CVE-2013-6329

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.

References

http://secunia.com/advisories/56058

http://www-01.ibm.com/support/docview.wss?uid=swg21659548

http://www-01.ibm.com/support/docview.wss?uid=swg21659716

http://www-01.ibm.com/support/docview.wss?uid=swg21659837

http://www-01.ibm.com/support/docview.wss?uid=swg21669554

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

https://exchange.xforce.ibmcloud.com/vulnerabilities/88939

Details

Source: MITRE

Published: 2013-12-17

Updated: 2017-08-29

Type: CWE-310

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
144768IBM HTTP Server 8.5.0.0 <= 8.5.5.1 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 (505927)NessusWeb Servers
high
9699IBM WebSphere Application Server 7.0 < 7.0.0.33 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
80480IBM Tivoli Access Manager for e-Business < 6.0.0.31 / 6.1.0.12 / 6.1.1.8 or GSKit < 7.0.4.47 SSL/TLS Handshake Processing DoSNessusMisc.
high
76995IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple VulnerabilitiesNessusWeb Servers
high
76967IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple VulnerabilitiesNessusWeb Servers
high
74235IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple VulnerabilitiesNessusWeb Servers
high
72283IBM Global Security Kit 7 < 7.0.4.47 / 8 < 8.0.50.13 DoSNessusGeneral
high
72118Informix Server GSKit < 7.0.4.47 / 8.0.50.13 SSL/TLS DoSNessusMisc.
high