Details of VAR-200312-0107

ID

VAR-200312-0107

CVE

CVE-2003-1132

TITLE

Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions

Trust: 0.8

sources: CERT/CC: VU#714121

DESCRIPTION

The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. CSS11500 Content Services Switch is prone to a denial-of-service vulnerability

Trust: 2.07

sources: NVD: CVE-2003-1132 // CERT/CC: VU#714121 // BID: 77868 // VULHUB: VHN-7957 // VULMON: CVE-2003-1132

AFFECTED PRODUCTS

vendor:	cisco	model:	content services switch 11000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content services switch 11500	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content services switch 11000	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	css11500 content services switch	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	css11000 content services switch	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#714121 // BID: 77868 // CNNVD: CNNVD-200312-218 // NVD: CVE-2003-1132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1132
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#714121
value:	9.79
Trust: 0.8
CNNVD:	CNNVD-200312-218
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7957
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2003-1132
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1132
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-7957
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#714121 // VULHUB: VHN-7957 // VULMON: CVE-2003-1132 // CNNVD: CNNVD-200312-218 // NVD: CVE-2003-1132

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-218

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200312-218

EXTERNAL IDS

db:	CERT/CC	id:	VU#714121	Trust: 2.9
db:	NVD	id:	CVE-2003-1132	Trust: 2.1
db:	CNNVD	id:	CNNVD-200312-218	Trust: 0.7
db:	CISCO	id:	20041008 CISCO CONTENT SERVICE SWITCH 11000 SERIES DNS NEGATIVE CACHE OF INFORMATION DENIAL-OF-SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	77868	Trust: 0.5
db:	VULHUB	id:	VHN-7957	Trust: 0.1
db:	VULMON	id:	CVE-2003-1132	Trust: 0.1

sources: CERT/CC: VU#714121 // VULHUB: VHN-7957 // VULMON: CVE-2003-1132 // BID: 77868 // CNNVD: CNNVD-200312-218 // NVD: CVE-2003-1132

REFERENCES

url:	http://www.kb.cert.org/vuls/id/714121	Trust: 2.1
url:	http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml	Trust: 2.1
url:	ftp://ftp.rfc-editor.org/in-notes/rfc1886.txt	Trust: 0.8
url:	ftp://ftp.rfc-editor.org/in-notes/rfc2308.txt	Trust: 0.8
url:	ftp://ftp.rfc-editor.org/in-notes/rfc2874.txt	Trust: 0.8
url:	ftp://ftp.rfc-editor.org/in-notes/rfc3363txt	Trust: 0.8
url:	ftp://ftp.rfc-editor.org/in-notes/rfc3364.txt	Trust: 0.8
url:	http://www1.ietf.org/mail-archive/ietf-announce/current/msg19416.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/77868	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=5858	Trust: 0.1

sources: CERT/CC: VU#714121 // VULHUB: VHN-7957 // VULMON: CVE-2003-1132 // BID: 77868 // CNNVD: CNNVD-200312-218 // NVD: CVE-2003-1132

CREDITS

Unknown

Trust: 0.3

sources: BID: 77868

SOURCES

db:	CERT/CC	id:	VU#714121
db:	VULHUB	id:	VHN-7957
db:	VULMON	id:	CVE-2003-1132
db:	BID	id:	77868
db:	CNNVD	id:	CNNVD-200312-218
db:	NVD	id:	CVE-2003-1132

LAST UPDATE DATE

2024-08-14T14:48:12.091000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#714121	date:	2003-05-23T00:00:00
db:	VULHUB	id:	VHN-7957	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2003-1132	date:	2008-09-05T00:00:00
db:	BID	id:	77868	date:	2003-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200312-218	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1132	date:	2008-09-05T20:36:07.747

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#714121	date:	2003-03-26T00:00:00
db:	VULHUB	id:	VHN-7957	date:	2003-12-31T00:00:00
db:	VULMON	id:	CVE-2003-1132	date:	2003-12-31T00:00:00
db:	BID	id:	77868	date:	2003-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200312-218	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1132	date:	2003-12-31T05:00:00