header-logo
Suggest Exploit
vendor:
IIS
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: IIS
Affected Version From: 4
Affected Version To: 5
Patch Exists: NO
Related CWE: CVE-2002-0392
CPE: a:microsoft:iis
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft IIS 4.0/5.0 Malformed File Extension Denial of Service Vulnerability

Sending a specially crafted URL containing malformed file extension information to Microsoft IIS 4.0/5.0 will consume CPU usage until it reaches 100% which will halt the program's services. Restarting the application or waiting until the URL is processed will be required in order to regain normal functionality.

Mitigation:

Restarting the application or waiting until the URL is processed will be required in order to regain normal functionality.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1190/info

Sending a specially crafted URL containing malformed file extension information to Microsoft IIS 4.0/5.0 will consume CPU usage until it reaches 100% which will halt the program's services. Restarting the application or waiting until the URL is processed will be required in order to regain normal functionality.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19907-1.exe

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19907.zip

Navigation

Suggest Exploit

Services By CQR