ID
VAR-200705-0032
CVE
CVE-2007-2897
TITLE
Microsoft IIS 6.0 Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. Microsoft Internet Information Services is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to hang the application, denying service to legitimate users, or disclose sensitive information. Attackers with physical access to the system may be able to execute arbitrary code with the privileges of the application. Microsoft Internet Information Services 6.0 is vulnerable; other versions may also be affected
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 6.0 | Trust: 1.6 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 6.0 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
unknown
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Internet Information Services | url: | http://www.microsoft.com/ja-jp/server-cloud/windows-server/internet-information-services-iis.aspx | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2007-2897 | Trust: 2.7 |
| db: | JVNDB | id: | JVNDB-2007-003909 | Trust: 0.8 |
| db: | FULLDISC | id: | 20070522 QUESTION REGARDING IIS 6.0 / IS THIS A DOS??? | Trust: 0.6 |
| db: | FULLDISC | id: | 20070523 RE: QUESTION REGARDING IIS 6.0 / IS THIS A DOS??? | Trust: 0.6 |
| db: | XF | id: | 34418 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-200705-542 | Trust: 0.6 |
| db: | BID | id: | 51527 | Trust: 0.3 |
REFERENCES
| url: | http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0419.html | Trust: 1.9 |
| url: | http://seclists.org/fulldisclosure/2007/may/0378.html | Trust: 1.6 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/34418 | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2897 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2897 | Trust: 0.8 |
| url: | http://xforce.iss.net/xforce/xfdb/34418 | Trust: 0.6 |
| url: | http://www.microsoft.com/windowsserver2003/iis/default.mspx | Trust: 0.3 |
| url: | http://seclists.org/fulldisclosure/2007/may/378 | Trust: 0.3 |
CREDITS
Kingcope, 3APA3A
Trust: 0.3
SOURCES
| db: | BID | id: | 51527 |
| db: | JVNDB | id: | JVNDB-2007-003909 |
| db: | CNNVD | id: | CNNVD-200705-542 |
| db: | NVD | id: | CVE-2007-2897 |
LAST UPDATE DATE
2024-11-23T22:54:05.106000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 51527 | date: | 2007-05-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2007-003909 | date: | 2012-09-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-200705-542 | date: | 2007-06-12T00:00:00 |
| db: | NVD | id: | CVE-2007-2897 | date: | 2024-11-21T00:31:55.427 |
SOURCES RELEASE DATE
| db: | BID | id: | 51527 | date: | 2007-05-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2007-003909 | date: | 2012-09-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-200705-542 | date: | 2007-05-30T00:00:00 |
| db: | NVD | id: | CVE-2007-2897 | date: | 2007-05-30T10:30:00 |