CVE-2007-3028

high

Description

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1856

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039

http://www.vupen.com/english/advisories/2007/2481

http://www.us-cert.gov/cas/techalerts/TA07-191A.html

http://www.securitytracker.com/id?1018355

http://www.securityfocus.com/bid/24796

http://www.kb.cert.org/vuls/id/348953

http://secunia.com/advisories/26002

http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html

Details

Source: Mitre, NVD

Published: 2007-07-10

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High