ID CVE-2003-0718
Summary The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2011-05-16T04:00:52.485-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
    family windows
    id oval:org.mitre.oval:def:1330
    status accepted
    submitted 2004-10-13T09:30:00.000-04:00
    title Windows 2000 IIS WebDAV Message Handler Denial of Service Vulnerability
    version 34
  • accepted 2011-05-16T04:00:58.906-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
    family windows
    id oval:org.mitre.oval:def:1427
    status accepted
    submitted 2004-10-13T11:09:00.000-04:00
    title Windows XP IIS WebDAV Message Handler Denial of Service Vulnerability
    version 32
  • accepted 2011-05-16T04:03:04.343-04:00
    class vulnerability
    contributors
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
    family windows
    id oval:org.mitre.oval:def:4767
    status accepted
    submitted 2004-10-13T12:13:00.000-04:00
    title Windows Server 2003 IIS WebDAV Message Handler Denial of Service Vulnerability
    version 31
refmap via4
bugtraq 20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS
xf
  • iis-ms04030-patch(17656)
  • iis-webdav-xml-attribute-dos(17645)
Last major update 30-10-2018 - 16:25
Published 03-11-2004 - 05:00
Last modified 30-10-2018 - 16:25
Back to Top