Vulnerability Details : CVE-2011-0040
The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-0040
Probability of exploitation activity in the next 30 days: 5.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0040
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0040
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0040
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64915
Microsoft Windows Active Directory denial of service CVE-2011-0040 Vulnerability Report
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-005
Microsoft Security Bulletin MS11-005 - Important | Microsoft Docs
-
http://www.vupen.com/english/advisories/2011/0319
Webmail | OVH- OVHVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12485
Repository / Oval Repository
-
http://www.securityfocus.com/bid/46145
Microsoft Active Directory Service Principal Names (CVE-2011-0040) Denial Of Service Vulnerability
-
http://www.securitytracker.com/id?1025042
Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service - SecurityTracker
Products affected by CVE-2011-0040
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*