Vulnerability Details : CVE-2013-6329
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.
Vulnerability category: Denial of service
Products affected by CVE-2013-6329
- cpe:2.3:a:ibm:global_security_kit:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:content_manager_ondemand_for_multiplatforms:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:content_manager_ondemand_for_multiplatforms:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_access_manager_for_web:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_access_manager_for_web:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_access_manager_for_web:6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6329
1.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6329
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2013-6329
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6329
-
http://www-01.ibm.com/support/docview.wss?uid=swg21669554
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.2Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21659837
IBM Security Bulletin: GSKit SSL negotiation vulnerability in Tivoli Access Manager for e-business (CVE-2013-6329)
-
http://www-01.ibm.com/support/docview.wss?uid=swg21659716
IBM Security Bulletin: CM OnDemand GSKit Vulnerability (CVE-2013-6329)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.33Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88939
IBM GSKit SSL/TLS handshake denial of service CVE-2013-6329 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21659548
IBM Security Bulletin: Potential Denial of service vulnerability in IBM HTTP Server (CVE-2013-6329)
Jump to