CVE-2004-0899

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."

Published: Jan 10, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0899
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_nt	4.0	4.0.x
microsoft / windows_nt	4.0-sp4	4.0-sp4.x
microsoft / windows_nt	4.0-sp3	4.0-sp3.x
microsoft / windows_nt	4.0-sp2	4.0-sp2.x
microsoft / windows_nt	4.0-sp5	4.0-sp5.x
microsoft / windows_nt	4.0-sp6	4.0-sp6.x
microsoft / windows_nt	4.0-sp1	4.0-sp1.x
microsoft / windows_nt	4.0-sp6a	4.0-sp6a.x

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-042
https://exchange.xforce.ibmcloud.com/vulnerabilities/18341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2280
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4282

Vulnerability Database

289,599

CVE-2004-0899