Sign-up

ID

VAR-200109-0119


CVE

CVE-2001-0508


TITLE

Microsoft IIS WebDAV 'Propfind' Server Restart Vulnerability

Trust: 0.9

sources: BID: 2690 // CNNVD: CNNVD-200109-074

DESCRIPTION

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning (WebDAV) request. WebDAV contains a flaw in the handling of certain malformed requests. This vulnerability has been known to affect the server performance and could lead to a denial of service condition, however this has not been verified

Trust: 2.88

sources: NVD: CVE-2001-0508 // CERT/CC: VU#959211 // JVNDB: JVNDB-2001-000124 // BID: 3194 // BID: 2690

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.4

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

sources: CERT/CC: VU#959211 // BID: 3194 // BID: 2690 // JVNDB: JVNDB-2001-000124 // CNNVD: CNNVD-200109-074 // NVD: CVE-2001-0508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0508
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#959211
value: 12.60

Trust: 0.8

NVD: CVE-2001-0508
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200109-074
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2001-0508
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#959211 // JVNDB: JVNDB-2001-000124 // CNNVD: CNNVD-200109-074 // NVD: CVE-2001-0508

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0508

THREAT TYPE

network

Trust: 0.6

sources: BID: 3194 // BID: 2690

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 3194 // BID: 2690

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000124

PATCH
title:MS01-044url:http://www.microsoft.com/technet/Security/Bulletin/ms01-044.asp
Trust: 0.8
title:MS01-044url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-044.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000124

EXTERNAL IDS
db:NVDid:CVE-2001-0508
Trust: 2.4
db:BIDid:3194
Trust: 1.9
db:BIDid:2690
Trust: 1.9
db:OSVDBid:5606
Trust: 1.6
db:OSVDBid:5633
Trust: 1.6
db:CERT/CCid:VU#959211
Trust: 0.8
db:JVNDBid:JVNDB-2001-000124
Trust: 0.8
db:XFid:6982
Trust: 0.6
db:BUGTRAQid:20010506 IIS 5.0 PROPFIND DOS #2
Trust: 0.6
db:MSid:MS01-044
Trust: 0.6
db:CNNVDid:CNNVD-200109-074
Trust: 0.6
sources:
            
            
            CERT/CC: VU#959211 // 
            
            
            
            BID: 3194 // 
            
            
            
            BID: 2690 // 
            
            
            
            JVNDB: JVNDB-2001-000124 // 
            
            
            
            CNNVD: CNNVD-200109-074 // 
            
            
            
            NVD: CVE-2001-0508

REFERENCES
url:http://www.securityfocus.com/bid/3194
Trust: 1.6
url:http://www.securityfocus.com/bid/2690
Trust: 1.6
url:http://www.osvdb.org/5633
Trust: 1.6
url:http://www.osvdb.org/5606
Trust: 1.6
url:http://www.iss.net/security_center/static/6982.php
Trust: 1.6
url:http://online.securityfocus.com/archive/1/182579
Trust: 1.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Trust: 1.0
url:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Trust: 0.9
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-044.asp
Trust: 0.8
url:http://www.ietf.org/rfc/rfc2518.txt
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0508
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0508
Trust: 0.8
url:http://www.microsoft.com/technet/support/kb.asp?id=241520
Trust: 0.3
url:http://www.microsoft.com/technet/security
Trust: 0.3
sources:
            
            
            CERT/CC: VU#959211 // 
            
            
            
            BID: 3194 // 
            
            
            
            JVNDB: JVNDB-2001-000124 // 
            
            
            
            CNNVD: CNNVD-200109-074 // 
            
            
            
            NVD: CVE-2001-0508

CREDITS
Discovered and posted to Bugtraq on May 6, 2001 by Georgi Guninski <guninski@guninski.com>.
Trust: 0.9
sources:
            
            
            BID: 2690 // 
            
            
            
            CNNVD: CNNVD-200109-074

SOURCES
db:CERT/CCid:VU#959211
db:BIDid:3194
db:BIDid:2690
db:JVNDBid:JVNDB-2001-000124
db:CNNVDid:CNNVD-200109-074
db:NVDid:CVE-2001-0508

LAST UPDATE DATE
2024-08-14T12:48:33.937000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#959211date:2001-09-18T00:00:00
db:BIDid:3194date:2001-08-15T00:00:00
db:BIDid:2690date:2001-05-06T00:00:00
db:JVNDBid:JVNDB-2001-000124date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200109-074date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0508date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE
db:CERT/CCid:VU#959211date:2001-09-18T00:00:00
db:BIDid:3194date:2001-08-15T00:00:00
db:BIDid:2690date:2001-05-06T00:00:00
db:JVNDBid:JVNDB-2001-000124date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200109-074date:2001-09-20T00:00:00
db:NVDid:CVE-2001-0508date:2001-09-20T04:00:00