Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

This SRU number: 2017-09-08-001
Previous SRU number: 2017-09-07-001

Applies to:

This SEU number: 1733
Previous SEU: 1732

Applies to:

This is the complete list of rules added in SRU 2017-09-08-001 and SEU 1733.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

**High Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	44321	SERVER-WEBAPP	NEC Express Cluster DeleteWorkDirectory.js command injection attempt	off	off	drop
1	44322	SERVER-WEBAPP	NEC Express Cluster DeleteWorkDirectory.js command injection attempt	off	off	drop
1	44326	SERVER-OTHER	Novell iPrint Client buffer overflow attempt	off	off	off
1	44327	SERVER-APACHE	Apache Struts freemarker tag OGNL expression injection attempt	off	drop	drop
1	44328	SERVER-APACHE	Apache Struts freemarker tag OGNL expression injection attempt	off	drop	drop
1	44329	SERVER-APACHE	Apache Struts freemarker tag OGNL expression injection attempt	off	off	drop
1	44330	SERVER-APACHE	Apache Struts freemarker tag OGNL expression injection attempt	off	off	drop

**Medium Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	44324	POLICY-OTHER	vsFTPd denial of service attempt	off	off	off

**Low Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	44323	FILE-OTHER	RAR file malformed header antivirus evasion attempt	off	off	off
1	44325	FILE-OTHER	ZIP file malformed header antivirus evasion attempt	off	off	off