Talos Rules 2019-08-22
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-shellcode, os-linux, os-windows, policy-other, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (snort3-server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (snort3-file-other.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (snort3-server-webapp.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (snort3-server-other.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (snort3-server-other.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (snort3-server-webapp.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (snort3-server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (snort3-file-office.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (snort3-server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (snort3-server-other.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (snort3-file-office.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (snort3-server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (snort3-os-windows.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (snort3-file-image.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (snort3-file-image.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (snort3-file-office.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (snort3-server-other.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (snort3-server-webapp.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (snort3-file-image.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (snort3-indicator-compromise.rules)

Modified Rules:


 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (snort3-browser-ie.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (snort3-server-webapp.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (snort3-server-other.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (snort3-server-other.rules)

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)

2019-08-22 11:56:45 UTC

Snort Subscriber Rules Update

Date: 2019-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules)
 * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules)
 * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules)
 * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules)
 * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules)
 * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules)
 * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules)
 * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules)
 * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules)
 * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules)
 * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules)
 * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules)
 * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules)
 * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules)
 * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules)
 * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules)
 * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules)
 * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules)
 * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules)
 * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules)
 * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules)
 * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules)
 * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules)
 * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules)
 * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules)
 * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules)
 * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules)
 * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules)
 * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules)
 * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules)
 * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules)

Modified Rules:


 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules)
 * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules)
 * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
 * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules)
 * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules)