CVE-2001-0146 - IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allo

CVE-2001-0146

Summary

IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.

References

http://www.kb.cert.org/vuls/id/796584
http://www.securityfocus.com/bid/2440
http://www.securityfocus.com/bid/2441
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-014
https://exchange.xforce.ibmcloud.com/vulnerabilities/6171
https://exchange.xforce.ibmcloud.com/vulnerabilities/6172

Vulnerable Configurations

cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 02-04-2020 - 13:17)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	2440 2441
cert-vn	VU#796584
xf	exchange-malformed-url-dos(6172) iis-malformed-url-dos(6171)

Last major update

02-04-2020 - 13:17

Published

02-06-2001 - 04:00

Last modified

02-04-2020 - 13:17