Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0116

4 documents4 sources

Severity

5.0MEDIUM

EPSS

9.0%

top 7.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM AIX IBM SNG

Timeline

PublishedSep 19

Latest updateMay 3

Description

Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/aix3.2.5, 4.1, 4.2+2

▶NVDibm/sng2.1, 2.2+1

🔴Vulnerability Details

GHSA

GHSA-j56q-jrrm-mwmf: Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka S↗2022-05-03

▶

CVEList

CVE-1999-0116: Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka S↗1999-09-29

▶

💥Exploits & PoCs

Exploit-DB

TCP SYN - 'bang.c' Denial of Service↗2002-09-17

▶