Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2004-0791 — Microsoft Windows 2003 Server vulnerability
25 documents6 sources
Severity
10.0CRITICALNVD
NVD5.0CNA5.0
EPSS
30.4%
top 3.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 12
Latest updateMay 3
Description
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. Whi…
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages3 packages
🔴Vulnerability Details
14GHSA▶
GHSA-5c86-xw43-gw75: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages,↗2022-05-03
GHSA▶
GHSA-8jw3-72q3-6378: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network t↗2022-05-03
GHSA▶
GHSA-fqvv-84gm-c2c5: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a↗2022-05-03
GHSA▶
GHSA-whr2-cjwc-wj5g: The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that↗2022-05-01
GHSA▶
GHSA-rhmh-v4vm-7q2m: The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP↗2022-05-01
💥Exploits & PoCs
1Exploit-DB
▶