Talos Rules 2019-08-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-webkit, file-other, indicator-compromise and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)

Modified Rules:


 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules)
 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules)
 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)

Modified Rules:


 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)

Modified Rules:


 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (snort3-browser-webkit.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (snort3-server-webapp.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (snort3-server-webapp.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (snort3-server-webapp.rules)
 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (snort3-browser-webkit.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (snort3-browser-webkit.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (snort3-server-webapp.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (snort3-server-webapp.rules)
 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (snort3-browser-webkit.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (snort3-file-other.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (snort3-browser-webkit.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (snort3-indicator-compromise.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (snort3-browser-webkit.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (snort3-indicator-compromise.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (snort3-server-webapp.rules)
 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (snort3-server-other.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (snort3-server-webapp.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (snort3-server-other.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (snort3-file-other.rules)

Modified Rules:


 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules)

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)

2019-08-30 20:34:54 UTC

Snort Subscriber Rules Update

Date: 2019-08-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules)
 * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules)
 * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules)
 * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules)
 * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules)
 * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules)
 * 1:51377 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (server-webapp.rules)
 * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules)
 * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules)
 * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules)
 * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules)
 * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)
 * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules)

Modified Rules:


 * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules)
 * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)
 * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules)