[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Mon Jun 5 15:56:12 EDT 2006


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000387-100000429. 
These rules cover access to potentially vulnerable portions of, as well 
as attacks against, the JBoss J2EE application server; as well as 
multiple remote file inclusion attacks against a number of web applications.

Sourcefire would like to thank Jon Hart for submitting SIDs 
100000427-100000429. As a reminder, anyone who wishes to submit rules 
may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000387 || COMMUNITY WEB-MISC Ovidentia index.php remote file include
100000388 || COMMUNITY WEB-MISC Ovidentia topman.php remote file include
100000389 || COMMUNITY WEB-MISC Ovidentia approb.php remote file include
100000390 || COMMUNITY WEB-MISC Ovidentia vacadmb.php remote file include
100000391 || COMMUNITY WEB-MISC Ovidentia vacadma.php remote file include
100000392 || COMMUNITY WEB-MISC Ovidentia vacadm.php remote file include
100000393 || COMMUNITY WEB-MISC Ovidentia start.php remote file include
100000394 || COMMUNITY WEB-MISC Ovidentia search.php remote file include
100000395 || COMMUNITY WEB-MISC Ovidentia posts.php remote file include
100000396 || COMMUNITY WEB-MISC Ovidentia options.php remote file include
100000397 || COMMUNITY WEB-MISC Ovidentia login.php remote file include
100000398 || COMMUNITY WEB-MISC Ovidentia frchart.php remote file include
100000399 || COMMUNITY WEB-MISC Ovidentia flbchart.php remote file include
100000400 || COMMUNITY WEB-MISC Ovidentia fileman.php remote file include
100000401 || COMMUNITY WEB-MISC Ovidentia faq.php remote file include
100000402 || COMMUNITY WEB-MISC Ovidentia event.php remote file include
100000403 || COMMUNITY WEB-MISC Ovidentia directory.php remote file include
100000404 || COMMUNITY WEB-MISC Ovidentia articles.php remote file include
100000405 || COMMUNITY WEB-MISC Ovidentia artedit.php remote file include
100000406 || COMMUNITY WEB-MISC Ovidentia approb.php remote file include
100000407 || COMMUNITY WEB-MISC Ovidentia calday.php remote file include
100000408 || COMMUNITY WEB-MISC AssoCIateD cache_mngt.php remote file 
include
100000409 || COMMUNITY WEB-MISC AssoCIateD gallery_functions.php remote 
file include
100000410 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
100000411 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
100000412 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
100000413 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
100000414 || COMMUNITY WEB-MISC REDAXO community.inc.php remote file include
100000415 || COMMUNITY WEB-MISC Bytehoard server.php remote file include
100000416 || COMMUNITY WEB-MISC MyBloggie admin.php remote file include
100000417 || COMMUNITY WEB-MISC MyBloggie scode.php remote file include
100000418 || COMMUNITY WEB-MISC Ashwebstudio Ashnews ashheadlines.php 
remote file include
100000419 || COMMUNITY WEB-MISC Ashwebstudio Ashnews ashnews.php remote 
file include
100000420 || COMMUNITY WEB-MISC Informium common-menu.php remote file 
include
100000421 || COMMUNITY WEB-MISC Igloo wiki.php remote file include
100000422 || COMMUNITY WEB-MISC phpBB template.php remote file include
100000423 || COMMUNITY WEB-MISC DotWidget CMS index.php remote file include
100000424 || COMMUNITY WEB-MISC DotWidget CMS feedback.php remote file 
include
100000425 || COMMUNITY WEB-MISC DotWidget CMS printfriendly.php remote 
file include
100000426 || COMMUNITY WEB-MISC DotClear prepend.php remote file include
100000427 || COMMUNITY WEB-MISC JBoss jmx-console html adaptor access
100000428 || COMMUNITY WEB-MISC JBoss RMI class download service 
directory listing attempt
100000429 || COMMUNITY WEB-MISC JBoss web-console access





More information about the Snort-sigs mailing list