Lucene search

K
cve[email protected]CVE-2008-3630
HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3630

2008-09-1101:13:00
NVD-CWE-Other
web.nvd.nist.gov
72
mdnsresponder
apple
bonjour
windows
dns
spoofing
vulnerability
cve-2008-3630

6.2 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

CPENameOperatorVersion
apple:bonjourapple bonjoureq1.0.4

6.2 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%