CVE-2013-3707 - Vulnerability Details - OpenCVE

Description

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

Published: 2013-12-01

Score: 4.3 Medium

EPSS: 3.0% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:novell:open_enterprise_server:11.0:::::::*
	cpe:2.3:o:novell:open_enterprise_server:11.0:sp1::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2013-3640	The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.02972.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.novell.com/support/kb/doc.php?id=7014063

History

No history.

Subscriptions

Novell Open Enterprise Server

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-01T17:00:00.000Z

Updated: 2024-08-06T16:14:56.653Z

Reserved: 2013-05-30T00:00:00.000Z

Link: CVE-2013-3707

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-12-01T17:55:05.147

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-3707

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-01T17:26:34.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3707", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.novell.com/support/kb/doc.php?id=7014063", "refsource": "CONFIRM", "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.653Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3707", "datePublished": "2013-12-01T17:00:00.000Z", "dateReserved": "2013-05-30T00:00:00.000Z", "dateUpdated": "2024-08-06T16:14:56.653Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3B94B07-A63A-4701-BBE2-D70B35A046D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:open_enterprise_server:11.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "ED1DEB26-E344-400D-9068-E94816376D30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009."}, {"lang": "es", "value": "El servicio HTTPSTK en el paquete novell-nrm anterior a la versi\u00f3n 2.0.2-297.305.302.3 de Novell Open Enterprise Server 2 (OES 2) Linux, y OES 11 Linux Gold y SP1, no realiza las llamadas SSL_free and SSL_shutdown intencionadas para el cierre de una conexi\u00f3n TCP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) mediante el establecimiento de varias conexiones TCP al puerto 8009."}], "id": "CVE-2013-3707", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-01T17:55:05.147", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}