Vulnerabilities > CVE-2003-0718 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030). CVE-2003-0718. Dos exploit for windows platform |
id | EDB-ID:585 |
last seen | 2016-01-31 |
modified | 2004-10-20 |
published | 2004-10-20 |
reporter | Amit Klein |
source | https://www.exploit-db.com/download/585/ |
title | Microsoft Windows IIS - WebDAV XML Denial of Service Exploit MS04-030 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS04-030.NASL |
description | The remote host is running a version of Windows and IIS that is vulnerable to a remote denial of service attack through the WebDAV XML Message Handler. An attacker may exploit this flaw to prevent the remote web server from working properly. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15455 |
published | 2004-10-12 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15455 |
title | MS04-030: WebDAV XML Message Handler Denial of Service (824151) |
code |
|
Oval
accepted 2011-05-16T04:00:52.485-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. family windows id oval:org.mitre.oval:def:1330 status accepted submitted 2004-10-13T09:30:00.000-04:00 title Windows 2000 IIS WebDAV Message Handler Denial of Service Vulnerability version 34 accepted 2011-05-16T04:00:58.906-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. family windows id oval:org.mitre.oval:def:1427 status accepted submitted 2004-10-13T11:09:00.000-04:00 title Windows XP IIS WebDAV Message Handler Denial of Service Vulnerability version 32 accepted 2011-05-16T04:03:04.343-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. family windows id oval:org.mitre.oval:def:4767 status accepted submitted 2004-10-13T12:13:00.000-04:00 title Windows Server 2003 IIS WebDAV Message Handler Denial of Service Vulnerability version 31
References
- http://marc.info/?l=bugtraq&m=109762641822064&w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767