Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-3898
HistoryNov 14, 2007 - 1:46 a.m.

CVE-2007-3898

2007-11-1401:46:00
CWE-16
[email protected]
web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

JSON

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Affected configurations

NVD
Node
microsoftwindows_2000gold
OR
microsoftwindows_2000goldadv_srv
OR
microsoftwindows_2000golddatacenter_srv
OR
microsoftwindows_2000goldsrv
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp1adv_srv
OR
microsoftwindows_2000sp1datacenter_srv
OR
microsoftwindows_2000sp1srv
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp2adv_srv
OR
microsoftwindows_2000sp2datacenter_srv
OR
microsoftwindows_2000sp2srv
OR
microsoftwindows_2000sp3
OR
microsoftwindows_2000sp3adv_srv
OR
microsoftwindows_2000sp3datacenter_srv
OR
microsoftwindows_2000sp3srv
OR
microsoftwindows_2000sp4
OR
microsoftwindows_2000sp4adv_srv
OR
microsoftwindows_2000sp4datacenter_srv
OR
microsoftwindows_2000sp4srv
OR
microsoftwindows_2003_servergold
OR
microsoftwindows_2003_servergolditanium
OR
microsoftwindows_2003_servergoldstd
OR
microsoftwindows_2003_servergoldx64
OR
microsoftwindows_2003_servergoldx64-std
OR
microsoftwindows_2003_serversp1
OR
microsoftwindows_2003_serversp1std
OR
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_2003_serversp2std
OR
microsoftwindows_2003_serversp2x64
OR
microsoftwindows_server_2003-
OR
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp2

Related

checkpoint_advisories 4
seebug 1
securityvulns 3
cve 3
nessus 2
prion 3
cvelist 3
cert 1
nvd 2
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft Windows DNS Server Spoofing Vulnerability (MS07-062)
2007-11-18 00:00:00
Microsoft Windows DNS Server Spoofing - Ver2 (CVE-2007-3898)
2015-05-18 00:00:00
Squid Proxy DNS Response Spoofing (CVE-2005-1519; CVE-2007-3898)
2014-03-23 00:00:00
seebug
seebug
Microsoft Windowsι€’ε½’DNSζ¬Ίιͺ—ζΌζ΄žοΌˆMS07-062οΌ‰
2007-11-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672)
2007-11-14 00:00:00
[Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server
2007-11-14 00:00:00
Microsoft Windows DNS server and DNS client DNS reply spoofing
2008-07-09 00:00:00
cve
cve
CVE-2007-3898
2007-11-14 01:46:00
CVE-2008-6194
2009-02-19 18:30:00
CVE-2007-6043
2022-10-03 16:14:28
nessus
nessus
MS07-062: Vulnerability in DNS Could Allow Spoofing (941672)
2007-11-13 00:00:00
MS07-062: Vulnerability in DNS Could Allow Spoofing (941672) (uncredentialed check)
2014-03-05 00:00:00
prion
prion
Design/Logic Flaw
2007-11-14 01:46:00
Memory corruption
2009-02-19 18:30:00
Design/Logic Flaw
2007-11-20 19:46:00
cvelist
cvelist
CVE-2007-3898
2007-11-14 01:00:00
CVE-2008-6194
2009-02-19 18:00:00
CVE-2007-6043
2022-10-03 16:14:28
cert
cert
Microsoft Windows DNS Server vulnerable to cache poisoning
2007-11-13 00:00:00
nvd
nvd
CVE-2007-6043
2007-11-20 19:46:00
CVE-2008-6194
2009-02-19 18:30:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

JSON
Related for NVD:CVE-2007-3898
checkpoint_advisories4seebug1securityvulns3cve3nessus2prion3cvelist3cert1nvd2