Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K3126
HistoryApr 04, 2014 - 12:00 a.m.

K3126 : Large TCP window sizes may make it easier to predict sequence numbers vulnerability CVE-2004-0230

2014-04-0400:00:00
my.f5.com
324

9.1 High

AI Score

Confidence

High

JSON

Security Advisory Description

Note: For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products.Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.F5 products and versions that have been evaluated for this Security Advisory

Product Affected Not Affected
BIG-IP LTM None 9.x
10.x
11.x
BIG-IP GTM None 9.x
10.x
11.x
BIG-IP ASM None 9.x
10.x
11.x
BIG-IP Link Controller None 9.x
10.x
11.x
BIG-IP WebAccelerator None 9.x
10.x
11.x
BIG-IP PSM None 9.x
10.x
11.x
BIG-IP WAN Optimization None 10.x
11.x
BIG-IP APM None 10.x
11.x
BIG-IP Edge Gateway None 10.x
11.x
BIG-IP Analytics None 11.x
BIG-IP AFM None 11.x
BIG-IP PEM None 11.x
FirePass None 5.x
6.x
7.x
Enterprise Manager None 1.x
2.x
3.x
BIG-IQ Centralized Management None 5.x
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
This vulnerability is found in the principle design of TCP/IP itself and cannot be completely corrected without changing to an alternate protocol. The central issue in this vulnerability is that for long-lived connections, as measured in hours or days, an outside attacker could send a flurry of RST packets and cut the connection and adversely affect clients, servers, or peers.

Related

checkpoint_advisories 2
f5 1
fortinet 1
cert 1
freebsd_advisory 1
checkpoint_security 1
securityvulns 8
nessus 14
ubuntucve 1
openvas 8
cisco 2
debiancve 1
symantec 1
packetstorm 2
freebsd 2
threatpost 1
cve 3
prion 2
suse 4
oracle 1
avleonov 1
checkpoint_advisories
checkpoint_advisories
Spoofed Reset (CVE-2004-0230)
2019-06-23 00:00:00
Non-MD5 Authenticated BGP Connections (CAN-2004-0230; CAN-2004-0589)
2004-02-01 00:00:00
f5
f5
SOL3126 - Large TCP window sizes may make it easier to predict sequence numbers vulnerability CVE-2004-0230
2007-05-16 00:00:00
fortinet
fortinet
Protect
2020-05-20 00:00:00
cert
cert
The Border Gateway Protocol relies on persistent TCP sessions without specifying authentication requirements
2004-04-20 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:19.tcp
2014-09-16 00:00:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2004-0230
2013-06-24 21:00:00
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
2014-09-21 00:00:00
US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP
2004-04-21 00:00:00
[security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS)
2004-05-21 00:00:00
nessus
nessus
TCP/IP Sequence Prediction Blind Reset Spoofing DoS
2004-04-25 00:00:00
TCP Vulnerabilities in Multiple IOS-Based Cisco Products
2012-01-10 00:00:00
Juniper Junos TCP Packet Processing Remote DoS (JSA10638)
2014-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2004-0230
2004-08-18 00:00:00
openvas
openvas
TCP Sequence Number Approximation Reset Denial of Service Vulnerability
2012-03-01 00:00:00
TCP Sequence Number Approximation Reset Denial of Service Vulnerability
2012-03-01 00:00:00
Juniper Networks Junos OS TCP Packet Processing Denial of Service Vulnerability
2014-07-31 00:00:00
cisco
cisco
TCP Vulnerabilities in Multiple IOS-Based Cisco Products
2004-04-20 21:00:00
TCP Vulnerabilities in Multiple Non-IOS Cisco Products
2004-04-20 21:00:00
debiancve
debiancve
CVE-2004-0230
2004-08-18 04:00:00
symantec
symantec
Multiple Vendor TCP Sequence Number Approximation Vulnerability
2004-04-20 00:00:00
packetstorm
packetstorm
disconn.py
2004-04-28 00:00:00
Kreset.pl
2004-04-25 00:00:00
freebsd
freebsd
TCP denial-of-service attacks against long lived connections
1995-06-01 00:00:00
FreeBSD -- Denial of Service in TCP packet processing
2014-09-16 00:00:00
threatpost
threatpost
FreeBSD Patches TCP Processing DoS Vulnerability
2014-09-17 12:04:05
cve
cve
CVE-2004-0230
2004-08-18 04:00:00
CVE-2007-0442
2007-01-23 16:28:00
CVE-2014-6575
2015-01-21 15:28:00
prion
prion
Design/Logic Flaw
2007-01-23 16:28:00
Authentication flaw
2015-01-21 15:28:00
suse
suse
Security update for the Linux Kernel (important)
2017-02-09 21:08:33
Security update for the Linux Kernel (important)
2017-04-25 21:08:55
Security update for the Linux Kernel (important)
2017-02-17 18:08:18
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

9.1 High

AI Score

Confidence

High

JSON
Related for F5:K3126
checkpoint_advisories2f51fortinet1cert1freebsd_advisory1checkpoint_security1securityvulns8nessus14ubuntucve1openvas8cisco2debiancve1symantec1packetstorm2freebsd2threatpost1cve3prion2suse4oracle1avleonov1