CVE-2001-0328
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number
Severity Score
9.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 1999-09-27 First Exploit
- 2001-04-23 CVE Reserved
- 2001-05-24 CVE Published
- 2024-08-08 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/8044 | Third Party Advisory | |
| http://securityreason.com/securityalert/57 | Third Party Advisory | |
| http://www.securityfocus.com/bid/2682 | Vdb Entry | |
| http://www.securitytracker.com/id/1033181 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4922 | Signature | |
| https://support.f5.com/csp/article/K19063943?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/19522 | 1999-09-27 |
| URL | Date | SRC |
|---|---|---|
| http://www.cert.org/advisories/CA-2001-09.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20030201-01-P | 2023-11-07 |