Intrusion Prevention

Novell.Open.Enterprise.Server.HTTPSTK.Service.DoS

Description

This indicates an attack attempt to exploit a Denial of Service vulnerability in HTTPSTK service in Novell Open Enterprise Server.
The vulnerability is due to a build up of connection in the CLOSE_WAIT state when vulnerable module does not close a TCP connection properly. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

Novell Open Enterprise Server prior to novell-nrm-2.0.2-297.305.302.3

Impact

Denial of Service: Remote attackers can crash vulnerable systems or services

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.novell.com/support/kb/doc.php?id=7014063

CVE References

CVE-2013-3707