Denial of Service Vulnerability in Internet Information Services (IIS) by Microsoft
CVE-2003-0718

Currently unrated

Key Information:

Vendor
Microsoft
Status
Internet Information Server
Internet Information Services
Vendor
CVE Published:
3 November 2004

Summary

The WebDAV Message Handler in Internet Information Services (IIS) versions 5.0, 5.1, and 6.0 is susceptible to a denial of service attack. This vulnerability allows remote attackers to exploit the handler by sending specially crafted PROPFIND requests that include XML messages with excessive attributes. This can lead to memory and CPU exhaustion, causing the application to crash and become unresponsive. It is recommended that administrators apply the relevant security patches and follow best practices to mitigate such risks.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
vdb-entryx_refsource_XF

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.