Lucene search

RedhatCVE-2013-2125

HistoryMay 27, 2014 - 3:00 p.m.

CVE-2013-2125

2014-05-2715:00:00

CWE-310

redhat

web.nvd.nist.gov

opensmtpd

ssl

vulnerability

denial of service

cve-2013-2125

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.

Affected configurations

Nvd

Node

openbsdopensmtpdRange≤5.3.1

VendorProductVersionCPE
openbsdopensmtpd*cpe:2.3:a:openbsd:opensmtpd:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	opensmtpd	*	cpe:2.3:a:openbsd:opensmtpd::::::::

References

git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0

osvdb.org/93495

seclists.org/oss-sec/2013/q2/362

seclists.org/oss-sec/2013/q2/366

secunia.com/advisories/53353

exchange.xforce.ibmcloud.com/vulnerabilities/84388

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON

Related for CVE-2013-2125