| Vulnerability Name: | CVE-2000-1039 (CCN-5810) | ||||||||
| Assigned: | 2000-11-30 | ||||||||
| Published: | 2000-11-30 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. Note: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: WIN2KSEC Type: UNKNOWN 20001204 NAPTHA Advisory Updated - BindView RAZOR Source: MITRE Type: CNA CVE-2000-1039 Source: BINDVIEW Type: UNKNOWN 20001130 The NAPTHA DoS vulnerabilities Source: CCN Type: BindView RAZOR Security Advisory, November 30, 2000 The Naptha DoS vulnerabilities Source: CCN Type: CERT Advisory CA-2000-21 Denial-of-Service Vulnerabilities in TCP/IP Stacks Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-2000-21 Source: CCN Type: CIAC Information Bulletin L-023 Microsoft "Incomplete TCP/IP Packet" Vulnerability Source: CCN Type: Microsoft Security Bulletin MS00-091 FAQ Microsoft Security Bulletin (MS00-091): Frequently Asked Questions Source: CCN Type: Microsoft Security Bulletin MS00-091 Patch Available for "Incomplete TCP/IP Packet" Vulnerability Source: CCN Type: Microsoft Security Bulletin MS01-033 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: OSVDB ID: 462 Multiple Vendor Crafted TCP/IP Packet DoS (NAPTHA) Source: BID Type: Exploit, Patch, Vendor Advisory 2022 Source: CCN Type: BID-2022 Multiple Vendor TCP/IP Resource Exhaustion Vulnerability Source: MS Type: UNKNOWN MS00-091 Source: XF Type: UNKNOWN naptha-resource-starvation(5810) Source: CCN Type: Microsoft Knowledge Base Article 199346 Disable File and Printer Sharing for Additional Security | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||