Talos Rules 2022-03-31
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the exploit-kit, file-office, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 3:59409 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt (policy-other.rules)
 * 3:59408 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt (policy-other.rules)
 * 3:59411 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt (policy-other.rules)
 * 3:59406 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt (policy-other.rules)
 * 3:59410 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt (policy-other.rules)
 * 3:59407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt (policy-other.rules)
 * 3:59414 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt (policy-other.rules)

Modified Rules:


 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 3:59272 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt (server-other.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (snort3-server-other.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (snort3-exploit-kit.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (snort3-server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (snort3-server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (snort3-server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (snort3-server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (snort3-server-webapp.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (snort3-server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (snort3-server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (snort3-server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (snort3-server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (snort3-server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (snort3-server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (snort3-server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (snort3-server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (snort3-server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (snort3-server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (snort3-server-webapp.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (snort3-server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (snort3-server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (snort3-server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (snort3-server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (snort3-server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (snort3-server-webapp.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (snort3-file-office.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (snort3-file-office.rules)
 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (snort3-file-office.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (snort3-file-office.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (snort3-file-office.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (snort3-server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (snort3-server-webapp.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (snort3-server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (snort3-server-webapp.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (snort3-file-office.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (snort3-server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (snort3-server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (snort3-server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (snort3-server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (snort3-server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (snort3-os-windows.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules)
 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (snort3-os-windows.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules)

2022-03-31 14:59:07 UTC

Snort Subscriber Rules Update

Date: 2022-03-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59398 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
 * 1:59413 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59405 <-> DISABLED <-> EXPLOIT-KIT Operation Dream Job profile attempt (exploit-kit.rules)
 * 1:59396 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59401 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59412 <-> DISABLED <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt (server-webapp.rules)
 * 1:59365 <-> DISABLED <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt (server-webapp.rules)
 * 1:59400 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59363 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59364 <-> DISABLED <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt (server-webapp.rules)
 * 1:59403 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59404 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59402 <-> DISABLED <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt (server-webapp.rules)
 * 1:59399 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59415 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules)
 * 1:59370 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59371 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59372 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59373 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59368 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59374 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules)
 * 1:59375 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59376 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59397 <-> DISABLED <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt (file-office.rules)
 * 1:59377 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt (server-webapp.rules)
 * 1:59366 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59378 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59379 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59380 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59369 <-> DISABLED <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt (server-webapp.rules)
 * 1:59381 <-> DISABLED <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt (server-webapp.rules)
 * 1:59382 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59383 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59367 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt (server-webapp.rules)
 * 1:59384 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt (server-webapp.rules)
 * 1:59385 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59386 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59387 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt (server-webapp.rules)
 * 1:59388 <-> ENABLED <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (server-webapp.rules)
 * 1:59389 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59390 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59391 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59392 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt (server-webapp.rules)
 * 1:59393 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59394 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)
 * 1:59395 <-> DISABLED <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
 * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)
 * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules)

2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:44 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:45 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:45 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:45 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt


2022-03-31 15:07:45 UTC

Snort Subscriber Rules Update

Date: 2022-03-30-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59363 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59364 <-> SERVER-WEBAPP Apache Airflow trigger origin cross site scripting attempt
* 1:59365 <-> SERVER-WEBAPP Twitter TwitterServer HistogramQueryHandler cross site scripting attempt
* 1:59366 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59367 <-> SERVER-WEBAPP SolarWinds Orion IPAM cross site scripting attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59396 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59397 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59398 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59399 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59400 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59401 <-> FILE-OFFICE Microsoft Word tblStylePr use after free attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59405 <-> EXPLOIT-KIT Operation Dream Job profile attempt
* 3:59406 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1502 attack attempt
* 3:59407 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1504 attack attempt
* 3:59408 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1503 attack attempt
* 3:59409 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1505 attack attempt
* 3:59410 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1507 attack attempt
* 3:59411 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1506 attack attempt
* 1:59412 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 1:59413 <-> SERVER-WEBAPP Jenkins Gitlab Hook Plugin cross site scripting attempt
* 3:59414 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1495 attack attempt
* 1:59415 <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt

Modified Rules:

* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt
* 1:45130 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 1:45131 <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt
* 3:59272 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1477 attack attempt