Sign-up

ID

VAR-200306-0100


CVE

CVE-2003-0226


TITLE

Microsoft IIS of WebDAV Service disruption in request processing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2003-000156

DESCRIPTION

Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. All current web, FTP, and email sessions will be terminated. IIS will automatically restart and normal service will resume. ** It has been reported that if a WebDAV request with a certain number of bytes is received, the Inetinfo service will remain alive but cease serving requests. This will cause the IIS server to stop serving requests until the service is manually restarted. This vulnerability was initially described in BID 7728 and is now being assigned its own BID

Trust: 1.89

sources: NVD: CVE-2003-0226 // JVNDB: JVNDB-2003-000156 // BID: 7735

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.1

Trust: 0.6

vendor:microsoftmodel:iisscope:neversion:6.0

Trust: 0.3

sources: BID: 7735 // JVNDB: JVNDB-2003-000156 // CNNVD: CNNVD-200306-027 // NVD: CVE-2003-0226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0226
value: MEDIUM

Trust: 1.0

NVD: CVE-2003-0226
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200306-027
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2003-0226
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2003-000156 // CNNVD: CNNVD-200306-027 // NVD: CVE-2003-0226

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200306-027

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200306-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000156

PATCH
title:MS03-018url:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Trust: 0.8
title:MS03-018url:http://www.microsoft.com/japan/technet/security/bulletin/MS03-018.mspx
Trust: 0.8
title:Microsoft Internet Information Services WebDAV Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134893
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2003-000156 // 
            
            
            
            CNNVD: CNNVD-200306-027

EXTERNAL IDS
db:NVDid:CVE-2003-0226
Trust: 2.7
db:BIDid:7734
Trust: 0.8
db:JVNDBid:JVNDB-2003-000156
Trust: 0.8
db:CNNVDid:CNNVD-200306-027
Trust: 0.6
db:BIDid:7735
Trust: 0.3
sources:
            
            
            BID: 7735 // 
            
            
            
            JVNDB: JVNDB-2003-000156 // 
            
            
            
            CNNVD: CNNVD-200306-027 // 
            
            
            
            NVD: CVE-2003-0226

REFERENCES
url:http://marc.info/?l=bugtraq&m=105427362724860&w=2
Trust: 2.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a933
Trust: 2.6
url:http://www.spidynamics.com/iis_alert.html
Trust: 2.6
url:http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html
Trust: 2.6
url:http://marc.info/?l=ntbugtraq&m=105421243732552&w=2
Trust: 2.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0226
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0226
Trust: 0.8
url:http://www.securityfocus.com/bid/7734
Trust: 0.8
url:http://support.coresecurity.com/impact/exploits/86235fc76bafd039e5ee841a41ec4cb4.html
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-018.asp
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-019.asp
Trust: 0.3
url:/archive/1/323507
Trust: 0.3
url:/archive/1/323074
Trust: 0.3
sources:
            
            
            BID: 7735 // 
            
            
            
            JVNDB: JVNDB-2003-000156 // 
            
            
            
            CNNVD: CNNVD-200306-027 // 
            
            
            
            NVD: CVE-2003-0226

CREDITS
Microsoft Security Bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200306-027

SOURCES
db:BIDid:7735
db:JVNDBid:JVNDB-2003-000156
db:CNNVDid:CNNVD-200306-027
db:NVDid:CVE-2003-0226

LAST UPDATE DATE
2024-11-22T22:58:34.966000+00:00

SOURCES UPDATE DATE
db:BIDid:7735date:2009-07-11T22:06:00
db:JVNDBid:JVNDB-2003-000156date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-027date:2021-08-16T00:00:00
db:NVDid:CVE-2003-0226date:2024-11-20T23:44:15.613

SOURCES RELEASE DATE
db:BIDid:7735date:2003-05-28T00:00:00
db:JVNDBid:JVNDB-2003-000156date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-027date:2003-05-27T00:00:00
db:NVDid:CVE-2003-0226date:2003-06-09T04:00:00