Vulnerability Details CVE-2007-2593
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/36146
- http://www.securityfocus.com/archive/1/468049/100/0/threaded
- http://www.securityfocus.com/archive/1/468057/100/0/threaded
- http://www.securityfocus.com/archive/1/468203/100/0/threaded
- http://www.securityfocus.com/bid/23899
- http://osvdb.org/36146
- http://www.securityfocus.com/archive/1/468049/100/0/threaded
- http://www.securityfocus.com/archive/1/468057/100/0/threaded
- http://www.securityfocus.com/archive/1/468203/100/0/threaded
- http://www.securityfocus.com/bid/23899
Products affected by CVE-2007-2593
-
cpe:2.3:a:microsoft:terminal_server:-
-
cpe:2.3:o:microsoft:windows_2003_server:-