| ID |
CVE-2008-1454
|
| Summary |
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.4 (as of 26-02-2019 - 14:04) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:C/A:C
|
| oval
via4
|
| accepted | 2011-11-14T04:00:28.614-05:00 | | class | vulnerability | | contributors | | name | Jeff Ito | | organization | Secure Elements, Inc. |
| name | Chandan S | | organization | SecPod Technologies |
| | definition_extensions | | comment | Microsoft Windows 2000 SP4 or later is installed | | oval | oval:org.mitre.oval:def:229 |
| comment | Microsoft Windows Server 2003 SP1 (x86) is installed | | oval | oval:org.mitre.oval:def:565 |
| comment | Microsoft Windows Server 2003 (x64) is installed | | oval | oval:org.mitre.oval:def:730 |
| comment | Microsoft Windows Server 2003 SP1 for Itanium is installed | | oval | oval:org.mitre.oval:def:1205 |
| comment | Microsoft Windows Server 2003 SP2 (x86) is installed | | oval | oval:org.mitre.oval:def:1935 |
| comment | Microsoft Windows Server 2003 SP2 (x64) is installed | | oval | oval:org.mitre.oval:def:2161 |
| comment | Microsoft Windows Server 2003 (ia64) SP2 is installed | | oval | oval:org.mitre.oval:def:1442 |
| comment | Microsoft Windows Server 2008 (32-bit) is installed | | oval | oval:org.mitre.oval:def:4870 |
| comment | Microsoft Windows Server 2008 (64-bit) is installed | | oval | oval:org.mitre.oval:def:5356 |
| | description | Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. | | family | windows | | id | oval:org.mitre.oval:def:5380 | | status | accepted | | submitted | 2008-07-08T14:18:00 | | title | DNS Cache Poisoning Vulnerability | | version | 75 |
|
| refmap
via4
|
| bid | 30132 | | cert | TA08-190A | | sectrack | 1020437 | | secunia | 30925 | | vupen | ADV-2008-2019 |
|
| Last major update |
26-02-2019 - 14:04 |
| Published |
08-07-2008 - 23:41 |
| Last modified |
26-02-2019 - 14:04 |
