Vulnerability Details : CVE-2002-2211
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
Threat overview for CVE-2002-2211
Top countries where our scanners detected CVE-2002-2211
Top open port discovered on systems with this issue
53
IPs affected by CVE-2002-2211 96
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2002-2211!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2002-2211
Probability of exploitation activity in the next 30 days: 1.94%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-2211
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-2211
-
http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ
- http://www.imconf.net/imw-2002/imw2002-papers/198.pdf
-
http://www.kb.cert.org/vuls/id/IAFY-5FDT4U
-
http://www.kb.cert.org/vuls/id/457875
US Government Resource
-
http://www.kb.cert.org/vuls/id/IAFY-5FDPYP
- http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
-
http://www.vupen.com/english/advisories/2006/1923
- http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
-
http://www.securityfocus.com/archive/1/434523/100/0/threaded
Products affected by CVE-2002-2211
- cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*