Details of VAR-200011-0006

ID

VAR-200011-0006

CVE

CVE-2000-0858

TITLE

Microsoft Windows"Invalid URL" Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200011-009

DESCRIPTION

Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. IIS 4.0 is subject to a denial of service due to the mishandling of URL requests. This issue is a result of a flaw in Windows NT 4.0. If a remote user requests a specifically malformed URL, an invalid memory request is made by inetinfo.exe. The end result is that all system resources are used until inetinfo.exe is eventually automatically shut down by NT. A restart of the service is required in order to gain normal functionality

Trust: 1.17

sources: NVD: CVE-2000-0858 // BID: 1642

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0	Trust: 1.9
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	windows nt alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	ne	version:	5.0	Trust: 0.3

sources: BID: 1642 // CNNVD: CNNVD-200011-009 // NVD: CVE-2000-0858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0858
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200011-009
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2000-0858
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200011-009 // NVD: CVE-2000-0858

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200011-009

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200011-009

EXTERNAL IDS

db:	BID	id:	1642	Trust: 1.9
db:	NVD	id:	CVE-2000-0858	Trust: 1.6
db:	XF	id:	5202	Trust: 0.6
db:	MS	id:	MS00-063	Trust: 0.6
db:	BUGTRAQ	id:	20000906 VIGILANTE-2000009: "INVALID URL" DOS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200011-009	Trust: 0.6

sources: BID: 1642 // CNNVD: CNNVD-200011-009 // NVD: CVE-2000-0858

REFERENCES

url:	http://www.securityfocus.com/bid/1642	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/80413	Trust: 1.6
url:	http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5202	Trust: 1.0
url:	http://xforce.iss.net/static/5202.php	Trust: 0.6
url:	http://www.microsoft.com/technet/security/bulletin/fq00-063.asp	Trust: 0.3

sources: BID: 1642 // CNNVD: CNNVD-200011-009 // NVD: CVE-2000-0858

CREDITS

Released in a Microsoft Security Bulletin (MS00-063) on Sep 5, 2000. Reported to Microsoft on May 16, 2000 by Peter Grundl of VIGILANTe <prg@vigilante.com>.

Trust: 0.3

sources: BID: 1642

SOURCES

db:	BID	id:	1642
db:	CNNVD	id:	CNNVD-200011-009
db:	NVD	id:	CVE-2000-0858

LAST UPDATE DATE

2024-08-14T15:45:53.082000+00:00

SOURCES UPDATE DATE

db:	BID	id:	1642	date:	2000-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200011-009	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2000-0858	date:	2017-10-10T01:29:20.217

SOURCES RELEASE DATE

db:	BID	id:	1642	date:	2000-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200011-009	date:	2000-11-14T00:00:00
db:	NVD	id:	CVE-2000-0858	date:	2000-11-14T05:00:00