Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2003-0227 | First vendor Publication | 2003-06-09 |
Vendor | Cve | Last vendor Modification | 2020-11-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0227 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:936 | |||
Oval ID: | oval:org.mitre.oval:def:936 | ||
Title: | Windows 2000 Media Services ISAPI Logging Vulnerability | ||
Description: | The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0227 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:966 | |||
Oval ID: | oval:org.mitre.oval:def:966 | ||
Title: | Windows NT Media Services ISAPI Logging Vulnerability | ||
Description: | The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0227 | Version: | 1 |
Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 |
ExploitDB Exploits
id | Description |
---|---|
2010-07-25 | Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-25 | Name : Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities File : nvt/gb_ms_win_media_service_isapi_code_exec_vuln.nasl |
2009-03-16 | Name : Microsoft MS03-022 security check File : nvt/remote-MS03-022.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
2106 | Microsoft Media Services ISAPI nsiislog.dll Overflow Windows Media Services contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the ISAPI (Internet Services Application Programming Interface) extension handling of incoming client requests in the nsiislog.dll file of the Internet Information Services (IIS). With a specially crafted request, an attacker may create a denial of service or exexcute arbitrary code via a chunked encoding overflow. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | nsiislog.dll access RuleID : 2129-community - Revision : 26 - Type : SERVER-IIS |
2014-01-10 | nsiislog.dll access RuleID : 2129 - Revision : 26 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-05-28 | Name : Arbitrary code can be executed on the remote host. File : nsiislog_dll.nasl - Type : ACT_DENIAL |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:14 |
|
2021-04-22 01:02:22 |
|
2020-11-13 21:23:13 |
|
2020-05-23 00:15:22 |
|
2018-10-13 00:22:26 |
|
2017-10-11 09:23:16 |
|
2016-10-18 12:01:10 |
|
2016-04-26 12:31:24 |
|
2014-02-17 10:26:00 |
|
2014-01-19 21:21:55 |
|
2013-05-11 11:50:54 |
|