Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt

Rule Explanation

This rule looks for crafted LDAP packets that can trigger an information disclosure vulnerability in Microsoft Windows Active Directory.

What To Look For

This rule looks for attempts to trigger an information disclosure vulnerability in Microsoft Windows.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Privilege Escalation

Technique: Exploitation for Privilege Escalation

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

Rule Vulnerability

Information Leak

Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.

CVE Additional Information