CVE-2001-0328

TCP - Session Hijacking

Title source: llm

Description

TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

References (8)

[Patch, Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2001-09.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/2682

[Vendor Advisory] https://support.f5.com/csp/article/K19063943?utm_source=f5support&amp%3Butm_medium=RSS

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20030201-01-P

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4922

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033181

[Third Party Advisory] http://secunia.com/advisories/8044

[Third Party Advisory] http://securityreason.com/securityalert/57

Scores

EPSS 0.2862

EPSS Percentile 96.6%

Details

Status published

Published Jun 27, 2001

Tracked Since Feb 18, 2026