CVE-2013-3707

EUVD-2013-3640
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
novellopen_enterprise_server
11.0
novellopen_enterprise_server
11.0:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.novell.com/support/kb/doc.php?id=7014063
http://www.novell.com/support/kb/doc.php?id=7014063