CVE-2013-3707 - OpenCVE

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Open Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:o:novell:open_enterprise_server:11.0:::::::*
	cpe:2.3:o:novell:open_enterprise_server:11.0:sp1::::::

No data.

References

Link	Providers
http://www.novell.com/support/kb/doc.php?id=7014063

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-01T17:00:00

Updated: 2024-08-06T16:14:56.653Z

Reserved: 2013-05-30T00:00:00

Link: CVE-2013-3707

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-12-01T17:55:05.147

Modified: 2020-02-24T14:15:26.213

Link: CVE-2013-3707

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-01T17:26:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3707", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.novell.com/support/kb/doc.php?id=7014063", "refsource": "CONFIRM", "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.653Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3707", "datePublished": "2013-12-01T17:00:00", "dateReserved": "2013-05-30T00:00:00", "dateUpdated": "2024-08-06T16:14:56.653Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3B94B07-A63A-4701-BBE2-D70B35A046D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:open_enterprise_server:11.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "ED1DEB26-E344-400D-9068-E94816376D30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009."}, {"lang": "es", "value": "El servicio HTTPSTK en el paquete novell-nrm anterior a la versi\u00f3n 2.0.2-297.305.302.3 de Novell Open Enterprise Server 2 (OES 2) Linux, y OES 11 Linux Gold y SP1, no realiza las llamadas SSL_free and SSL_shutdown intencionadas para el cierre de una conexi\u00f3n TCP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) mediante el establecimiento de varias conexiones TCP al puerto 8009."}], "id": "CVE-2013-3707", "lastModified": "2020-02-24T14:15:26.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-01T17:55:05.147", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/support/kb/doc.php?id=7014063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}