* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-09-21-001
Previous SRU number: 2016-09-19-001
Applies to:
This SEU number: 1548
Previous SEU: 1547
Applies to:
This is the complete list of rules modified in SRU 2016-09-21-001 and SEU 1548.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 20864 | SERVER-WEBAPP | Jive Software Openfire group-summary.jsp XSS attempt | off | off | off |
| 1 | 24343 | SERVER-WEBAPP | JBoss JMXInvokerServlet access attempt | off | drop | drop |
| 1 | 26850 | BROWSER-IE | Microsoft Internet Explorer IE5 compatibility mode enable attempt | off | off | drop |
| 1 | 28955 | SERVER-OTHER | Squid HTTP Host header port parameter denial of service attempt | off | off | off |
| 1 | 33817 | SERVER-OTHER | Lighttpd Host header directory traversal attempt | off | off | off |
| 1 | 34416 | BROWSER-IE | Microsoft Internet Explorer 8 compatibility mode enable attempt | off | off | off |
| 1 | 35503 | FILE-OFFICE | Microsoft Office Word incomplete ActiveX control use-after-free attempt | off | drop | drop |
| 1 | 35504 | FILE-OFFICE | Microsoft Office Word incomplete ActiveX control use-after-free attempt | off | drop | drop |
| 1 | 35507 | BROWSER-IE | Microsoft Internet Explorer array prototype type confusion memory corruption attempt | off | drop | drop |
| 1 | 35508 | BROWSER-IE | Microsoft Internet Explorer array prototype type confusion memory corruption attempt | off | drop | drop |
| 1 | 36057 | SERVER-WEBAPP | Apache ActiveMQ directory traversal attempt | off | off | off |
| 1 | 36097 | SERVER-WEBAPP | ManageEngine OpManager SubmitQuery SQL injection attempt | off | off | drop |
| 1 | 36098 | SERVER-WEBAPP | ManageEngine OpManager SubmitQuery SQL injection attempt | off | off | drop |
| 1 | 36099 | SERVER-WEBAPP | ManageEngine OpManager SubmitQuery SQL injection attempt | off | off | drop |
| 1 | 36100 | SERVER-WEBAPP | ManageEngine OpManager default credentials authentication attempt | off | off | drop |
| 1 | 36182 | SERVER-WEBAPP | Ignite Realtime Openfire server-session-details cross site scripting attempt | off | off | off |
| 1 | 36183 | SERVER-WEBAPP | Ignite Realtime Openfire create-bookmark cross site scripting attempt | off | off | off |
| 1 | 36184 | SERVER-WEBAPP | Ignite Realtime Openfire group-summary cross site scripting attempt | off | off | off |
| 1 | 36425 | FILE-OFFICE | Microsoft Office Excel fileVersion use-after-free attempt | off | drop | drop |
| 1 | 36426 | FILE-OFFICE | Microsoft Office Excel fileVersion use-after-free attempt | off | drop | drop |
| 1 | 36450 | BROWSER-IE | Microsoft Internet Explorer RegExp object use-after-free attempt | off | drop | drop |
| 1 | 36451 | BROWSER-IE | Microsoft Internet Explorer RegExp object use-after-free attempt | off | drop | drop |
| 1 | 36463 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt | off | off | off |
| 1 | 36826 | SERVER-OTHER | Java Library CommonsCollection unauthorized serialized object attempt | off | drop | drop |
| 1 | 36922 | BROWSER-IE | Microsoft Internet Explorer VBScript engine use after free attempt | off | drop | drop |
| 1 | 36923 | BROWSER-IE | Microsoft Internet Explorer VBScript engine use after free attempt | off | drop | drop |
| 1 | 36962 | BROWSER-IE | Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt | off | drop | drop |
| 1 | 36963 | BROWSER-IE | Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt | off | drop | drop |
| 1 | 36986 | BROWSER-IE | Microsoft Internet Explorer CAttrArray use after free attempt | off | drop | drop |
| 1 | 36987 | BROWSER-IE | Microsoft Internet Explorer CAttrArray use after free attempt | off | drop | drop |
| 1 | 37267 | BROWSER-PLUGINS | Microsoft Silverlight GetChar out of bounds read attempt | off | drop | drop |
| 1 | 37268 | BROWSER-PLUGINS | Microsoft Silverlight GetChar out of bounds read attempt | off | drop | drop |
| 1 | 37279 | BROWSER-IE | Microsoft Edge mutation event memory corruption attempt | off | off | drop |
| 1 | 37280 | BROWSER-IE | Microsoft Edge mutation event memory corruption attempt | off | off | drop |
| 1 | 37363 | SERVER-OTHER | Java Library SpringFramework unauthorized serialized object attempt | off | off | off |
