Lucene search

K
f5F5F5:K15147
HistoryFeb 04, 2015 - 12:00 a.m.

K15147 : OpenSSL vulnerability CVE-2013-6449

2015-02-0400:00:00
my.f5.com
6

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.921 High

EPSS

Percentile

98.7%

Security Advisory Description

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449)

Impact

Remote attackers may be able to cause a denial-of-service (DoS) attack using crafted traffic.

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.921 High

EPSS

Percentile

98.7%