CVE-2010-0812
published 2010-04-14CVE-2010-0812: Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4…
PriorityP340medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
17.45%
96.7th percentile
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL NETBIOS DCERPC Workstation Service direct service bind attempt
suricata·2010-09-23
CVE-2003-0812 GPL NETBIOS DCERPC Workstation Service direct service bind attempt
GPL NETBIOS DCERPC Workstation Service direct service bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"GPL NETBIOS DCERPC Workstation Service direct service bind attempt"; flow:established,to_server; content:"|05 00 0B|"; depth:3; byte_test:1,&,16,1,relative; content:"|98 D0 FF|k|12 A1 10|6|98|3F|C3 F8|~4Z"; within:16; distance:29; reference:bugtraq,9011; reference:cve,2003-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx; classtype:misc-attack; sid:2102315; rev:8; metadata:created_at 2010_09_23, cve CVE_2003_0812, signature_severity Informational, updated_at 2024_03_08;)
Suricata
GPL NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt
suricata·2010-09-23
CVE-2003-0812 GPL NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt
GPL NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt"; flow:established,to_server; content:"|00|"; depth:1; content:"|FF|SMB%"; depth:5; offset:4; nocase; byte_test:2,&,1,5,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 05 00 0B|"; within:15; distance:4; byte_test:1,&,16,1,relative; content:"|98 D0 FF|k|12 A1 10|6|98|3F|C3 F8|~4Z"; within:16; distance:29; reference:bugtraq,9011; reference:cve,2003-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx; classtype:misc-attack; sid:2102310; rev:10; metadata:created_at 2010_09_23, cve CVE_2003_0812, confidence Medium, signature_severity Inf
Suricata
GPL NETBIOS SMB-DS DCERPC Workstation Service bind attempt
suricata·2010-09-23
CVE-2003-0812 GPL NETBIOS SMB-DS DCERPC Workstation Service bind attempt
GPL NETBIOS SMB-DS DCERPC Workstation Service bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS DCERPC Workstation Service bind attempt"; flow:established,to_server; content:"|00|"; depth:1; content:"|FF|SMB%"; depth:5; offset:4; nocase; byte_test:2,^,1,5,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00 05 00 0B|"; within:10; distance:4; byte_test:1,&,16,1,relative; content:"|98 D0 FF|k|12 A1 10|6|98|3F|C3 F8|~4Z"; within:16; distance:29; reference:bugtraq,9011; reference:cve,2003-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx; classtype:misc-attack; sid:2102311; rev:9; metadata:created_at 2010_09_23, cve CVE_2003_0812, confidence Medium, signature_severity Informational, updated_at 2024_03_08;)
Suricata
GPL NETBIOS DCERPC Workstation Service direct service access attempt
suricata·2010-09-23
CVE-2003-0812 GPL NETBIOS DCERPC Workstation Service direct service access attempt
GPL NETBIOS DCERPC Workstation Service direct service access attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"GPL NETBIOS DCERPC Workstation Service direct service access attempt"; content:"|04 00|"; depth:2; byte_test:1,&,16,2,relative; content:"|98 D0 FF|k|12 A1 10|6|98|3F|C3 F8|~4Z"; within:16; distance:22; reference:bugtraq,9011; reference:cve,2003-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx; classtype:misc-attack; sid:2102316; rev:7; metadata:created_at 2010_09_23, cve CVE_2003_0812, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL NETBIOS SMB DCERPC Workstation Service bind attempt
suricata·2010-09-23
CVE-2003-0812 GPL NETBIOS SMB DCERPC Workstation Service bind attempt
GPL NETBIOS SMB DCERPC Workstation Service bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB DCERPC Workstation Service bind attempt"; flow:established,to_server; content:"|00|"; depth:1; content:"|FF|SMB%"; depth:5; offset:4; nocase; byte_test:2,^,1,5,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00 05 00 0B|"; within:10; distance:4; byte_test:1,&,16,1,relative; content:"|98 D0 FF|k|12 A1 10|6|98|3F|C3 F8|~4Z"; within:16; distance:29; reference:bugtraq,9011; reference:cve,2003-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx; classtype:misc-attack; sid:2102309; rev:8; metadata:created_at 2010_09_23, cve CVE_2003_0812, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, u
Suricata
GPL NETBIOS SMB DCERPC Workstation Service unicode bind attempt
suricata·2010-09-23
CVE-2003-0812 GPL NETBIOS SMB DCERPC Workstation Service unicode bind attempt
GPL NETBIOS SMB DCERPC Workstation Service unicode bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB DCERPC Workstation Service unicode bind attempt"; flow:established,to_server; content:"|00|"; depth:1; content:"|FF|SMB%"; depth:5; offset:4; nocase; byte_test:2,&,1,5,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 05 00 0B|"; within:15; distance:4; byte_test:1,&,16,1,relative; content:"|98 D0 FF|k|12 A1 10|6|98|3F|C3 F8|~4Z"; within:16; distance:29; reference:bugtraq,9011; reference:cve,2003-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx; classtype:misc-attack; sid:2102308; rev:8; metadata:created_at 2010_09_23, cve CVE_2003_0812, confidence Medium, signature_severity Informatio
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0812 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT"; flow:established,to_server; http.uri; content:"/pms.php?"; nocase; content:"pmid["; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0812; reference:url,www.milw0rm.com/exploits/3262; classtype:web-application-attack; sid:2004998; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name In
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0812 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII"; flow:established,to_server; http.uri; content:"/pms.php?"; nocase; content:"pmid["; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0812; reference:url,www.milw0rm.com/exploits/3262; classtype:web-application-attack; sid:2005001; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0812 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT"; flow:established,to_server; http.uri; content:"/pms.php?"; nocase; content:"pmid["; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0812; reference:url,www.milw0rm.com/exploits/3262; classtype:web-application-attack; sid:2004997; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0812 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT"; flow:established,to_server; http.uri; content:"/pms.php?"; nocase; content:"pmid["; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0812; reference:url,www.milw0rm.com/exploits/3262; classtype:web-application-attack; sid:2004999; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0812 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE"; flow:established,to_server; http.uri; content:"/pms.php?"; nocase; content:"pmid["; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0812; reference:url,www.milw0rm.com/exploits/3262; classtype:web-application-attack; sid:2005002; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0812 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE"; flow:established,to_server; http.uri; content:"/pms.php?"; nocase; content:"pmid["; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0812; reference:url,www.milw0rm.com/exploits/3262; classtype:web-application-attack; sid:2005000; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
No writeups or analysis indexed.
http://secunia.com/advisories/39382http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7574http://secunia.com/advisories/39382http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7574
2010-04-14
Published