Executive Summary
Informations | |||
---|---|---|---|
Name | MS01-044 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
15 August 2001 Cumulative Patch for IIS |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-38 | Leveraging/Manipulating Configuration File Search Paths |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:909 | |||
Oval ID: | oval:org.mitre.oval:def:909 | ||
Title: | Windows NT IIS System File Listing Privilege Elevation Vulnerability | ||
Description: | IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2001-0507 | Version: | 2 |
Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:912 | |||
Oval ID: | oval:org.mitre.oval:def:912 | ||
Title: | Windows 2000 IIS System File Listing Privilege Elevation Vulnerability | ||
Description: | IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2001-0507 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IIS Remote Command Execution File : nvt/iis_decode_bug.nasl |
2005-11-03 | Name : Tests for Nimda Worm infected HTML files File : nvt/nimda.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
5736 | Microsoft IIS Relative Path System Privilege Escalation Microsoft IIS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when exploiting the relative path listings in a table that lists the system files. This flaw may lead to a loss of confidentiality and/or integrity. |
5633 | Microsoft IIS Invalid WebDAV Request DoS Microsoft IIS contains a flaw that may allow a remote denial of service. The issue is triggered when submitting a malformed or extremely long WebDAV request, causing all IIS related services to fail and restart, resulting in a loss of availability. |
5606 | Microsoft IIS WebDAV PROPFIND Request DoS Microsoft IIS contains a flaw that may allow a remote denial of service. The issue is triggered when submitting a WebDAV 'PROPFIND' request containing numerous semicolons to the server. This will cause the IIS service to fail and restart, resulting in a loss of availability. |
5584 | Microsoft IIS URL Redirection Malformed Length DoS Microsoft IIS contains a flaw that may allow a remote denial of service. The issue occurs when an attacker sends a URL request with a different length than the one specified in the request. This results in an access violation causing IIS to crash and must be restarted. This vulnerability only occurs when URL redirection has been enabled. |
1931 | Microsoft IIS MIME Content-Type Header DoS |
1930 | Microsoft IIS SSI ssinc.dll Filename Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-03-12 | Name : The remote host is vulnerable to privilege escalation. File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO |
2001-09-19 | Name : The remote host may have been compromised. File : nimda.nasl - Type : ACT_GATHER_INFO |
2001-06-19 | Name : The remote web server is affected by multiple vulnerabilities. File : iis_isapi_overflow.nasl - Type : ACT_ATTACK |
2001-05-15 | Name : Arbitrary commands can be executed on the remote web server. File : iis_decode_bug.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:35 |
|