Lucene search

[email protected]CVE-2002-0650

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0650

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

microsoft sql server 2000

denial of service

spoofed ip

vulnerability

cve-2002-0650

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.098 Low

EPSS

Percentile

94.9%

JSON

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a “ping” style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.

Affected configurations

NVD

Node

microsoftsql_serverMatch2000

microsoftsql_serverMatch2000sp1

microsoftsql_serverMatch2000sp2

CPENameOperatorVersion
microsoft:sql_servermicrosoft sql servereq2000

CPE	Name	Operator	Version
microsoft:sql_server	microsoft sql server	eq	2000

References

marc.info/?l=bugtraq&m=102760196931518&w=2

marc.info/?l=ntbugtraq&m=102760479902411&w=2

www.iss.net/security_center/static/9662.php

www.osvdb.org/878

www.securityfocus.com/bid/5312

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.098 Low

EPSS

Percentile

94.9%

JSON

Related for CVE-2002-0650

cvelist1 cert1 nvd1 checkpoint_advisories1 nessus1