- Home
- CVEs with nessus.description==According to its self-reported version number, the Microsoft DNS Server running on the remote host has the following vulnerabilities :
- An issue exists in installations where dynamic updates are enabled and ISATAP and WPAD are not already registered in DNS due to the lack of restricting registration on the 'wpad' hostname. A remote, authenticated attacker can exploit this issue to perform a man-in-the-middle attack. (CVE-2009-0093)
- An issue exists that allows a remote, unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server's cache.
(CVE-2009-0233)
- An issue exists in the DNS Resolver Cache Service due to improper caching of DNS responses that could allow a remote, unauthenticated attacker to predict transaction IDs and poison caches by sending many crafted DNS queries. (CVE-2009-0234)
These issues may allow remote attackers to redirect network traffic intended for systems on the Internet to the attacker's own systems.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top