| 1 | 37527 | SERVER-OTHER | IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt | off | off | off |
| 1 | 37608 | BROWSER-IE | Microsoft Internet Explorer CallInvoke type confusion attempt | off | drop | drop |
| 1 | 37609 | BROWSER-IE | Microsoft Internet Explorer CallInvoke type confusion attempt | off | drop | drop |
| 1 | 37610 | BROWSER-IE | Microsoft Internet Explorer CallInvoke type confusion attempt | off | drop | drop |
| 1 | 37611 | BROWSER-IE | Microsoft Internet Explorer CallInvoke type confusion attempt | off | drop | drop |
| 1 | 37652 | FILE-FLASH | Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt | off | drop | drop |
| 1 | 37859 | SERVER-WEBAPP | Java Library CommonsCollection unauthorized serialized object attempt | off | drop | drop |
| 1 | 37860 | SERVER-WEBAPP | Java Library CommonsCollection unauthorized serialized object attempt | off | drop | drop |
| 1 | 38067 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38068 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38069 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38070 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38085 | BROWSER-IE | Microsoft Internet Explorer CTravelEntry use after free attempt | off | drop | drop |
| 1 | 38086 | BROWSER-IE | Microsoft Internet Explorer CTravelEntry use after free attempt | off | drop | drop |
| 1 | 38090 | BROWSER-IE | Microsoft Internet Explorer CSVGHelpers use-after-free attempt | off | drop | drop |
| 1 | 38091 | BROWSER-IE | Microsoft Internet Explorer CSVGHelpers use-after-free attempt | off | drop | drop |
| 1 | 38098 | BROWSER-IE | Microsoft Internet Explorer TableCellLayoutArray use-after-free attempt | off | drop | drop |
| 1 | 38099 | BROWSER-IE | Microsoft Internet Explorer TableCellLayoutArray use-after-free attempt | off | drop | drop |
| 1 | 38246 | SERVER-OTHER | Flexera FlexNet Publisher stack buffer overflow attempt | off | off | drop |
| 1 | 38247 | SERVER-OTHER | Flexera FlexNet Publisher stack buffer overflow attempt | off | off | drop |
| 1 | 38805 | BROWSER-IE | Microsoft Edge Array.prototype.fill out of bounds write attempt | off | drop | drop |
| 1 | 38806 | BROWSER-IE | Microsoft Edge Array.prototype.fill out of bounds write attempt | off | drop | drop |
| 1 | 38894 | SERVER-WEBAPP | Jenkins CI Server insecure deserialization command execution attempt | off | drop | drop |
| 1 | 39273 | FILE-FLASH | Adobe Flash Player malformed ATF heap overflow attempt | off | drop | drop |
| 1 | 39274 | FILE-FLASH | Adobe Flash Player malformed ATF heap overflow attempt | off | drop | drop |
| 1 | 39567 | FILE-FLASH | Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt | off | drop | drop |
| 1 | 39839 | BROWSER-IE | Microsoft Windows Internet Explorer MSHTML.dll type confusion attempt | off | drop | drop |
| 1 | 39840 | BROWSER-IE | Microsoft Windows Internet Explorer MSHTML.dll type confusion attempt | off | drop | drop |
| 1 | 39910 | SERVER-OTHER | Flexera FlexNet Publisher stack buffer overflow attempt | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 35424 | SERVER-OTHER | ISC BIND TKEY Query denial of service attempt | off | off | off |
| 1 | 35425 | SERVER-OTHER | ISC BIND TKEY Query denial of service attempt | off | off | off |
| 1 | 37503 | SERVER-OTHER | Apache ActiveMQ shutdown command denial of service attempt | off | off | off |
| 1 | 37616 | FILE-OFFICE | Microsoft Office Excel hlink.dll string duplication input validation information disclosure attempt | off | drop | drop |
| 1 | 37617 | FILE-OFFICE | Microsoft Office Excel hlink.dll string duplication input validation information disclosure attempt | off | drop | drop |
| 1 | 38541 | INDICATOR-OBFUSCATION | newline only separator evasion | off | off | drop |
| 1 | 38622 | SERVER-OTHER | ISC BIND malformed control channel authentication message denial of service attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 36759 | INDICATOR-COMPROMISE | Microsoft Internet Explorer setAttributeNS ASLR bypass attempt | off | off | drop |
| 1 | 36760 | INDICATOR-COMPROMISE | Microsoft Internet Explorer setAttributeNS ASLR bypass attempt | off | drop | drop |