Vulnerability Summary for CVE-2005-1794 RDP
来源:互联网 发布:数据库设计报告 编辑:程序博客网 时间:2024/05/28 16:18
Vulnerability Summary for CVE-2005-1794 Original release date:06/01/2005Last revised:09/05/2008 Source: US-CERT/NISTOverviewMicrosoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.ImpactCVSS Severity (version 2.0 incomplete approximation):CVSS v2 Base Score:6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend) Impact Subscore: 4.9Exploitability Subscore: 10.0CVSS Version 2 Metrics:Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploitImpact Type:Allows unauthorized disclosure of information; Allows unauthorized modification References to Advisories, Solutions, and ToolsBy selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.External Source: BID Name: 13818Hyperlink:http://www.securityfocus.com/bid/13818 External Source: MISC Name: http://www.oxid.it/downloads/rdp-gbu.pdfType: AdvisoryHyperlink:http://www.oxid.it/downloads/rdp-gbu.pdf External Source: SECUNIA Name: 15605Hyperlink:http://secunia.com/advisories/15605/ Vulnerable software and versionsConfiguration 1OR* cpe:/a:microsoft:remote_desktop_connection:5.1.2600.2180::windows_xp* cpe:/a:microsoft:windows_terminal_services_using_rdp:5.2* Denotes Vulnerable Software * Changes related to vulnerability configurations Technical DetailsVulnerability Type (View All) CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1794
- Vulnerability Summary for CVE-2005-1794 RDP
- New IE Zero-Day Vulnerability (CVE 2010-3962)
- GHOST: glibc vulnerability (CVE-2015-0235)#GHOST(幽灵)漏洞修复
- QSEE privilege escalation vulnerability and exploit (CVE-2015-6639)
- rdp
- rdp
- Summary for these days
- C++ Summary for Interview
- Summary For iOS Develop
- Summary for SourceInsight
- Summary for maven project
- Summary for week1
- Summary for week2
- Summary for week3
- Summary for week4
- Summary for week5
- Summary for week6
- fantastic summary for backtrack
- 使用CloudStack构建云计算管理平台
- Assembly Manifest 通俗简易手册
- weblogic10.3 java.lang.ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
- apache代理设置
- Mysql 定位执行效率低的SQL语句
- Vulnerability Summary for CVE-2005-1794 RDP
- 解决HIbernate3运行出现No CurrentSessionContext configured!错误
- Spring核心机制--IoC
- quartz 时间配置规则(转载自http://blog.sina.com.cn/s/blog_59833db10100hnvk.html)
- shell脚本复习
- luncen.net 基本使用,写的不错摘录过来,以后用
- 数据库的导入导出和数据库的附加
- 关于形参和实参
- linux下如何挂接(mount)光盘镜像文件、移动硬盘、U盘、Windows网络共享