Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER OpenSSL TLS anomalous ascii client session ticket

Rule Explanation

This event is generated when an anomalous all ascii TLS session token is detected. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2014-3567
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Details
SeverityHIGH Base Score7.1
Impact Score6.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactCOMPLETE Access Vector
AuthenticationNONE Ease of Access