Sourcefire VRT Certified Rules Update

Date: 2005-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3549 - WEB-CLIENT HTML DOM invalid element creation attempt (web-client.rules)
3550 - WEB-CLIENT HTML http scheme hostname overflow attempt (web-client.rules)
3551 - WEB-CLIENT .hta download attempt (web-client.rules)
3552 - WEB-CLIENT OLE32 MSHTA masquerade attempt (web-client.rules)
3553 - WEB-CLIENT HTML DOM null element insertion attempt (web-client.rules)

Updated rules:
 539 - NETBIOS Samba clientaccess (deleted.rules)
 893 - WEB-CGI MachineInfo access (deleted.rules)
1042 - WEB-IIS view source via translate header (web-iis.rules)
1186 - WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1188 - WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1189 - WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1190 - WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1191 - WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1198 - WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1826 - WEB-MISC WEB-INF access (web-misc.rules)
1844 - IMAP authenticate overflow attempt (imap.rules)
3070 - IMAP fetch overflow attempt (imap.rules)