Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1244

4 documents4 sources

Severity

5.0MEDIUM

EPSS

16.8%

top 5.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Freebsd Freebsd HP Hp-ux HP Vvos +5 more

Timeline

PublishedJul 7

Latest updateApr 30

Description

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDhp/vvos11.04

▶NVDhp/hp-ux11.0.4, 11.00, 11.11+2

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

▶NVDopenbsd/openbsd2.8, 2.9+1

▶NVDlinux/linux_kernel6 versions+5

Also affects: Netbsd 1.5, 1.5.1, Freebsd 4.3

🔴Vulnerability Details

GHSA

GHSA-g5fj-94hx-c37v: Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment s↗2022-04-30

▶

CVEList

CVE-2001-1244: Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment s↗2002-05-03

▶

💥Exploits & PoCs

Exploit-DB

HP-UX 11 / Linux Kernel 2.4 / Windows 2000/NT 4.0 / IRIX 6.5 - Small TCP MSS Denial of Service↗2001-07-07

▶