This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1998-06-29
Product Sql Server Last view 2002-12-31
Version 6.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:sql_server

Activity : Overall

Related : CVE

  Date Alert Description
5 2002-12-31 CVE-2002-1872

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

5 2002-05-16 CVE-2002-0224

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

2.1 2000-05-30 CVE-2000-0485

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

7.2 1998-06-29 CVE-1999-1556

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-20 Encryption Brute Forcing
CAPEC-112 Brute Force

Open Source Vulnerability Database (OSVDB)

id Description
59636 Microsoft SQL Server SQL Authentication Password Encryption Weakness
13434 Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS
10156 Microsoft SQL Server SQLExecutiveCmdExec Account Credential Encryption Weakness
1369 Microsoft SQL Server DTS Password Disclosure

OpenVAS Exploits

id Description
2006-03-26 Name : Microsoft's SQL Version Query
File : nvt/mssql_version.nasl
2005-11-03 Name : MSDTC denial of service by flooding with nul bytes
File : nvt/msdtc_dos.nasl
2005-11-03 Name : Cumulative Patch for Internet Information Services (Q327696)
File : nvt/smb_nt_ms02-018.nasl

Snort® IPS/IDS

Date Description
2014-01-10 MSDTC attempt
RuleID : 1408-community - Type : SERVER-OTHER - Revision : 17
2014-01-10 MSDTC attempt
RuleID : 1408 - Type : SERVER-OTHER - Revision : 17

Nessus® Vulnerability Scanner

id Description
2002-04-23 Name: Arbitrary code can be executed on the remote host through the web server.
File: smb_nt_ms02-018.nasl - Type: ACT_GATHER_INFO
2002-04-20 Name: The remote service is prone to a denial of service attack.
File: msdtc_dos.nasl - Type: ACT_DENIAL