SID 1-38575

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt

Rule Explanation

This event is generated when an OpenSSL TLS change cipher spec denial of service is detected. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

This event is generated when an OpenSSL TLS change cipher spec denial of service is detected.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2013-6449

Additional Links

www.openssl.org/news/vulnerabilities.html#2013-6449

Rule Vulnerability

CVE Additional Information

CVE-2013-6449
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access Vector
AuthenticationNONE Ease of Access

Affected Systems