SID 1:51485

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a denial of service vulnerability in Squid proxy DNS CNAME record Impact: Disruption of service Details: Denial of service in DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. Ease of Attack: Medium

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2011-4096

Additional Links

bugs.squid-cache.org/show_bug.cgi?id=3237#c12

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2011-4096
 Loading description