SID 1:38060

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER SSLv2 Client Hello attempt

Rule Explanation

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. Impact: CVSS base score 5.9 CVSS impact score 3.6 CVSS exploitability score 2.2 confidentialityImpact HIGH integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:

What To Look For

This rule alerts when an attempt to identify if SSL version 2 is being used by a system.

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

Rule Groups

No rule groups

CVE

CVE-2015-3197 CVE-2016-0800

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2015-3197
 Loading description
CVE-2016-0800
 Loading description

MITRE ATT&CK Framework

Tactic: Discovery

Technique: Account Discovery

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org