ID CVE-2010-3903
Summary Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.
References
Vulnerable Configurations
  • infradead OpenConnect 2.22
    cpe:2.3:a:infradead:openconnect:2.22
  • infradead OpenConnect 2.21
    cpe:2.3:a:infradead:openconnect:2.21
  • infradead OpenConnect 2.20
    cpe:2.3:a:infradead:openconnect:2.20
  • infradead OpenConnect 2.12
    cpe:2.3:a:infradead:openconnect:2.12
  • infradead OpenConnect 2.11
    cpe:2.3:a:infradead:openconnect:2.11
  • infradead OpenConnect 2.10
    cpe:2.3:a:infradead:openconnect:2.10
  • infradead OpenConnect 2.01
    cpe:2.3:a:infradead:openconnect:2.01
  • infradead OpenConnect 2.00
    cpe:2.3:a:infradead:openconnect:2.00
  • infradead OpenConnect 1.40
    cpe:2.3:a:infradead:openconnect:1.40
  • infradead OpenConnect 1.30
    cpe:2.3:a:infradead:openconnect:1.30
  • infradead OpenConnect 1.20
    cpe:2.3:a:infradead:openconnect:1.20
  • infradead OpenConnect 1.10
    cpe:2.3:a:infradead:openconnect:1.10
  • infradead OpenConnect 1.00
    cpe:2.3:a:infradead:openconnect:1.00
CVSS
Base: 5.0 (as of 14-10-2010 - 08:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
refmap via4
confirm http://www.infradead.org/openconnect.html
Last major update 12-11-2010 - 00:00
Published 14-10-2010 - 01:58
Back to Top