Rule History

alert tcp any any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT Possible OpenSSL TLSv1.2 DoS Inbound (CVE-2021-3449)"; flow:established,to_server; tls.version:1.2; ssl_state:client_hello; content:!"|00 0d|"; content:"|00 32 00|"; content:"|ff 01 00 01 00|"; distance:0; fast_pattern; reference:cve,2021-3449; classtype:denial-of-service; sid:2032358; rev:1; metadata:affected_product OpenSSL, created_at 2021_04_01, cve CVE_2021_3449, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_04_01;)