TCP/IP SYN+FIN Packet Filtering Weakness

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.

Synopsis :

It may be possible to bypass firewall rules.

Description :

The remote host does not discard TCP SYN packets that have
the FIN flag set.

Depending on the kind of firewall you are using, an attacker
may use this flaw to bypass its rules.

See also :

Solution :

Contact your vendor for a patch.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 11618 ()

Bugtraq ID: 7487


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now