Rule History

alert tls $HOME_NET any -> any any (msg:"ET EXPLOIT Possible OpenSSL Punycode Email Address Buffer Overflow Attempt Outbound (CVE-2022-3602)"; flow:established,to_server; content:"|06 03 55 1d 1e|"; content:"xn--"; fast_pattern; within:30; byte_test:2,>,513,-6,relative; reference:url,www.openssl.org/news/secadv/20221101.txt; reference:cve,2022-3602; classtype:attempted-admin; sid:2039619; rev:1; metadata:attack_target Server, created_at 2022_11_02, cve CVE_2022_3602, deployment Perimeter, performance_impact Significant, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_11_02;)