331 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24332 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24333 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules)
 * 1:24504 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules)
 * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules)
 * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules)
 * 1:24593 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page received - specific structure (exploit-kit.rules)
 * 1:2489 <-> DISABLED <-> SERVER-OTHER esignal STREAMQUOTE buffer overflow attempt (server-other.rules)
 * 1:2490 <-> DISABLED <-> SERVER-OTHER esignal SNAPQUOTE buffer overflow attempt (server-other.rules)
 * 1:2545 <-> DISABLED <-> SERVER-OTHER AFP FPLoginExt username buffer overflow attempt (server-other.rules)
 * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules)
 * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules)
 * 3:18064 <-> ENABLED <-> EXPLOIT Microsoft .NET framework EntityObject execution attempt (exploit.rules)