ID
VAR-200007-0069
CVE
CVE-2000-0631
TITLE
IIS Management Script Service Rejection Vulnerability
Trust: 0.6
DESCRIPTION
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. Microsoft IIS 3.0 shipped with a number of HTR scripts, one of which could be used to cause a Denial of Service against the hosting machine. Although these scripts were only distributed with IIS 3.0, they would be retained during upgrade to 4.0 or 5.0 and therefore these versions may be vulnerable if they were installed as an upgrade to 3.0. The vulnerable script is used to browse directories and normally expects a directory name as a variable. If a request with this variable blank is received, the script enters an infinite loop resulting in system resource exhaustion. No further details were made available by Microsoft
Trust: 1.17
AFFECTED PRODUCTS
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 4.0 | Trust: 1.6 |
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 3.0 | Trust: 1.6 |
| vendor: | microsoft | model: | internet information services | scope: | eq | version: | 5.0 | Trust: 1.6 |
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 5.0 | Trust: 0.6 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | microsoft | model: | iis alpha | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 3.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
unknown
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 1476 | Trust: 1.9 |
| db: | NVD | id: | CVE-2000-0631 | Trust: 1.6 |
| db: | MS | id: | MS00-044 | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20000718 ISBASE SECURITY ADVISORY(SA2000-02) | Trust: 0.6 |
| db: | XF | id: | 4951 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-200007-038 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/1476 | Trust: 1.6 |
| url: | http://marc.info/?l=bugtraq&m=96390444022878&w=2 | Trust: 1.0 |
| url: | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044 | Trust: 1.0 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/4951 | Trust: 1.0 |
| url: | http://xforce.iss.net/static/4951.php | Trust: 0.6 |
| url: | http://www.microsoft.com/technet/security/bulletin/ms00-044.asp | Trust: 0.6 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2 | Trust: 0.6 |
| url: | http://www.microsoft.com/technet/security/bulletin/fq00-044.asp | Trust: 0.3 |
CREDITS
Details of this vulnerability were released in a Microsoft advisory, MS00-044
Trust: 0.3
SOURCES
| db: | BID | id: | 1476 |
| db: | CNNVD | id: | CNNVD-200007-038 |
| db: | NVD | id: | CVE-2000-0631 |
LAST UPDATE DATE
2024-08-14T13:51:35.928000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 1476 | date: | 2000-07-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-200007-038 | date: | 2005-10-12T00:00:00 |
| db: | NVD | id: | CVE-2000-0631 | date: | 2018-10-30T16:25:10.357 |
SOURCES RELEASE DATE
| db: | BID | id: | 1476 | date: | 2000-07-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-200007-038 | date: | 2000-07-14T00:00:00 |
| db: | NVD | id: | CVE-2000-0631 | date: | 2000-07-14T04:00:00 |