Sign-up

ID

VAR-201312-0070


CVE

CVE-2013-3707


TITLE

Novell Open Enterprise Server of novell-nrm Service operation disruption in packages (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005335

DESCRIPTION

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. Novell Remote Manager is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Successful exploits may allow the attacker to crash the affected application causing denial-of-service conditions. Versions prior to Novell Remote Manager 2.0.2-297.305.302.3 are vulnerable

Trust: 1.89

sources: NVD: CVE-2013-3707 // JVNDB: JVNDB-2013-005335 // BID: 64055

AFFECTED PRODUCTS

vendor:novellmodel:open enterprise serverscope:eqversion:11.0

Trust: 1.6

vendor:novellmodel:open enterprise serverscope:eqversion:11 (oes 11) linux

Trust: 0.8

vendor:novellmodel:open enterprise serverscope:eqversion:11 (oes 11) linux sp1

Trust: 0.8

vendor:novellmodel:open enterprise serverscope:eqversion:2 (oes 2) linux

Trust: 0.8

vendor:novellmodel:open enterprise serverscope:eqversion:2

Trust: 0.6

vendor:novellmodel:remote managerscope:eqversion:2.0.2-297.305.302

Trust: 0.3

vendor:novellmodel:open enterprise server (oes linuxscope:eqversion:2)2

Trust: 0.3

vendor:novellmodel:open enterprise server (oes linux support pacscope:eqversion:11)11

Trust: 0.3

vendor:novellmodel:open enterprise server (oes linuxscope:eqversion:11)11

Trust: 0.3

vendor:novellmodel:remote managerscope:neversion:2.0.2-297.305.302.3

Trust: 0.3

sources: BID: 64055 // JVNDB: JVNDB-2013-005335 // CNNVD: CNNVD-201312-004 // NVD: CVE-2013-3707

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2013-3707
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201312-004
value: MEDIUM

Trust: 0.6

NVD: CVE-2013-3707
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-005335 // CNNVD: CNNVD-201312-004 // NVD: CVE-2013-3707

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-005335 // NVD: CVE-2013-3707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-004

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201312-004

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2013-3707

PATCH
title:7014063url:http://www.novell.com/support/kb/doc.php?id=7014063
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005335

EXTERNAL IDS
db:NVDid:CVE-2013-3707
Trust: 2.7
db:JVNDBid:JVNDB-2013-005335
Trust: 0.8
db:CNNVDid:CNNVD-201312-004
Trust: 0.6
db:BIDid:64055
Trust: 0.3
sources:
            
            
            BID: 64055 // 
            
            
            
            JVNDB: JVNDB-2013-005335 // 
            
            
            
            CNNVD: CNNVD-201312-004 // 
            
            
            
            NVD: CVE-2013-3707

REFERENCES
url:http://www.novell.com/support/kb/doc.php?id=7014063
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3707
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3707
Trust: 0.8
url:http://www.novell.com/
Trust: 0.3
sources:
            
            
            BID: 64055 // 
            
            
            
            JVNDB: JVNDB-2013-005335 // 
            
            
            
            CNNVD: CNNVD-201312-004 // 
            
            
            
            NVD: CVE-2013-3707

CREDITS
swappiness0
Trust: 0.3
sources:
            
            
            BID: 64055

SOURCES
db:BIDid:64055
db:JVNDBid:JVNDB-2013-005335
db:CNNVDid:CNNVD-201312-004
db:NVDid:CVE-2013-3707

LAST UPDATE DATE
2022-05-04T09:57:21.081000+00:00

SOURCES UPDATE DATE
db:BIDid:64055date:2013-11-07T00:00:00
db:JVNDBid:JVNDB-2013-005335date:2013-12-03T00:00:00
db:CNNVDid:CNNVD-201312-004date:2020-02-25T00:00:00
db:NVDid:CVE-2013-3707date:2020-02-24T14:15:00

SOURCES RELEASE DATE
db:BIDid:64055date:2013-11-07T00:00:00
db:JVNDBid:JVNDB-2013-005335date:2013-12-03T00:00:00
db:CNNVDid:CNNVD-201312-004date:2013-12-06T00:00:00
db:NVDid:CVE-2013-3707date:2013-12-01T17:55:00