1. Home
  2. CVE Database
  3. CVE-2013-3707
MEDIUM · 4.3

CVE-2013-3707

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_sh...

Vulnerability Description

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
NovellOpen Enterprise Server11.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2013-3707?

CVE-2013-3707 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_sh...

How severe is CVE-2013-3707?

CVE-2013-3707 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3707?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Open Enterprise Server.