Описание
DHCP Server Service Information Disclosure Vulnerability
Меры по смягчению последствий
The following mitigating factors might be helpful in your situation:
Customers who have not installed the DHCP Server Role to their server are not affected by this vulnerability.
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).
What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
DHCP Server Service Information Disclosure Vulnerability
DHCP Server Service Information Disclosure Vulnerability
Уязвимость службы DHCP-сервера операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.3 Medium
CVSS3