[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-4679

Date: (C)2011-01-07   (M)2017-08-18
 
CVSS Score: 7.8Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.

Reference:
SECTRACK-1024963
SECUNIA-42931
BID-45767
asa-ocsp-dos(64605)
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

CPE    30
cpe:/h:cisco:5500_series_adaptive_security_appliance
cpe:/h:cisco:asa_5500
cpe:/a:cisco:adaptive_security_appliance_software:7.2.1
cpe:/a:cisco:adaptive_security_appliance_software:7.2.2
...
CWE    1
CWE-20

© 2013 SecPod Technologies