Think you have a false positive on this rule?

Sid 1-51333


SERVER-OTHER OpenSSL TLS record tampering denial of service attempt


This event is generated when an attempt to cause a denial of service in an OpenSSL based client is detected.


Attempted Denial of Service


CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2013-4353: The ssl3takemac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Affected systems

  • openssl openssl 1.0.1
  • openssl openssl 1.0.1a
  • openssl openssl 1.0.1b
  • openssl openssl 1.0.1c
  • openssl openssl 1.0.1d
  • openssl openssl 1.0.1e

Ease of attack


Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action


  • Cisco's Talos Intelligence Group

Additional References