* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-10-20-001
Previous SRU number: 2016-10-17-001
Applies to:
This SEU number: 1559
Previous SEU: 1557
Applies to:
This is the complete list of rules added in SRU 2016-10-20-001 and SEU 1559.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 40493 | SERVER-WEBAPP | Ektron ServerControlWS.asmx XSL transform code injection attempt | off | off | drop |
| 1 | 40494 | SERVER-WEBAPP | Wordpress Symposium PHP file upload attempt | off | drop | drop |
| 1 | 40495 | FILE-FLASH | Adobe Standalone Flash Player PSDK FlashRuntime mediaplayer pause attempt | off | drop | drop |
| 1 | 40496 | FILE-FLASH | Adobe Standalone Flash Player PSDK FlashRuntime mediaplayer pause attempt | off | drop | drop |
| 1 | 40497 | SERVER-WEBAPP | WordPress Plugin RevSlider file upload attempt | off | drop | drop |
| 3 | 40498 | SERVER-WEBAPP | Cisco ASA Crypto CA Server out of bounds read attempt | off | off | drop |
| 3 | 40499 | SERVER-OTHER | Cisco ASA NBSTAT response stack buffer overflow attempt | off | drop | drop |
| 1 | 40500 | MALWARE-CNC | Andr.Tool.Snowfox Androidbauts/snowfox outbound connection | off | drop | drop |
| 1 | 40501 | MALWARE-CNC | Andr.Tool.Snowfox Androidbauts/snowfox outbound connection | off | drop | drop |
| 1 | 40502 | FILE-FLASH | Adobe Flash Player QOSProvider use-after-free attempt | off | drop | drop |
| 1 | 40503 | FILE-FLASH | Adobe Flash Player QOSProvider use-after-free attempt | off | drop | drop |
| 1 | 40505 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40506 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40507 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40508 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40509 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40510 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40511 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40512 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40513 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40514 | FILE-PDF | Adobe Reader XSLT Transform use after free attempt | off | drop | drop |
| 1 | 40515 | FILE-PDF | Adobe Acrobat Reader malformed unicode font name code execution attempt | off | drop | drop |
| 1 | 40516 | FILE-PDF | Adobe Acrobat Reader malformed unicode font name code execution attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 3 | 40504 | SERVER-OTHER | Cisco Snort HTTP chunked transfer encoding processing denial of service attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 40492 | PUA-ADWARE | Win.Adware.DownloadManager outbound connection | off | off | off |
Updated rules can be found at this link.