CVE-2001-0163
published 2001-01-01CVE-2001-0163: Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
PriorityP417medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
2.80%
84.7th percentile
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Squid 2.4.1 - Remote Buffer Overflow
exploitdb·2002-05-14
CVE-2002-0163 Squid 2.4.1 - Remote Buffer Overflow
Squid 2.4.1 - Remote Buffer Overflow
---
/* 7350squish - x86/linux squid remote exploit
*
* TESO CONFIDENTIAL - SOURCE MATERIALS
*
* This is unpublished proprietary source code of TESO Security.
*
* The contents of these coded instructions, statements and computer
* programs may not be disclosed to third parties, copied or duplicated in
* any form, in whole or in part, without the prior written permission of
* TESO Security. This includes especially the Bugtraq mailing list, the
* www.hack.co.za website and any public exploit archive.
*
* The distribution restrictions cover the entire file, including this
* header notice. (This means, you are not allowed to reproduce the header).
*
* (C) COPYRIGHT TESO Security, 2001
* All Rights Reserved
*
* bug found by scut 2001/09/10
* further resear
Exploit-DB
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number
exploitdb·1999-09-27
CVE-2004-0641 Linux Kernel 2.2 - Predictable TCP Initial Sequence Number
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number
---
source: https://www.securityfocus.com/bid/670/info
A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls.
The function 'secure_tcp_sequence_number' in the file 'drivers/char/random.c' at line 1684 is used to generate the initial sequence number. It used the MD4 hash with a set of inputs to generate the new ISN.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19522.tar.gz
No writeups or analysis indexed.
CWE
Reliance on Security Through Obscurity
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-656 Reliance on Security Through Obscurity
CWE-656: Reliance on Security Through Obscurity
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality,
CWE
Violation of Secure Design Principles
mitre_cwe
CWE-657 Violation of Secure Design Principles
CWE-657: Violation of Secure Design Principles
The product violates well-established principles for secure design.
This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
Modes of Introduction:
Phase: Architecture and Design
Common Consequences:
Scope: Other. Impact: Other.
Examples:
Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer coul
2001-01-01
Published