ID CVE-2004-0790
Summary Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
References
Vulnerable Configurations
  • Microsoft windows 2000_sp3
    cpe:2.3:o:microsoft:windows_2000:-:sp3
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:-:fr
    cpe:2.3:o:microsoft:windows_2000:-:sp4:-:fr
  • cpe:2.3:o:microsoft:windows_2003_server:r2
    cpe:2.3:o:microsoft:windows_2003_server:r2
  • Microsoft windows 98_gold
    cpe:2.3:o:microsoft:windows_98:-:gold
  • Microsoft windows 98_se
    cpe:2.3:o:microsoft:windows_98se
  • Microsoft Windows ME
    cpe:2.3:o:microsoft:windows_me
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
  • Microsoft windows xp_sp1 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp1:tablet_pc
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • Sun Microsystems Solaris 7
    cpe:2.3:o:sun:sunos:5.7
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 5.0 (as of 15-06-2005 - 12:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description Multiple Vendor ICMP Message Handling DoS. CVE-2004-0790. Dos exploits for multiple platform
    id EDB-ID:25389
    last seen 2016-02-03
    modified 2005-04-12
    published 2005-04-12
    reporter Fernando Gont
    source https://www.exploit-db.com/download/25389/
    title Multiple Vendor ICMP Message Handling DoS
  • description Multiple OS (win32/aix/cisco) Crafted ICMP Messages DoS Exploit. CVE-2004-0790. Dos exploits for multiple platform
    id EDB-ID:948
    last seen 2016-01-31
    modified 2005-04-20
    published 2005-04-20
    reporter houseofdabus
    source https://www.exploit-db.com/download/948/
    title Multiple OS Win32/Aix/Cisco - Crafted ICMP Messages DoS Exploit
  • description MS Windows Malformed IP Options DoS Exploit (MS05-019). CVE-2004-0230,CVE-2004-0790,CVE-2004-1060,CVE-2005-0048,CVE-2005-0688. Dos exploit for windows platform
    id EDB-ID:942
    last seen 2016-01-31
    modified 2005-04-17
    published 2005-04-17
    reporter Yuri Gushin
    source https://www.exploit-db.com/download/942/
    title Microsoft Windows - Malformed IP Options DoS Exploit MS05-019
nessus via4
  • NASL family Windows
    NASL id SMB_KB893066.NASL
    description The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18028
    published 2005-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18028
    title MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-064.NASL
    description The remote host runs a version of Windows that has a flaw in its TCP/IP IPv6 stack. The flaw could allow an attacker to perform a denial of service attack against the remote host. To exploit this vulnerability, an attacker needs to send a specially crafted ICMP or TCP packet to the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22537
    published 2006-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22537
    title MS06-064: Vulnerability in TCP/IP IPv6 Could Allow Denial of Service (922819)
  • NASL family CISCO
    NASL id CISCO-SA-20050412-ICMP.NASL
    description A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt ). These attacks, which only affect sessions terminating or originating on a device itself, can be of three types: Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type. Multiple Cisco products are affected by the attacks described in this Internet draft. Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 48985
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48985
    title Crafted ICMP Messages Can Cause Denial of Service - Cisco Systems
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_33395.NASL
    description s700_800 11.00 cumulative ARPA Transport patch : A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 19363
    published 2005-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19363
    title HP-UX PHNE_33395 : HP-UX TCP/IP Remote Denial of Service (DoS) (HPSBUX01164 SSRT4884 rev.9)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_26125.NASL
    description s700_800 11.00 ndd(1M) cumulative patch : A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 18399
    published 2005-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18399
    title HP-UX PHNE_26125 : HP-UX TCP/IP Remote Denial of Service (DoS) (HPSBUX01164 SSRT4884 rev.9)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_118844.NASL
    description SunOS 5.10_x86: kernel Patch. Date this patch was last updated by Sun : Oct/28/05 This plugin has been deprecated and either replaced with individual 118844 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 19370
    published 2005-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19370
    title Solaris 10 (x86) : 118844-20 (deprecated)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_25644.NASL
