Versions (5)
Version DetailsCurrent
Rev: 4 • Apr 15, 2014, 12:00 PMET EXPLOIT Possible TLS HeartBleed Unencrypted Request Method 3 (Inbound to Common SSL Port)
alert tcp any any -> $HOME_NET [443,636,989,990,992,993,994,995,5061,25] (msg:"ET EXPLOIT Possible TLS HeartBleed Unencrypted Request Method 3 (Inbound to Common SSL Port)"; flow:established,to_server; content:"|18 03|"; depth:2; byte_test:1,<,4,0,relative; content:!"|00 03|"; distance:1; within:2; byte_extract:2,1,rec_len,relative; content:"|01|"; within:1; byte_test:2,>,150,0,relative; byte_test:2,>,rec_len,0,relative; threshold:type limit,track by_src,count 1,seconds 120; reference:cve,2014-0160; reference:url,blog.inliniac.net/2014/04/08/detecting-openssl-heartbleed-with-suricata/; reference:url,heartbleed.com/; reference:url,blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/; classtype:bad-unknown; sid:2018389; rev:4; metadata:created_at 2014_04_15, cve CVE_2014_0160, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_08_16;)
Apr 15, 2014, 12:00 PM
Aug 16, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 8, 2025, 10:34 PM
rules/emerging-exploit.rules