Rule History

SID: 2030340 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 3 • Jun 15, 2020, 12:00 PM

Message:

ET EXPLOIT GnuTLS Cryptographic Flaw Observed (CVE-2020-13777)

Rule:

alert tls any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT GnuTLS Cryptographic Flaw Observed (CVE-2020-13777)"; flow:established,to_server; content:"|16|"; startswith; content:"|00 23|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; distance:2; within:16; fast_pattern; pcre:"/^[\x20-\x7e\r\n]{0,13}[^\x20-\x7e\r\n]/R"; reference:url,corelight.com/blog/detecting-gnutls-cve-2020-13777-using-zeek; classtype:attempted-recon; sid:2030340; rev:3; metadata:created_at 2020_06_15, deployment Perimeter, deployment Internal, performance_impact Significant, confidence High, signature_severity Major, updated_at 2023_04_28;)

Created:

Jun 15, 2020, 12:00 PM

Updated:

Apr 28, 2023, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit.rules