CVE-2013-3707

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.3MEDIUM

EPSS

3.0%

top 13.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Open Enterprise Server

Timeline

PublishedDec 1

Latest updateMay 13

Description

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/open_enterprise_server11.0

🔴Vulnerability Details

GHSA

GHSA-c79m-cfh4-phqp: The HTTPSTK service in the novell-nrm package before 2↗2022-05-13

▶

CVEList

CVE-2013-3707: The HTTPSTK service in the novell-nrm package before 2↗2013-12-01

▶