Sign-up

ID

VAR-200306-0099


CVE

CVE-2003-0225


TITLE

Microsoft IIS Fraudulent ASP Denial of service due to file processing (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2003-000160

DESCRIPTION

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. This vulnerability was initially described in BID 7728 and is now being assigned its own BID

Trust: 1.89

sources: NVD: CVE-2003-0225 // JVNDB: JVNDB-2003-000160 // BID: 7733

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:iisscope:neversion:6.0

Trust: 0.3

vendor:microsoftmodel:iisscope:neversion:5.1

Trust: 0.3

sources: BID: 7733 // JVNDB: JVNDB-2003-000160 // CNNVD: CNNVD-200306-048 // NVD: CVE-2003-0225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0225
value: MEDIUM

Trust: 1.0

NVD: CVE-2003-0225
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200306-048
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2003-0225
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2003-000160 // CNNVD: CNNVD-200306-048 // NVD: CVE-2003-0225

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200306-048

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 7733 // CNNVD: CNNVD-200306-048

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000160

PATCH
title:MS03-018url:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Trust: 0.8
title:MS03-018url:http://www.microsoft.com/japan/technet/security/bulletin/MS03-018.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000160

EXTERNAL IDS
db:NVDid:CVE-2003-0225
Trust: 2.7
db:BIDid:7733
Trust: 1.1
db:JVNDBid:JVNDB-2003-000160
Trust: 0.8
db:MSid:MS03-018
Trust: 0.6
db:NTBUGTRAQid:20030418 MICROSOFT ACTIVE SERVER PAGES DOS
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:373
Trust: 0.6
db:CNNVDid:CNNVD-200306-048
Trust: 0.6
sources:
            
            
            BID: 7733 // 
            
            
            
            JVNDB: JVNDB-2003-000160 // 
            
            
            
            CNNVD: CNNVD-200306-048 // 
            
            
            
            NVD: CVE-2003-0225

REFERENCES
url:http://www.aqtronix.com/advisories/aq-2003-01.txt
Trust: 1.6
url:http://marc.info/?l=ntbugtraq&m=105110606122772&w=2
Trust: 1.0
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a373
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0225
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0225
Trust: 0.8
url:http://www.securityfocus.com/bid/7733
Trust: 0.8
url:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105110606122772&w=2
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:373
Trust: 0.6
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-018.asp
Trust: 0.3
sources:
            
            
            BID: 7733 // 
            
            
            
            JVNDB: JVNDB-2003-000160 // 
            
            
            
            CNNVD: CNNVD-200306-048 // 
            
            
            
            NVD: CVE-2003-0225

CREDITS
Microsoft Security Bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200306-048

SOURCES
db:BIDid:7733
db:JVNDBid:JVNDB-2003-000160
db:CNNVDid:CNNVD-200306-048
db:NVDid:CVE-2003-0225

LAST UPDATE DATE
2024-08-14T15:09:56.478000+00:00

SOURCES UPDATE DATE
db:BIDid:7733date:2009-07-11T22:06:00
db:JVNDBid:JVNDB-2003-000160date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-048date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0225date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE
db:BIDid:7733date:2003-05-28T00:00:00
db:JVNDBid:JVNDB-2003-000160date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-048date:2003-05-27T00:00:00
db:NVDid:CVE-2003-0225date:2003-06-09T04:00:00