Rule Category
SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
Alert Message
SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt
Rule Explanation
This rule is checking for a crafted client certificate that could lead to invalid read operation
What To Look For
This rule alerts on crafted client Certificate Handshake message that could cause a denial of service vulnerability
Known Usage
No public information
False Positives
No known false positives
Contributors
NA
Rule Groups
MITRE::ATT&CK Framework::Enterprise::Impact::Endpoint Denial of Service::Application or System Exploitation
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent DoS condition.
T1499.004
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other applications with Internet accessible open sockets, such as web servers and related services.
T1190
Rule Vulnerability
Denial of Service
Denial of Service attacks aim to make a server or program unresponsive for users. These attacks may be volume-based, to overwhelm the system, or they may use certain logical flaws in the software to cut the service off from the users. The attack may come from one or multiple sources. These attacks do not usually lead to a remote code execution. Volume based attacks are best handled using a firewall application.
CVE Additional Information
This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2015-0286
|
Loading description
|
|
Severity | |
Base Score | |
Impact Score | |
Exploit Score | |
Confidentiality Impact | |
Integrity Impact | |
Availability Impact | |
Authentication | |
Ease of Access | |
|