CVE-2007-3898 : The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Published 2007-11-14 01:46:00

Updated 2021-07-07 16:09:33

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-3898

Probability of exploitation activity in the next 30 days: 96.47%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3898

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-3898

CWE-16

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-3898

Products affected by CVE-2007-3898

Microsoft » Windows 2000 » Update SP3 Datacenter Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4 Datacenter Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update Gold SRV Edition
cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4 Adv Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3 SRV Edition
cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP1 Datacenter Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update Gold
cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update Gold Datacenter Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2 Adv Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3 Adv Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP1 SRV Edition
cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4 SRV Edition
cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2 SRV Edition
cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP1
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP1 Adv Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2 Datacenter Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update Gold Adv Srv Edition
cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP1
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update Gold STD Edition
cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 STD Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update Gold X64 Edition
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update Gold Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update Gold
cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP1 STD Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update Gold X64-std Edition
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 »
cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP1
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-3898

Exploit prediction scoring system (EPSS) score for CVE-2007-3898

CVSS scores for CVE-2007-3898

CWE ids for CVE-2007-3898

References for CVE-2007-3898

Products affected by CVE-2007-3898