CVE-2008-1454

Description

Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.

Related CPE's

omicrosoftwindows_xp*sp2******

omicrosoftwindows_server_2003*sp1x64*****

omicrosoftwindows_2000*sp4******

omicrosoftwindows_server_2003*sp1******

omicrosoftwindows_server_2003*sp1itanium*****

omicrosoftwindows_server_2008**x32*****

omicrosoftwindows_server_2008**x64*****

omicrosoftwindows_server_2003*sp2******

References

30925

Vendor Advisory

TA08-190A

US Government Resource

1020437

30132

Patch

ADV-2008-2019

Vendor Advisory

oval:org.mitre.oval:def:5380

MS08-037

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.399999618530273

Created by Yello
About Severity.io