Lucene search

[email protected]CVE-2007-3898

HistoryNov 14, 2007 - 1:46 a.m.

CVE-2007-3898

2007-11-1401:46:00

CWE-16

[email protected]

web.nvd.nist.gov

cve-2007-3898

dns server

microsoft windows

dns cache poisoning

security vulnerability

remote attack

6.3 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

JSON

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_server_2003microsoft windows server 2003eq*

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*

References

secunia.com/advisories/27584

securityreason.com/securityalert/3373

www.kb.cert.org/vuls/id/484649

www.scanit.be/advisory-2007-11-14.html

www.securityfocus.com/archive/1/483635/100/0/threaded

www.securityfocus.com/archive/1/483698/100/0/threaded

www.securityfocus.com/archive/1/484186/100/0/threaded

www.securityfocus.com/bid/25919

www.securitytracker.com/id?1018942

www.trusteer.com/docs/windowsdns.html

www.us-cert.gov/cas/techalerts/TA07-317A.html

www.vupen.com/english/advisories/2007/3848

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062

exchange.xforce.ibmcloud.com/vulnerabilities/36805

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395

6.3 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2007-3898

checkpoint_advisories4 prion3 securityvulns3 nessus2 cert1 seebug1 cve2