CVE-2001-0830
published 2001-12-06CVE-2001-0830: 6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource…
PriorityP334high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
5.67%
92.0th percentile
6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 6tunnel_project | 6tunnel | <= 0.08 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Resource Shutdown or Release
mitre_cwe
CWE-404 Improper Resource Shutdown or Release
CWE-404: Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability, Other. Impact: DoS: Resource Consumption (Other), Varies by Context. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.
Scope: Confidentiality.
CWE
Missing Release of Resource after Effective Lifetime
mitre_cwe
CWE-772 Missing Release of Resource after Effective Lifetime
CWE-772: Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (Other), DoS: Resource Consumption (Memory), DoS: Resource Consumption (CPU). An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application S
ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gzhttp://marc.info/?l=bugtraq&m=100386451702966&w=2http://www.securityfocus.com/bid/3467https://exchange.xforce.ibmcloud.com/vulnerabilities/7337ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gzhttp://marc.info/?l=bugtraq&m=100386451702966&w=2http://www.securityfocus.com/bid/3467https://exchange.xforce.ibmcloud.com/vulnerabilities/7337
2001-12-06
Published