5 - CVE-2001-0337

Executive Summary

Informations
Name	CVE-2001-0337	First vendor Publication	2001-06-27
Vendor	Cve	Last vendor Modification	2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0337

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Internet Information Server cpe:2.3:a:microsoft:internet_information_server:5.0::::far_east::: cpe:2.3:a:microsoft:internet_information_server:5.0:::far_east:::: cpe:2.3:a:microsoft:internet_information_server:4.0:sp4:::::: cpe:2.3:a:microsoft:internet_information_server:4.0::::far_east::: cpe:2.3:a:microsoft:internet_information_server:4.0:::zh:::: cpe:2.3:a:microsoft:internet_information_server:4.0:::ko:::: cpe:2.3:a:microsoft:internet_information_server:4.0:::ja:::: cpe:2.3:a:microsoft:internet_information_server:4.0::symantec::::: cpe:2.3:a:microsoft:internet_information_server:4.0:::far_east:::: cpe:2.3:a:microsoft:internet_information_server:4.0:unknown:unknown:chinese:::: cpe:2.3:a:microsoft:internet_information_server:4.0:unknown:unknown:japanese:::: cpe:2.3:a:microsoft:internet_information_server:4.0:unknown:unknown:korean:::: cpe:2.3:a:microsoft:internet_information_server:4.0:alpha:::::: cpe:2.3:a:microsoft:internet_information_server:3.0:unknown:unknown:korean:::: cpe:2.3:a:microsoft:internet_information_server:3.0:unknown:unknown:chinese:::: cpe:2.3:a:microsoft:internet_information_server:3.0:::ja:::: cpe:2.3:a:microsoft:internet_information_server:3.0:::ko:::: cpe:2.3:a:microsoft:internet_information_server:3.0:::zh:::: cpe:2.3:a:microsoft:internet_information_server:3.0:unknown:unknown:japanese:::: cpe:2.3:a:microsoft:internet_information_server::::::::	20
Application	Microsoft Internet Information Services cpe:2.3:a:microsoft:internet_information_services:5.0:::::::* cpe:2.3:a:microsoft:internet_information_services:4.0:::::::* cpe:2.3:a:microsoft:internet_information_services:3.0:::::::* cpe:2.3:a:microsoft:internet_information_services:2.0:::::::* cpe:2.3:a:microsoft:internet_information_services:1.0:::::::* cpe:2.3:a:microsoft:internet_information_services:-:::::::*	6

ExploitDB Exploits

id	Description
2000-05-14	Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability
2011-01-08	Microsoft IIS/PWS CGI Filename Double Decode Command Execution

OpenVAS Exploits

Date	Description
2005-11-03	Name : IIS Remote Command Execution File : nvt/iis_decode_bug.nasl
2005-11-03	Name : IIS 5.0 WebDav Memory Leakage File : nvt/iis_webdav_lock_memory_leak.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
13478	Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft NLST * dos attempt RuleID : 8481 - Revision : 11 - Type : PROTOCOL-FTP

Nessus® Vulnerability Scanner

Date	Description
2003-03-12	Name : The remote host is vulnerable to privilege escalation. File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO
2001-05-15	Name : Arbitrary commands can be executed on the remote web server. File : iis_decode_bug.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:24:24	Multiple Updates
2024-11-28 12:04:25	Multiple Updates
2024-08-02 12:01:45	Multiple Updates
2024-08-02 01:01:14	Multiple Updates
2024-02-02 01:01:35	Multiple Updates
2024-02-01 12:01:15	Multiple Updates
2023-09-05 12:01:31	Multiple Updates
2023-09-05 01:01:07	Multiple Updates
2023-09-02 12:01:32	Multiple Updates
2023-09-02 01:01:07	Multiple Updates
2023-08-12 12:01:52	Multiple Updates
2023-08-12 01:01:07	Multiple Updates
2023-08-11 12:01:35	Multiple Updates
2023-08-11 01:01:08	Multiple Updates
2023-08-06 12:01:27	Multiple Updates
2023-08-06 01:01:08	Multiple Updates
2023-08-04 12:01:31	Multiple Updates
2023-08-04 01:01:07	Multiple Updates
2023-07-14 12:01:30	Multiple Updates
2023-07-14 01:01:08	Multiple Updates
2023-03-29 01:01:28	Multiple Updates
2023-03-28 12:01:13	Multiple Updates
2022-10-11 12:01:20	Multiple Updates
2022-10-11 01:01:01	Multiple Updates
2021-05-04 12:01:20	Multiple Updates
2021-04-22 01:01:31	Multiple Updates
2020-11-24 12:01:10	Multiple Updates
2020-11-24 01:00:58	Multiple Updates
2020-05-23 01:35:30	Multiple Updates
2020-05-23 00:14:35	Multiple Updates
2018-10-13 00:22:23	Multiple Updates
2017-11-22 12:01:29	Multiple Updates
2016-06-28 14:55:24	Multiple Updates
2016-04-26 11:51:33	Multiple Updates
2013-05-11 12:03:51	Multiple Updates

Global Informations

Type	Count
CPE ID(s)	26
Sources(s)	1
osvdb(s)	1
ExploitDB Exploit(s)	2
Openvas Exploit(s)	2
Snort® Rule(s)	1
Nessus® Exploit(s)	2

	Related
7.5	MS01-026
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - CVE-2001-0337

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

ExploitDB Exploits

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU