Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2734

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-2734
Last Modified 29 Oct 2012 11:12:36
Published 04 Sep 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2734

Summary

Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472.

Vulnerable Systems


References

SECTRACK - 1020812

CISCO - 20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

XF - cisco-asa-sslvpn-dos(44868)

BID - 30998

CISCO - 20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

SECUNIA - 31730


Last Updated: 27 May 2016 10:49:44