Description


TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Related CPE's


o

juniper

junos

55

o

microsoft

windows_2000

2



o

microsoft

windows_server_2003

4

o

microsoft

windows_xp

4

o

oracle

solaris

2


a

mcafee

network_data_loss_prevention

4

o

netbsd

netbsd

8

o

xinuos

openserver

2

o

xinuos

unixware

2

References







http://kb.juniper.net/JSA10638

Third Party Advisory



http://secunia.com/advisories/11440

Permissions RequiredThird Party AdvisoryVDB EntryBroken Link

http://secunia.com/advisories/11458

Permissions RequiredThird Party AdvisoryVDB EntryBroken Link

http://secunia.com/advisories/22341

Permissions RequiredThird Party AdvisoryVDB EntryBroken Link


http://www.kb.cert.org/vuls/id/415294

Third Party AdvisoryUS Government Resource





http://www.securityfocus.com/bid/10183

ExploitThird Party AdvisoryVDB Entry


http://www.us-cert.gov/cas/techalerts/TA04-111A.html

Third Party AdvisoryUS Government Resource
















http://kb.juniper.net/JSA10638

Third Party Advisory



http://secunia.com/advisories/11440

Permissions RequiredThird Party AdvisoryVDB EntryBroken Link

http://secunia.com/advisories/11458

Permissions RequiredThird Party AdvisoryVDB EntryBroken Link

http://secunia.com/advisories/22341

Permissions RequiredThird Party AdvisoryVDB EntryBroken Link


http://www.kb.cert.org/vuls/id/415294

Third Party AdvisoryUS Government Resource





http://www.securityfocus.com/bid/10183

ExploitThird Party AdvisoryVDB Entry


http://www.us-cert.gov/cas/techalerts/TA04-111A.html

Third Party AdvisoryUS Government Resource










Weaknesses



NVD-CWE-Other

CVSS impact metrics


AV:N/AC:L/Au:N/C:N/I:N/A:P

5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2004-08-18T04:00:00.000

20 years ago

Last modified

2025-05-02T16:40:41.530

2 months ago