Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

This SRU number: 2016-03-08-001
Previous SRU number: 2016-03-07-001

Applies to:

This SEU number: 1445
Previous SEU: 1444

Applies to:

This is the complete list of rules added in SRU 2016-03-08-001 and SEU 1445.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

**High Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	38131	SERVER-WEBAPP	Netgear ProSafe NMS image.do directory traversal attempt	off	off	off
1	38132	SERVER-WEBAPP	Netgear ProSafe NMS image.do directory traversal attempt	off	off	off
1	38133	EXPLOIT-KIT	Angler exploit kit gate redirector	off	off	drop
1	38134	MALWARE-CNC	known malicious SSL certificate - Win.Trojan.Adwind	off	drop	drop
3	38137	SERVER-OTHER	Cisco DPC2203 arbitrary code execution attempt	off	off	drop
3	38138	SERVER-OTHER	Cisco DPQ3925 denial of service attempt	off	off	drop
3	38139	SERVER-OTHER	Cisco DPQ3939 denial of service attempt	off	off	drop

**Medium Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	38135	BROWSER-OTHER	Apple iOS CoreGraphics library PDF embedded image handling information leak attempt	off	off	off

**Low Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	38130	POLICY-OTHER	HTTP Request missing user-agent	off	off	off
1	38136	SERVER-MAIL	excessive email recipients - potential spam attempt	off	off	off

Updated rules can be found at this link.