Oval Definition:
oval:org.mitre.oval:def:12490
Revision Date
:
2011-02-21
Version
:
21
Title
:
Denial of service via FTP status request
Description
:
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2002-0073
Platform(s)
:
Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows XP
Product(s)
:
Microsoft Internet Information Server (IIS)
Definition Synopsis
vulnerable IIS 4.0 on Windows NT
Microsoft Windows NT is installed
AND
Microsoft IIS 4.0 is installed
AND
the version of w3svc.dll is less than 4.2.775.1
AND
FTP Enabled
OR
vulnerable IIS 5.0 on Windows 2000
Microsoft Windows 2000 is installed
AND
Microsoft IIS 5.0 is installed
AND
the version of w3svc.dll is less than 5.0.2195.5269
AND
FTP Enabled
OR
vulnerable IIS 5.1 on Windows XP
Microsoft Windows XP is installed
AND
Microsoft IIS 5.1 is installed
AND
the version of w3svc.dll is less than 5.1.2600.41
AND
FTP Enabled
BACK