CVE-2001-1186

Current Description

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

Basic Data

PublishedDecember 11, 2001
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftInternet Information Services5.0*******

Vulnerable Software List

VendorProductVersions
Microsoft Internet Information Services 5.0

References

NameSourceURLTags
20011211 Microsoft IIS/5 bogus Content-length bug Memory attackhttp://online.securityfocus.com/archive/1/244931BUGTRAQ
20011212 Microsoft IIS/5.0 Content-Length DoS (proved)http://online.securityfocus.com/archive/1/245100BUGTRAQ
iis-false-content-length-dos(7691)http://www.iss.net/security_center/static/7691.phpXFVendor Advisory
20011211 Microsoft IIS/5 bogus Content-length bug.http://www.securityfocus.com/archive/1/244892BUGTRAQExploit
3667http://www.securityfocus.com/bid/3667BIDExploit Vendor Advisory