Sid 1-50883

Report a false positive

Rule Category

SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.

Alert Message

SERVER-APACHE Apache 2 mod_ssl Connection Abort denial of service attempt

Rule Explanation

This event is generated when Apache 2 mod_ssl Connection Abort denial of service attempted. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2004-0748

Additional Links

rhn.redhat.com/errata/RHSA-2004-349.html

Rule Vulnerability

CVE Additional Information

CVE-2004-0748
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
Details
SeverityMEDIUM Base Score5.0
Impact Score2.9 Exploit Score10.0
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access VectorNETWORK
AuthenticationNONE Ease of AccessLOW

Affected Systems