6.4

CVE-2007-3898

Exploit
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updategold
MicrosoftWindows 2000 Updategold Editionadv_srv
MicrosoftWindows 2000 Updategold Editiondatacenter_srv
MicrosoftWindows 2000 Updategold Editionsrv
MicrosoftWindows 2000 Updatesp1
MicrosoftWindows 2000 Updatesp1 Editionadv_srv
MicrosoftWindows 2000 Updatesp1 Editiondatacenter_srv
MicrosoftWindows 2000 Updatesp1 Editionsrv
MicrosoftWindows 2000 Updatesp2
MicrosoftWindows 2000 Updatesp2 Editionadv_srv
MicrosoftWindows 2000 Updatesp2 Editiondatacenter_srv
MicrosoftWindows 2000 Updatesp2 Editionsrv
MicrosoftWindows 2000 Updatesp3
MicrosoftWindows 2000 Updatesp3 Editionadv_srv
MicrosoftWindows 2000 Updatesp3 Editiondatacenter_srv
MicrosoftWindows 2000 Updatesp3 Editionsrv
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows 2000 Updatesp4 Editionadv_srv
MicrosoftWindows 2000 Updatesp4 Editiondatacenter_srv
MicrosoftWindows 2000 Updatesp4 Editionsrv
MicrosoftWindows 2003 Server Updategold Editionitanium
MicrosoftWindows 2003 Server Updategold Editionstd
MicrosoftWindows 2003 Server Updategold Editionx64
MicrosoftWindows 2003 Server Updategold Editionx64-std
MicrosoftWindows 2003 Server Updatesp1 Editionstd
MicrosoftWindows 2003 Server Updatesp2 Editionitanium
MicrosoftWindows 2003 Server Updatesp2 Editionstd
MicrosoftWindows 2003 Server Updatesp2 Editionx64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 55.13% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/484186/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA07-317A.html
US Government Resource
http://secunia.com/advisories/27584
Patch
Vendor Advisory
http://securityreason.com/securityalert/3373
http://www.kb.cert.org/vuls/id/484649
US Government Resource
http://www.scanit.be/advisory-2007-11-14.html
http://www.securityfocus.com/archive/1/483635/100/0/threaded
http://www.securityfocus.com/archive/1/483698/100/0/threaded
http://www.securityfocus.com/bid/25919
Patch
Exploit
http://www.securitytracker.com/id?1018942
http://www.trusteer.com/docs/windowsdns.html
http://www.vupen.com/english/advisories/2007/3848
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062
https://exchange.xforce.ibmcloud.com/vulnerabilities/36805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395