Lucene search

[email protected]NVD:CVE-2013-3707

HistoryDec 01, 2013 - 5:55 p.m.

CVE-2013-3707

2013-12-0117:55:05

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.693 Medium

EPSS

Percentile

98.0%

JSON

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

Affected configurations

NVD

Node

novellopen_enterprise_serverMatch11.0

novellopen_enterprise_serverMatch11.0sp1

References

www.novell.com/support/kb/doc.php?id=7014063

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.693 Medium

EPSS

Percentile

98.0%

JSON

Related for NVD:CVE-2013-3707

checkpoint_advisories1 prion1 cve1 cvelist1