Sourcefire VRT Rules Update

Date: 2012-12-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:25120 <-> DISABLED <-> SERVER-WEBAPP W3 Total Cache for Wordpress access - likely information disclosure (server-webapp.rules)
 * 1:25122 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:25123 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:25124 <-> DISABLED <-> BROWSER-OTHER suspicious named empty form detected (browser-other.rules)
 * 1:25121 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:25125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25127 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25128 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25119 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - NewBrandTest (blacklist.rules)
 * 1:25134 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25131 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)

Modified Rules:


 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)