Vulnerability-Lookup

CVE-2014-3407 (GCVE-0-2014-3407)

Vulnerability from cvelistv5 – Published: 2014-11-28 02:00 – Updated: 2024-08-06 10:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/viewAlert.…	x_refsource_CONFIRM
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
          },
          {
            "name": "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-28T02:57:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
        },
        {
          "name": "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
            },
            {
              "name": "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3407",
    "datePublished": "2014-11-28T02:00:00.000Z",
    "dateReserved": "2014-05-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:43:05.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3407\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-11-28T02:59:00.080\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n SSL VPN en Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) y anteriores no designa debidamente los bloques de memoria durante el manejo de paquetes HTTP, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de paquetes manipulados, tambi\u00e9n conocido como Bug ID CSCuq68888.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.3\\\\(2\\\\)\",\"matchCriteriaId\":\"99D0A7E4-5AAD-4070-9246-D82EE20FA7CB\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=36542\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=36542\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2014-3407

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3407

Aliases

CVE-2014-3407

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3407",
    "description": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.",
    "id": "GSD-2014-3407"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3407"
      ],
      "details": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.",
      "id": "GSD-2014-3407",
      "modified": "2023-12-13T01:22:52.924457Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-3407",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
          },
          {
            "name": "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.3\\(2\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3407"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
            },
            {
              "name": "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-06-02T15:47Z",
      "publishedDate": "2014-11-28T02:59Z"
    }
  }
}

VAR-201411-0044

Vulnerability from variot - Updated: 2025-04-13 23:04

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. Vendors have confirmed this vulnerability Bug ID CSCuq68888 It is released as.Denial of service operation via a packet crafted by a third party ( Memory consumption ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the exhaustion of available memory, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCuq68888. The vulnerability originates from the incorrect allocation of memory blocks when the program processes HTTP packets

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0044",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adaptive security appliance software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.3\\(2\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.3(.2)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9.3\\(.2\\)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:adaptive_security_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "71317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3407",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-3407",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-71347",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3407",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-3407",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201411-525",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71347",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. Vendors have confirmed this vulnerability Bug ID CSCuq68888 It is released as.Denial of service operation via a packet crafted by a third party ( Memory consumption ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the exhaustion of available memory, denying service to legitimate users. \nThis issue is tracked by Cisco Bug ID CSCuq68888. The vulnerability originates from the incorrect allocation of memory blocks when the program processes HTTP packets",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "BID",
        "id": "71317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3407",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "71317",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-71347",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "db": "BID",
        "id": "71317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "id": "VAR-201411-0044",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:04:46.463000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
      },
      {
        "title": "36542",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
      },
      {
        "title": "Cisco Adaptive Security Appliance Software Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194625"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3407"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36542"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3407"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3407"
      },
      {
        "trust": 0.3,
        "url": "www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "db": "BID",
        "id": "71317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "db": "BID",
        "id": "71317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "date": "2014-11-26T00:00:00",
        "db": "BID",
        "id": "71317"
      },
      {
        "date": "2014-12-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "date": "2014-11-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "date": "2014-11-28T02:59:00.080000",
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71347"
      },
      {
        "date": "2014-11-27T05:58:00",
        "db": "BID",
        "id": "71317"
      },
      {
        "date": "2014-12-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      },
      {
        "date": "2022-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-3407"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Adaptive Security Appliance Software  SSL VPN Service disruption in implementations  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005678"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-525"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-3407

Vulnerability from fkie_nvd - Published: 2014-11-28 02:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407	Broken Link, Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=36542	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=36542	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	adaptive_security_appliance_software	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D0A7E4-5AAD-4070-9246-D82EE20FA7CB",
              "versionEndIncluding": "9.3\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n SSL VPN en Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) y anteriores no designa debidamente los bloques de memoria durante el manejo de paquetes HTTP, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de paquetes manipulados, tambi\u00e9n conocido como Bug ID CSCuq68888."
    }
  ],
  "id": "CVE-2014-3407",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-28T02:59:00.080",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WCPX-V8VR-H5CW

Vulnerability from github – Published: 2022-05-17 04:20 – Updated: 2022-05-17 04:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-28T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.",
  "id": "GHSA-wcpx-v8vr-h5cw",
  "modified": "2022-05-17T04:20:47Z",
  "published": "2022-05-17T04:20:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3407"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3407 (GCVE-0-2014-3407)

GSD-2014-3407

VAR-201411-0044

FKIE_CVE-2014-3407

GHSA-WCPX-V8VR-H5CW

Tags

Sightings

Nomenclature