Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt

Rule Explanation

This event is generated when an OpenSSL TLS change cipher spec denial of service is detected. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

This event is generated when an OpenSSL TLS change cipher spec denial of service is detected.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Impact

Technique: Account Discovery

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2013-6449
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access Vector
AuthenticationNONE Ease of Access