| Vulnerability Name: | CVE-2008-1454 (CCN-43335) | ||||||||
| Assigned: | 2008-07-08 | ||||||||
| Published: | 2008-07-08 | ||||||||
| Updated: | 2019-02-26 | ||||||||
| Summary: | Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 9.4 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C) 7.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1454 Source: CCN Type: HP Security Bulletin HPSBST02350 SSRT080102 rev.1 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040 Source: CCN Type: SA30925 Microsoft Windows DNS Spoofing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 30925 Source: CCN Type: SECTRACK ID: 1020437 Windows DNS Service Bugs Let Remote Users Spoof the System Source: CCN Type: NORTEL BULLETIN ID: 2008008958, Rev 1 Centrex IP Client Manager (CICM) response to Microsoft July security bulletin Source: CCN Type: NORTEL BULLETIN ID: 2008008989, Rev 1 Nortel Response to Microsoft Security Bulletin MS08-037 Source: CCN Type: Microsoft Security Bulletin MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) Source: CCN Type: Microsoft Security Bulletin MS09-008 Vulnerabilities in DNS and WINS server could allow Spoofing (962238) Source: BID Type: Patch 30132 Source: CCN Type: BID-30132 Microsoft Windows DNS Server Cache Poisoning Vulnerability Source: SECTRACK Type: UNKNOWN 1020437 Source: CERT Type: US Government Resource TA08-190A Source: VUPEN Type: Vendor Advisory ADV-2008-2019 Source: MS Type: UNKNOWN MS08-037 Source: XF Type: UNKNOWN win-dns-cache-poisoning(43335) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5380 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||