CVE-2001-1387Observable Discrepancy in Iptables

CWE-203Observable DiscrepancyCWE-200Sensitive Information ExposureCWE-449The UI Performs the Wrong Action6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 70.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netfilter Iptables
Timeline
PublishedNov 5
Latest updateApr 30

Description

iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDnetfilter/iptables< 1.2.4

🔴Vulnerability Details

2
GHSA
GHSA-2wcp-prmg-9pr7: iptables-save in iptables before 12022-04-30
CVEList
CVE-2001-1387: iptables-save in iptables before 12002-08-31

📋Vendor Advisories

1
Red Hat
security flaw2001-10-30

📐Framework References

1
CWE
The UI Performs the Wrong Action

💬Community

1
Bugzilla
CVE-2001-1387 security flaw2018-08-16
CVE-2001-1387 — Observable Discrepancy in Iptables | cvebase