SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Mozilla Network Security Services heap underflow exploit attempt
This event is generated when an attacker attempts to exploit a heap overflow vulnerability present in Mozilla Network Security Services.
Attempted User Privilege Gain
Rule checks for an attempt to trigger a heap overflow in Mozilla Network Security Services via a maliciously crafted server certificate.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2007-0008Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 220.127.116.11 and 2.x before 18.104.22.168, SeaMonkey before 1.0.8, Thunderbird before 22.214.171.124, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
||Ease of Access||