{ "id": "CVE-2010-2836", "sourceIdentifier": "ykramarz@cisco.com", "published": "2010-09-23T19:00:13.980", "lastModified": "2010-09-24T18:12:02.890", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685." }, { "lang": "es", "value": "Fuga de memoria en la funcionalidad SSL VPN en Cisco IOS v12.4, v15.0, y v15.1, cuando HTTP port redirection est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) al desconectar incorrectamente sesiones SSL generando que las conexiones permanezcan en estado CLOSE-WAIT, tambi\u00e9n conocido como fallo ID CSCtg21685." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-399" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4gc:*:*:*:*:*:*:*", "matchCriteriaId": "89B19F2B-1D89-42FC-89A7-737D8109EB1B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4mda:*:*:*:*:*:*:*", "matchCriteriaId": "237F6EDD-AB47-4768-9C75-C0B03E23696B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4mr:*:*:*:*:*:*:*", "matchCriteriaId": "C7414D32-88A1-416E-A717-3F47B6D1BE74" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4mra:*:*:*:*:*:*:*", "matchCriteriaId": "860A1477-49B5-4356-9D83-A1A092233D55" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4sw:*:*:*:*:*:*:*", "matchCriteriaId": "370DC543-AC01-4B91-88C7-60C323E35929" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xa:*:*:*:*:*:*:*", "matchCriteriaId": "99235FFB-4439-40B2-ADBD-B08E5DBBCCB9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xb:*:*:*:*:*:*:*", "matchCriteriaId": "C1797E4E-E15C-4148-9B3D-4FF6D1D815AF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xc:*:*:*:*:*:*:*", "matchCriteriaId": "544BD924-2CBD-4130-BBD3-5AD084C85FE5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xd:*:*:*:*:*:*:*", "matchCriteriaId": "6B78181E-E1D1-4C25-85DE-CA46BBF21765" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xe:*:*:*:*:*:*:*", "matchCriteriaId": "C1F36C3D-E9A2-41A1-BE71-4D8B00D228E0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xf:*:*:*:*:*:*:*", "matchCriteriaId": "7D1CD80F-E898-41CE-8A86-28C2F48B928A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xg:*:*:*:*:*:*:*", "matchCriteriaId": "9C3C3B97-7F1E-4B87-AD44-E4230BCDAB7D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xj:*:*:*:*:*:*:*", "matchCriteriaId": "BF610051-1638-4C1B-9864-11E34EFC4DE6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xk:*:*:*:*:*:*:*", "matchCriteriaId": "78260223-50C0-48F8-9A65-AE67489E602C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xl:*:*:*:*:*:*:*", "matchCriteriaId": "18E39462-4CEE-4C29-8B60-50E05FCF3E91" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xm:*:*:*:*:*:*:*", "matchCriteriaId": "3FF16123-CCA0-4ECD-9B8C-AC1534C3F244" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xn:*:*:*:*:*:*:*", "matchCriteriaId": "CC7454AF-7610-4CD3-BD2B-95A6C3283811" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xp:*:*:*:*:*:*:*", "matchCriteriaId": "AB633E6C-025C-4B31-ABE7-8318C813376B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xt:*:*:*:*:*:*:*", "matchCriteriaId": "DFED1FFB-899D-4A48-9CCA-0B8737AE1408" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xv:*:*:*:*:*:*:*", "matchCriteriaId": "883FA166-2973-42BA-842D-28FBDBFEAC4A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:*", "matchCriteriaId": "4362045B-7065-4FF9-A977-B3DA7894F831" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xy:*:*:*:*:*:*:*", "matchCriteriaId": "BC27E79D-6B4B-4839-9664-DFE821C45C2E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*", "matchCriteriaId": "4963A243-74FA-43AD-9645-C9FAD527A6E1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*", "matchCriteriaId": "31C6EACA-35BE-4032-93DA-5F738AEE0F4A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4yb:*:*:*:*:*:*:*", "matchCriteriaId": "E67621EA-25D8-47C2-ADEA-512E38F2FFE3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:12.4yd:*:*:*:*:*:*:*", "matchCriteriaId": "94E1421B-2B86-41B2-9288-59780E081337" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:15.0m:*:*:*:*:*:*:*", "matchCriteriaId": "3D03374C-7EF0-4455-839E-09CA4F2E85BC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:15.0xa:*:*:*:*:*:*:*", "matchCriteriaId": "EC6EF56C-032C-43F6-A979-E18BEA0E16A6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:15.1\\(1\\)xb1:*:*:*:*:*:*:*", "matchCriteriaId": "2D30CD49-F004-4830-A33E-9FC6E423CEA4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios:15.1t:*:*:*:*:*:*:*", "matchCriteriaId": "5FAFA073-B16F-475F-B68D-8FE9135AB0A4" } ] } ] } ], "references": [ { "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a312.shtml", "source": "ykramarz@cisco.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }