CVE-2001-0860

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

Published: Dec 6, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0860
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2000	-	-
microsoft / windows_xp	-	-

http://marc.info/?l=bugtraq&m=100578220002083&w=2
http://www.securityfocus.com/bid/3541
https://exchange.xforce.ibmcloud.com/vulnerabilities/7538

Vulnerability Database

289,599

CVE-2001-0860