Lucene search

[email protected]CVE-2007-2999

HistoryJun 04, 2007 - 5:30 p.m.

CVE-2007-2999

2007-06-0417:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

windows server 2003

vulnerability

context-dependent attackers

active directory

nvd

7.2 High

AI Score

Confidence

Low

1.8 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.0%

JSON

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereqsp1
microsoft:windows_2003_servermicrosoft windows 2003 servereqgold
microsoft:windows_2003_servermicrosoft windows 2003 servereqsp2

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	sp1
microsoft:windows_2003_server	microsoft windows 2003 server	eq	gold
microsoft:windows_2003_server	microsoft windows 2003 server	eq	sp2

References

osvdb.org/36138

secunia.com/advisories/25457

www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/

www.securityfocus.com/bid/24248

7.2 High

AI Score

Confidence

Low

1.8 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2007-2999

prion1