This SRU number: 2018-06-07-001
Previous SRU number: 2018-06-04-001
Applies to:
This SEU number: 1859
Previous SEU: 1857
Applies to:
This is the complete list of rules added in SRU 2018-06-07-001 and SEU 1859.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 46884 | DELETED | MALWARE-CNC Win.Trojan.Joanap variant outbound connection | off | off | off | off |
| 1 | 46885 | MALWARE-CNC | Win.Trojan.Joanap variant outbound connection | off | drop | drop | drop |
| 1 | 46886 | SERVER-WEBAPP | Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt | off | off | drop | drop |
| 3 | 46887 | SERVER-WEBAPP | Cisco Network Services Orchestrator arbitrary command execution attempt | off | off | drop | drop |
| 3 | 46888 | SERVER-WEBAPP | Cisco Network Services Orchestrator arbitrary command execution attempt | off | off | drop | drop |
| 3 | 46889 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning SQL injection attempt | off | off | drop | drop |
| 3 | 46890 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning SQL injection attempt | off | off | drop | drop |
| 3 | 46891 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning SQL injection attempt | off | off | drop | drop |
| 3 | 46892 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning SQL injection attempt | off | off | drop | drop |
| 3 | 46893 | SERVER-OTHER | Cisco Prime Collaboration Provisioning Java remote method invocation attempt | off | off | drop | drop |
| 1 | 46894 | MALWARE-CNC | Vbs.Worm.SysinfY2X outbound beacon | off | drop | drop | drop |
| 1 | 46895 | MALWARE-CNC | Win.Trojan.Nocturnal outbound connection | off | drop | drop | drop |
| 1 | 46896 | SERVER-WEBAPP | Joomla component GeoContent typename parameter cross site scripting attempt | off | off | off | off |
| 3 | 46897 | SERVER-WEBAPP | Cisco Adaptive Security Appliance directory traversal attempt | off | off | drop | drop |
| 1 | 46898 | SERVER-WEBAPP | Atlassian OAuth plugin multiple versions server side request forgery attempt | off | off | drop | drop |
| 3 | 46899 | POLICY-OTHER | Cisco Prime Collaboration Provisioning access control group modification request detected | off | off | off | off |
| 1 | 46903 | INDICATOR-COMPROMISE | Microsoft Windows SYSTEM token stealing attempt | off | off | off | off |
| 1 | 46904 | INDICATOR-COMPROMISE | Microsoft Windows SYSTEM token stealing attempt | off | off | off | off |
| 1 | 46905 | INDICATOR-COMPROMISE | Microsoft Windows malicious CONTEXT structure creation attempt | off | off | off | off |
| 1 | 46906 | INDICATOR-COMPROMISE | Microsoft Windows malicious CONTEXT structure creation attempt | off | off | off | off |
| 1 | 46907 | INDICATOR-COMPROMISE | Microsoft Windows processor modification return to user-mode attempt | off | off | off | off |
| 1 | 46908 | INDICATOR-COMPROMISE | Microsoft Windows processor modification return to user-mode attempt | off | off | off | off |
| 1 | 46909 | INDICATOR-COMPROMISE | Microsoft Windows Interrupt Service Routine stack rollback attempt | off | off | off | off |
| 1 | 46910 | INDICATOR-COMPROMISE | Microsoft Windows Interrupt Service Routine stack rollback attempt | off | off | off | off |
| 3 | 46911 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt | off | off | drop | drop |
| 1 | 46912 | BROWSER-FIREFOX | Mozilla multiple products JavaScript string replace buffer overflow attempt | off | off | off | drop |
| 1 | 46913 | BROWSER-FIREFOX | Mozilla multiple products JavaScript string replace buffer overflow attempt | off | off | off | drop |
| 3 | 46914 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning password recovery field reuse attempt | off | off | drop | drop |
| 1 | 46915 | FILE-MULTIMEDIA | VideoLAN VLC Media Player abc file parts heap integer overflow attempt | off | off | off | off |
| 1 | 46916 | FILE-MULTIMEDIA | VideoLAN VLC Media Player abc file parts heap integer overflow attempt | off | off | off | off |
| 1 | 46917 | FILE-FLASH | Adobe Flash Player out of bounds write attempt | off | drop | drop | drop |
| 1 | 46918 | FILE-FLASH | Adobe Flash Player out of bounds write attempt | off | drop | drop | drop |
| 1 | 46919 | FILE-FLASH | Adobe Flash Player out of bounds write attempt | off | drop | drop | drop |
| 1 | 46920 | FILE-FLASH | Adobe Flash Player out of bounds write attempt | off | drop | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 46900 | BROWSER-OTHER | invalid final chunk size evasion attempt | off | off | off | drop |
| 3 | 46901 | BROWSER-OTHER | http chunked transfer encoding flowbit attempt | off | off | off | alert |
| 3 | 46902 | BROWSER-OTHER | invalid final chunk size evasion attempt | off | off | off | drop |