// For flags

CVE-2013-3707

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

El servicio HTTPSTK en el paquete novell-nrm anterior a la versión 2.0.2-297.305.302.3 de Novell Open Enterprise Server 2 (OES 2) Linux, y OES 11 Linux Gold y SP1, no realiza las llamadas SSL_free and SSL_shutdown intencionadas para el cierre de una conexión TCP, lo que permite a atacantes remotos provocar una denegación de servicio (caída del servicio) mediante el establecimiento de varias conexiones TCP al puerto 8009.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-05-30 CVE Reserved
  • 2013-12-01 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
http://www.novell.com/support/kb/doc.php?id=7014063 2020-02-24
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
 Open Enterprise Server
Search vendor "Novell" for product "Open Enterprise Server"
 11.0
Search vendor "Novell" for product "Open Enterprise Server" and version "11.0"
-
Affected
Novell
Search vendor "Novell"
 Open Enterprise Server
Search vendor "Novell" for product "Open Enterprise Server"
 11.0
Search vendor "Novell" for product "Open Enterprise Server" and version "11.0"
sp1
Affected