Snort mailing list archives
Re: CVE-2017-9035 sigs
From: Tyler Montier <tmontier () sourcefire com>
Date: Tue, 15 Aug 2017 11:28:24 -0400
Yaser, Thank you for your submission. We will review the rules and get back to you as soon as they're finished. Thanks, Tyler Montier Cisco Talos On Tue, Aug 15, 2017 at 11:16 AM, Y M via Snort-sigs < snort-sigs () lists snort org> wrote:
Hello, Below rule is also derived from the included references. No pcaps available. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"POLICY-OTHER TrendMicro ServerProtect insecure update attempt"; flow:to_server,established; content:"GET"; http_method; content:"/activeupdate/ini_xml.zip"; fast_pattern:only; http_uri; content:"X-Trend-ActiveUpdate|3A 20|"; http_header; metadata:ruleset community, service http; reference:cve,2017-9035; reference:url,www. coresecurity.com/advisories/trend-micro-serverprotect- multiple-vulnerabilities; classtype:attempted-admin; sid:1100007; rev:1;) Thanks. YM _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- CVE-2017-9035 sigs Y M via Snort-sigs (Aug 15)
- Re: CVE-2017-9035 sigs Tyler Montier (Aug 15)