The newest SNORTⓇ rule update is available now.
Cisco Talos' latest ruleset includes SID 58276 (SID 300053 for Snort 3) to protect against the exploitation of a zero-day vulnerability in the Apache HTTP Server Project. An attacker could exploit CVE-2021-41773 to execute remote code on the targeted machine. As of earlier this week, this exploit has already been used in the wild.
Here's a full breakdown of the rest of Thursday's rule update:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 6 | 0 | 22 | 2 |
There were no changes made to the snort.conf in this release.
Cisco Talos' rule release:
Talos is releasing SID 58276 (SID 300053 for Snort3) as coverage for CVE-2021-41773, an Apache HTTP server directory traversal vulnerability which can lead to remote code execution.
Talos has added and modified multiple rules in the malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.