CVE-2021-4467
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| positive_technologies | xspider | 4.0 |
| positive_technologies | maxpatrol | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Positive Technologies MaxPatrol 8 and XSpider in the client communication service on TCP port 2002. The service creates a new session identifier for each incoming connection but does not properly limit the number of concurrent requests. An unauthenticated remote attacker can send repeated HTTPS requests to the service, causing excessive allocation of session identifiers. This can lead to session identifier collisions, which force active client sessions to disconnect and disrupt the service.
How can this vulnerability impact me? :
The vulnerability can cause a remote denial-of-service condition by forcing active client sessions to disconnect due to session identifier collisions. This results in service disruption, potentially making the affected service unavailable to legitimate users.