Talos Rules 2021-05-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-other, file-flash, file-image, file-java, file-other, file-pdf, indicator-compromise, os-windows, policy-other, server-mail, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)

Modified Rules:


 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)

Modified Rules:


 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)

Modified Rules:


 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)

Modified Rules:


 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (snort3-server-webapp.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (snort3-file-flash.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (snort3-server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (snort3-server-webapp.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (snort3-indicator-compromise.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (snort3-server-webapp.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (snort3-server-webapp.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (snort3-server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (snort3-server-webapp.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (snort3-indicator-compromise.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (snort3-server-webapp.rules)
 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (snort3-server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (snort3-server-webapp.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (snort3-server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (snort3-policy-other.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (snort3-policy-other.rules)

Modified Rules:


 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (snort3-file-java.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (snort3-server-webapp.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (snort3-browser-ie.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (snort3-os-windows.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (snort3-browser-other.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (snort3-server-webapp.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (snort3-file-java.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (snort3-file-java.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (snort3-file-java.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (snort3-browser-ie.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (snort3-file-other.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (snort3-policy-other.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (snort3-server-mysql.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (snort3-server-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (snort3-server-oracle.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (snort3-server-webapp.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (snort3-server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (snort3-server-other.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (snort3-server-mail.rules)
 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (snort3-server-webapp.rules)

2021-05-04 12:36:54 UTC

Snort Subscriber Rules Update

Date: 2021-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57518 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57513 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57493 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57497 <-> ENABLED <-> INDICATOR-COMPROMISE Outbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57514 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57490 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57495 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57500 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center IccSelectDevTypeBean Expression Language Injection Java expression language injection attempt (server-webapp.rules)
 * 1:57517 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57516 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:57498 <-> ENABLED <-> INDICATOR-COMPROMISE Inbound request for known ProxyLogon cryptomining payload (indicator-compromise.rules)
 * 1:57511 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57496 <-> DISABLED <-> POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (policy-other.rules)
 * 1:57512 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57492 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 1:57515 <-> DISABLED <-> SERVER-WEBAPP Sinapsi eSolar Light Photovoltaic System Monitor SQL injection attempt (server-webapp.rules)
 * 1:57519 <-> DISABLED <-> SERVER-WEBAPP Serendipity index.php SQL injection attempt (server-webapp.rules)
 * 1:57494 <-> DISABLED <-> SERVER-WEBAPP Micro Focus Operations Bridge Manager remote code execution attempt (server-webapp.rules)
 * 1:57491 <-> DISABLED <-> SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (server-webapp.rules)
 * 3:57505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57506 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1279 attack attempt (file-other.rules)
 * 3:57502 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57501 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1289 attack attempt (file-image.rules)
 * 3:57504 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)
 * 3:57508 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57507 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1278 attack attempt (file-other.rules)
 * 3:57509 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57510 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1286 attack attempt (file-pdf.rules)
 * 3:57503 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1290 attack attempt (policy-other.rules)

Modified Rules:


 * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules)
 * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
 * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)
 * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules)