Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVE-2004-0790
Score elevated to 9.0 because EPSS predicts 85% probability of exploitation within the next 30 days (top 0.6% of all CVEs). Confidence: see factors.
- High exploitation likelihood — EPSS 81%
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- —
- EG Score
- 9.0(low)
- EPSS
- 99.6%
- KEV
- Not listed
Published
April 12, 2005
Last Modified
June 16, 2026
References (54)
- cve@mitreftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt
- cve@mitrehttp://marc.info/?l=bugtraq&m=112861397904255&w=2
- cve@mitrehttp://secunia.com/advisories/18317
- cve@mitrehttp://secunia.com/advisories/22341
- cve@mitrehttp://securityreason.com/securityalert/19
- cve@mitrehttp://securityreason.com/securityalert/57
- cve@mitrehttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1
- cve@mitrehttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
- cve@mitrehttp://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
- cve@mitrehttp://www.securityfocus.com/archive/1/418882/100/0/threaded
- cve@mitrehttp://www.securityfocus.com/archive/1/449179/100/0/threaded
- cve@mitrehttp://www.securityfocus.com/bid/13124
- cve@mitrehttp://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
- cve@mitrehttp://www.vupen.com/english/advisories/2006/3983
- cve@mitrehttp://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
Data Freshness Timeline
(refreshed 0× in last 7d / 11× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-04 06:26 UTCEPSS rescore
- 2026-06-28 04:52 UTCEPSS rescore
- 2026-06-23 21:29 UTCEPSS rescore
- 2026-06-21 01:56 UTCEPSS rescore
- 2026-06-18 17:49 UTCEPSS rescore
- 2026-06-18 17:49 UTCEPSS rescore
- 2026-06-16 17:49 UTCEPSS rescore
- 2026-06-16 17:49 UTCEPSS rescore
- 2026-06-15 17:43 UTCEPSS rescore
- 2026-06-14 23:13 UTCEPSS rescore
- 2026-06-14 23:13 UTCEPSS rescore
- 2026-06-13 22:56 UTCEPSS rescore
- 2026-06-12 23:08 UTCEPSS rescore
- 2026-06-10 22:13 UTCEPSS rescore
- 2026-06-10 13:17 UTCEPSS rescore
- 2026-06-08 14:13 UTCEPSS rescore
- 2026-06-07 15:21 UTCEPSS rescore
- 2026-06-06 13:44 UTCEPSS rescore
- 2026-06-06 13:44 UTCEPSS rescore
- 2026-06-06 13:44 UTCEPSS rescore
- 2026-06-05 22:43 UTCEPSS rescore
- 2026-06-05 22:43 UTCEPSS rescore
- 2026-05-31 22:28 UTCEPSS rescore
- 2026-05-31 14:08 UTCEG score recompute
- 2026-05-31 14:08 UTCGHSA enrichment
Show 14 moreShow fewer
- 2026-05-31 00:13 UTCEPSS rescore
- 2026-05-31 00:13 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-27 13:37 UTCEPSS rescore
- 2026-05-26 13:41 UTCEPSS rescore
- 2026-05-26 13:41 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-20 22:36 UTCEPSS rescore
- 2026-05-20 11:20 UTCEPSS rescore
- 2026-05-20 11:20 UTCEPSS rescore
- 2026-05-18 21:29 UTCEPSS rescore
- 2026-05-18 21:29 UTCEPSS rescore
Publicly available exploits
(3 references)Working exploit code is in the public domain (3 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- Exploit-DBEDB-948✓ verifiedFirst seen Apr 20, 2005
Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service (MS05-019)
Open source ↗ - Exploit-DBEDB-942✓ verifiedFirst seen Apr 17, 2005
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
Open source ↗ - Exploit-DBEDB-25389✓ verifiedFirst seen Apr 12, 2005
Multiple Vendor ICMP Message Handling - Denial of Service
Open source ↗
Frequently asked(4)
What is CVE-2004-0790?
When was CVE-2004-0790 disclosed?
Is CVE-2004-0790 actively exploited?
How do I remediate CVE-2004-0790?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2004-0790
Is Your Infrastructure Affected by CVE-2004-0790?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.