DNS: WPAD Registration Query
This signature detects attempts to register WPAD to the DNS server. This could indicate a possible "Man in the Middle" attack. An attacker could control the DNS server to forward users to a machine that they control.
Extended Description
The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_standard_edition
Short Name
DNS:WPADREG
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
CVE-2009-0093 Query Registration WPAD bid:33989
Release Date
03/10/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
3.5