CVE-2013-3707

Published: Dec 1, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

Affected (2)

Products: Novell: Open Enterprise Server

1 product

Open Enterprise Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Novell Open Enterprise Server	Version 11.0
Novell Open Enterprise Server	Version 11.0 sp1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.novell.com/support/kb/doc.php?id=7014063

Source: cve@mitre.org

Vendor Advisory

http://www.novell.com/support/kb/doc.php?id=7014063

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.