[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98503

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-4679

Date: (C)2011-01-07   (M)2017-08-18 


Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.

CVSS Score: 7.8Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECTRACK-1024963
SECUNIA-42931
BID-45767
asa-ocsp-dos(64605)
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

CPE    30
cpe:/h:cisco:asa_5500
cpe:/a:cisco:adaptive_security_appliance_software:7.2.1
cpe:/a:cisco:adaptive_security_appliance_software:7.2.2
cpe:/a:cisco:adaptive_security_appliance_software:7.0.4
...
CWE    1
CWE-20

© 2013 SecPod Technologies