ID
VAR-200005-0053
CVE
CVE-2000-0408
TITLE
Microsoft IIS Service operation by handling invalid file extension (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. Restarting the application or waiting until the URL is processed will be required in order to regain normal functionality
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 4.0 | Trust: 1.6 |
| vendor: | microsoft | model: | internet information services | scope: | eq | version: | 5.0 | Trust: 1.6 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 5.0 | Trust: 1.1 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 4.0 | Trust: 1.1 |
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 5.0 | Trust: 0.6 |
| vendor: | microsoft | model: | iis alpha | scope: | eq | version: | 4.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | MS00-030 | url: | http://www.microsoft.com/technet/security/bulletin/MS00-030.mspx | Trust: 0.8 |
| title: | MS00-030 | url: | http://www.microsoft.com/japan/technet/security/Bulletin/MS06-030.mspx | Trust: 0.8 |
EXTERNAL IDS
| db: | BID | id: | 1190 | Trust: 2.7 |
| db: | NVD | id: | CVE-2000-0408 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2000-000032 | Trust: 0.8 |
| db: | MSKB | id: | Q260205 | Trust: 0.6 |
| db: | MS | id: | MS00-030 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-200005-046 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/1190 | Trust: 3.4 |
| url: | http://www.ussrback.com/labs40.html | Trust: 2.6 |
| url: | http://www.microsoft.com/technet/support/kb.asp?id=260205 | Trust: 2.6 |
| url: | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-030 | Trust: 2.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0408 | Trust: 0.8 |
| url: | http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0408 | Trust: 0.8 |
| url: | http://www.microsoft.com/technet/security/bulletin/ms00-030.asp | Trust: 0.6 |
| url: | http://www.microsoft.com/technet/security/bulletin/fq00-030.asp | Trust: 0.3 |
| url: | http://support.microsoft.com/support/kb/articles/q260/2/05.asp?ln=en-us&sd=tech&fr=0 | Trust: 0.3 |
CREDITS
Discovered by USSR Labs <labs@ussrback.com> and publicized in a Microsoft Security Bulletin (MS00-0030).
Trust: 0.9
SOURCES
| db: | BID | id: | 1190 |
| db: | JVNDB | id: | JVNDB-2000-000032 |
| db: | CNNVD | id: | CNNVD-200005-046 |
| db: | NVD | id: | CVE-2000-0408 |
LAST UPDATE DATE
2024-11-22T23:05:58.346000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 1190 | date: | 2000-05-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2000-000032 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200005-046 | date: | 2005-10-12T00:00:00 |
| db: | NVD | id: | CVE-2000-0408 | date: | 2024-11-20T23:32:26.240 |
SOURCES RELEASE DATE
| db: | BID | id: | 1190 | date: | 2000-05-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2000-000032 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200005-046 | date: | 2000-05-11T00:00:00 |
| db: | NVD | id: | CVE-2000-0408 | date: | 2000-05-11T04:00:00 |