Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Script to avoid OpenSSL DoS CVE-2015-1788
##! This script is to avoid CVE-2015-1788 which is explained in
##! detail at It is a denial of service against
##! OpenSSL which will cause Bro processes to lock up.
##! WARNING - This script should only be used temporarily until
##! your OpenSSL library is upgraded. This script can
##! then be removed.
@if( /2\.3/ in bro_version() )
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=-100
Files::remove_analyzer(f, Files::ANALYZER_X509);
@if ( /2\.4/ in bro_version() )
event file_sniff(f: fa_file, meta: fa_metadata) &priority=-100
Files::remove_analyzer(f, Files::ANALYZER_X509);

This comment has been minimized.

Copy link

@phreakinggeek phreakinggeek commented Jun 16, 2015

The correct domain is for more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment