ET WEB_CLIENT Possible GnuTLS Client ServerHello SessionID Overflow CVE-2014-3466

SID: 2018537Rev: 20 viewsHistory

Sourceet/open

CreatedJune 6, 2014

UpdatedJuly 26, 2019

Classificationattempted-user

alert tcp $EXTERNAL_NET [!21,!22,!23,!2100,!3535] -> $HOME_NET 1024:65535 (msg:"ET WEB_CLIENT Possible GnuTLS Client ServerHello SessionID Overflow CVE-2014-3466"; flow:established,to_client; content:"|16 03|"; depth:2; byte_test:1,<,4,2; content:"|02|"; distance:3; within:1; content:"|03|"; distance:3; within:1; byte_test:1,<,4,0,relative; byte_test:4,>,1370396981,1,relative; byte_test:4,<,1465091381,1,relative; byte_test:1,>,32,33,relative; reference:url,radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/; reference:cve,2014-3466; classtype:attempted-user; sid:2018537; rev:2; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2014_06_06, deployment Perimeter, confidence Medium, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_07_26;)

References

url	radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
cve	2014-3466

Metadata

affected productWeb_Browser_Plugins

attack targetClient_Endpoint

created at2014_06_06

deploymentPerimeter

confidenceMedium

signature severityMajor

tagWeb_Client_Attacks

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!