VDB

CVE-2004-1060

CVE-2004-1060 PUBLISHED CVSS 5 MEDIUM

Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

EPSS 59.91% · 98.3th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
59.91%
98.3th percentile

Affected Products

VendorProductVersions
tcptcp
n/an/an/a
icmpicmp

Exploit Intelligence

…and 22 more exploits

Timeline

  • Apr 12, 2004 CVE Published
  • Apr 22, 2004 PoC Published
  • Apr 12, 2005 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 25, 2023 EPSS Score

References

…and 1 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›