Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-0093
HistoryMar 11, 2009 - 2:19 p.m.

CVE-2009-0093

2009-03-1114:19:15
CWE-20
[email protected]
web.nvd.nist.gov
25
windows dns server
vulnerability
remote hijacking
wpad
dynamic update
man-in-the-middle attack

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.8%

JSON

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the β€œwpad” hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka β€œDNS Server Vulnerability in WPAD Registration Vulnerability,” a related issue to CVE-2007-1692.

Affected configurations

NVD
Node
microsoftwindows_2000sp4
OR
microsoftwindows_server_2003
OR
microsoftwindows_server_2003sp1
OR
microsoftwindows_server_2003sp1itanium
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008
OR
microsoftwindows_server_2008x64

Related

nvd 3
prion 3
cvelist 3
checkpoint_advisories 1
nessus 2
openvas 2
securityvulns 1
mskb 1
seebug 1
cve 2
nvd
nvd
CVE-2009-0093
2009-03-11 14:19:15
CVE-2007-1692
2007-03-26 23:19:00
CVE-2009-0094
2009-03-11 14:19:15
prion
prion
Design/Logic Flaw
2009-03-11 14:19:00
Privilege escalation
2007-03-26 23:19:00
Design/Logic Flaw
2009-03-11 14:19:00
cvelist
cvelist
CVE-2009-0093
2009-03-11 14:00:00
CVE-2007-1692
2007-03-26 23:00:00
CVE-2009-0094
2009-03-11 14:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft DNS Server WPAD Registration Spoofing (MS09-008; CVE-2009-0093)
2009-03-10 00:00:00
nessus
nessus
MS09-008: Vulnerabilities in DNS Server Could Allow Spoofing (961063) (uncredentialed check)
2014-03-05 00:00:00
MS09-008: Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
2009-03-11 00:00:00
openvas
openvas
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
2009-03-11 00:00:00
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
2009-03-11 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-008 – Important Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
2009-03-10 00:00:00
mskb
mskb
MS09-008: Vulnerabilities in DNS and WINS Server could allow spoofing
2019-11-06 02:17:18
seebug
seebug
Microsoft Windows DNS/WINSζœεŠ‘ε™¨ε€šδΈͺζ¬Ίιͺ—ζΌζ΄žοΌˆMS09-008οΌ‰
2009-03-12 00:00:00
cve
cve
CVE-2007-1692
2007-03-26 23:19:00
CVE-2009-0094
2009-03-11 14:19:15

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.8%

JSON
Related for CVE-2009-0093
nvd3prion3cvelist3checkpoint_advisories1nessus2openvas2securityvulns1mskb1seebug1cve2