CVE-2004-0230

Description

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Related CPE's

ooraclesolaris11*******

ooraclesolaris10*******

aopenpgpopenpgp2.6.2*******

amcafeenetwork_data_loss_prevention9.2.1*******

amcafeenetwork_data_loss_prevention9.2.0*******

amcafeenetwork_data_loss_prevention********

amcafeenetwork_data_loss_prevention9.2.2*******

onetbsdnetbsd1.5.2*******

onetbsdnetbsd1.5.3*******

onetbsdnetbsd1.6*******

References

10183

ExploitThird Party AdvisoryVDB Entry

20040403-01-A

Third Party Advisory

NetBSD-SA2004-006

Third Party Advisory

SCOSA-2005.3

Third Party Advisory

SCOSA-2005.9

Third Party Advisory

SCOSA-2005.14

Third Party Advisory

VU#415294

Third Party AdvisoryUS Government Resource

http://www.uniras.gov.uk/vuls/2004/236929/index.htm

Broken Link

4030

Broken Link

11440

Permissions RequiredThird Party AdvisoryVDB Entry

11458

Permissions RequiredThird Party AdvisoryVDB Entry

22341

Permissions RequiredThird Party AdvisoryVDB Entry

ADV-2006-3983

Permissions Required

20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products

Broken Link

TA04-111A

Third Party AdvisoryUS Government Resource

https://kc.mcafee.com/corporate/index?page=content&id=SB10053

PatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

PatchThird Party Advisory

http://kb.juniper.net/JSA10638

Third Party Advisory

20040425 Perl code exploting TCP not checking RST ACK.

SSRT4696

tcp-rst-dos(15886)

oval:org.mitre.oval:def:5711

oval:org.mitre.oval:def:4791

oval:org.mitre.oval:def:3508

oval:org.mitre.oval:def:270

oval:org.mitre.oval:def:2689

MS06-064

MS05-019

SSRT061264

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

5

Created by Yello
About Severity.io