5.0
MEDIUM
CVE-2014-3488
Netty SSLv2Hello Remote Denial of Service
Description

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

INFO

Published Date :

July 31, 2014, 2:55 p.m.

Last Modified :

Feb. 19, 2020, 8:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

2.9

Exploitability Score :

10.0
Public PoC/Exploit Available at Github

CVE-2014-3488 has a 6 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2014-3488 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netty netty
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2014-3488.

URL Resource
http://netty.io/news/2014/06/11/3-9-2-Final.html Vendor Advisory
http://secunia.com/advisories/59196
https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994
https://github.com/netty/netty/issues/2562 Exploit Patch
https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
CGCL-codes/LibHunter

None

Python Shell Batchfile

Updated: 2 days, 13 hours ago
0 stars 0 fork 0 watcher
Born at : Sept. 14, 2024, 5:56 a.m. This repo has been linked 89 different CVEs too.
Profile Photo
LibHunter/LibHunter

None

Python Shell Batchfile

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : June 5, 2024, 8:22 a.m. This repo has been linked 89 different CVEs too.
Profile Photo
CGCL-codes/PHunter

None

Java

Updated: 3 months, 3 weeks ago
7 stars 3 fork 3 watcher
Born at : May 27, 2023, 11:55 a.m. This repo has been linked 89 different CVEs too.
Profile Photo
cezapata/appconfiguration-sample

A setup to create an Azure App Configuration service with Java

Java

Updated: 1 year, 9 months ago
0 stars 0 fork 0 watcher
Born at : Nov. 21, 2022, 4:15 p.m. This repo has been linked 14 different CVEs too.
Profile Photo
Anonymous-Phunter/PHunter

None

Java

Updated: 1 year ago
3 stars 1 fork 1 watcher
Born at : Nov. 14, 2022, 2:30 a.m. This repo has been linked 89 different CVEs too.
Profile Photo
ian4hu/super-pom

Enforced Super POM for build stable artifacts

maven-enforcer pom maven java super-pom ci

Shell

Updated: 1 year, 1 month ago
1 stars 1 fork 1 watcher
Born at : July 5, 2018, 3:56 a.m. This repo has been linked 4 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2014-3488 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2014-3488 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Feb. 19, 2020

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html [No Types Assigned]
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:*:*:*:*:*:*:*:* versions from (including) 3.9.1.1 OR *cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions from (including) 3.9.1.1
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.0:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.0:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.9.1:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.9.1:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.9.0:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.9.0:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.8.1:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.8.1:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.8.0:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.8.0:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.7.0:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.7.0:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.8:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.8:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.7:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.7:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.6:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.6:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.5:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.5:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.4:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.4:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.3:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.3:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.2:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.2:*:*:*:*:*:*:*
  • CPE Deprecation Remap by [email protected]

    Sep. 30, 2019

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:netty_project:netty:3.6.1:*:*:*:*:*:*:* OR *cpe:2.3:a:netty:netty:3.6.1:*:*:*:*:*:*:*
  • Initial Analysis by [email protected]

    Aug. 01, 2014

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

1.12 }} 0.00%

score

0.82333

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability
: