fkie_nvd - fkie_cve-2010-3903

fkie_cve-2010-3903

Vulnerability from fkie_nvd

Published

2010-10-14 05:58

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.

References

▼	URL	Tags
	cve@mitre.org	http://www.infradead.org/openconnect.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.infradead.org/openconnect.html

Impacted products

Vendor	Product	Version
infradead	openconnect	*
infradead	openconnect	1.00
infradead	openconnect	1.10
infradead	openconnect	1.20
infradead	openconnect	1.30
infradead	openconnect	1.40
infradead	openconnect	2.00
infradead	openconnect	2.01
infradead	openconnect	2.10
infradead	openconnect	2.11
infradead	openconnect	2.12
infradead	openconnect	2.20
infradead	openconnect	2.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5498A999-5CA0-45ED-B2D2-FA471D24A839",
              "versionEndIncluding": "2.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "67DF6A41-F66A-4988-8852-08B0F8409185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "13B5B9C7-3D91-4A40-BEE2-F1BEF2857C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF4C32E-4053-4968-B2E7-C821908B3017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A36920-3A90-4369-A8F4-515C423BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7D9D50-9787-453E-8AB8-7B46F8689875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "6796B9D9-A95C-48BF-A1A9-256DD03C9AAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "61634238-AF09-497B-8FF1-267C46C8546D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65C84C3-C747-4AF0-8650-EA15EB032B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "012C702A-942D-457A-91AB-A3743CE291FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "26BC396E-21AA-4914-B014-C338337E3F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB4D50E9-1318-4A74-B58B-0BE2A8B9A0DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:infradead:openconnect:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC648F46-ED89-4C52-A75B-784D98644DBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en OpenConnect anterior v2.23 permite coneciones remotas a servidores SSL VPN que causa una denegaci\u00f3n de servicio (ca\u00edda aplicaci\u00f3n) a trav\u00e9s del estado 404 HTTP. \r\n"
    }
  ],
  "evaluatorComment": "Per reference link:\r\n\"OpenConnect is not officially supported by, or associated in any way with, Cisco Systems\"",
  "id": "CVE-2010-3903",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-14T05:58:42.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.infradead.org/openconnect.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.infradead.org/openconnect.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-3903 (GCVE-0-2010-3903)

Vulnerability from cvelistv5

Published

2010-10-12 21:00