Denial of Service Vulnerability in TCP Implementations by Multiple Vendors
CVE-2001-1244

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; OpenBSD; HP-ux; Netbsd
Vendor: CVE Published:; 7 July 2001

Summary

Multiple TCP implementations are susceptible to attacks that exploit the maximum segment size (MSS). By setting the MSS to an extremely low value and requesting large amounts of data, attackers can cause significant bandwidth and CPU exhaustion. This results in an amplification of network traffic, as the server must process a greater number of smaller packets, overwhelming its resources and potentially leading to service disruption.

References

http://www.securityfocus.com/archive/1/195457

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/6824

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/2997

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 7, 2001