Lucene search

PRIOn knowledge basePRION:CVE-2011-0091

HistoryFeb 10, 2011 - 4:00 p.m.

Spoofing

2011-02-1016:00:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.1%

JSON

Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka “Kerberos Spoofing Vulnerability.”

CPENameOperatorVersion
windows_server_2008eqr2 itanium
windows_server_2008eqr2 x64

CPE	Name	Operator	Version
	windows_server_2008	eq	r2 itanium
	windows_server_2008	eq	r2 x64

References

osvdb.org/70835

secunia.com/advisories/43257

support.avaya.com/css/P8/documents/100127250

www.securityfocus.com/bid/46140

www.securitytracker.com/id?1025048

www.vupen.com/english/advisories/2011/0326

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013

exchange.xforce.ibmcloud.com/vulnerabilities/64901

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12498