Lucene search

PRIOn knowledge basePRION:CVE-2007-2999

HistoryJun 04, 2007 - 5:30 p.m.

Code injection

2007-06-0417:30:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

1.8 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

63.9%

JSON

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.

CPENameOperatorVersion
windows_2003_servereq1.0.0-sp
windows_2003_servereq2.0.0-sp

CPE	Name	Operator	Version
	windows_2003_server	eq	1.0.0-sp
	windows_2003_server	eq	2.0.0-sp

References

osvdb.org/36138

secunia.com/advisories/25457

www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/

www.securityfocus.com/bid/24248

6.9 Medium

AI Score

Confidence

Low

1.8 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

63.9%

JSON

Related for PRION:CVE-2007-2999

cve1