Sid 1-51333

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER OpenSSL TLS record tampering denial of service attempt

Rule Explanation

This event is generated when an attempt to cause a denial of service in an OpenSSL based client is detected. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2013-4353

Additional Links

www.openssl.org/news/vulnerabilities.html#2013-4353

CVE Additional Information

CVE-2013-4353
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access Vector
AuthenticationNONE Ease of Access

Affected Systems