CVE-2010-2836

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.

Published: Sep 23, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2836
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
cisco / ios	12.4mra	12.4mra.x
cisco / ios	12.4xj	12.4xj.x
cisco / ios	12.4xl	12.4xl.x
cisco / ios	12.4xm	12.4xm.x
cisco / ios	12.4mr	12.4mr.x
cisco / ios	12.4xt	12.4xt.x
cisco / ios	12.4gc	12.4gc.x
cisco / ios	15.1t	15.1t.x
cisco / ios	12.4xf	12.4xf.x
cisco / ios	12.4xg	12.4xg.x
cisco / ios	12.4ya	12.4ya.x
cisco / ios	15.0m	15.0m.x
cisco / ios	12.4xv	12.4xv.x
cisco / ios	12.4xw	12.4xw.x
cisco / ios	12.4xz	12.4xz.x
cisco / ios	12.4xd	12.4xd.x
cisco / ios	12.4xp	12.4xp.x
cisco / ios	12.4yd	12.4yd.x
cisco / ios	12.4mda	12.4mda.x
cisco / ios	12.4xk	12.4xk.x
cisco / ios	12.4	12.4.x
cisco / ios	12.4sw	12.4sw.x
cisco / ios	12.4xa	12.4xa.x
cisco / ios	12.4xn	12.4xn.x
cisco / ios	12.4xe	12.4xe.x
cisco / ios	15.1(1)xb1	15.1(1)xb1.x
cisco / ios	12.4yb	12.4yb.x
cisco / ios	12.4xb	12.4xb.x
cisco / ios	12.4xy	12.4xy.x
cisco / ios	12.4xc	12.4xc.x
cisco / ios	15.0xa	15.0xa.x

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a312.shtml

Vulnerability Database

290,206

CVE-2010-2836