Details of VAR-200112-0132

ID

VAR-200112-0132

CVE

CVE-2001-1186

TITLE

Microsoft IIS Handling forged "Content-Length" Failure causes a denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-092

DESCRIPTION

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. If an IIS 5.0 web server is sent a crafted HTTP GET request which contains a falsified and excessive "Content-Length" field, it behaves in an unusual manner. The server keeps the connection open and does not time out, but does not respond otherwise. It is possible that this may be used to cause a denial of service to the web server

Trust: 1.17

sources: NVD: CVE-2001-1186 // BID: 3667

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 3667 // CNNVD: CNNVD-200112-092 // NVD: CVE-2001-1186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1186
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200112-092
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2001-1186
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200112-092 // NVD: CVE-2001-1186

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-092

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200112-092

EXTERNAL IDS

db:	NVD	id:	CVE-2001-1186	Trust: 1.9
db:	BID	id:	3667	Trust: 1.9
db:	BUGTRAQ	id:	20011212 MICROSOFT IIS/5.0 CONTENT-LENGTH DOS (PROVED)	Trust: 0.6
db:	BUGTRAQ	id:	20011211 MICROSOFT IIS/5 BOGUS CONTENT-LENGTH BUG.	Trust: 0.6
db:	BUGTRAQ	id:	20011211 MICROSOFT IIS/5 BOGUS CONTENT-LENGTH BUG MEMORY ATTACK	Trust: 0.6
db:	XF	id:	7691	Trust: 0.6
db:	CNNVD	id:	CNNVD-200112-092	Trust: 0.6

sources: BID: 3667 // CNNVD: CNNVD-200112-092 // NVD: CVE-2001-1186

REFERENCES

url:	http://www.securityfocus.com/bid/3667	Trust: 2.6
url:	http://www.securityfocus.com/archive/1/244892	Trust: 2.6
url:	http://www.iss.net/security_center/static/7691.php	Trust: 2.6
url:	http://online.securityfocus.com/archive/1/245100	Trust: 2.6
url:	http://online.securityfocus.com/archive/1/244931	Trust: 2.6

sources: CNNVD: CNNVD-200112-092 // NVD: CVE-2001-1186

CREDITS

Ivan Hernandez Puga※ ivan.hernandez@globalsis.com.ar

Trust: 0.6

sources: CNNVD: CNNVD-200112-092

SOURCES

db:	BID	id:	3667
db:	CNNVD	id:	CNNVD-200112-092
db:	NVD	id:	CVE-2001-1186

LAST UPDATE DATE

2024-11-22T23:13:05.351000+00:00

SOURCES UPDATE DATE

db:	BID	id:	3667	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200112-092	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2001-1186	date:	2024-11-20T23:37:05.783

SOURCES RELEASE DATE

db:	BID	id:	3667	date:	2001-12-11T00:00:00
db:	CNNVD	id:	CNNVD-200112-092	date:	2001-12-11T00:00:00
db:	NVD	id:	CVE-2001-1186	date:	2001-12-11T05:00:00