Snort rule header is malformed

[chmelarp]

Hey, these are the snort3-community-rules rules from https://www.snort.org/downloads/#rule-downloads

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"MALWARE-CNC HttpBrowser User-Agent outbound communication attmept"; flow:to_server,established; http_header:field user-agent; content:"HttpBrowser/1.0",fast_pattern,nocase; metadata:impact_flag red,ruleset community; service:http; classtype:trojan-activity; gid:1; sid:42886; rev:4; )

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${",fast_pattern; content:"atlassian.",distance 0; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?atlassian\x2e[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59941; rev:3; )

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${"; content:"sun.misc.Unsafe",distance 0,fast_pattern; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?sun\x2emisc\x2eUnsafe[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59947; rev:1; )

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"; flow:to_server,established; http_uri; content:"${"; content:"com.opensymphony.",distance 0,fast_pattern; content:"|28|",distance 0; content:"}",distance 0; pcre:"/\x24\x7b[^\x7d]?com\x2eopensymphony\x2e(xwork2|webwork)\x2e(Servlet)?ActionContext[^\x7d]?\x28/i"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-26134; classtype:attempted-user; gid:1; sid:59948; rev:1; )

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence remote code execution attempt"; flow:to_server,established; http_client_body; content:"bootstrapStatusProvider.applicationConfig.setupComplete",fast_pattern,nocase; content:"false",distance 0,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2023-22515; reference:url,confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html; classtype:attempted-user; gid:1; sid:62506; rev:1; )

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Atlassian Confluence remote code execution attempt"; flow:to_server,established; http_uri; content:"bootstrapStatusProvider.applicationConfig.setupComplete=",fast_pattern,nocase; content:"false",distance 0,nocase; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2023-22515; reference:url,confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html; classtype:attempted-user; gid:1; sid:62507; rev:1; )

Exception: Snort rule header is malformed ['alert', 'http']
alert http ( msg:"SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt"; flow:to_server,established; http_raw_uri; content:"/vpns/",fast_pattern,nocase; pcre:"/vpn.?(\x2e|%(25)?2e){2}(\x2f|%(25)?2f).?vpns/i"; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2019-19781; reference:url,support.citrix.com/article/CTX267027; classtype:web-application-attack; sid:300001; rev:1; )

Exception: Snort rule header is malformed ['alert', 'ssl']
alert ssl ( msg:"SERVER-OTHER OpenSSL x509 crafted email address buffer overflow attempt"; flow:established; content:"|06 03 55 1D 1E|"; ber_skip:0x01,optional; ber_data:0x04; ber_data:0x30; ber_data:0xa1; ber_data:0x30; content:"|81 82|",within 2; byte_test:2,>,500,0,relative; content:"xn--",within 4,distance 2,fast_pattern; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-3602; reference:cve,2022-3786; reference:url,blog.talosintelligence.com/openssl-vulnerability/; classtype:attempted-user; gid:1; sid:300306; rev:3; )

Exception: Snort rule header is malformed ['alert', 'ssl']
alert ssl ( msg:"SERVER-OTHER OpenSSL x509 crafted email address buffer overflow attempt"; flow:established; content:"|06 03 55 1D 1E|"; ber_skip:0x01,optional; ber_data:0x04; ber_data:0x30; ber_data:0xa0; ber_data:0x30; content:"|81 82|",within 2; byte_test:2,>,500,0,relative; content:"xn--",within 4,distance 2,fast_pattern; metadata:policy balanced-ips drop,policy connectivity-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; reference:cve,2022-3602; reference:cve,2022-3786; reference:url,blog.talosintelligence.com/openssl-vulnerability/; classtype:attempted-user; gid:1; sid:300307; rev:3; )