cvelistv5 - cve-2003-0718

CVE-2003-0718 (GCVE-0-2003-0718)

Vulnerability from cvelistv5

Published

2004-10-16 04:00

Modified

2024-08-08 02:05

Severity ?

CWE

Summary

References

URL

Tags

	cve@mitre.org	http://marc.info/?l=bugtraq&m=109762641822064&w=2
	cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109762641822064&w=2
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:4767",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
          },
          {
            "name": "iis-webdav-xml-attribute-dos(17645)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
          },
          {
            "name": "iis-ms04030-patch(17656)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
          },
          {
            "name": "oval:org.mitre.oval:def:1330",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
          },
          {
            "name": "MS04-030",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
          },
          {
            "name": "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:1427",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:4767",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
        },
        {
          "name": "iis-webdav-xml-attribute-dos(17645)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
        },
        {
          "name": "iis-ms04030-patch(17656)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
        },
        {
          "name": "oval:org.mitre.oval:def:1330",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
        },
        {
          "name": "MS04-030",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
        },
        {
          "name": "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:1427",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0718",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:4767",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
            },
            {
              "name": "iis-webdav-xml-attribute-dos(17645)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
            },
            {
              "name": "iis-ms04030-patch(17656)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
            },
            {
              "name": "oval:org.mitre.oval:def:1330",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
            },
            {
              "name": "MS04-030",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
            },
            {
              "name": "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:1427",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0718",
    "datePublished": "2004-10-16T04:00:00",
    "dateReserved": "2003-09-02T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0718\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-11-03T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.\"},{\"lang\":\"es\",\"value\":\"El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de memoria y CPU), ca\u00edda de aplicaci\u00f3n mediante un mensaje XML conteniendo elementos XML con un gran n\u00famero de atributos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7C954A7-FF84-4DEB-8728-5B207F374ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"413C07EA-139F-4B7D-A58B-835BD2591FA0\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17645\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17656\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17645\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2003-0718

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2003-0718

Aliases

CVE-2003-0718

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0718",
    "description": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.",
    "id": "GSD-2003-0718",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2003-0718"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0718"
      ],
      "details": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.",
      "id": "GSD-2003-0718",
      "modified": "2023-12-13T01:22:12.828346Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0718",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:4767",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
          },
          {
            "name": "iis-webdav-xml-attribute-dos(17645)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
          },
          {
            "name": "iis-ms04030-patch(17656)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
          },
          {
            "name": "oval:org.mitre.oval:def:1330",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
          },
          {
            "name": "MS04-030",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
          },
          {
            "name": "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:1427",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0718"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
            },
            {
              "name": "iis-ms04030-patch(17656)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
            },
            {
              "name": "iis-webdav-xml-attribute-dos(17645)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
            },
            {
              "name": "oval:org.mitre.oval:def:4767",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
            },
            {
              "name": "oval:org.mitre.oval:def:1427",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
            },
            {
              "name": "oval:org.mitre.oval:def:1330",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
            },
            {
              "name": "MS04-030",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-11-23T19:49Z",
      "publishedDate": "2004-11-03T05:00Z"
    }
  }
}

ghsa-qfq7-2r89-r328

Vulnerability from github

Published

2022-04-29 01:26

Modified

2022-04-29 01:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0718"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-11-03T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.",
  "id": "GHSA-qfq7-2r89-r328",
  "modified": "2022-04-29T01:26:52Z",
  "published": "2022-04-29T01:26:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0718"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2003-0718

Vulnerability from fkie_nvd

Published

2004-11-03 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://marc.info/?l=bugtraq&m=109762641822064&w=2
	cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109762641822064&w=2
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767

Impacted products

	Vendor	Product	Version
	microsoft	internet_information_server	6.0
	microsoft	internet_information_services	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C954A7-FF84-4DEB-8728-5B207F374ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes."
    },
    {
      "lang": "es",
      "value": "El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de memoria y CPU), ca\u00edda de aplicaci\u00f3n mediante un mensaje XML conteniendo elementos XML con un gran n\u00famero de atributos."
    }
  ],
  "id": "CVE-2003-0718",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-11-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. Microsoft XML Parser is prone to a remote denial of service vulnerability when handling malformed requests. The vulnerability can be exploited through the WebDAV XML message handler of Microsoft IIS server. It is reported that this issue requires a remote attacker to create specially crafted WebDAV requests and send them to a vulnerable server over TCP port 80. There is a possibility of increased CPU resource and memory consumption as the IIS server attempts to process these requests. This can eventually lead to a denial of service condition in the server. A reboot is required to restore normal functionality. This vulnerability can also be exposed through other applications that rely on Microsoft XML Parser to process XML messages

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0028",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "internet information services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "windows 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2003",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "windows xp professional sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp 64-bit edition version sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows xp 64-bit edition version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows xp 64-bit edition sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp 64-bit edition",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server enterprise edition itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "windows server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server datacenter edition itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "windows server datacenter edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "s8100 media servers r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "s3400 message application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "ip600 media servers r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "windows xp professional sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "s8100 media servers r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "ip600 media servers r12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "definityone media servers r12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "11384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_2000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Amit Klein\u203b Amit.Klein@SanctumInc.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0718",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2003-0718",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2003-0718",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2003-0718",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200411-017",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. Microsoft XML Parser is prone to a remote denial of service vulnerability when handling malformed requests.  The vulnerability can be exploited through the WebDAV XML message handler of Microsoft IIS server. \nIt is reported that this issue requires a remote attacker to create specially crafted WebDAV requests and send them to a vulnerable server over TCP port 80.  There is a possibility of increased CPU resource and memory consumption as the IIS server attempts to process these requests.   This can eventually lead to a denial of service condition in the server.  A reboot is required to restore normal functionality. \nThis vulnerability can also be exposed through other applications that rely on Microsoft XML Parser to process XML messages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "BID",
        "id": "11384"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2003-0718",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "11384",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1011633",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA04-286A",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "12801",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "11384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "id": "VAR-200411-0028",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-08-14T12:56:10.244000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS04-030",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx"
      },
      {
        "title": "MS04-030",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/MS04-030.mspx"
      },
      {
        "title": "Microsoft Internet Information Services WebDAV XML Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134891"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4767"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=109762641822064\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1427"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1330"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0718"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0718"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/12801"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/11384"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2004/oct/1011633.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa04-286a.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms04-030.mspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/378179"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "11384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "11384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-10-12T00:00:00",
        "db": "BID",
        "id": "11384"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "date": "2004-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "date": "2004-11-03T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-07-12T07:06:00",
        "db": "BID",
        "id": "11384"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      },
      {
        "date": "2020-11-23T19:49:27.407000",
        "db": "NVD",
        "id": "CVE-2003-0718"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft IIS of  WebDAV Denial of service in Japan  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000423"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-017"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2003-0718 (GCVE-0-2003-0718)

Vulnerability from cvelistv5

gsd-2003-0718

Vulnerability from gsd

ghsa-qfq7-2r89-r328

Vulnerability from github

fkie_cve-2003-0718

Vulnerability from fkie_nvd

var-200411-0028

Vulnerability from variot

Tags

Sightings

Nomenclature