TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
総合評価: CVE-2004-0230 は悪用リスクが高い(74.9/100)。CVSS 深刻度は中。悪用される可能性が高い(EPSS 80.86%、100 パーセンタイル) 根拠: 公開エクスプロイトが 8 件参照されています(Exploit-DB)。 直近 1 日で EPSS が +70.12% 上昇。悪用への関心が高まっている可能性があります。 推奨対応: 公開エクスプロイトが確認されています。影響範囲の確認、緩和策の適用、パッチ適用を優先してください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
| EDB-ID | ソース | 種別 | 公開 | リンク |
|---|---|---|---|---|
| 942 | exploit_db | edb | 2005-04-17 | Exploit-DB ↗ |
| 24033 | exploit_db | edb | 2004-04-23 | Exploit-DB ↗ |
| 291 | exploit_db | edb | 2004-04-23 | Exploit-DB ↗ |
| 276 | exploit_db | edb | 2004-04-22 | Exploit-DB ↗ |
| 24032 | exploit_db | edb | 2004-04-20 | Exploit-DB ↗ |
| 24031 | exploit_db | edb | 2004-04-20 | Exploit-DB ↗ |
| 24030 | exploit_db | edb | 2004-03-05 | Exploit-DB ↗ |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 10.73% | 80.86% | +70.12% |
| 2 | 2026-06-11 | 9.32% | 10.73% | +1.42% |
| 3 | 2026-01-08 | — | 9.32% | — |
EPSS の全履歴 (全 22 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2004-0230 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 5. | https://security-tracker.debian.org/tracker/CVE-2004-0230 |
redhat
|
— | — | https://access.redhat.com/security/cve/CVE-2004-0230 |
suse
|
low | CVE-2004-0230 severity low: SUSE including 123 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 456 product×package rows across 60 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Linux Enterprise Desktop 12, … (60 product lines)): Known Not Affected 266, Fixed 190. | https://www.suse.com/security/cve/CVE-2004-0230/ |
ubuntu
|
medium | CVE-2004-0230 medium priority: Ubuntu including 1 source packages (quagga), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1. | https://ubuntu.com/security/CVE-2004-0230 |
: <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>
The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having it’s connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue.
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| juniper | junos | < 11.4 | cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:-:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r1:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r10:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r2:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r3:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r4:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r5:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r6:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r7:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r8:*:*:*:*:*:* |
| juniper | junos | 11.4 | cpe:2.3:o:juniper:junos:11.4:r9:*:*:*:*:*:* |
| juniper | junos | 11.4r13 | cpe:2.3:o:juniper:junos:11.4r13:s2:*:*:*:*:*:* |
| juniper | junos | 11.4x27 | cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:* |
| juniper | junos | 12.1 | cpe:2.3:o:juniper:junos:12.1:-:*:*:*:*:*:* |
| juniper | junos | 12.1r | cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:* |
| juniper | junos | 12.1x44 | cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:* |
| juniper | junos | 12.1x45 | cpe:2.3:o:juniper:junos:12.1x45:-:*:*:*:*:*:* |
| juniper | junos | 12.1x45 | cpe:2.3:o:juniper:junos:12.1x45:d10:*:*:*:*:*:* |
| juniper | junos | 12.1x45 | cpe:2.3:o:juniper:junos:12.1x45:d15:*:*:*:*:*:* |
| juniper | junos | 12.1x45 | cpe:2.3:o:juniper:junos:12.1x45:d20:*:*:*:*:*:* |
| juniper | junos | 12.1x46 | cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:* |
| juniper | junos | 12.1x46 | cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:* |
| juniper | junos | 12.1x46 | cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:* |
| juniper | junos | 12.1x47 | cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:-:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r1:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r2:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r3:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r4:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r5:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r6:*:*:*:*:*:* |
| juniper | junos | 12.2 | cpe:2.3:o:juniper:junos:12.2:r7:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:* |
| juniper | junos | 13.1 | cpe:2.3:o:juniper:junos:13.1:-:*:*:*:*:*:* |
| juniper | junos | 13.1 | cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:* |
| juniper | junos | 13.1 | cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:* |
| juniper | junos | 13.1 | cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:* |
| juniper | junos | 13.2 | cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:* |
| juniper | junos | 13.2 | cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:* |
| juniper | junos | 13.2 | cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:* |
| juniper | junos | 13.2 | cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:* |
| juniper | junos | 13.3 | cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:* |
| juniper | junos | 13.3 | cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:* |
| microsoft | windows_2000 | — | cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:* |
| microsoft | windows_2000 | — | cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* |
| microsoft | windows_98 | — | cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:* |
| microsoft | windows_98se | — | cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2003 | — | cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:itanium:* |
| microsoft | windows_server_2003 | — | cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:* |
| microsoft | windows_server_2003 | — | cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:-:* |
| microsoft | windows_server_2003 | — | cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:* |
| microsoft | windows_xp | — | cpe:2.3:o:microsoft:windows_xp:-:*:x64:*:*:*:*:* |
| microsoft | windows_xp | — | cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:* |
| microsoft | windows_xp | — | cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:itanium:* |
| microsoft | windows_xp | — | cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* |
| oracle | solaris | 10 | cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* |
| oracle | solaris | 11 | cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:* |
| openpgp | openpgp | 2.6.2 | cpe:2.3:a:openpgp:openpgp:2.6.2:*:*:*:*:*:*:* |
| mcafee | network_data_loss_prevention | <= 8.6 | cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:* |
| mcafee | network_data_loss_prevention | 9.2.0 | cpe:2.3:a:mcafee:network_data_loss_prevention:9.2.0:*:*:*:*:*:*:* |
| mcafee | network_data_loss_prevention | 9.2.1 | cpe:2.3:a:mcafee:network_data_loss_prevention:9.2.1:*:*:*:*:*:*:* |
| mcafee | network_data_loss_prevention | 9.2.2 | cpe:2.3:a:mcafee:network_data_loss_prevention:9.2.2:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5 | cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5.1 | cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5.2 | cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5.3 | cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.6 | cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.6.1 | cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:* |