| ID |
CVE-2001-0328
|
| Summary |
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 19-10-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| oval
via4
|
| accepted | 2008-09-08T04:00:14.026-04:00 | | class | vulnerability | | contributors | | name | Yuzheng Zhou | | organization | Hewlett-Packard |
| | description | TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. | | family | ios | | id | oval:org.mitre.oval:def:4922 | | status | accepted | | submitted | 2008-05-02T11:06:36.000-04:00 | | title | Multiple Vendor TCP/IP stack Weak Initial Sequence Number Vulnerability | | version | 3 |
|
| refmap
via4
|
|
| Last major update |
19-10-2017 - 01:29 |
| Published |
27-06-2001 - 04:00 |
| Last modified |
19-10-2017 - 01:29 |
