* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-11-02-001
Previous SRU number: 2016-11-01-001
Applies to:
This SEU number: 1567
Previous SEU: 1566
Applies to:
This is the complete list of rules added in SRU 2016-11-02-001 and SEU 1567.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 40613 | SERVER-WEBAPP | Oracle Application Testing Suite authentication bypass attempt | off | off | off |
1 | 40614 | SERVER-WEBAPP | Oracle Application Testing Suite authentication bypass attempt | off | off | off |
1 | 40615 | SERVER-WEBAPP | Oracle Application Testing Suite authentication bypass attempt | off | off | off |
1 | 40616 | SERVER-WEBAPP | Oracle Application Testing Suite authentication bypass attempt | off | off | off |
1 | 40617 | SERVER-WEBAPP | Oracle Application Testing Suite authentication bypass attempt | off | off | off |
1 | 40618 | FILE-PDF | Adobe Reader XML Metadata memory corruption attempt | off | drop | drop |
1 | 40619 | FILE-PDF | Adobe Reader XML Metadata memory corruption attempt | off | drop | drop |
1 | 40620 | FILE-OFFICE | Microsoft Office RTF WRAssembly CLSID ASLR bypass download attempt | off | off | drop |
1 | 40621 | FILE-OFFICE | Microsoft Office RTF WRLoader ASLR bypass download attempt | off | off | drop |
1 | 40622 | FILE-OFFICE | Microsoft Office RTF WRLoader CLSID ASLR bypass download attempt | off | off | drop |
1 | 40623 | FILE-OFFICE | Microsoft Office RTF hex encoded WRLoader ASLR bypass download attempt | off | off | drop |
1 | 40624 | FILE-OFFICE | Microsoft Office RTF hex encoded wrLoader ASLR bypass download attempt | off | off | drop |
1 | 40625 | FILE-OFFICE | Microsoft Office RTF WRAssembly CLSID ASLR bypass download attempt | off | off | drop |
1 | 40626 | FILE-OFFICE | Microsoft Office RTF WRLoader ASLR bypass download attempt | off | off | drop |
1 | 40627 | FILE-OFFICE | Microsoft Office RTF WRLoader CLSID ASLR bypass download attempt | off | off | drop |
1 | 40628 | FILE-OFFICE | Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt | off | off | drop |
1 | 40629 | FILE-OFFICE | Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt | off | off | drop |
1 | 40630 | FILE-OFFICE | Microsoft Office RTF hex encoded WRLoader ASLR bypass download attempt | off | off | drop |
1 | 40631 | FILE-OFFICE | Microsoft Office RTF hex encoded wrLoader ASLR bypass download attempt | off | off | drop |
1 | 40632 | FILE-OFFICE | Microsoft Office RTF hex encoded WRAssembly CLSID ASLR bypass download attempt | off | off | drop |
1 | 40633 | FILE-OFFICE | Microsoft Office RTF hex encoded WRLoader CLSID ASLR bypass download attempt | off | off | drop |
1 | 40634 | FILE-OFFICE | Microsoft Office RTF hex encoded WRAssembly CLSID ASLR bypass download attempt | off | off | drop |
1 | 40635 | FILE-OFFICE | Microsoft Office RTF hex encoded WRLoader CLSID ASLR bypass download attempt | off | off | drop |
3 | 40637 | POLICY-OTHER | TL1 ACT-USER login detected | off | off | off |
3 | 40638 | PROTOCOL-VOIP | Cisco Meeting Server SIP SDP media description buffer overflow attempt | off | off | drop |
1 | 40639 | FILE-PDF | Adobe Acrobat Reader XFA addInstance use after free attempt | off | drop | drop |
1 | 40640 | FILE-PDF | Adobe Acrobat Reader XFA addInstance use after free attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
3 | 40636 | POLICY-OTHER | Cisco Prime Home API insecure SSO authentication detected | off | off | off |
Updated rules can be found at this link.