Sign-up

ID

VAR-201703-1246


CVE

CVE-2017-7269


TITLE

Microsoft Windows Server 2003 of Internet Information Services of WebDAV Service buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002299

DESCRIPTION

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Attacks on this vulnerability 2016 Year 7 Month or 8 Observed on the moon.By a remote attacker, PROPFIND Overly long requests "If: <http://" Arbitrary code may be executed through headers that begin with. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2017-7269 // JVNDB: JVNDB-2017-002299 // BID: 97127 // VULMON: CVE-2017-7269

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:6.0

Trust: 1.0

vendor:microsoftmodel:iisscope:eqversion:6.0 (microsoft windows server 2003 r2)

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:6.0

Trust: 0.6

vendor:siemensmodel:spect/ct systemsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:spect workplaces/symbia.netscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:spect systemsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:pet/ct systemsscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows server r2scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:internet information servicesscope:eqversion:6

Trust: 0.3

sources: BID: 97127 // JVNDB: JVNDB-2017-002299 // CNNVD: CNNVD-201703-1074 // NVD: CVE-2017-7269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7269
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7269
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201703-1074
value: CRITICAL

Trust: 0.6

VULMON: CVE-2017-7269
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7269
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-7269
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-7269
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2017-7269 // JVNDB: JVNDB-2017-002299 // CNNVD: CNNVD-201703-1074 // NVD: CVE-2017-7269

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2017-002299 // NVD: CVE-2017-7269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1074

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201703-1074

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002299

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2017-7269

PATCH
title:Microsoft IISurl:https://www.iis.net/
Trust: 0.8
title:Microsoft Internet Information Services Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94520
Trust: 0.6
title:cve-2017-7269-toolurl:https://github.com/zcgonvh/cve-2017-7269-tool 
Trust: 0.1
title:awesome-webshellurl:https://github.com/alphaSeclab/awesome-webshell 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-7269 // 
            
            
            
            JVNDB: JVNDB-2017-002299 // 
            
            
            
            CNNVD: CNNVD-201703-1074

EXTERNAL IDS
db:NVDid:CVE-2017-7269
Trust: 2.8
db:BIDid:97127
Trust: 1.9
db:SECTRACKid:1038168
Trust: 1.6
db:EXPLOIT-DBid:41738
Trust: 1.6
db:EXPLOIT-DBid:41992
Trust: 1.6
db:ICS CERTid:ICSMA-17-215-01
Trust: 1.1
db:JVNDBid:JVNDB-2017-002299
Trust: 0.8
db:CNNVDid:CNNVD-201703-1074
Trust: 0.6
db:VULMONid:CVE-2017-7269
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-7269 // 
            
            
            
            BID: 97127 // 
            
            
            
            JVNDB: JVNDB-2017-002299 // 
            
            
            
            CNNVD: CNNVD-201703-1074 // 
            
            
            
            NVD: CVE-2017-7269

REFERENCES
url:https://github.com/edwardz246003/iis_exploit
Trust: 2.7
url:https://github.com/rapid7/metasploit-framework/pull/8162
Trust: 2.4
url:https://www.exploit-db.com/exploits/41738/
Trust: 1.6
url:http://www.securityfocus.com/bid/97127
Trust: 1.6
url:https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
Trust: 1.6
url:https://github.com/danigargu/explodingcan
Trust: 1.6
url:https://www.exploit-db.com/exploits/41992/
Trust: 1.6
url:http://www.securitytracker.com/id/1038168
Trust: 1.6
url:https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server
Trust: 1.6
url:https://ics-cert.us-cert.gov/advisories/icsma-17-215-01
Trust: 1.1
url:https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7269
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7269
Trust: 0.8
url:https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812
Trust: 0.6
url:http://www.microsoft.com
Trust: 0.3
sources:
            
            
            BID: 97127 // 
            
            
            
            JVNDB: JVNDB-2017-002299 // 
            
            
            
            CNNVD: CNNVD-201703-1074 // 
            
            
            
            NVD: CVE-2017-7269

CREDITS
Zhiniang Peng and Chen Wu
Trust: 0.3
sources:
            
            
            BID: 97127

SOURCES
db:VULMONid:CVE-2017-7269
db:BIDid:97127
db:JVNDBid:JVNDB-2017-002299
db:CNNVDid:CNNVD-201703-1074
db:NVDid:CVE-2017-7269

LAST UPDATE DATE
2024-08-14T12:38:20.696000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2017-7269date:2023-11-07T00:00:00
db:BIDid:97127date:2017-08-10T17:10:00
db:JVNDBid:JVNDB-2017-002299date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201703-1074date:2019-07-08T00:00:00
db:NVDid:CVE-2017-7269date:2024-07-25T14:01:24.977

SOURCES RELEASE DATE
db:VULMONid:CVE-2017-7269date:2017-03-27T00:00:00
db:BIDid:97127date:2017-03-26T00:00:00
db:JVNDBid:JVNDB-2017-002299date:2017-04-11T00:00:00
db:CNNVDid:CNNVD-201703-1074date:2017-03-27T00:00:00
db:NVDid:CVE-2017-7269date:2017-03-27T02:59:00.453