    description s700_800 11.11 cumulative ARPA Transport patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060. (HPSBUX01164 SSRT4884) - An HP-UX 11.11 machine with TRANSPORT patches PHNE_24211, PHNE_24506, PHNE_25134, or PHNE_25642 may be exposed to a denial of service through the malicious use of the 'ndd' command. (HPSBUX00192 SSRT071390) - TCP Initial Sequence Number (ISN) randomization specified in RFC 1948 is available for HP-UX. References: CVE-2001-0328, CERT CA-2001-09. (HPSBUX00205 SSRT080009)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 16508
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16508
    title HP-UX PHNE_25644 : s700_800 11.11 cumulative ARPA Transport patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_33427.NASL
    description s700_800 11.04 (VVOS) cumulative ARPA Transport patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060. (HPSBUX01164 SSRT4884) - A potential security vulnerability has been identified with HP-UX running TCP/IP. The potential vulnerability could be exploited remotely to cause a Denial of Service (DoS). (HPSBUX02087 SSRT4728)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 19486
    published 2005-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19486
    title HP-UX PHNE_33427 : s700_800 11.04 (VVOS) cumulative ARPA Transport patch
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_118822.NASL
    description SunOS 5.10: kernel Patch. Date this patch was last updated by Sun : Feb/23/06
    last seen 2018-09-02
    modified 2018-08-13
    plugin id 19367
    published 2005-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19367
    title Solaris 10 (sparc) : 118822-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS7_X86_106542.NASL
    description SunOS 5.7_x86: Kernel Update Patch. Date this patch was last updated by Sun : Nov/27/06
    last seen 2016-09-26
    modified 2011-10-24
    plugin id 13193
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13193
    title Solaris 7 (x86) : 106542-43
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS05-019.NASL
    description The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18023
    published 2005-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18023
    title MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL23440942.NASL
    description The vulnerability described in this article was initially fixed in earlier versions, but a regression was reintroduced in BIG-IP 12.x through13.x. For information about earlier versions, refer toK4583: Insufficient validation of ICMP error messages - VU#222750 / CVE-2004-0790(9.x - 10.x). Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the 'blind connection-reset attack.' NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. (CVE-2004-0790)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 100000
    published 2017-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100000
    title F5 Networks BIG-IP : Insufficient validation of ICMP error messages (K23440942)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_33159.NASL
    description s700_800 11.11 cumulative ARPA Transport patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running TCP/IP (IPv4). This vulnerability could be remotely exploited to cause a Denial of Service (DoS). (HPSBUX01137 SSRT5954) - A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060. (HPSBUX01164 SSRT4884)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 18608
    published 2005-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18608
    title HP-UX PHNE_33159 : s700_800 11.11 cumulative ARPA Transport patch
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_118305.NASL
    description SunOS 5.9: tcp Patch. Date this patch was last updated by Sun : Jul/09/07
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 18075
    published 2005-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18075
    title Solaris 9 (sparc) : 118305-10
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL4583.NASL
    description The remote BIG-IP device is missing a patch required by a security advisory.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 86016
    published 2015-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86016
    title F5 Networks BIG-IP : Insufficient validation of ICMP error messages (SOL4583)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_117470.NASL
    description SunOS 5.9_x86: tcp Patch. Date this patch was last updated by Sun : Jul/09/07
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 18079
    published 2005-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18079
    title Solaris 9 (x86) : 117470-09
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS7_106541.NASL
    description SunOS 5.7: Kernel Update Patch. Date this patch was last updated by Sun : Dec/06/06
    last seen 2016-09-26
    modified 2011-10-24
    plugin id 13086
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13086
    title Solaris 7 (sparc) : 106541-44
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_26076.NASL
