* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-01-24-001
Previous SRU number: 2017-01-20-001
Applies to:
This SEU number: 1603
Previous SEU: 1601
Applies to:
This is the complete list of rules modified in SRU 2017-01-24-001 and SEU 1603.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 21230 | MALWARE-CNC | Win.Trojan.Betad variant outbound connection | off | drop | drop |
| 1 | 21925 | BLACKLIST | User-Agent known malicious user agent BOT/0.1 | off | drop | drop |
| 1 | 21926 | SERVER-WEBAPP | Joomla JCE multiple plugin arbitrary PHP file execution attempt | off | off | off |
| 1 | 24348 | SERVER-APACHE | Apache mod_rpaf X-Forwarded-For header denial of service attempt | off | off | off |
| 1 | 25358 | APP-DETECT | Acunetix web vulnerability scan attempt | off | off | off |
| 1 | 25359 | APP-DETECT | Acunetix web vulnerability scanner probe attempt | off | off | off |
| 1 | 25360 | APP-DETECT | Acunetix web vulnerability scanner authentication attempt | off | off | off |
| 1 | 25361 | APP-DETECT | Acunetix web vulnerability scanner RFI attempt | off | off | off |
| 1 | 25362 | APP-DETECT | Acunetix web vulnerability scanner base64 XSS attempt | off | off | off |
| 1 | 25363 | APP-DETECT | Acunetix web vulnerability scanner URI injection attempt | off | off | off |
| 1 | 25364 | APP-DETECT | Acunetix web vulnerability scanner prompt XSS attempt | off | off | off |
| 1 | 25365 | APP-DETECT | Acunetix web vulnerability scanner XSS attempt | off | off | off |
| 1 | 34582 | FILE-FLASH | Adobe Flash Player invalid BitmapData use after free attempt | off | drop | drop |
| 1 | 34583 | FILE-FLASH | Adobe Flash Player invalid BitmapData use after free attempt | off | drop | drop |
| 1 | 35675 | BROWSER-FIREFOX | Mozilla Firefox PDF.js same origin policy violation attempt | off | off | off |
| 1 | 35676 | BROWSER-FIREFOX | Mozilla Firefox PDF.js same origin policy violation attempt | off | off | off |
| 1 | 37859 | SERVER-WEBAPP | Java Library CommonsCollection unauthorized serialized object attempt | off | drop | drop |
| 1 | 40940 | FILE-OFFICE | Microsoft Office hyperlink object out of bounds read attempt | off | off | drop |
| 1 | 40941 | FILE-OFFICE | Microsoft Office hyperlink object out of bounds read attempt | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 37616 | DELETED | FILE-OFFICE Microsoft Office Excel hlink.dll string duplication input validation information disclosure attempt | |||
| 1 | 37617 | DELETED | FILE-OFFICE Microsoft Office Excel hlink.dll string duplication input validation information disclosure attempt | |||
| 1 | 40250 | INDICATOR-OBFUSCATION | Chunked encoding used without HTTP 1.1 evasion attempt. | off | off | off |