Vulnerability Description
The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clavister | Clavister Coreplus | <= 8.80.03 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37972
- http://secunia.com/advisories/25957PatchVendor Advisory
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35370
- http://osvdb.org/37972
- http://secunia.com/advisories/25957PatchVendor Advisory
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf
- http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35370
FAQ
What is CVE-2007-3805?
CVE-2007-3805 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (ga...
How severe is CVE-2007-3805?
CVE-2007-3805 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3805?
Check the references section above for vendor advisories and patch information. Affected products include: Clavister Clavister Coreplus.