CVE-2007-2999 : Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error message

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.

Published 2007-06-04 17:30:00

Updated 2012-11-06 03:40:45

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-2999

Probability of exploitation activity in the next 30 days: 0.26%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-2999

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.8	LOW	AV:A/AC:H/Au:N/C:P/I:N/A:N	3.2	2.9	NIST
Access Vector: Adjacent Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2007-2999

Products affected by CVE-2007-2999

Microsoft » Windows 2003 Server » Version: SP1
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Gold
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP2
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-2999

Exploit prediction scoring system (EPSS) score for CVE-2007-2999

CVSS scores for CVE-2007-2999

References for CVE-2007-2999

Products affected by CVE-2007-2999