Talos has added and modified multiple rules in the deleted, file-office, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
* 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
* 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules)
* 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
* 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (snort3-file-other.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (snort3-server-webapp.rules) * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (snort3-server-webapp.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (snort3-server-webapp.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (snort3-server-webapp.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (snort3-server-webapp.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (snort3-server-webapp.rules) * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (snort3-server-webapp.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (snort3-server-webapp.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (snort3-policy-other.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (snort3-server-webapp.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (snort3-server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (snort3-server-webapp.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (snort3-server-webapp.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-deleted.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (snort3-file-other.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (snort3-server-webapp.rules)
* 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
* 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51561 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51563 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51564 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51562 <-> DISABLED <-> DELETED SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (deleted.rules) * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
* 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
