CVE-2006-2380

Published Jun 13, 2006

Last updated 6 years ago

Overview

Description: Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-2380
http://secunia.com/advisories/20637
http://securitytracker.com/id?1016289
http://www.osvdb.org/26438
http://www.securityfocus.com/bid/18389
http://www.vupen.com/english/advisories/2006/2328
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/26836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1763

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References