Snort mailing list archives

ENABLED vs DISABLED

From: "Filice II, Anthony via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 29 Jul 2020 20:01:59 +0000

All,

Does anyone know why this new release shows DISABLED. Especially when several are still currently being exploited?

* 1:54637 <-> DISABLED <-> SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules)
* 1:54636 <-> DISABLED <-> SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules)
* 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules)
* 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules)

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

ENABLED vs DISABLED Filice II, Anthony via Snort-sigs (Jul 29)
- Re: ENABLED vs DISABLED Joel Esler (jesler) via Snort-sigs (Jul 29)