    description s700_800 11.04 (VVOS) ndd(1M) cumulative patch : A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 18398
    published 2005-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18398
    title HP-UX PHNE_26076 : HP-UX TCP/IP Remote Denial of Service (DoS) (HPSBUX01164 SSRT4884 rev.9)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_32606.NASL
    description s700_800 11.23 cumulative ARPA Transport patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060. (HPSBUX01164 SSRT4884) - A potential security vulnerability has been identified with HP-UX running TCP/IP (IPv4). This vulnerability could be remotely exploited to cause a Denial of Service (DoS). (HPSBUX01137 SSRT5954)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 19362
    published 2005-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19362
    title HP-UX PHNE_32606 : s700_800 11.23 cumulative ARPA Transport patch
oval via4
  • accepted 2014-03-24T04:00:12.352-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nabil Ouchn
      organization Security-Database
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family unix
    id oval:org.mitre.oval:def:1177
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX 11.11 Blind Connection Reset Attack Vulnerability
    version 38
  • accepted 2011-05-09T04:01:19.783-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family unix
    id oval:org.mitre.oval:def:176
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX 11.00 Blind Connection Reset Attack Vulnerability
    version 36
  • accepted 2011-05-16T04:02:04.059-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Brendan Miles
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family windows
    id oval:org.mitre.oval:def:1910
    status accepted
    submitted 2005-08-18T04:00:00.000-04:00
    title WinXP Blind Connection Reset Attack Vulnerability
    version 39
  • accepted 2014-03-10T04:00:34.539-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family unix
    id oval:org.mitre.oval:def:211
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX 11.23 Blind Connection Reset Attack Vulnerability
    version 40
  • accepted 2011-05-16T04:02:47.049-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family windows
    id oval:org.mitre.oval:def:3458
    status accepted
    submitted 2005-04-22T12:00:00.000-04:00
    title Win2k Blind Connection Reset Attack Vulnerability
    version 36
  • accepted 2011-05-09T04:01:32.572-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family unix
    id oval:org.mitre.oval:def:412
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX 11.04 Blind Connection Reset Attack Vulnerability
    version 36
  • accepted 2013-09-02T04:05:46.405-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Dragos Prisaca
      organization G2, Inc.
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family windows
    id oval:org.mitre.oval:def:4804
    status accepted
    submitted 2005-08-18T04:00:00.000-04:00
    title Server 2003 Blind Connection Reset Attack Vulnerability
    version 39
  • accepted 2014-03-24T04:01:39.608-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family unix
    id oval:org.mitre.oval:def:514
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX 11.11, 11.23 Blind Connection Reset Attack Vulnerability
    version 39
  • accepted 2011-05-09T04:01:36.564-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows XP SP1 (32-bit) is installed
      oval oval:org.mitre.oval:def:1
    • comment Microsoft Windows XP SP2 or later is installed
      oval oval:org.mitre.oval:def:521
    • comment Microsoft Windows XP SP1 (64-bit) is installed
      oval oval:org.mitre.oval:def:480
    • comment Microsoft Windows Server 2003 (x86) Gold is installed
      oval oval:org.mitre.oval:def:165
    • comment Microsoft Windows Server 2003 SP1 (x86) is installed
      oval oval:org.mitre.oval:def:565
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family windows
    id oval:org.mitre.oval:def:53
    status accepted
    submitted 2006-10-11T05:29:41
    title Windows XP, Windows Server 2003 Blind Connection Reset Attack Vulnerability
    version 42
  • accepted 2011-05-09T04:01:38.771-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nabil Ouchn
      organization Security-Database
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Pai Peng
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    family unix
    id oval:org.mitre.oval:def:622
    status accepted
    submitted 2006-09-22T05:52:00.000-04:00
    title Solaris 8, 9, 10 Blind Connection Reset Attack Vulnerability
    version 36
refmap via4
bid 13124
hp
  • HPSBST02161
  • HPSBTU01210
  • HPSBUX01164
  • SSRT061264
  • SSRT4743
  • SSRT4884
misc
ms
  • MS05-019
  • MS06-064
sco SCOSA-2006.4
secunia
  • 18317
  • 22341
sreason
sunalert
  • 101658
  • 57746
vupen ADV-2006-3983
Last major update 17-10-2016 - 22:49
Published 12-04-2005 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top