Details of VAR-200212-0339

ID

VAR-200212-0339

CVE

CVE-2002-1908

TITLE

Microsoft Internet Information Services Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200212-871

DESCRIPTION

Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. Microsoft IIS is reported to be prone to a remotely exploitable denial of service. This condition occurs upon receipt of a malformed HOST field in a HTTP request for 'shtml.dll'. It is possible to reproduce this condition by sending a HTTP POST request with a HOST header field that is composed of an excessive number of slashes (/). Further details are not known at this time

Trust: 1.17

sources: NVD: CVE-2002-1908 // BID: 5907

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.1	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.1	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 5907 // CNNVD: CNNVD-200212-871 // NVD: CVE-2002-1908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1908
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-871
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2002-1908
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200212-871 // NVD: CVE-2002-1908

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1908

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-871

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200212-871

EXTERNAL IDS

db:	BID	id:	5907	Trust: 1.9
db:	NVD	id:	CVE-2002-1908	Trust: 1.6
db:	CNNVD	id:	CNNVD-200212-871	Trust: 0.6

sources: BID: 5907 // CNNVD: CNNVD-200212-871 // NVD: CVE-2002-1908

REFERENCES

url:	http://www.iss.net/security_center/static/10370.php	Trust: 2.6
url:	http://www.securityfocus.com/bid/5907	Trust: 2.6
url:	http://www.securiteam.com/windowsntfocus/6c00c1f5qa.html	Trust: 2.6
url:	http://www.immunitysec.com/spike.html	Trust: 0.3

sources: BID: 5907 // CNNVD: CNNVD-200212-871 // NVD: CVE-2002-1908

CREDITS

Dave Aitel※ dave@immunitysec.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-871

SOURCES

db:	BID	id:	5907
db:	CNNVD	id:	CNNVD-200212-871
db:	NVD	id:	CVE-2002-1908

LAST UPDATE DATE

2024-11-22T22:48:48.599000+00:00

SOURCES UPDATE DATE

db:	BID	id:	5907	date:	2002-10-07T00:00:00
db:	CNNVD	id:	CNNVD-200212-871	date:	2020-11-25T00:00:00
db:	NVD	id:	CVE-2002-1908	date:	2024-11-20T23:42:24.463

SOURCES RELEASE DATE

db:	BID	id:	5907	date:	2002-10-07T00:00:00
db:	CNNVD	id:	CNNVD-200212-871	date:	2002-10-07T00:00:00
db:	NVD	id:	CVE-2002-1908	date:	2002-12-31T05:00:00