Details of VAR-200005-0005

ID

VAR-200005-0005

CVE

CVE-2000-0304

TITLE

Microsoft IIS 4.0/5.0 deformity .HTR Request Denial of Service Attack Vulnerability (MS00-031)

Trust: 0.6

sources: CNNVD: CNNVD-200005-036

DESCRIPTION

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. The virtual directory within IIS 4.0 and 5.0 contains .htr files which permits users to change passwords remotely. If a user initiates a password change request containing malformed data, the server CPU becomes fully utilized until the administrator performs a reboot to regain normal functionality. The patch available for this issue creates a similar vulnerability which is exploited by appending %3F+.htr to a request

Trust: 1.17

sources: NVD: CVE-2000-0304 // BID: 1191

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 1191 // CNNVD: CNNVD-200005-036 // NVD: CVE-2000-0304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0304
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200005-036
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2000-0304
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200005-036 // NVD: CVE-2000-0304

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200005-036

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 1191 // CNNVD: CNNVD-200005-036

EXTERNAL IDS

db:	BID	id:	1191	Trust: 1.9
db:	NVD	id:	CVE-2000-0304	Trust: 1.6
db:	MS	id:	MS00-031	Trust: 0.6
db:	ISS	id:	20000511 MICROSOFT IIS REMOTE DENIAL OF SERVICE ATTACK	Trust: 0.6
db:	NSFOCUS	id:	3450	Trust: 0.6
db:	CNNVD	id:	CNNVD-200005-036	Trust: 0.6

sources: BID: 1191 // CNNVD: CNNVD-200005-036 // NVD: CVE-2000-0304

REFERENCES

url:	http://xforce.iss.net/alerts/advise52.php3	Trust: 2.6
url:	http://www.securityfocus.com/bid/1191	Trust: 2.6
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031	Trust: 2.0
url:	http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/3450	Trust: 0.6
url:	http://www.microsoft.com/technet/security/bulletin/fq00-031.asp	Trust: 0.3
url:	http://support.microsoft.com/support/kb/articles/q260/0/69.asp	Trust: 0.3
url:	http://support.microsoft.com/support/kb/articles/q260/8/38.asp	Trust: 0.3

sources: BID: 1191 // CNNVD: CNNVD-200005-036 // NVD: CVE-2000-0304

CREDITS

Cerberus Security Team※ CST@CERBERUS-INFOSEC.CO.UK

Trust: 0.6

sources: CNNVD: CNNVD-200005-036

SOURCES

db:	BID	id:	1191
db:	CNNVD	id:	CNNVD-200005-036
db:	NVD	id:	CVE-2000-0304

LAST UPDATE DATE

2024-11-22T22:58:44.323000+00:00

SOURCES UPDATE DATE

db:	BID	id:	1191	date:	2000-05-10T00:00:00
db:	CNNVD	id:	CNNVD-200005-036	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2000-0304	date:	2024-11-20T23:32:11.727

SOURCES RELEASE DATE

db:	BID	id:	1191	date:	2000-05-10T00:00:00
db:	CNNVD	id:	CNNVD-200005-036	date:	2000-05-10T00:00:00
db:	NVD	id:	CVE-2000-0304	date:	2000-05-10T04:00:00